Need Developers Help!!!

Hello,

Recently we created a tutorial on how to perfectly integrate Comodo WAF with Centos Web Panel

https://blog.bullten.com/installing-comodo-waf-with-gui-in-cwp/

Here is out demo installation to show

http://mail.winningmonkey.net:5580/manage/

But I am facing few issues

  1. Mod_security loaded no
    It should show yes as it is loaded. Also apachectl is working fine. Why it isnt showing correctly?

  2. Found websites no
    It should also show number of websites

  3. Upon enabling disabling rules or domains Apache should restart automatically but its not restarting. It does show a message that it has been restarted but it is not doing so.

Any help from developers would be highly appreciated :slight_smile:

More issue

Updating cwaf plugin gives error “cannot read updater.log”

I went ahead and did

touch /var/log/CWAF/updater.log

Upon running update again it doesnt give any error but doesnt update plugin too.

Uisng command line is working very fine.

perl /usr/local/cwaf/scripts/update-client.pl

It has to do something with suid file. Changing its permission enables few things but disabled some other things.

Hello,

This is amazing how you managed to integrate CWAF into CWP!
Unfortunately for full integration required Perl module, which written for every web panel using CWAF (cPanel, Plesk, DirectAdmin, Webmin…)
Example of these modules you can find in folder:
/usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF
And they contain Perl code to restart web server, count number of sites installed etc.
Without such module I’m afraid full integration is not possible :frowning:

With best regards, Oleg

I see Standalone.pm containing full functions. It should work isnt it?

Can you let me know what perl modules I am missing? So I can go ahead and install them. Well also before installing CWAF I was asked to automatically install the required missing modules and it was done without any error. Dont you think its something else.

In disabled domain section it shows all domains avilable but it fails to count them. It does disable domain but fail to restart httpd.

Hello,

There is other workaround :slight_smile:
scripts/standalone-gui.pl run small Perl-based web server on 127.0.0.1 (config in etc/standalone-gui.conf )

This server returns CWAF web interface. I think it possible to proxy this page out, so no additional Perl modules required (because Standalone.pm will be used)

With best regards, Oleg

Well also I would request you to once check this url

https://mail.winningmonkey.net:5580/manage/

with all the functions. Almost all the functions are working just 2-3 arent .

Nvm I got solutions of issue.

I was making wrong permission for suid file. It should be root:cwaf and I was making it cwaf:cwaf.

chown root:$SUID_USER "$CWAF_INSTALL_PATH/scripts/suid"

Second there is issue within install itself. The installer is making permission of 4111 but actually the suid will need to have 4775. I checked suid.c file and found the url from where it was taken Writing a plugin | Directadmin Docs. Its clear form there 4755 should be permission not 4111 else it wont execute.

chmod 4111 "$CWAF_INSTALL_PATH/scripts/suid"

Hello,

Glad to hear issue was resolved! But there is one not so good thing.
I just noticed CWAF actually run in Standalone mode. And its web GUI exposed out to public which is not good, because anyone who know control URL can manage your Modsecurity and even turn it off.
Maybe will be good to wrap this URL in some authentication, so anyone can not get access to it.

With best regards, Oleg

I just opened that url to show you how it is working. In future it will be password protected for sure :slight_smile:

Installed on another server and now the same issue on it. Can you list me all the perl modules needed for its functioning?

I guess this is not Perl modules but permissions issue again.
By the way it possible to debug plugin by changing “debug” value to to “debug=11” (from “debug=1”) in /etc/cwaf/main.conf
Detailed logs will be provided after that.

With best regards, Oleg

Nothing in log :frowning:

16/08/18 07:57:21 cwaf-wrapper[10096] running command: restart_apache 16/08/18 07:57:21 cwaf-wrapper[10096] INFO: run_shellcmd('which apachectl') RETURN: '/usr/sbin/apachectl' 16/08/18 07:57:21 cwaf-wrapper[10096] INFO: run_shellcmd('which apache2ctl') RETURN: 'which: no apache2ctl in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)' 16/08/18 07:57:21 cwaf-wrapper[10096] INFO: run_shellcmd('/usr/sbin/apachectl graceful') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message' 16/08/18 08:06:43 cwaf-wrapper[11320] running command: check_apache_syntax 16/08/18 08:06:43 cwaf-wrapper[11320] INFO: run_shellcmd('which apachectl') RETURN: '/usr/sbin/apachectl' 16/08/18 08:06:43 cwaf-wrapper[11320] INFO: run_shellcmd('which apache2ctl') RETURN: 'which: no apache2ctl in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)' 16/08/18 08:06:44 cwaf-wrapper[11320] INFO: run_shellcmd('/usr/sbin/apachectl -t') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message Syntax OK' 16/08/18 08:06:44 cwaf-wrapper[11329] running command: restart_apache 16/08/18 08:06:44 cwaf-wrapper[11329] INFO: run_shellcmd('which apachectl') RETURN: '/usr/sbin/apachectl' 16/08/18 08:06:44 cwaf-wrapper[11329] INFO: run_shellcmd('which apache2ctl') RETURN: 'which: no apache2ctl in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)' 16/08/18 08:06:44 cwaf-wrapper[11329] INFO: run_shellcmd('/usr/sbin/apachectl graceful') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message' 16/08/18 08:06:44 cwaf-wrapper[11338] running command: check_apache_syntax 16/08/18 08:06:44 cwaf-wrapper[11338] INFO: run_shellcmd('which apachectl') RETURN: '/usr/sbin/apachectl' 16/08/18 08:06:44 cwaf-wrapper[11338] INFO: run_shellcmd('which apache2ctl') RETURN: 'which: no apache2ctl in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)' 16/08/18 08:06:45 cwaf-wrapper[11338] INFO: run_shellcmd('/usr/sbin/apachectl -t') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message Syntax OK' 16/08/18 08:06:45 cwaf-wrapper[11542] running command: restart_apache 16/08/18 08:06:45 cwaf-wrapper[11542] INFO: run_shellcmd('which apachectl') RETURN: '/usr/sbin/apachectl' 16/08/18 08:06:45 cwaf-wrapper[11542] INFO: run_shellcmd('which apache2ctl') RETURN: 'which: no apache2ctl in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)' 16/08/18 08:06:45 cwaf-wrapper[11542] INFO: run_shellcmd('/usr/sbin/apachectl graceful') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message' 16/08/18 08:06:46 cwaf-wrapper[11551] running command: check_apache_syntax 16/08/18 08:06:46 cwaf-wrapper[11551] INFO: run_shellcmd('which apachectl') RETURN: '/usr/sbin/apachectl' 16/08/18 08:06:46 cwaf-wrapper[11551] INFO: run_shellcmd('which apache2ctl') RETURN: 'which: no apache2ctl in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)' 16/08/18 08:06:46 cwaf-wrapper[11551] INFO: run_shellcmd('/usr/sbin/apachectl -t') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message Syntax OK' 16/08/18 08:06:46 cwaf-wrapper[11755] running command: restart_apache 16/08/18 08:06:46 cwaf-wrapper[11755] INFO: run_shellcmd('which apachectl') RETURN: '/usr/sbin/apachectl' 16/08/18 08:06:46 cwaf-wrapper[11755] INFO: run_shellcmd('which apache2ctl') RETURN: 'which: no apache2ctl in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)' 16/08/18 08:06:47 cwaf-wrapper[11755] INFO: run_shellcmd('/usr/sbin/apachectl graceful') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message'

Now this is amazing

run_shellcmd('/usr/sbin/apachectl graceful') RETURN: 'AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server1.bullten.net. Set the 'ServerName' directive globally to suppress this message'

After suppressing ServerName the apache restart works fine. But above is not error its a warning. Apache still restarts with the warning above but your software takes its as error and fails to restart.

Well I finally succeed in getting domain list too.

nano /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/Standalone.pm

Finding

$info->{'httpd_version'} = $tmp{'httpd_version'}; $info->{'mod_security_loaded'} = defined($tmp{'mod_security_loaded'}) ? "yes" : "no"; $info->{'mod_security_compat'} = check_modsec_compat(\%tmp) ? "yes" : "no"; $info->{'mod_security_conf'} = &get_modsec_filename(); my $domains = []; my $dc = scalar @$domains; $info->{'vhosts_count'} = $dc ? $dc : "no";

Replace “my $domains = [];” with “my $domains = &st_get_domainlist();”

So it will look like

$info->{'httpd_version'} = $tmp{'httpd_version'}; $info->{'mod_security_loaded'} = defined($tmp{'mod_security_loaded'}) ? "yes" : "no"; $info->{'mod_security_compat'} = check_modsec_compat(\%tmp) ? "yes" : "no"; $info->{'mod_security_conf'} = &get_modsec_filename(); my $domains = &st_get_domainlist(); my $dc = scalar @$domains; $info->{'vhosts_count'} = $dc ? $dc : "no";

Now we get domain list too and all functions are working too just like it works in cpanel :slight_smile: :-TU :P0l

Here is finally guide for anyone who wants to install Comodo WAF on CentOS Web panel (CWP)

https://blog.bullten.com/centos-web-panel/installing-comodo-waf-with-gui-in-cwp/

All functions are working fine :slight_smile: