owasp-modsecurity / ModSecurity-nginx

ModSecurity v3 Nginx Connector
Apache License 2.0
1.58k stars 282 forks source link

configure fails to find ModSecurity library at exported MODSECURITY_LIB path #285

Closed amsnek closed 2 years ago

amsnek commented 2 years ago

I have compiled libmodsecurity (libmodsecurity.so.3.0.7) and i am trying to compile modsecurity-nginx I am pointing it to the custom compiled library with the environment variables

export MODSECURITY_LIB="/storage/modsecurity/lib/"
export MODSECURITY_INC="/storage/modsecurity/include/modsecurity/"

The Folder for MODSECURITY_LIB has the following contents:

ls -l "/storage/modsecurity/lib/"
total 344080
-rw-r--r--. 1 root root 275828264 Jul 25 08:56 libmodsecurity.a
-rwxr-xr-x. 1 root root      1234 Jul 25 08:56 libmodsecurity.la
lrwxrwxrwx. 1 root root        23 Jul 25 08:56 libmodsecurity.so -> libmodsecurity.so.3.0.7
lrwxrwxrwx. 1 root root        23 Jul 25 08:56 libmodsecurity.so.3 -> libmodsecurity.so.3.0.7
-rwxr-xr-x. 1 root root  76483624 Jul 25 08:56 libmodsecurity.so.3.0.7
drwxr-xr-x. 2 root root      4096 Jul 25 08:56 pkgconfig

The Folder for MODSECURITY_INC has the following contents:

ls -l "/storage/modsecurity/include/modsecurity/"
total 160
drwxr-xr-x. 2 root root  4096 Jul 25 08:56 actions
-rw-r--r--. 1 root root  2881 Jul 25 08:56 anchored_set_variable.h
-rw-r--r--. 1 root root  3686 Jul 25 08:56 anchored_set_variable_translation_proxy.h
-rw-r--r--. 1 root root  2095 Jul 25 08:56 anchored_variable.h
-rw-r--r--. 1 root root  5702 Jul 25 08:56 audit_log.h
drwxr-xr-x. 2 root root  4096 Jul 25 08:56 collection
-rw-r--r--. 1 root root  1572 Jul 25 08:56 debug_log.h
-rw-r--r--. 1 root root  1656 Jul 25 08:56 intervention.h
-rw-r--r--. 1 root root  8563 Jul 25 08:56 modsecurity.h
-rw-r--r--. 1 root root  6793 Jul 25 08:56 reading_logs_via_rule_message.h
-rw-r--r--. 1 root root  3125 Jul 25 08:56 rule.h
-rw-r--r--. 1 root root  2239 Jul 25 08:56 rule_marker.h
-rw-r--r--. 1 root root  6634 Jul 25 08:56 rule_message.h
-rw-r--r--. 1 root root  1797 Jul 25 08:56 rule_unconditional.h
-rw-r--r--. 1 root root  5934 Jul 25 08:56 rule_with_actions.h
-rw-r--r--. 1 root root  2317 Jul 25 08:56 rule_with_operator.h
-rw-r--r--. 1 root root  2861 Jul 25 08:56 rules.h
-rw-r--r--. 1 root root  2934 Jul 25 08:56 rules_exceptions.h
-rw-r--r--. 1 root root  2648 Jul 25 08:56 rules_set.h
-rw-r--r--. 1 root root  1378 Jul 25 08:56 rules_set_phases.h
-rw-r--r--. 1 root root 14497 Jul 25 08:56 rules_set_properties.h
-rw-r--r--. 1 root root 23509 Jul 25 08:56 transaction.h
-rw-r--r--. 1 root root  1227 Jul 25 08:56 variable_origin.h
-rw-r--r--. 1 root root  2848 Jul 25 08:56 variable_value.h

but configure results in "not finding the library" -> what am i missing here?

checking for getaddrinfo() ... found
configuring additional dynamic modules
adding module in /volume/build/work/modsecurity/modsecurity-nginx-v1.0.3/
checking for ModSecurity library in "/storage/modsecurity/lib/" and "/storage/modsecurity/include/modsecurity/" (specified by the MODSECURITY_LIB and MODSECURITY_INC env) ... not found
./configure: error: ngx_http_modsecurity_module requires the ModSecurity library and MODSECURITY_LIB is defined as "/storage/modsecurity/lib/" and MODSECURITY_INC (path for modsecurity.h) "/storage/modsecurity/include/modsecurity/", but we cannot find ModSecurity there.
amsnek commented 2 years ago

also, if i copy modsecurity from /storage/modsecurity to /usr/local ... it finds the library (??)

adding module in /volume/build/work/modsecurity/modsecurity-nginx-v1.0.3/
checking for ModSecurity library ... not found
checking for ModSecurity library in /usr/local/modsecurity ... found
 + ngx_http_modsecurity_module was configured
martinhsv commented 2 years ago

Hello @amsnek ,

I'm not entirely clear on what steps you have followed, or what your motive is for attempting to use a 'custom compiled library'.

By default, if you have successfully built ModSecurity, the subsequent make install will, by default, place the libmodsecurity.so.* files in /usr/local/modsecurity/lib. And that is where your other step will look for it.

amsnek commented 2 years ago

Hello @martinhsv

sorry for the phrasing, with custom compiled I just ment "manually compiled"

I wanted to install (make install) the modsecurity files on a different location (--prefix=) then /usr/local -> /storage/modsecurity instead of /usr/local, which isnt that unusual?

but it seems the environment variables MODSECURITY_LIB / MODSECURITY_INC are not effective to point to a different path?

intention: use --prefix to install modsecurity files to a different path then /usr/local

right now i am using the workaround to create a symlink to /usr/local/modsecurity ... but that seems wrong. Why have the --prefix or MODSECURITY_LIB / MODSECURITY_INC if /usr/local needs to be used

I feel like I am overlooking something obvious?

martinhsv commented 2 years ago

Ok, now I understand what you are trying to do.

I suspect you have two problems:

First, because your assignment to MODSECURITY_INC is meant to be an analogue of https://github.com/SpiderLabs/ModSecurity-nginx/blob/d59e4ad121df702751940fd66bcc0b3ecb51a079/config#L59 ...

... then you might want to check whether the assignment actually requires the last path segment. I.e. I suspect what you really want is MODSECURITY_INC="/storage/modsecurity/include/".

Secondly, you probably want to include the variables on this same line as the execution of the command (rather than relying on export):

MODSECURITY_LIB="/storage/modsecurity/lib/" MODSECURITY_INC="/storage/modsecurity/include/" ./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx
amsnek commented 2 years ago

hello @martinhsv,

thanks! I think you are spot on with "secondly" 🙈 will try that first thing next chance. I think this can be closed then... somehow I failed to realise that...

amsnek commented 2 years ago

thank @martinhsv that was the case obviously 👍