Installer can't detect mod_security (Not found mod_security)

Chris-M · May 1, 2015, 5:20pm

I have just installed mod_security 2.8 from the Atomic repository on a CentOS 6.6 server running Plesk 11.5. I have restarted the web server so that mod_security is loaded. However, when I run the cwaf_client_install.sh installer, it cannot detect mod_security:

01-05-2015 19:11:07 Starting the installation
01-05-2015 19:11:08 ----------------Checking Apache-----------------------
01-05-2015 19:11:08 Found APACHE version 2.2.15
01-05-2015 19:11:08 Failed to aquire MODSECURITY version
01-05-2015 19:11:13 ---------------Checking LiteSpeed---------------------
01-05-2015 19:11:13 LiteSpeed binary /usr/local/lsws/bin/lshttpd not found!
01-05-2015 19:11:14 -----------------Checking Nginx-----------------------
01-05-2015 19:11:14 Found Nginx binary /usr/sbin/nginx
01-05-2015 19:11:14 Found Nginx version 1.5.0
01-05-2015 19:11:14 Mod Security NOT supported in this version of Nginx
01-05-2015 19:11:15 ------------------------------------------------------

mod_security is definitely loaded:

apachectl -M | grep security
Syntax OK
 security2_module (shared)

What can we do to get this to work? I have reverted to using mod_security 2.7 from the EPEL repository in the meantime but this doesn’t support the most recent rulesets.

Thanks,
Chris

Chris-M · May 1, 2015, 5:43pm

Update: the EPEL mod_security package no longer works with CWAF (this was working before I installed mod_security from Atomic so something has broken since that point).

I’ve looked through installer.sh to check how the script is identifying mod_security, and it’s failing because the following line is not returning any results:

grep '/mod_security2.so' /proc/646/maps | head -n1 | awk '{print $6}'

This is from line 767 of installer.sh, so we need to work out why “mod_security2.so” is not in the maps file…

Chris-M · May 1, 2015, 6:03pm

Fixed - we had orphaned httpd processes which would not stop. The CWAF installer.sh was getting the PID of one of the orphaned processes which did not have mod_security2.so loaded. We just had to do the following:

/etc/init.d/httpd stop
ps aux | grep httpd
kill -9 <PIDs of httpd processes>
/etc/init.d/httpd start

Hope this helps anyone else with the same issue.

oleg.tsygany · May 1, 2015, 8:29pm

Hi

Thank you for reporting this issue.
Is mod_security 2.8.0 working now ?

Regards, Oleg

Chris-M · May 1, 2015, 9:31pm

Thanks for checking in, Oleg. Yes, we were able to run the installer once the orphaned httpd processes had been killed. 2.8 is now working well.