search

owasp-modsecurity / ModSecurity-nginx

ModSecurity v3 Nginx Connector
Apache License 2.0
1.59k stars 282 forks source link

modsecurity_rules_file directive failed to allocate shared memory - SecAuditLog in FreeBSD #155

Closed Kage closed 4 years ago

Kage commented 5 years ago

I'm having the same or similar issue as in #127 whenever trying to load rules files. Nginx 1.14.2, libmodsecurity v3.0.3, FreeBSD 10.3. The problem presents itself whenever trying to set anything for SecAuditLog (if I comment out all SecAudit* lines in modsecurity.conf, everything works), which presents the following error:

# service nginx restart
Performing sanity check on nginx configuration:
nginx: [emerg] "modsecurity_rules_file" directive Failed to allocate shared memory (1): Function not implemented in /usr/local/etc/nginx/conf.d/hackthissite.org.conf:36
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

Environment:

# uname -a
FreeBSD waf 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
# ipcs -m
Shared Memory:
T           ID          KEY MODE        OWNER    GROUP   

# nginx -V
nginx version: nginx/1.14.2
built with OpenSSL 1.0.1s-freebsd  1 Mar 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-mail_ssl_module --add-module=/var/ports/basejail/usr/ports/www/nginx/work/ModSecurity-nginx-71ede63 --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-http_perl_module=dynamic --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/var/ports/basejail/usr/ports/www/nginx/work/ngx_devel_kit-0.3.0 --add-dynamic-module=/var/ports/basejail/usr/ports/www/nginx/work/headers-more-nginx-module-085fbbc --add-dynamic-module=/var/ports/basejail/usr/ports/www/nginx/work/ngx_http_geoip2_module-3.2 --add-dynamic-module=/var/ports/basejail/usr/ports/www/nginx/work/lua-nginx-module-0.10.14

Originally posted by @Kage in https://github.com/SpiderLabs/ModSecurity-nginx/issues/127#issuecomment-485745457

victorhora commented 5 years ago

Hi @Kage, thanks for reporting.

Can you let us know if this issue doesn't happen on the same environment but with the previous release of libModSecurity (3.0.2)?

zimmerle commented 4 years ago

Assuming the issue is fixed.