ModSecurity: StatusEngine call:

[simpleuser99]

Hello. I use CentOS 6.7 and I installed mod_security, mod_security_crs and mod_security_crs-extras from epel repo. When I started the apache I view the next message in apache error log

[Thu Mar 24 15:14:30 2016] [info] removed PID file /etc/httpd/run/httpd.pid (pid=41360) [Thu Mar 24 15:14:30 2016] [notice] caught SIGTERM, shutting down [Thu Mar 24 15:14:30 2016] [notice] ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/) >configured. [Thu Mar 24 15:14:30 2016] [notice] ModSecurity: APR compiled version="1.3.9"; loaded >version="1.3.9" [Thu Mar 24 15:14:30 2016] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded >version="7.8 2008-09-05" [Thu Mar 24 15:14:30 2016] [notice] ModSecurity: LUA compiled version="Lua 5.1" [Thu Mar 24 15:14:30 2016] [notice] ModSecurity: YAJL compiled version="2.1.0" [Thu Mar 24 15:14:30 2016] [notice] ModSecurity: LIBXML compiled version="2.7.6" [Thu Mar 24 15:14:30 2016] [notice] ModSecurity: StatusEngine call: >"2.9.1,Apache,1.3.9/1.3.9,7.8/7.8 2008-09-05,Lua >5.1,2.7.6,df1b0b4c4f00dfdd93c056a1f360338d4753a694" [Thu Mar 24 15:14:30 2016] [notice] ModSecurity: StatusEngine call failed. Query: >GIXDSLRRFRAXAYLDNBSSYMJOGMXDSLZR.FYZS4OJMG4XDQLZXFY4CAMRQGA4C2MBZ.F>UYDKLCMOVQSANJOGEWDELRXFY3CYZDG.GFRDAYRUMM2GMMBQMRTGIZBZGNRTANJW.>MEYWMMZWGAZTGODEGQ3TKM3BGY4TI.1458821670.rpc.atomicorp.com [Thu Mar 24 15:14:30 2016] [notice] Apache/2.2.15 (Unix) PHP/5.5.30 configured -- resuming >normal operations [Thu Mar 24 15:14:30 2016] [info] Server built: Aug 24 2015 17:52:49 [Thu Mar 24 15:14:30 2016] [debug] prefork.c(1018): AcceptMutex: sysvsem (default: sysvsem)

I don't see Debug Log – /var/log/httpd/modsec_debug.log Audit log – /var/log/httpd/modsec_audit.log How can I resolve m problem?

[zimmerle]

Hi @simpleuser99,

What was the source of your package?

[simpleuser99]

atomic: mirror1.34sp.com

[csanders-git]

You may need to contact atomic support in order to get assistance with this. It seems that you didn't install this from true EPEL. Can you show a list of your /etc/yum.repos.d/ to be sure? But it looks like you installed another repo with links to atomicorps custom compiled modsecurity that seems to have issues.

[simpleuser99]

yum info mod_security Загружены модули: fastestmirror, remove-with-leaves, rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile

• atomic: mirror1.34sp.com Установленные пакеты Название: mod_security Архитектура: x86_64 Период: 1 Версия: 2.9.1 Выпуск: 33.el6.art Объем: 1.5 M Источник: installed Из источника: atomic Аннотация: Security module for the Apache HTTP Server Ссылка: http://www.modsecurity.org/ Лицензия: ASL 2.0 Описание: ModSecurity is an open source intrusion detection and prevention engine : for web applications. It operates embedded into the web server, acting : as a powerful umbrella - shielding web applications from attacks.

[simpleuser99]

Should I edit config that i view modsec_debug.log ? Or log must create from default config mod_security?

[csanders-git]

You are receiving a version of ModSecurity compiled by atomicorp it seems - It also seems they are maybe having issues with their engine. Remove current modsecurity and the atomic repo and redownload from the real EPEL. This will give you a non-custom compiled version.

[zimmerle]

I am closing this issue as this is not in ModSecurity. It is a problem in a customization made by an specific vendor. @simpleuser99 you should reach out atomicorp to explain the problem, or point their support to that issue.

[simpleuser99]

Thanks. I install mod_security 2.7.3 from epel and it work.