Symptoms
- ModSecurity is installed on the server.
- Execution of
# aum -ugives the following result:# aum -u
Checking versions ...ASL version is current: [PASS]
Updating Web Application Firewall to 201704031637: updated [PASS]
-------------------------------------------------------------------
Errors were encountered:
L CODE SOURCE MESSAGES
- ---- ------ --------------------------------------------------------------
2 9901 ASLCommon::cmd_system ERROR: '/bin/cp -af /var/asl/rules/modsec/template-* /var/asl/data/temp[lates/ >/dev/null 2>&1 (1)'
2 9901 ASLCommon::cmd_system ERROR: '/usr/sbin/apachectl -t >/dev/null 2>$1 (1)'2 601 c_modsec::apply_rules There is a problem with the apache config: [Fri Apr 07 17:09:15.588579 2017] [so:warn] [pid 11445:tid 140533768259648] Ah01574 : module unique_id_module is already loaded, skipping||[Fri Apr 07 17:09:15.629545 2017] [so:warn] [pid 11445:tld 140533768259648] AH01574: module security2_module is already loaded, skipping||AH00526: Syntax error on line 36 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:||ModSecurity: Found another rule with the same id
2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
3 600 c_modsec::apply_rules Errors occured with Apache
- While trying to restart Apache service, it fails with the following error:
# service httpd status
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code)Apr 07 17:09:48 server.name httpd[11491]: AH00526: Syntax error on line 36 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:
Apr 07 17:09:48 server.name httpd[11491]: ModSecurity: Found another rule with the same id
Apr 07 17:09:48 server.name kill[11493]: kill: cannot find process ""
Hint: Some lines were ellipsized, use -l to show in full.
Cause
aum -u creates it's own configuration file /etc/httpd/conf.d/00_mod_security.conf which contains duplicate directives from /etc/httpd/conf.d/security2.conf.
Resolution
Note: aum -u it's a native modsecurity utility to update its rules that must not be executed on Plesk server because Plesk uses its own mechanism to update modsecurity rules.
- Connect to the server via SSH.
-
Remove all from
00_mod_security.conffor CentOS/RHEL-based distributions:
# echo "" > /etc/httpd/conf.d/00_mod_security.conf
for Debian/Ubuntu-based distributions:
# echo "" > /etc/apache2/conf.d/00_mod_security.conf
- Restart Apache:
for CentOS/RHEL-based distributions:
# service httpd restart
for Debian/Ubuntu-based distributions:
# service apache2 restart
- Create a Plesk database backup.
- Login to Plesk database:
# plesk db
- Remove orphaned records from the Configurations table with the following query:
delete from Configurations where status <> 'ok';
with