• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Atomic Modsecurity duplicates

tkalfaoglu

tkalfaoglu

Silver Pleskian
I today I did an aum -u and enabled the modsecurity basic ruleset.

Afterwards httpd would not start, complaining that every rule ID in
50_plesk_basic_asl_rules.conf
was a duplicate. After commenting out some rules I sensed it as ALL duplicates and renamed the file to "*.bad" and the madness stopped.

I did a grep and found these:
[root@pluto httpd]# grep -ir "SecRule REQUEST_URI|REQUEST_COOKIES|" *
conf/modsecurity.d/rules/tortix.backup/modsec/50_plesk_basic_asl_rules.conf:SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf.bad:#SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
[root@pluto httpd]# pwd
/etc/httpd

Apparently the tortix.backup directory is also parsed?
What shall I do, delete the backup directory?
 
Things got more interesting today.. Feel free to chime in at any time.. The plesk log says:

Error: Failed to update the ModSecurity rule set: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Wed Mar 28 23:51:53 2018 +03 using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Command '/bin/bash < /tmp/tmp4jLEfX/aum' returned non-zero exit status 1
Unable to download tortix rule set
 
Using plesk's installer, I uninstalled modsecurity, verified that all related packages were gone using rpm,
and then attempted to re-install modsecurity using plesk's installer.
It gave an error, and autoinstaller3 had these:



[2018-03-31 23:19:11.547806] Use package source http://autoinstall.plesk.com/NGINX17/dist-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547841] Use package source http://autoinstall.plesk.com/NGINX17/update-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547857] Use package source http://autoinstall.plesk.com/NGINX17/thirdparty-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547910] Info: dynamic components selection was changed, reconfiguring sources.
[2018-03-31 23:19:11.582486] gpg-pubkey-5ebd2744-418ffac9 gpg(Atomic Rocket Turtle <admin@atomicrocketturtle.com>)
gpg-pubkey-914bdf7e-55c05220 gpg(Plesk Team <info@plesk.com>)
gpg-pubkey-0608b895-4bd22942 gpg(EPEL (6) <epel@fedoraproject.org>)
gpg-pubkey-c105b9de-4e0fd3a3 gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>)
gpg-pubkey-f2ee9d55-560cfc0a gpg(CentOS SoftwareCollections SIG (SpecialInterestGroup/SCLo - CentOS Wiki) <security@centos.org>)
gpg-pubkey-4520afa9-50ab914c gpg(Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>)
gpg-pubkey-f4b85e0f-55c89477 gpg(torproject.org RPM signing key (2015 key))
gpg-pubkey-6b8d79e6-3f49313d gpg(Dag Wieers (Dag Apt Repository v1.0) <dag@wieers.com>)

Getting bootstrapper packages to installation list:
[2018-03-31 23:19:12.783227] skip package 'pp17.5.3-bootstrapper-17.5.3-cos6.build1705170317.16.x86_64' from component panel - same or newer version of this package is already installed (in system pp17.5.3-bootstrapper-17.5.3-cos6.build1705170317.16.x86_64)
[2018-03-31 23:19:12.783273] skip package 'sw-engine-cli-2.21-2.21.0-centos6.201702161518.x86_64' from component panel - same or newer version of this package is already installed (in system sw-engine-cli-2.21-2.21.0-centos6.201702161518.x86_64)
[2018-03-31 23:19:12.783310] Following bootstrapper packages will be installed: (empty)
[2018-03-31 23:19:12.783323] ----------------
[2018-03-31 23:19:12.783334] Getting packages to installation list:
[2018-03-31 23:19:12.783371] Following packages will be installed: mod_security-2.9.0-centos6.17031414.x86_64 plesk-modsecurity-configurator-17.5.3-cos6.build1705170317.16.noarch plesk-modsecurity-crs-17.5.3-centos6.17031414.x86_64
[2018-03-31 23:19:12.783388] ----------------
[2018-03-31 23:19:12.855471] Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot find a valid baseurl for repo: asl-4.0. Trying again.
Could not retrieve mirrorlist file:///etc/asl/asl-4.0-mirrorlist error was
14: Could not open/read file:///etc/asl/asl-4.0-mirrorlist
NGINX-thirdparty | 2.9 kB 00:00
PHP_5_2-thirdparty | 2.9 kB 00:00
PHP_5_3-thirdparty | 2.9 kB 00:00
PHP_5_4-thirdparty | 2.9 kB 00:00
PHP_5_5-thirdparty | 2.9 kB 00:00
PHP_5_6-thirdparty | 2.9 kB 00:00
PHP_7_0-thirdparty | 2.9 kB 00:00
PHP_7_1-thirdparty | 2.9 kB 00:00
PLESK_17_5_3-dist | 2.9 kB 00:00
PLESK_17_5_3-extras | 2.9 kB 00:00
PLESK_17_5_3-extras/primary_db | 28 kB 00:00
PLESK_17_5_3-thirdparty | 2.9 kB 00:00
PLESK_17_NGINX | 2.9 kB 00:00
PLESK_17_NGINX/primary_db | 3.3 kB 00:00
PLESK_17_PHP52 | 2.9 kB 00:00
PLESK_17_PHP52/primary_db | 13 kB 00:00
PLESK_17_PHP53 | 2.9 kB 00:00
PLESK_17_PHP53/primary_db | 13 kB 00:00
PLESK_17_PHP54 | 2.9 kB 00:00
PLESK_17_PHP54/primary_db | 14 kB 00:00
PLESK_17_PHP55 | 2.9 kB 00:00
PLESK_17_PHP55/primary_db | 14 kB 00:00
PLESK_17_PHP56 | 2.9 kB 00:00
PLESK_17_PHP56/primary_db | 14 kB 00:00
PLESK_17_PHP70 | 2.9 kB 00:00
PLESK_17_PHP70/primary_db | 14 kB 00:00
PLESK_17_PHP71 | 2.9 kB 00:00
PLESK_17_PHP71/primary_db | 14 kB 00:00
SITEBUILDER_17_0_15-dist | 2.9 kB 00:00
SITEBUILDER_17_0_15-thirdparty | 2.9 kB 00:00
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again. Trying again.
Failed to install mod_security@x86_64:
Number of retries is exceeded.
RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot find a valid baseurl for repo: asl-4.0. Trying again.
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again. Trying again.
Failed to install mod_security@x86_64:
Number of retries is exceeded.
Traceback (most recent call last):
File "/usr/local/psa/bin/yum_install", line 239, in <module>
main()
File "/usr/local/psa/bin/yum_install", line 225, in main
inst, rem = installer.resolve(to_install, opts.remove, opts.tries)
File "/usr/local/psa/bin/yum_install", line 133, in resolve
self._iremove(to_install, to_remove)
File "/usr/local/psa/bin/yum_install", line 95, in _iremove
if self.install(**self._package2pkgdict(p)):
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 3584, in install
pkgs = self.pkgSack.searchNevra(name=nevra_dict['name'],
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 907, in <lambda>
pkgSack = property(fget=lambda self: self._getSacks(),
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 687, in _getSacks
self.repos.populateSack(which=repos)
File "/usr/lib/python2.6/site-packages/yum/repos.py", line 324, in populateSack
sack.populate(repo, mdtype, callback, cacheonly)
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 165, in populate
if self._check_db_version(repo, mydbtype):
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 223, in _check_db_version
return repo._check_db_version(mdtype)
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1263, in _check_db_version
repoXML = self.repoXML
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1462, in <lambda>
repoXML = property(fget=lambda self: self._getRepoXML(),
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1458, in _getRepoXML
raise Errors.RepoError, msg
RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Error: The Yum utility failed to install the required packages.
 
You must log in or register to reply here.

Similar threads

F
Question Add SecRule to Apache
Replies
0
Views
1K
Filipe Silva
F
Back
Top