more apache/php

[inittux]

These small overlooks and mistakes I make are annoying but they do help me learn more and look more carefully :P

[inittux]

I was able to install modsecurity again and got it working now cuz when I want to install templates with joomla I get the error that the file is too large. So I'll probably have to look through the config file to change a few

settings but I'll have to take a look at joomla documentation. But have it turned off for now. Now will try and see how far I get with suphp.

[inittux]

I'm still having some trouble with mod_security and joomla not working together. I found a set of rules on a joomla forum but it was posted in 2008 so I don't know how effect these rules are. In the same post it is advised to use another set of rules from gotroot . I was looking at Individual Ruleset downloads for modsec 2.x but don't know how safe it is to use a set of rules from a site like this. Need some advice on this.

[Dungeon-Dave]

I'm going to suggest the gotroot ones, given that the ones I used from the xoops site appeared on gotroot soon after.

 

You'll find that most web applications which choke on mod_security will have a custom rule posted on their website somewhere as a workaround but then finds itself included in the newer gotroot downloads, so I'd go for the latter being more recent.

 

The other option is to disable it for your joomla site to see if joomla works without it. If so, then you know it's the mod_sec filtering that's causing the issue. I've had someone blame mod_sec until disabling it showed that a site misconfiguration was to blame, however mod_sec blocked the error message so it wasn't fully clear.

[inittux]

I'm going to suggest the gotroot ones, given that the ones I used from the xoops site appeared on gotroot soon after.

 

You'll find that most web applications which choke on mod_security will have a custom rule posted on their website somewhere as a workaround but then finds itself included in the newer gotroot downloads, so I'd go for the latter being more recent.

 

The other option is to disable it for your joomla site to see if joomla works without it. If so, then you know it's the mod_sec filtering that's causing the issue. I've had someone blame mod_sec until disabling it showed that a site misconfiguration was to blame, however mod_sec blocked the error message so it wasn't fully clear.

 

I've already tried :) With mod_security on. I can't adjust some options in joomla, and when I upload/install a new template, it won't work and when I check the mod_security logs it sees it as and sql injection and other things like that and with it off everything works fine. Will try out the goroot rules then. thanks.

[inittux]

I was able to install the mod_security via their provided rpm and via adding their repo I added. The strange things is if I install them they are installed but are the directories mentioned in their wiki aren't automatically created. As far as I understand that if I install it from their rpm or from their repo. It should create those directories and config files automatically and then I can install an updater so that it will install those rules. Or am I understanding it wrong here? Cuz under : setting up mod_security it specifically mentions to add those directories if you didn't use their repo or rpm.

 

http://www.atomicorp.com/wiki/index.php/...rity_Rules

[Dungeon-Dave]

Try the "-ql" options to rpm on the package to see what dirs it created as part of the install.

[inittux]

Try the "-ql" options to rpm on the package to see what dirs it created as part of the install.

It installed these directories, not the ones mentioned in the wiki:

 

 

 

/etc/httpd/conf.d/00_mod_security.conf

/etc/httpd/modsecurity.d

/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

/usr/lib64/httpd/modules/mod_security2.so

/usr/share/doc/mod_security-2.6.1

/usr/share/doc/mod_security-2.6.1/CHANGES

/usr/share/doc/mod_security-2.6.1/LICENSE

/usr/share/doc/mod_security-2.6.1/README.TXT

/usr/share/doc/mod_security-2.6.1/doc

/usr/share/doc/mod_security-2.6.1/doc/Reference_Manual.html

/usr/share/doc/mod_security-2.6.1/modsecurity.conf-recommended

 

when I install the one from EPEL it installs alot more. I'm just going to try and follow the wiki and see what happens.

[inittux]

I ended up installing mod_security 2.5 from epel.repo and I followed the whole wiki and tested my config and restarted apache. It's working [img]<___base_url___>//public/style_emoticons/default/biggrin.png[/img]

Before when I had mod_security installed I wasn't able to install a template while mod_security was activated now I can and I can change other

settings on the admin site without getting an error that I don't have permission. Is there a way to check for sure that my mod_security rules

are working? Now I'll have a look at IDS because it seems like someone is trying to break in and it has kind of got me worried.

 

*******************

 

I found a way to test it like it said in the wiki but I get an error:

 

 

[root@localhost ~]# wget https://localhost/fo...//feedmebits.nl --no-check-certificate

--2011-09-22 21:50:52-- https://localhost/fo...//feedmebits.nl

Resolving localhost... ::1, 127.0.0.1

Connecting to localhost|::1|:443... connected.

WARNING: cannot verify localhost’s certificate, issued by “/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=webserver.feedmebits.nl/emailAddress=root@webserver.feedmebits.nl”:

Self-signed certificate encountered.

WARNING: certificate common name “webserver.feedmebits.nl” doesn’t match requested host name “localhost”.

HTTP request sent, awaiting response... 404 Not Found

2011-09-22 21:50:52 ERROR 404: Not Found.

 

Looks like the certificate is still seeing my old fqdn. cuz I changed it to localhost.localdomein a while ago? I tried remaking my certificate my that doesn't make a difference.

got this from my ssl error log:

 

 

[Thu Sep 22 20:46:45 2011] [warn] RSA server certificate CommonName (CN) `webserver.feedmebits.nl' does NOT match server name!?

[inittux]

Just to note something that will be useful for those reading this. When your apache won't restart because not knowing the servername. You'll get this error:

 

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.domain for ServerName

[FAILED]

 

edit:

 

vi /etc/sysconfig/network

-edit the hostname and the domain

-reboot

 

then edit your hosts file: vi /etc/hosts

 

at the end of the file add your ip/hostname:

ie:

 

192.168.1.1 webserver.example.com

 

restart apache: /etc/init.d/httpd restart

 

It should work now :)

 

Now back to mod_security and then looking at IDS [img]<___base_url___>//public/style_emoticons/default/biggrin.png[/img]