Fedora 29 Default Install Failed

Hi Everyone,
I have just installed CAF on Fedora 29, Mod Security caused Apache to crash below -

Jan 24 17:19:29 server systemd[1]: Starting The Apache HTTP Server…
Jan 24 17:19:29 server httpd[13265]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 34 of /etc/httpd/conf.d/zzzz_cwaf_sec>
Jan 24 17:19:29 server systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Jan 24 17:19:29 server systemd[1]: httpd.service: Failed with result ‘exit-code’.
Jan 24 17:19:29 server systemd[1]: Failed to start The Apache HTTP Server.
[root@server msheppard]# systemctl restart httpd

After going into /etc/httpd/conf.d/zzzz_cwaf_security2.conf and removing line 34 it restarted fine but line was Include “/usr/local/cwaf/etc/cwaf.conf” surely that is vital for the CAF to work and block attacks?

Thanks

Rockyuk

Hello,

Can you provide version for the following?

  1. modsecurity
  2. cwaf plugin
  3. rules
  4. apache
    Also please provide content of configuration file, zzzz_cwaf_security2.conf file.

Thank You.

Please find below the information you requested

  1. modsecurity

mod_security.x86_64 2.9.2-6.fc29

  1. cwaf plugin

2.24.3

  1. rules

1.195

  1. apache

2.4.37

Also please provide content of configuration file, zzzz_cwaf_security2.conf file.

<IfModule !mod_security2.c>
LoadModule security2_module modules/mod_security2.so

SecAuditLogStorageDir /var/log/httpd/modsec_audit SecAuditLogType Concurrent SecAuditLogStorageDir /var/log/httpd/modsec_audit SecAuditLogType Concurrent

SecServerSignature “Protected by COMODO WAF”

SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log
SecDebugLog /var/log/httpd/modsec_debug.log
SecAuditLogType Serial
SecDebugLogLevel 0
SecRequestBodyAccess On
SecRequestBodyLimitAction ProcessPartial
SecDataDir /tmp
SecTmpDir /tmp
SecUploadDir /tmp
SecCollectionTimeout 600
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000

##Include “/usr/local/cwaf/etc/cwaf.conf”##

Thanks

Rockyuk

Hello,

Can you let us know, you have provided default configuration or update configuration manually? Do you installed any CMS like WordPress?
Kindly uninstall plugin using “uninstall_cwaf.sh” script which located in /usr/local/cwaf/scripts. And install plugin again using “cwaf_client_install.sh”

Thank you.

Hi there,
This is the default configuration, i had to disable this line ##Include “/usr/local/cwaf/etc/cwaf.conf”## as apache would not start.

I have nothing installed on this server as it is a fresh install.

Ok i will try the uninstall and reinstall now.

Just checked and i did install it with cwaf_client_install.sh, what would reinstalling it with the same script do?

Hello,

Please reinstall with cwaf_client_install.sh

Thank You.

on reinstall

| LOG : mkdir -p /usr/local/cwaf
| LOG : Preparing files …
| LOG : Preparing file web/cpanel/addon_cwaf.cgi
| LOG : Preparing file web/cpanel/cwaf_catalog.cgi
| LOG : Preparing file web/cpanel/cwaf_cwatch.cgi
| LOG : Preparing file web/cpanel/cwaf_main.cgi
| LOG : Preparing file etc/addon_cwaf.conf
| LOG : Preparing file etc/cwaf.conf
| LOG : Preparing file etc/main.conf
| LOG : Preparing file etc/modsec2_cpanel.conf
| LOG : Preparing file etc/modsec2_cpanel_ea4.conf
| LOG : Preparing file etc/modsec2_da_ap.conf
| LOG : Preparing file etc/modsec2_da_nginx.conf
| LOG : Preparing file etc/modsec2_nginx.conf
| LOG : Preparing file etc/modsec2_plesk.conf
| LOG : Preparing file etc/modsec2_standalone.conf
| LOG : Preparing file etc/modsec2_webmin.conf
| LOG : Preparing file etc/standalone-gui.conf
| LOG : Preparing file etc/main.conf-skel
| LOG : Preparing file scripts/cwaf-cli.pl
| LOG : Preparing file scripts/cwaf-wrapper.pl
| LOG : Preparing file scripts/fix_exclude_cache.pl
| LOG : Preparing file scripts/fix_excludes.pl
| LOG : Preparing file scripts/standalone-gui.pl
| LOG : Preparing file scripts/suid.c
| LOG : Preparing file scripts/uninstall_cwaf.sh
| LOG : Preparing file scripts/uninstall_perl_mods.pl
| LOG : Preparing file scripts/update-client.pl
| LOG : Preparing file scripts/updater.pl
| LOG : Preparing file etc/version.dat
| LOG : Preparing file modules/CPAN/lib/Comodo/CWAF/Main.pm
| LOG : Preparing file web/plesk/plugin/plib/modules/cwaf/meta.xml
| LOG : Preparing file web/directadmin/plugin.conf
| LOG : Preparing file web/directadmin/hooks/admin_img.html
| LOG : Preparing file web/directadmin/hooks/admin_txt.html
| LOG : Uninstalling previous Comodo perl modules
| LOG : Fixing perms
| LOG : mode of ‘etc/main.conf’ changed from 0664 (rw-rw-r–) to 0600 (rw-------)
| LOG : mode of ‘web/cpanel/addon_cwaf.cgi’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘web/cpanel/cwaf_catalog.cgi’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘web/cpanel/cwaf_cwatch.cgi’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘web/cpanel/cwaf_main.cgi’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/cwaf-cli.pl’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/cwaf-wrapper.pl’ retained as 0755 (rwxr-xr-x)
| LOG : mode of ‘scripts/cwatch’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/EasyApache’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/fix_exclude_cache.pl’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/fix_excludes.pl’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/standalone-gui.pl’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/suid.c’ changed from 0664 (rw-rw-r–) to 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/uninstall_cwaf.sh’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/uninstall_perl_mods.pl’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/update-client.pl’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/updater.pl’ retained as 0775 (rwxrwxr-x)
| LOG : mode of ‘scripts/cwaf-wrapper.pl’ changed from 0755 (rwxr-xr-x) to 0100 (–x------)
| LOG : Cleaning up some old files…
| LOG : Copying files to /usr/local/cwaf
| LOG : Preparing dirs
| LOG : ‘/usr/local/cwaf/rules’ → ‘/usr/local/cwaf/tmp/EMPTY’
| LOG : ‘/usr/local/cwaf/logs’ → ‘/var/log/CWAF’
| LOG : removed ‘/etc/cwaf’
| LOG : ‘/etc/cwaf’ → ‘/usr/local/cwaf/etc’
| LOG : Register Comodo WAF Webmin Plugin
| LOG : Installed Comodo WAF in /usr/libexec/webmin/cwaf (24 kb)
| LOG : ‘/usr/libexec/webmin/cwaf/cwaf’ → ‘/usr/local/cwaf/web/cwaf’
| LOG : renamed ‘/usr/local/cwaf/web/cwaf/tpl/index_webmin.html’ → ‘/usr/local/cwaf/web/cwaf/tpl/index.html’
| LOG : Copy Comodo WAF Mod_security configuration to Apache HTTPD directory
| LOG : ‘etc/modsec2_webmin.conf’ → ‘/etc/httpd/conf.d/zzzz_cwaf_security2.conf’

Do you want to protect your server with default rule set? [y/n]: y
±-----------------------------------------------------
| Warning! Rules have not been updated. Check your credentials and try again later manually
±-----------------------------------------------------
| LOG : Warning! Rules have not been updated. Check your credentials and try again later manually
| LOG : All Done!
±-----------------------------------------------------
| Installation complete!
| You may examine log file
| /tmp/cwaf_install.log.9169
| for errors in case not everything went flawless.
| Also you may examine file
| /usr/local/cwaf/INFO.TXT
| for some useful software information.
±-----------------------------------------------------
[root@server ~]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code.
See “systemctl status httpd.service” and “journalctl -xe” for details.

Jan 25 13:39:58 server systemd[1]: Starting The Apache HTTP Server…
Jan 25 13:39:58 server httpd[10364]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 32 of /etc/httpd/conf.d/zzzz_cwaf_sec>
Jan 25 13:39:58 server systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Jan 25 13:39:58 server systemd[1]: httpd.service: Failed with result ‘exit-code’.
Jan 25 13:39:58 server systemd[1]: Failed to start The Apache HTTP Server.

Hello,

Kindly uncomment string and perform “apachectl configtest”. Also please provide error log.

Thank You.

Hi there,
I have resolved it by moving over to CentOS 7 and it’s all working fine.

Thanks

Rockyuk