Author Topic: Comodo WAF for DirectAdmin  (Read 14440 times)

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Re: Comodo WAF for DirectAdmin
« Reply #15 on: March 12, 2015, 06:17:36 AM »
What I mean is for Control Panel?

We have Webmin support in the todo list, but I can't say when we will release it.

Each new platform increases support work and now we have a lot of work with resolving issues and updating documentations for cPanel, DirectAdmin and Plesk.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1498
  • BETA FORCE MEMBER
Re: Comodo WAF for DirectAdmin
« Reply #16 on: March 12, 2015, 12:46:40 PM »
We have Webmin support in the todo list, but I can't say when we will release it.

Each new platform increases support work and now we have a lot of work with resolving issues and updating documentations for cPanel, DirectAdmin and Plesk.

I understand that. So, nothing for ISPConfig in the future?

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Re: Comodo WAF for DirectAdmin
« Reply #17 on: March 13, 2015, 04:06:15 AM »
I understand that. So, nothing for ISPConfig in the future?

Why not? I'll forward wishes about ISPConfig  support to our management department.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1498
  • BETA FORCE MEMBER
Re: Comodo WAF for DirectAdmin
« Reply #18 on: March 13, 2015, 02:22:14 PM »
Why not? I'll forward wishes about ISPConfig  support to our management department.

Thanks! That would be great!!!!!  :) :-TU

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Comodo WAF for DirectAdmin
« Reply #19 on: March 20, 2015, 06:20:35 AM »
Comodo Free ModSecurity Rules for DirectAdmin Documentation is now available by the link:

https://help.comodo.com/topic-212-1-671-8351-Comodo-Free-ModSecurity-Rules-for-DirectAdmin--Introduction.html
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Comodo WAF provides Nginx protection now
« Reply #20 on: April 20, 2015, 05:56:31 AM »
Starting from CWAF client version 2.7 all DirectAdmin users with Nginx Web Server can use Comodo WAF protection.

Just install last version of CustomBuild and choose Comodo Rules for Nginx Web Server and rebuild ModSecurity rules.
« Last Edit: April 20, 2015, 06:28:36 AM by vadim »
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline interfasys

  • Newbie
  • *
  • Posts: 11
Re: Comodo WAF for DirectAdmin
« Reply #21 on: April 28, 2015, 08:17:27 AM »
I have one request.

On FreeBSD, check if p5-Net-SSLeay is already installed, before trying to call pkg.
Quite a few admins use the ports package management and that command
Code: [Select]
pkg install -y p5-Net-SSLeaywill break things.

Also, the shebang in installer.sh should be updated to
Code: [Select]
/usr/bin/env bash
« Last Edit: April 28, 2015, 08:21:31 AM by interfasys »
FreeBSD - DirectAdmin - Apache

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 274
Re: Comodo WAF for DirectAdmin
« Reply #22 on: April 28, 2015, 09:23:43 AM »
Hi interfasys

Thank you for suggestion. I will add this to next client release.

Regards, Oleg

Offline Naruto_Xboy

  • Newbie
  • *
  • Posts: 5
Re: Comodo WAF for DirectAdmin
« Reply #23 on: May 05, 2015, 09:45:40 PM »
Hello every body
after use custom build of directadmin
i'm go to directadmin cp an go to Extra Features > Comodo WAF 2.7
but have error
Code: [Select]
» Home » CWAF 2.7
can't read config /usr/local/cwaf/etc/main.conf: Permission denied at /usr/local/share/perl5/Comodo/CWAF/Main.pm line 27.
Compilation failed in require at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 10.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 10.

can you help me to fix it
thank you very much


^^ i'm resolv it :D

chmod 644 /usr/local/cwaf/etc/main.conf

ok but have error
 (Connection error: sorry, you must have a tty to run sudo)
« Last Edit: May 05, 2015, 10:09:11 PM by Naruto_Xboy »

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 364
Re: Comodo WAF for DirectAdmin
« Reply #24 on: May 06, 2015, 03:37:37 AM »
Hello,

It seems your /etc/sudoers contains

Defaults    requiretty

Link below describes how to fix  it globally or for user, group or some commands
https://www.shell-tips.com/2014/09/08/sudo-sorry-you-must-have-a-tty-to-run-sudo/

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 274
Re: Comodo WAF for DirectAdmin
« Reply #25 on: May 06, 2015, 04:26:47 AM »
Hi Naruto_Xboy

CWAF use sudo to run high privileged command such as restart Apache etc.
Please check if sudo installed, CWAF sudoers file ( /etc/sudoers.d/cwaf ) present and included in main sudoers file (usually /etc/sudoers).

Regards, Oleg

Offline Naruto_Xboy

  • Newbie
  • *
  • Posts: 5
Re: Comodo WAF for DirectAdmin
« Reply #26 on: May 06, 2015, 11:34:38 AM »
Hello,

It seems your /etc/sudoers contains

Defaults    requiretty

Link below describes how to fix  it globally or for user, group or some commands
https://www.shell-tips.com/2014/09/08/sudo-sorry-you-must-have-a-tty-to-run-sudo/
Hi Naruto_Xboy

CWAF use sudo to run high privileged command such as restart Apache etc.
Please check if sudo installed, CWAF sudoers file ( /etc/sudoers.d/cwaf ) present and included in main sudoers file (usually /etc/sudoers).

Regards, Oleg


Ok thank you after i change 

Code: [Select]
Defaults    !requiretty in /etc/sudoes
and add
Code: [Select]
%admin ALL=NOPASSWD: ALL
have error

Code: [Select]
Current rules version 1.28 (Latest version)
CWAF plugin version 2.7 (Connection error: )

can you help me to include  /etc/sudoers.d/cwaf    to   /etc/sudoers

here is sudoes file
Code: [Select]
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
Defaults    !requiretty

#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults   !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults    always_set_home

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d


%admin ALL=NOPASSWD: ALL


and here is cwaf file
Code: [Select]
Defaults:root !requiretty
Defaults:cwaf_plugin !requiretty
cwaf_plugin        ALL=(ALL)       NOPASSWD: /usr/local/cwaf/scripts/cwaf-wrapper.pl

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 364
Re: Comodo WAF for DirectAdmin
« Reply #27 on: May 07, 2015, 03:57:33 AM »
/etc/sudoers.d/cwaf   is included  to   /etc/sudoers, because

Code: [Select]
#includedir /etc/sudoers.d
is in /etc/sudoers.
# is not a comment  in this case.

Please, run
sudo /usr/local/cwaf/scripts/update-client.pl -v
« Last Edit: May 07, 2015, 04:14:35 AM by akabakov »

Offline Naruto_Xboy

  • Newbie
  • *
  • Posts: 5
Re: Comodo WAF for DirectAdmin
« Reply #28 on: May 07, 2015, 09:05:24 AM »
/etc/sudoers.d/cwaf   is included  to   /etc/sudoers, because

Code: [Select]
#includedir /etc/sudoers.d
is in /etc/sudoers.
# is not a comment  in this case.

Please, run
sudo /usr/local/cwaf/scripts/update-client.pl -v

After i remove # in #includedir /etc/sudoers.d

and run sudo /usr/local/cwaf/scripts/update-client.pl -v

so error
Code: [Select]
[root[at]sv ~]# sudo /usr/local/cwaf/scripts/update-client.pl -v
sudo: >>> /etc/sudoers: syntax error near line 118 <<<
sudo: parse error in /etc/sudoers near line 118
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin


and i restore it to #includedir /etc/sudoers.d

and run sudo /usr/local/cwaf/scripts/update-client.pl -v

Code: [Select]
[root[at]sv ~]# sudo /usr/local/cwaf/scripts/update-client.pl -v
Plugin version=2.7
Last available version=2.7
Installed for web platform=Apache


Current rules version    1.28 (Latest version)
CWAF plugin version    2.7 (Connection error: )

and here is log

Code: [Select]
May  7 20:03:22 sv sudo:     root : parse error in /etc/sudoers near line 118 ; TTY=pts/0 ; PWD=/root ;
May  7 20:06:21 sv sudo:     root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/local/cwaf/scripts/update-client.pl -v
May  7 20:06:37 sv sudo:    admin : TTY=unknown ; PWD=/usr/local/directadmin ; USER=root ; COMMAND=/usr/local/cwaf/scripts/cwaf-wrapper.pl da_request_modsec
May  7 20:06:37 sv sudo:    admin : TTY=unknown ; PWD=/usr/local/directadmin ; USER=root ; COMMAND=/usr/local/cwaf/scripts/cwaf-wrapper.pl check_modsec_loaded
May  7 20:06:37 sv sudo:    admin : TTY=unknown ; PWD=/usr/local/directadmin ; USER=root ; COMMAND=/usr/local/cwaf/scripts/cwaf-wrapper.pl da_get_domainlist
May  7 20:06:39 sv sudo:    admin : TTY=unknown ; PWD=/usr/local/directadmin ; USER=root ; COMMAND=/usr/local/cwaf/scripts/cwaf-wrapper.pl da_get_version
May  7 20:06:41 sv sudo:    admin : TTY=unknown ; PWD=/usr/local/directadmin ; USER=root ; COMMAND=/usr/local/cwaf/scripts/cwaf-wrapper.pl da_request_modsec


« Last Edit: May 07, 2015, 09:20:58 AM by Naruto_Xboy »

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 274
Re: Comodo WAF for DirectAdmin
« Reply #29 on: May 11, 2015, 09:01:51 AM »
Hi

Can you please try to run this command from unprivileged user cwaf_plugin ?
Login to this account with
# su - cwaf_plugin
and run
$ sudo /usr/local/cwaf/scripts/cwaf-wrapper.pl da_get_domainlist
$ sudo /usr/local/cwaf/scripts/cwaf-wrapper.pl check_modsec_loaded
$ sudo /usr/local/cwaf/scripts/cwaf-wrapper.pl da_get_version

It may require to modify your /etc/passwd changing shell setting for this user from /bin/false or /sbin/nologin to other shell
« Last Edit: May 11, 2015, 09:11:58 AM by oleg.tsygany »

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek