mod_secrurity2 Installation

Apache, Lighttpd, nginx, Cherokee
tomotom
Posts: 330
Joined: 2006-09-22 13:37

mod_secrurity2 Installation

Post by tomotom » 2006-11-09 14:28

Nach dem Entpacken von mod-.security 2.0.3 und dem Verzeichniswechsel zu apache2 (apache2.0) habe ich das gemacht:

Code: Select all

apxs -cia mod_security.c
...
Libraries have been installed in:
   /usr/lib/apache2/modules
...
aber

Code: Select all

x03:/etc/init.d/apache2 force-reload
Syntax error on line 1 of /etc/apache2/mods-enabled/mod-security.load:
Cannot load /usr/lib/apache2/modules/mod_security2.so into server: /usr/lib/apache2/modules/mod_security2.so: undefined symbol: msc_alert
ich gucke:

Code: Select all

x03:cat /etc/apache2/mods-enabled/mod-security.load
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
ist es da?

Code: Select all

x03:/usr/local# ls -al /usr/lib/apache2/modules|grep security2.so
-rw-r--r--  1 root root  25183 Nov  9 13:27 mod_security2.so
Warum diese Fehlermeldung?

User avatar
daemotron
Administrator
Administrator
Posts: 2635
Joined: 2004-01-21 17:44

Re: mod_secrurity2 Installation

Post by daemotron » 2006-11-09 15:10

tomotom wrote:

Code: Select all

undefined symbol: msc_alert
Da ist beim bauen irgendwas schief gegangen... Ev. Build-Vorgang noch mal wiederholen und auf Warnings oder Fehlermeldungen achten. Auch mal prüfen, ob Dein Apache eventuell gegen eine ältere Version der glibc gelinkt wurde, als jetzt aktuell bei Dir installiert ist.

tomotom
Posts: 330
Joined: 2006-09-22 13:37

Re: mod_secrurity2 Installation

Post by tomotom » 2006-11-09 16:03

Ich sehe hier keine Fehler:

Code: Select all

server03:/usr/src/modsecurity-apache_2.0.3/apache2# apxs2 -cia mod_security2.c
/usr/bin/libtool --silent --mode=compile gcc -prefer-pic -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall -O2 -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall -O2 -pthread -I/usr/include/apache2  -I/usr/include/apr-0   -I/usr/include/apr-0 -I/usr/include  -c -o mod_security2.lo mod_security2.c && touch mod_security2.slo
/usr/bin/libtool --silent --mode=link gcc -o mod_security2.la  -rpath /usr/lib/apache2/modules -module -avoid-version    mod_security2.lo
/usr/share/apache2/build/instdso.sh SH_LIBTOOL='/usr/bin/libtool' mod_security2.la /usr/lib/apache2/modules
/usr/bin/libtool --mode=install cp mod_security2.la /usr/lib/apache2/modules/
cp .libs/mod_security2.so /usr/lib/apache2/modules/mod_security2.so
cp .libs/mod_security2.lai /usr/lib/apache2/modules/mod_security2.la
cp .libs/mod_security2.a /usr/lib/apache2/modules/mod_security2.a
ranlib /usr/lib/apache2/modules/mod_security2.a
chmod 644 /usr/lib/apache2/modules/mod_security2.a
PATH="$PATH:/sbin" ldconfig -n /usr/lib/apache2/modules
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/lib/apache2/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 644 /usr/lib/apache2/modules/mod_security2.so
[activating module `security2' in /etc/apache2/httpd.conf]
server03:/usr/src/modsecurity-apache_2.0.3/apache2#

Code: Select all

server03:/usr/share/apache2/build# dpkg -l|grep glibc
ii  libdb1-compat  2.1.3-7        The Berkeley database routines [glibc 2.0/2

Code: Select all

server03:/usr/share/apache2/build# ldd -d /usr/sbin/apache2
        libdl.so.2 => /lib/tls/libdl.so.2 (0xb7f63000)
        libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7f35000)
        libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7f25000)
        libz.so.1 => /usr/lib/libz.so.1 (0xb7f13000)
        libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0xb7ee2000)
        libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0xb7de3000)
        libaprutil-0.so.0 => /usr/lib/libaprutil-0.so.0 (0xb7dce000)
        libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0xb7d97000)
        liblber.so.2 => /usr/lib/liblber.so.2 (0xb7d8a000)
        libdb-4.2.so => /usr/lib/libdb-4.2.so (0xb7cb4000)
        libexpat.so.1 => /usr/lib/libexpat.so.1 (0xb7c94000)
        libapr-0.so.0 => /usr/lib/libapr-0.so.0 (0xb7c73000)
        librt.so.1 => /lib/tls/librt.so.1 (0xb7c6d000)
        libm.so.6 => /lib/tls/libm.so.6 (0xb7c4a000)
        libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7c36000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7c27000)
        libc.so.6 => /lib/tls/libc.so.6 (0xb7af2000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7f6c000)
        libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7ae0000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7acb000)
        libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0xb7a63000)
        libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb7a52000)
        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7a05000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7a01000)
Ich weiß leider nicht wo oder wie ich noch etwas anderes prüfen könnte.

lucki2
Posts: 427
Joined: 2006-10-03 01:31

Re: mod_secrurity2 Installation

Post by lucki2 » 2006-11-09 17:21

Code: Select all

grep -r msc_alert *
gibt:

Code: Select all

modsecurity-apache_2.0.3/apache2/mod_security2.c:    msc_alert(msr, 1, actionset, message, msr->intercept_message);
modsecurity-apache_2.0.3/apache2/modsecurity.c:void msc_alert(modsec_rec *msr, int level, msre_actionset *actionset, const char *action_message,
modsecurity-apache_2.0.3/apache2/modsecurity.h:void DSOLOCAL msc_alert(modsec_rec *msr, int level, msre_actionset *actionset, const char *action_message,
modsecurity-apache_2.0.3/apache2/re.c:        msc_alert(msr, (actionset->log == 0 ? 4 : 2), actionset,
und damit es alle sehen:

Code: Select all

 grep modsecurity.h *
apache2_config.c:#include "modsecurity.h"
apache2_io.c:#include "modsecurity.h"
apache2_util.c:#include "modsecurity.h"
mod_security2.c:#include "modsecurity.h"
modsecurity.c:#include "modsecurity.h"
modsecurity.h: * $Id: modsecurity.h,v 1.10 2006/10/26 10:02:42 ivanr Exp $
modules.mk:H = re.h modsecurity.h msc_logging.h msc_multipart.h msc_parsers.h 
msc_logging.h:#include "modsecurity.h"
msc_multipart.h:#include "modsecurity.h"
msc_parsers.h:#include "modsecurity.h"
msc_pcre.h:#include "modsecurity.h"
msc_reqbody.c:#include "modsecurity.h"
msc_util.h:#include "modsecurity.h"
msc_xml.h:#include "modsecurity.h"
persist_dbm.h:#include "modsecurity.h"
re.h:#include "modsecurity.h"
re_variables.c:#include "modsecurity.h"
dh. Die modsecurity.c braucht er - wie auch immer.