search

owasp-modsecurity / ModSecurity-apache

ModSecurity v3 Apache Connector
Apache License 2.0
87 stars 51 forks source link

./configure fails... configure: error: ModSecurity libraries not found! #55

Open flatline-studios opened 5 years ago

flatline-studios commented 5 years ago

Pulling my hair out with this.

I built libmodsecurity from source, and it seems to of installed properly... Here's what I get:

$ ls -halF /usr/local/modsecurity/lib/

drwxr-xr-x    3 root     root        4.0K Jan 30 20:10 ./
drwxr-xr-x    5 root     root        4.0K Jan 30 20:10 ../
-rw-r--r--    1 root     root       83.7M Jan 30 20:09 libmodsecurity.a
-rwxr-xr-x    1 root     root        1.0K Jan 30 20:09 libmodsecurity.la*
lrwxrwxrwx    1 root     root          23 Jan 30 20:09 libmodsecurity.so -> libmodsecurity.so.3.0.3*
lrwxrwxrwx    1 root     root          23 Jan 30 20:10 libmodsecurity.so.3 -> libmodsecurity.so.3.0.3*
-rwxr-xr-x    1 root     root       45.8M Jan 30 20:09 libmodsecurity.so.3.0.3*
drwxr-xr-x    2 root     root        4.0K Jan 30 20:10 pkgconfig/

Looks like it's installed...

$ pwd

/usr/src/ModSecurity-apache

That's where https://github.com/SpiderLabs/ModSecurity-apache is cloned to...

./configure

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
configure: looking for Apache module support via DSO through APXS
configure: found APXS at /usr/local/apache2/bin/apxs
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... none
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
configure: looking for libmodsecurity
checking for msc_init in -lmodsecurity... no
configure: error: ModSecurity libraries not found!

Is what I get when trying to run the configure script.

Is there an option or something I should be passing somewhere to tell the Apache Connector where the libmodsecurity files are? If so, where is any of this documented?

I'm very new to compiling C/C++, and haven't ever really done it before, so sorry if this is really basic stuff.

This is on Alpine, running in a Docker container.

Thanks!

flatline-studios commented 5 years ago

Having a look at: find_libmodsec.m4

I can see that the configure script looks like it can take an argument, --with-libmodsecurity=FILE, so when I ran:

$ ./configure --with-libmodsecurity=/usr/local/modsecurity/

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
configure: looking for Apache module support via DSO through APXS
configure: found APXS at /usr/local/apache2/bin/apxs
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... none
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
configure: looking for libmodsecurity
checking for msc_init in -lmodsecurity... yes
checking modsecurity/modsecurity.h usability... yes
checking modsecurity/modsecurity.h presence... yes
checking for modsecurity/modsecurity.h... yes
checking if apache is wanted... yes
checking for httpd... /usr/sbin/httpd
checking apache modules... not found
checking for perl... /usr/bin/perl
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
Found Apache with MPM prefork, shared.
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) none
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating build/apxs-wrapper
config.status: creating tests/regression/server_root/conf/httpd.conf
config.status: creating tests/regression/misc/40-secRemoteRules.t
config.status: creating tests/regression/misc/60-pmfromfile-external.t
config.status: creating tests/regression/misc/50-ipmatchfromfile-external.t
config.status: creating tests/run-regression-tests.pl
config.status: executing depfiles commands

It seems like it found the modsecurity file, and finished correctly... The weird thing is, I'm not sure if I'm reading that file correctly, but it looks like that should already be the default value.

I then noticed that it looks like:

  if test "$withval" = "yes"; then
    AC_SUBST(CPPFLAGS, "$CPPFLAGS -I/usr/local/modsecurity/include/ -L/usr/local/modsecurity/lib/")
    V3INCLUDE="/usr/local/modsecurity/include/"
    V3LIB="/usr/local/modsecurity/lib/"
  else
    AC_SUBST(CPPFLAGS, "$CPPFLAGS -I${withval}/include/ -L${withval}/lib/")
    V3INCLUDE="${withval}/include/"
    V3LIB="${withval}/lib/"
  fi

(That's lines 9-17)

Are the if/else statements the wrong way around? It looks like it's saying if the arguments given, stick in the fixed default value, otherwise use the (non-existent) variables to fill in the path..? Not sure if I'm reading that correctly, but that's how it looks to me.

Could that be the cause? And it just so happens that when I put in a value, any value, for the --with-libmodsecurity it worked, as my libmodsecurity is installed into the default location?

victorhora commented 5 years ago

Hi @flatline-studios

Can you check if the approaches suggested here works for you?

https://github.com/SpiderLabs/ModSecurity-apache/issues/47

drmuey commented 3 years ago

@zimmerle this patch allows --with-libmodsecurity=PATH to work, interested in a pull request?

# cat SOURCES/0001-Fix-with-libmodsecurity.patch 
From 2ac060550f5183fd7168acc51dd765e97c57a2da Mon Sep 17 00:00:00 2001
From: Daniel Muey <dan@cpanel.net>
Date: Wed, 9 Sep 2020 10:23:58 -0500
Subject: [PATCH] Fix `--with-libmodsecurity`

---
 build/find_libmodsec.m4 | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/build/find_libmodsec.m4 b/build/find_libmodsec.m4
index 2a6c82d..bf60f8b 100644
--- a/build/find_libmodsec.m4
+++ b/build/find_libmodsec.m4
@@ -27,9 +27,19 @@ if test -z "$V3PATH"; then
       V3INCLUDE="$i/include/"
       # TODO: test if V3LIB is set
       break
-    fi  
+    fi
   done
+else
+    if test -f "$V3PATH/lib/libmodsecurity.so"; then
+      V3LIB="$V3PATH/lib/"
+    fi
+    if test -f "$V3PATH/include/modsecurity/modsecurity.h"; then
+      V3INCLUDE="$V3PATH/include/"
+      # TODO: test if V3LIB is set
+      break
+    fi
 fi
+
 if test -n "$V3LIB" -a "$V3LIB" != "no" -a -x "$V3LIB" ; then
     AC_MSG_NOTICE(found libmodsecurity at $V3LIB)
 else
-- 
2.25.1