/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

Beta Branch update prep for ModSecurity v3.0

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 5, 2017.

Tags:
Previous Thread Next Thread
Loading...
Page 2 of 3
  1. Apr 30, 2019 #21
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Code:
     Do you want to update your local Centmin Mod Git code ? [y/n]: y

Updating Current Centmin Mod code branch via git
 cd /usr/local/src/centminmod
 git stash
 git pull
 chmod +x centmin.sh
No local changes to save
Updating 56a7a13..eb6d40c
Fast-forward
 inc/mod_security.inc | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

##################### IMPORTANT #####################
 To complete update
##################### IMPORTANT #####################
 run:

  cd /usr/local/src/centminmod

 before invoking centmin.sh again
##################### IMPORTANT #####################

[11:11][root@server6. ~]# centmin
/usr/local/src/centminmod ~
    Hmmmm, updated.... Confusing when working both at the same time haha.
     
  2. Apr 30, 2019 #22
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    made 1 more update to modsecurity routine, so 1 more cmupdate run ;) :LOL:

    from nginx_upgrade.log config check output during modsecurity install
    Code (Text):
    ModSecurity -  for Linux

 Mandatory dependencies
   + libInjection                                  ....v3.9.2-30-gbf234eb
   + SecLang tests                                 ....5d85f36

 Optional dependencies
   + GeoIP/MaxMind                                 ....found 
      * (GeoIP) v1.6.12
         -lGeoIP  , -I/usr/include/ 
   + LibCURL                                       ....found v7.64.1 
      -lcurl,  -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
   + YAJL                                          ....found v2.0.4
      -lyajl  , -DWITH_YAJL 
   + LMDB                                          ....disabled
   + LibXML2                                       ....found v2.9.9
      -lxml2 -lz -llzma -lm -ldl, -I/usr/include/libxml2 -DWITH_LIBXML2
   + SSDEEP                                        ....found 
      -lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include
   + LUA                                           ....found v501
      -lluajit-5.1 -L/usr/local/lib/, -DWITH_LUA -DWITH_LUA_5_1 -I/usr/include

 Other Options
   + Test Utilities                                ....enabled
   + SecDebugLog                                   ....enabled
   + afl fuzzer                                    ....disabled
   + library examples                              ....enabled
   + Building parser                               ....disabled
   + Treating pm operations as critical section    ....disabled
     
  3. Apr 30, 2019 #23
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Well, part one is done.

    Set
    Code:
    NGINX_MODSECURITY='y'           # https://community.centminmod.com/threads/update-prep-for-modsecurity-v3-0.12453/
    But still missing in /usr/local/nginx/conf/dynamic-modules.conf
    Code (Text):
    # place custom load_module lines in this dynamic-modules-includes.conf
# file so that they persistent i.e. for manually dropped in dynamic modules
include /usr/local/nginx/conf/dynamic-modules-includes.conf;
load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_headers_more_filter_module.so";
load_module "modules/ndk_http_module.so";
load_module "modules/ngx_http_set_misc_module.so";
load_module "modules/ngx_http_echo_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_pagespeed.so";
load_module "modules/ngx_http_brotli_filter_module.so";
load_module "modules/ngx_http_brotli_static_module.so";
load_module "modules/ngx_http_geoip2_module.so";

    Although don't understand why
    Code:
    include /usr/local/nginx/conf/dynamic-modules-includes.conf;
    is again in the /usr/local/nginx/conf/dynamic-modules.conf, but could be my wrong understanding of nginx.

    Some output:

    Code:
    [11:26][root@server6 ~]# cmupdate
No local changes to save
Already up-to-date.
[11:26][root@server6 ~]# nano /usr/local/nginx/conf/dynamic-modules.conf
[11:31][root@server6 ~]# nano /usr/local/nginx/conf/dynamic-modules.conf
[11:35][root@server6.vecks.com.br ~]# ls -lah /usr/local/nginx/modules | grep -v .old
total 39M
drwxr-xr-x.  2 root root 4.0K Apr 30 11:20 .
drwxr-xr-x. 13 root root  205 Apr 30 09:11 ..
-rwxr-xr-x   1 root root  99K Apr 30 11:20 ndk_http_module.so
-rwxr-xr-x   1 root root  92K Apr 30 11:20 ngx_http_brotli_filter_module.so
-rwxr-xr-x   1 root root  86K Apr 30 11:20 ngx_http_brotli_static_module.so
-rwxr-xr-x   1 root root 527K Apr 30 11:20 ngx_http_echo_module.so
-rwxr-xr-x   1 root root 105K Apr 30 11:20 ngx_http_fancyindex_module.so
-rwxr-xr-x   1 root root  94K Apr 30 11:20 ngx_http_geoip2_module.so
-rwxr-xr-x   1 root root 217K Apr 30 11:20 ngx_http_headers_more_filter_module.so
-rwxr-xr-x   1 root root 103K Apr 30 11:20 ngx_http_image_filter_module.so
-rwxr-xr-x   1 root root 634K Apr 30 11:20 ngx_http_set_misc_module.so
-rwxr-xr-x   1 root root  18M Apr 30 11:20 ngx_pagespeed.so
-rwxr-xr-x   1 root root  71K Apr 30 11:20 ngx_stream_geoip2_module.so
[11:35][root@server6 ~]# nano /usr/local/nginx/modsec/main.conf
[11:36][root@server6 ~]# ls -lah /usr/local/nginx/modsec
total 68K
drwxr-xr-x   2 root root  70 Apr 30 09:11 .
drwxr-xr-x. 13 root root 205 Apr 30 09:11 ..
-rw-r--r--   1 root root 327 Apr 30 09:11 main.conf
-rw-r--r--   1 root root 10K Apr 30 09:11 modsecurity.conf
-rw-r--r--   1 root root 52K Apr 30 09:11 unicode.mapping
[11:37][root@server6 ~]#
     
  4. Apr 30, 2019 #24
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    those are 2 different files if you check their names closely, one inside the other is so that you can edit that inner include file to manually load a dynamic module that you have already compiled i.e. on a staging/build server and just drop into your live centmin mod nginx servers :) so live may need a dynamic nginx module but you don't want to compile it on live server. You can setup identical cpu model based staging test server with centmin mod and build nginx with the dynamic module and just copy the *.so module over and setup the load module line manually in the inner include file which persistents on centmin mod nginx recompiles

    so for file /usr/local/nginx/conf/dynamic-modules.conf which is included in /usr/local/nginx/conf/nginx.conf has contents including an inner include file = /usr/local/nginx/conf/dynamic-modules-includes.conf. In this inner include file /usr/local/nginx/conf/dynamic-modules-includes.conf you can manually setup your own load_module lines to load your own *.so which will not get overwritten by centmin.sh menu option 4 nginx recompiles :)
    Code (Text):
    # place custom load_module lines in this dynamic-modules-includes.conf
# file so that they persistent i.e. for manually dropped in dynamic modules
include /usr/local/nginx/conf/dynamic-modules-includes.conf;
load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_headers_more_filter_module.so";
load_module "modules/ndk_http_module.so";
load_module "modules/ngx_http_set_misc_module.so";
load_module "modules/ngx_http_echo_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_pagespeed.so";
load_module "modules/ngx_http_brotli_filter_module.so";
load_module "modules/ngx_http_brotli_static_module.so";
load_module "modules/ngx_http_geoip2_module.so";


    what's contents of your persistent config file at /etc/centminmod/custom_config.inc ? maybe you have some variable conflict which is disabling NGINX_MODSECURITY='y'

    output from command
    Code (Text):
    cat /etc/centminmod/custom_config.inc
     
  5. Apr 30, 2019 #25
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Code:
    Your post in the thread update prep for ModSecurity v3.0 was edited. Reason: i removed your log as it showed other domains vhosts at end of routines
    Just wanted to delete the post.... Thanks, your quick.
     
  6. Apr 30, 2019 #26
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Yup, still no go aera...
    So here is my /etc/centminmod/custom_config.inc
    Code (Text):
    MARCH_TARGETNATIVE='n'

#------nginx
NGINX_DYNAMICTLS='y'
NGINX_HPACK='y'
NGINX_LIBBROTLI='y'
NGXDYNAMIC_BROTLI='y'
NGINX_MODSECURITY='y'           # https://community.centminmod.com/threads/update-prep-for-modsecurity-v3-0.12453/

AUTOTUNE_CLIENTMAXBODY='y'      # auto tune client_max_body_size option in nginx.conf

NGINX_GEOIPTWOLITE='y'
NGXDYNAMIC_GEOIPTWOLITE='y'

#------nginx pagespeed
NGINX_PAGESPEED='y'
NGINX_PAGESPEEDGITMASTER='n'
NGXDYNAMIC_NGXPAGESPEED='y'

#------mariadb

#------php
PHP_PGO='y'
STRIPPHP='y'                    # set 'y' to strip PHP binary to reduce size
PHP_INSTALL='y'                 # Install PHP /w Fast Process Manager
PHP_MEMCACHE='y'                # memcache PHP extension
PHP_PATCH='y'                   # Apply PHP patches if they exist
PHPIONCUBE='y'                  #
MEMCACHED_INSTALL='y'           # Install Memcached
PHPREDIS='n'                    # redis PHP extension install


#------Open SSL
DISABLE_TLSONEZERO_PROTOCOL='y' # disable TLS 1.0 protocol by default industry is moving to deprecate for security
NOSOURCEOPENSSL='n'             # set to 'y' to disable OpenSSL source compile for system default YUM package setup
OPENSSL_TLSONETHREE='y'         # whether OpenSSL 1.1.1 builds enable TLSv1.3

LETSENCRYPT_DETECT='y'

#-----GCC Compilers
GCCINTEL_PHP='y'                # enable PHP-FPM GCC compiler with Intel cpu optimizations
DEVTOOLSET_PHP='y'              # use devtoolset GCC for GCCINTEL_PHP='y'
     
  7. Apr 30, 2019 #27
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    strange should have modsecurity installed as nothing in persistent config file seems would cause conflicts.

    you are running cmupdate BEFORE centmin.sh menu option 4 right ?
     
  8. Apr 30, 2019 #28
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    at end of centmin.sh menu option 4 recompile of nginx you should get a list of logs and one is the nginx_upgrade.log i.e.
    Code (Text):
    log files saved at /root/centminlogs
-rw-r--r--  1 root root  576 Apr 30 12:09 patch_opensslpatches_300419-120902.log
-rw-r--r--  1 root root   43 Apr 30 12:09 centminmod_opensslinstalltime_300419-120902.log
-rw-r--r--  1 root root 2.5K Apr 30 12:10 patch_patchnginx_300419-120902.log
-rw-r--r--  1 root root 9.2K Apr 30 12:10 nginx-configure-300419-120902.log
-rw-r--r--  1 root root  31K Apr 30 12:11 nginx_autoconf.err.300419-120902.log
-rw-r--r--  1 root root 2.2M Apr 30 12:11 centminmod_123.09beta01.b143_300419-120902_nginx_upgrade.log

    located at /root/centminlogs/centminmod_123.09beta01.b143_300419-120902_nginx_upgrade.log - you can post the contents again like before via gist.github.com or pastebin.com, but can remove your site nginx vhost names from the end of the log.
     
  9. Apr 30, 2019 #29
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    also post output for nginx-configure-300419-120902.log log with your own timestamp i.e.
    Code (Text):
    cat /root/centminlogs/nginx-configure-300419-120902.log
./configure --with-ld-opt="-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib" --with-cc-opt="-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations" --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=300419-121011-centos7 --with-compat --with-http_stub_status_module --with-http_secure_link_module --add-dynamic-module=../nginx-module-vts --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --add-dynamic-module=../incubator-pagespeed-ngx-1.13.35.2-stable --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1b --with-openssl-opt="enable-ec_nistp_64_gcc_128 enable-tls1_3" --add-dynamic-module=../ModSecurity-nginx
checking for OS
 + Linux 3.10.0-957.12.1.el7.x86_64 x86_64
checking for C compiler ... found
 + using GNU C compiler
 + gcc version: 9.1.0 20190426 (prerelease) (GCC)
checking for gcc -pipe switch ... found
checking for --with-ld-opt="-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib" ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... found
checking for Linux specific features
checking for epoll ... found
checking for EPOLLRDHUP ... found
checking for EPOLLEXCLUSIVE ... not found
checking for O_PATH ... found
checking for sendfile() ... found
checking for sendfile64() ... found
checking for sys/prctl.h ... found
checking for prctl(PR_SET_DUMPABLE) ... found
checking for prctl(PR_SET_KEEPCAPS) ... found
checking for capabilities ... found
checking for crypt_r() ... found
checking for sys/vfs.h ... found
checking for nobody group ... found
checking for poll() ... found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... not found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... not found
checking for dlopen() in libdl ... found
checking for sched_yield() ... found
checking for sched_setaffinity() ... found
checking for SO_SETFIB ... not found
checking for SO_REUSEPORT ... found
checking for SO_ACCEPTFILTER ... not found
checking for SO_BINDANY ... not found
checking for IP_TRANSPARENT ... found
checking for IP_BINDANY ... not found
checking for IP_BIND_ADDRESS_NO_PORT ... not found
checking for IP_RECVDSTADDR ... not found
checking for IP_SENDSRCADDR ... not found
checking for IP_PKTINFO ... found
checking for IPV6_RECVPKTINFO ... found
checking for TCP_DEFER_ACCEPT ... found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for eventfd() ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes
checking for long long size ... 8 bytes
checking for void * size ... 8 bytes
checking for uint32_t ... found
checking for uint64_t ... found
checking for sig_atomic_t ... found
checking for sig_atomic_t size ... 4 bytes
checking for socklen_t ... found
checking for in_addr_t ... found
checking for in_port_t ... found
checking for rlim_t ... found
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for AF_INET6 ... found
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for clock_gettime(CLOCK_MONOTONIC) ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... not found
checking for POSIX semaphores in libpthread ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
configuring additional modules
adding module in ../ngx_cache_purge-2.5
 + ngx_http_cache_purge_module was configured
adding module in ../redis2-nginx-module-0.15
 + ngx_http_redis2_module was configured
adding module in ../ngx_http_redis-0.3.7
 + ngx_http_redis_module was configured
adding module in ../memc-nginx-module-0.18
 + ngx_http_memc_module was configured
adding module in ../srcache-nginx-module-0.31
 + ngx_http_srcache_filter_module was configured
configuring additional dynamic modules
adding module in ../nginx-module-vts
 + ngx_http_vhost_traffic_status_module was configured
adding module in ../ngx_brotli
 + ngx_brotli was configured
adding module in ../incubator-pagespeed-ngx-1.13.35.2-stable
mod_pagespeed_dir=../incubator-pagespeed-ngx-1.13.35.2-stable/psol/include
build_from_source=false
checking for psol ... found
List of modules (in reverse order of applicability):  ngx_http_write_filter_module ngx_http_header_filter_module ngx_http_chunked_filter_module ngx_http_v2_filter_module ngx_http_range_header_filter_module ngx_http_gzip_filter_module ngx_http_postpone_filter_module ngx_http_ssi_filter_module ngx_http_charset_filter_module ngx_http_sub_filter_module ngx_http_addition_filter_module ngx_http_userid_filter_module ngx_http_headers_filter_module
checking for psol-compiler-compat ... found
 + ngx_pagespeed was configured
adding module in ../ngx-fancyindex-0.4.2
 + ngx_http_fancyindex_module was configured
adding module in ../ngx_devel_kit-0.3.0
 + ngx_devel_kit was configured
adding module in ../set-misc-nginx-module-0.32
found ngx_devel_kit for ngx_set_misc; looks good.
 + ngx_http_set_misc_module was configured
adding module in ../echo-nginx-module-0.61
 + ngx_http_echo_module was configured
adding module in ../headers-more-nginx-module-0.33
 + ngx_http_headers_more_filter_module was configured
adding module in ../ModSecurity-nginx
checking for ModSecurity library ... not found
checking for ModSecurity library in /usr/local/modsecurity ... found
 + ngx_http_modsecurity_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for GD library ... found
checking for GD WebP support ... not found
checking for GeoIP library ... found
checking for GeoIP IPv6 support ... found
checking for atomic_ops library ... found
creating objs/Makefile

Configuration summary
  + using threads
  + using system PCRE library
  + using OpenSSL library: ../openssl-1.1.1b
  + using zlib library: ../zlib-cloudflare-1.3.0
  + using system libatomic_ops library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"
     
  10. Apr 30, 2019 #30
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Always, unless it took a while before making changes because I have a cron running every 4hours.

    Now I did it, but nothing important

    for me, and gone compile nginx again post it on git, delete the Vhosts :)
    Code:
    cmupdate
No local changes to save
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 8 (delta 6), reused 6 (delta 4), pack-reused 0
Unpacking objects: 100% (8/8), done.
From https://github.com/centminmod/centminmod
   be2d841..6f4fb67  123.09beta01 -> origin/123.09beta01
Updating be2d841..6f4fb67
Fast-forward
 centmin.sh        | 4 ++--
 inc/csftweaks.inc | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
    Just a small note, don't know if it's important.
    Code:
    Submodule path 'test/test-cases/secrules-language-tests': checked out '5d85f3655aa31cb873a0bbdc160d63f2b5e9179a'
libtoolize: putting auxiliary files in `.'.
libtoolize: copying file `./ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `build'.
libtoolize: copying file `build/libtool.m4'
libtoolize: copying file `build/ltoptions.m4'
libtoolize: copying file `build/ltsugar.m4'
libtoolize: copying file `build/ltversion.m4'
libtoolize: copying file `build/lt~obsolete.m4'
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
configure.ac:50: installing './ar-lib'

    Link : CMM NGINX

    Old one deleted, posted it privately, same as this one that won't live long there on github.

    Latest nginx-configure-310319-232603.log rather old and there is no other availble.

    Cloudflare again on foum
    Code:
    The following error occurred:
400 Bad Request
cloudflare
     
  11. Apr 30, 2019 #31
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Always, unless it took a while before making changes because I have a cron running every 4hours.

    Now I did it, but nothing important

    for me, and gone compile nginx again post it on git, delete the Vhosts :)
    Code:
    cmupdate
No local changes to save
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 8 (delta 6), reused 6 (delta 4), pack-reused 0
Unpacking objects: 100% (8/8), done.
From https://github.com/centminmod/centminmod
   be2d841..6f4fb67  123.09beta01 -> origin/123.09beta01
Updating be2d841..6f4fb67
Fast-forward
 centmin.sh        | 4 ++--
 inc/csftweaks.inc | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
    Just a small note, don't know if it's important.
    Code:
    Submodule path 'test/test-cases/secrules-language-tests': checked out '5d85f3655aa31cb873a0bbdc160d63f2b5e9179a'
libtoolize: putting auxiliary files in `.'.
libtoolize: copying file `./ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `build'.
libtoolize: copying file `build/libtool.m4'
libtoolize: copying file `build/ltoptions.m4'
libtoolize: copying file `build/ltsugar.m4'
libtoolize: copying file `build/ltversion.m4'
libtoolize: copying file `build/lt~obsolete.m4'
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
fatal: No names found, cannot describe anything.
configure.ac:50: installing './ar-lib'

    Link: CMM NGINX

    Old one deleted, posted it privately, same as this one that won't live long there on GitHub.

    Latest nginx-configure-310319-232603.log rather old and there is no other available.

    Cloudflare again on forum (red popup)
    Code:
    The following error occurred:
400 Bad Request
cloudflare
     
  12. May 1, 2019 #32
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    hmm thanks for heads up

    that's fine

    ah i see modsecurity in your nginx_upgrade log now it's erroring out at
    Code (Text):
    linux/8/crtendS.o /lib/../lib64/crtn.o  -O2   -pthread -Wl,-soname -Wl,libmodsecurity.so.3 -o .libs/libmodsecurity.so.3.0.3
/opt/rh/devtoolset-8/root/usr/libexec/gcc/x86_64-redhat-linux/8/ld: cannot find -llibmaxminddb
collect2: error: ld returned 1 exit status
make[3]: *** [libmodsecurity.la] Error 1
make[3]: Leaving directory `/svr-setup/ModSecurity/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/svr-setup/ModSecurity/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/svr-setup/ModSecurity/src'
make: *** [all-recursive] Error 1
Making install in others
make[1]: Entering directory `/svr-setup/ModSecurity/others'
make[2]: Entering directory `/svr-setup/ModSecurity/others'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/svr-setup/ModSecurity/others'
make[1]: Leaving directory `/svr-setup/ModSecurity/others'
Making install in src
make[1]: Entering directory `/svr-setup/ModSecurity/src'
make[2]: Entering directory `/svr-setup/ModSecurity/src'

    and
    Code (Text):
    /opt/rh/devtoolset-8/root/usr/libexec/gcc/x86_64-redhat-linux/8/ld: cannot find -llibmaxminddb
collect2: error: ld returned 1 exit status
make[2]: *** [libmodsecurity.la] Error 1
make[2]: Leaving directory `/svr-setup/ModSecurity/src'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/svr-setup/ModSecurity/src'
make: *** [install-recursive] Error 1
/svr-setup/nginx-1.15.12 ~
MODSEC_OPT =


    looks like it needs libmaxminddb which seems it worked for me as I have Nginx GeoIP2 module enabled and that installs libmaxmanddb as part of the process.

    but you have it enabled too
    Code (Text):
    NGINX_GEOIPTWOLITE='y'
NGXDYNAMIC_GEOIPTWOLITE='y'


    but looking out your nginx_upgrade.log log i see it picked up both GeoIP 2 and GeoIP legacy and trying to find GeoIP 2 itseems

    Code (Text):
    ModSecurity -  for Linux

 Mandatory dependencies
   + libInjection                                  ....v3.9.2-30-gbf234eb
   + SecLang tests                                 ....5d85f36

 Optional dependencies
   + GeoIP/MaxMind                                 ....found
     * (MaxMind) v
        /usr/local/lib//libmaxminddb.so, /usr/local/include, -DWITH_MAXMIND -I/usr/local/include
     * (GeoIP) v1.5.0
        -lGeoIP  , -I/usr/include/ 
   + LibCURL                                       ....found v7.29.0
     -lcurl  ,  -DWITH_CURL
   + YAJL                                          ....found v2.0.4
     -lyajl  , -DWITH_YAJL 
   + LMDB                                          ....disabled
   + LibXML2                                       ....found v2.9.1
     -lxml2 -lz -lm -ldl, -I/usr/include/libxml2 -DWITH_LIBXML2
   + SSDEEP                                        ....found
     -lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include
   + LUA                                           ....found v501
     -llua-5.1 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_1 -I/usr/include

 Other Options
   + Test Utilities                                ....enabled
   + SecDebugLog                                   ....enabled
   + afl fuzzer                                    ....disabled
   + library examples                              ....enabled
   + Building parser                               ....disabled
   + Treating pm operations as critical section    ....disabled


    so will need to work on a fix, so for now you'll have to disable modsecurity and I'll update this thread once I have a fix updated
     
  13. May 1, 2019 #33
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Ok, great. Gonna put this one into the freezer for a while... Backup the server and move to my next issue.

    Get rid of PureFtpd and only SFTP

    GeoIP with the Mamato (latest beta) and works it EXCELLENT. Never go back to Google analytics. Thinking about sharing a try out for other members of CMM to see if it fits their needs before give it at try on their own server(s). (with request on a private conversation)
    I only use GEOIP 2, the other one GEOIP is a no go, Don't really need it.
     
  14. May 1, 2019 #34
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Yeah modsecurity isn't finding the library/header paths for maxmind - it should from SpiderLabs/ModSecurity. So needs investigating.
     
  15. May 1, 2019 #35
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    For now one workaround is disable libmaxmind in favour of legacy geoip header/library for modsecurity build
    Code (Text):
    ModSecurity -  for Linux

 Mandatory dependencies
   + libInjection                                  ....v3.9.2-30-gbf234eb
   + SecLang tests                                 ....5d85f36

 Optional dependencies
   + GeoIP/MaxMind                                 ....found 
      * (GeoIP) v1.6.12
         -lGeoIP  , -I/usr/include/ 
   + LibCURL                                       ....found v7.64.1 
      -lcurl,  -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
   + YAJL                                          ....found v2.0.4
      -lyajl  , -DWITH_YAJL 
   + LMDB                                          ....disabled
   + LibXML2                                       ....found v2.9.9
      -lxml2 -lz -llzma -lm -ldl, -I/usr/include/libxml2 -DWITH_LIBXML2
   + SSDEEP                                        ....found 
      -lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include
   + LUA                                           ....found v501
      -lluajit-5.1 -L/usr/local/lib/, -DWITH_LUA -DWITH_LUA_5_1 -I/usr/include

 Other Options
   + Test Utilities                                ....enabled
   + SecDebugLog                                   ....enabled
   + afl fuzzer                                    ....disabled
   + library examples                              ....enabled
   + Building parser                               ....disabled
   + Treating pm operations as critical section    ....disabled

    Code (Text):
    cat config.log  | grep -i geoip
configure:4938: Nothing about GeoIP was informed during the configure phase. Trying to detect it on the platform...
configure:5192: Nothing about GeoIP was informed during the configure phase. Trying to detect it on the platform...
configure:5356: using GeoIP v1.6.12
GEOIP_CFLAGS='-DWITH_GEOIP -I/usr/include/  '
GEOIP_CFLAGS_FALSE='#'
GEOIP_CFLAGS_TRUE=''
GEOIP_DISPLAY='-lGeoIP  , -I/usr/include/  '
GEOIP_FOUND='1'
GEOIP_LDADD='-lGeoIP  '
GEOIP_LDFLAGS=' '
GEOIP_LIBS=''
GEOIP_VERSION='1.6.12'
     
  16. May 1, 2019 #36
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
  17. May 1, 2019 #37
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Confirm..... Your amazing!
     
  18. May 1, 2019 #38
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:02 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
  19. May 1, 2019 #39
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    1:02 PM
    Latest
    Latest
    Keeps fingers crossed until a fix is available.
     
  20. Feb 14, 2020 #40
    Rake-GH

    Rake-GH Active Member

    179
    93
    28
    Jul 29, 2019
    USA
    Ratings:
    +144
    Local Time:
    12:02 PM
    default
    default
    I'm running the latest beta branch of CMM with Cloudflare & Xenforo 2. Any advice on getting started with modsecurity? Any gotchas I need to be aware of?
     
Previous Thread Next Thread
Loading...
Page 2 of 3

.