Author Topic: Comodo WAF for DirectAdmin  (Read 25302 times)

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #105 on: January 25, 2018, 12:08:24 PM »
The only reason I need to remove phpmyadmin being checked, is when you import .sql's, you can get 403's - on a support level, it's a pain...

I've used the Userdata>Whitelist URLS instead

Offline SergeiP

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 205
Re: Comodo WAF for DirectAdmin
« Reply #106 on: January 25, 2018, 12:14:08 PM »
The only reason I need to remove phpmyadmin being checked, is when you import .sql's, you can get 403's - on a support level, it's a pain...

I've used the Userdata>Whitelist URLS instead

Hi peterl. If you will send to us modsec_audit.log for this event - it is possible that we will be able to fix this FP.

Offline aionets

  • Newbie
  • *
  • Posts: 2
Re: Comodo WAF for DirectAdmin
« Reply #107 on: July 15, 2018, 06:58:12 PM »
First let me thank you for this great work.

Would you please mention if there is an update for FreeBSD ?

Thank you

Offline SergeiP

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 205
Re: Comodo WAF for DirectAdmin
« Reply #108 on: July 19, 2018, 05:40:12 AM »
Hello aionets. Please clarify what kind of updates for FreeBSD do you expect?
Recently we updated userdata files to improve work of excludes mechanism for all supported platforms.

Offline aionets

  • Newbie
  • *
  • Posts: 2
Re: Comodo WAF for DirectAdmin
« Reply #109 on: July 20, 2018, 03:55:58 AM »
Thank you for your reply,

I have FreeBSD, with NGiNX and phpfpm installed on my server and I tried to install Comodo WAF but I faced aome errors.

Would you please confirm if this plugin is compatible with my server ?


Thank you

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #110 on: July 24, 2018, 12:58:39 PM »
I understand this is off-topic, but this is bugging me. I did post over on the DA forums, no resposes (yet).

I get this with wget
Code: [Select]
--2018-07-22 11:08:49--  https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
Resolving waf.comodo.com (waf.comodo.com)... 91.209.196.88
Connecting to waf.comodo.com (waf.comodo.com)|91.209.196.88|:443... connected.
ERROR: The certificate of `waf.comodo.com' is not trusted.
ERROR: The certificate of `waf.comodo.com' hasn't got a known issuer.
I get this on a Debian 7 system only..... Does this mean the CA root is missing? apt-get did remove a lot of root/cacerts in the recent update.

However, curl works fine.

Anyone seen this before?

I can wget other sites with ssl, just get the untrusted issue with Comodo.

Offline SergeiP

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 205
Re: Comodo WAF for DirectAdmin
« Reply #111 on: July 30, 2018, 04:44:16 AM »
We'll investigate this event. Thank you.

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #112 on: August 22, 2018, 05:37:20 AM »
Any updates on this...... I can confirm this is only a Debian 7 issue, tested on a clean box...... I understand Wheezy is EOL, although the repository is still active, but it is interesting this is happening.

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #113 on: September 03, 2018, 11:20:15 AM »
Dear peterl,

We've managed to reproduce the reported issue on Debian 7.

Code: [Select]
$ wget -V
GNU Wget 1.13.4 built on linux-gnu.

$ root[at]fdd80e214426:/# wget https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
--2018-09-03 14:26:03--  https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
Resolving waf.comodo.com (waf.comodo.com)... 91.209.196.88
Connecting to waf.comodo.com (waf.comodo.com)|91.209.196.88|:443... connected.
ERROR: The certificate of `waf.comodo.com' is not trusted.
ERROR: The certificate of `waf.comodo.com' hasn't got a known issuer.

Obviously, it's related to wget 1.13 version which goes with Deb7. In order to fix the issue, please install the newer version of wget (e.g. 1.16).

Code: [Select]
$ wget http://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz
$ tar -xvf wget-1.16.tar.gz
$ cd wget-1.16/
$ ./configure --with-ssl=openssl --prefix=/opt/wget
$ make
$ make install
$ mv /usr/bin/wget /usr/bin/bkp_wget
$ ln -s /opt/wget/bin/wget /usr/bin/wget
$ wget -V
GNU Wget 1.16 built on linux-gnu.

$ root[at]b3879a7c2ef6:/wget-1.16# wget https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
--2018-09-03 15:18:00--  https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
Resolving waf.comodo.com... 91.209.196.88
Connecting to waf.comodo.com|91.209.196.88|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 311926 (305K) [application/x-gzip]
Saving to: 'da_vendor?file=cwaf_rules-1.172.tgz'

da_vendor?file=cwaf_r 100%[=========================>] 304.62K   667KB/s   in 0.5s   

2018-09-03 15:18:01 (667 KB/s) - 'da_vendor?file=cwaf_rules-1.172.tgz' saved [311926/311926]

Also, make sure, you have ca-certificates installed.

Code: [Select]
$ apt-get install ca-certificates
Should you have any further questions, do not hesitate to ask.

Regards,
« Last Edit: September 03, 2018, 11:22:22 AM by sbrazhnik »

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #114 on: September 03, 2018, 11:36:48 AM »
Thank you

Offline moein

  • Newbie
  • *
  • Posts: 2
Re: Comodo WAF for DirectAdmin
« Reply #115 on: January 29, 2019, 10:18:01 PM »
Hi;

i've installed modsecurity + comodo rules on directadmin with these commands:

cd /usr/local/directadmin/custombuild
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build update
./build modsecurity
./build modsecurity_rules
./build apache
./build rewrite_confs


at the end, the scripts shows that everything has been installed successfully.

ModSecurity has been installed successfully.
Installing Comodo Rule Set for ModSecurity...
Updating to latest CWAF client version
current version is up to date
update process finished!
Installation of ModSecurity Rule Set has been finished.


after that, Comodo WAF 2.24.3 plugin appeared in the 'Extra Features' section. i click on it and saw these errors :

cat: /etc/webmin/miniserv.conf: Permission denied
Use of uninitialized value $root in string at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/Webmin.pm line 11.
Can't get Webmin root directory. Please check if /etc/webmin/miniserv.conf is present and readable. at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/Webmin.pm line 27.
BEGIN failed--compilation aborted at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/Webmin.pm line 28.
Compilation failed in require at /usr/share/perl5/if.pm line 13.
BEGIN failed--compilation aborted at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/Platform.pm line 18.
Compilation failed in require at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/ClientAPI.pm line 17.
BEGIN failed--compilation aborted at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/ClientAPI.pm line 17.
Compilation failed in require at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 12.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 12.


How to fix these problems ?

Please note that i've use the latest version of CustomBuild 2.0 on DirectAdmin 1.55 and CPAN and SUDO utils was installed on the system before installation of ModSecurity.

Regards,
« Last Edit: January 30, 2019, 02:05:19 AM by moein »

Offline SergeiP

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 205
Re: Comodo WAF for DirectAdmin
« Reply #116 on: January 30, 2019, 07:22:48 AM »
Hi, moein,
seems like apart from DirectAdmin you have Webmin installed on this server. The install script checks the system for a list of panels in a row and if any is detected, setups the configuration for this panel. Webmin is higher in this list of panels, hence I suppose has been chosen by the install script.
Regards.

Offline moein

  • Newbie
  • *
  • Posts: 2
Re: Comodo WAF for DirectAdmin
« Reply #117 on: January 30, 2019, 01:33:07 PM »
Quote
seems like apart from DirectAdmin you have Webmin installed on this server.

Yes, i'm using Webmin alongside DirectAdmin.

Quote
Webmin is higher in this list of panels, hence I suppose has been chosen by the install script.

This is what exactly happened during the installation, So How To Fix this problem ?! You should do some changes inside install script to install the Comodo WAF plugin only for DirectAdmin, and release a separate script for Webmin.

i've checked my webmin panel but there is no Comodo WAF plugin over there, the installation script failed to install WAF plugin at all.
« Last Edit: January 30, 2019, 01:35:18 PM by moein »

Offline pouyar69

  • Newbie
  • *
  • Posts: 1
Re: Comodo WAF for DirectAdmin
« Reply #118 on: February 03, 2019, 05:54:53 PM »
Hi.

i tried to install mod security comodo rules:

Code: [Select]
cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build nginx_apace

but after installation nginx cant start:

Code: [Select]
Restarting nginx.
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

and when I run nginx -t:

Code: [Select]
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions
can only be placed once per phase and configuration context. Phase 2 was informed already.  in /etc/nginx/nginx-modsecurity-enable.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed


and systemctl status nginx.service:

Code: [Select]

● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2019-02-04 01:58:06 +0330; 23s ago
  Process: 8714 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
 Main PID: 25204 (code=exited, status=0/SUCCESS)

Feb 04 01:58:06 srv.xyz.com systemd[1]: Starting The nginx HTTP and reve....
Feb 04 01:58:06 srv.xyz.com nginx[8714]: nginx: [emerg] "modsecurity_rul...2
Feb 04 01:58:06 srv.xyz.com nginx[8714]: nginx: configuration file /etc/...d
Feb 04 01:58:06 srv.xyz.com systemd[1]: nginx.service: control process e...1
Feb 04 01:58:06 srv.xyz.com systemd[1]: Failed to start The nginx HTTP a....
Feb 04 01:58:06 srv.xyz.com systemd[1]: Unit nginx.service entered faile....
Feb 04 01:58:06 srv.xyz.com systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.


Offline maryprincyedward

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #119 on: February 05, 2019, 09:15:35 AM »
Hi,

Sorry for the inconvenience. If you have this issue still now. Please uninstall webmin and reinstall the cwaf plugin. Thanks for contacting Us.

Hi.

i tried to install mod security comodo rules:

Code: [Select]
cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build nginx_apace

but after installation nginx cant start:

Code: [Select]
Restarting nginx.
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

and when I run nginx -t:

Code: [Select]
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions
can only be placed once per phase and configuration context. Phase 2 was informed already.  in /etc/nginx/nginx-modsecurity-enable.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed


and systemctl status nginx.service:

Code: [Select]

● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2019-02-04 01:58:06 +0330; 23s ago
  Process: 8714 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
 Main PID: 25204 (code=exited, status=0/SUCCESS)

Feb 04 01:58:06 srv.xyz.com systemd[1]: Starting The nginx HTTP and reve....
Feb 04 01:58:06 srv.xyz.com nginx[8714]: nginx: [emerg] "modsecurity_rul...2
Feb 04 01:58:06 srv.xyz.com nginx[8714]: nginx: configuration file /etc/...d
Feb 04 01:58:06 srv.xyz.com systemd[1]: nginx.service: control process e...1
Feb 04 01:58:06 srv.xyz.com systemd[1]: Failed to start The nginx HTTP a....
Feb 04 01:58:06 srv.xyz.com systemd[1]: Unit nginx.service entered faile....
Feb 04 01:58:06 srv.xyz.com systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.


 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek