Re: Install/compile help on aix 6.1 with ihs 6.1
Richard Gardner <Richard.Gardner <at> S1.com>
2010-06-22 18:56:21 GMT
Not sure how I missed this, so I apologize for the delay.
>-----Original Message-----
>From: Brian Rectanus [mailto:Brian.Rectanus <at> breach.com]
>Sent: Monday, June 14, 2010 3:25 PM
>To: Richard Gardner
>Cc: mod-security-users <at> lists.sourceforge.net
>Subject: Re: [mod-security-users] Install/compile help on aix 6.1 with ihs 6.1
>On 06/14/2010 11:52 AM, Richard Gardner wrote:
>> Thanks Brian,
>>
>> After taking a break, and following your directions I was able to get it installed and it seems to be
working. I've written a small writeup as there were a few things I had to change, I'm including it below,
just in case anybody else has to do this.
>>
>> Thanks for all the help.
>Excellent! You are welcome.
>>
>> THIS IS FOR AIX 6.1.0 and IHS 6.1.0.27 and mod_security-2.5.12
>> $IHS_HOME is a made up variable, replace with wherever you have ihs installed.
>>
>> Before you begin the mod_security install.
>>
>> Download the following from the AIX linux toolset and install them.
>>
>> autoconf-2.59-1.aix5.1.noarch.rpm
>> automake-1.8.5-1.aix5.1.noarch.rpm
>Are autotools really needed? Should only be needed if you run the
>"autogen.sh" script. If these are needed, I may need to make some
>adjustments to the ModSecurity build.
I believe they were needed for some other rpm or possibly the pcre compile. I created a dir and just dropped
all the rpm's I needed into it, so at some point they were required, though it's possible they got included
from one of my earlier mistakes or attempts that didn't pan out. If I can free up a 6.1 box I will give it a try
without these two packages and let you know.
>> gcc-4.2.0-3.aix6.1.ppc.rpm
>> gcc-cplusplus-4.2.0-3.aix6.1.ppc.rpm
>> libgcc-4.2.0-3.aix6.1.ppc.rpm
>> libstdcplusplus-4.2.0-3.aix6.1.ppc.rpm
>> libstdcplusplus-devel-4.2.0-3.aix6.1.ppc.rpm
>> libtool-1.5.8-2.aix5.1.ppc.rpm
>> libxml2-2.6.21-4.aix5.2.ppc.rpm
>> libxml2-devel-2.6.21-4.aix5.2.ppc.rpm
>> m4-1.4.1-1.aix5.1.ppc.rpm
>> zlib-1.2.3-4.aix5.2.ppc.rpm
>> zlib-devel-1.2.3-4.aix5.2.ppc.rpm
>>
>> You will also have to download and install a newer version of pcre. I downloaded pcre-8.0.0.tar.
>> Extract it then in the dir run ./configure
>> Then make && make install.
>>
>> You may have to copy the pcre.h file into /$IHS_HOME/include/
>> You may also have to link the /opt/freeware/include/libxml2/libxml/ dir into /$IHS_HOME/include
>Watch out with PCRE. IHS was probably built with a much older version
and then one of two things will happen:
>1) You will load the new PCRE runtime and IHS may be unstable not being
able to handle the newer binary interface.
>2) You will load the older PCRE runtime and ModSecurity may not be
stable as it has assumed a newer interface.
>This may crash IHS and may look relatively random and as if ModSecurity
>is crashing. I recommend you use the same version of PCRE/APR/APR-Util
>as is used by IHS to build ModSecurity. To do this, you may have to
>install an older PCRE RPM or PCRE from source to use the headers, etc as
>they are not normally installed by IHS/Apache.
I'll make note of the above. Yes IHS had a much older version, and when I was trying to compile mod_security it
threw back an error saying pcre was to old and required a newer version, so I downloaded the newer one and
compiled it and went on my way. So far it's running stable and we've not noticed any crashes, though I will
say this certainly does not seem ideal and if I can find a way to get it to work with the older one I would of
preferred that.
>>
>> Go into /$IHS_HOME/build dir and edit the following files
>> edit libtool to use gcc instead of xlc
>>
>> # The default C compiler.
>> #CC="xlc_r"
>> CC="gcc"
>> Do the same in apr_rules.mk
>>
>> #CC=xlc
>> CC=gcc
>> And again in config_vars.mk
>>
>> CC = gcc
>> CPP = gcc
>> Make sure you edit your path to include the gcc compiler and set CC to gcc as well.
>>
>> export CC=/opt/freeware/bin/gcc
>> PATH=$PATH:/opt/freeware/bin/
>> export PATH
>I am trying to solve these gcc assumptions in the next version
> (ModSecurity 2.6). If you don't mind helping out at some point, I'd
>like to have someone available to test at least building ModScecurity
>2.6 against IHS.
I don't mind trying to help out here. Email me off list and I'll see if I can get a spare 6.1 system setup for this.
>> Then download mod_security-2.5.12.tar.gz and extract it.
>> Go into the mod_security-2.5.12/apache2 dir and run this configure command. Then run make, and make install.
>>
>> ./configure --with-apxs=/$IHS_HOME/bin/apxs --enable-verbose-output
--with-apr=/$IHS_HOME/bin/apr-config --with-apu=/$IHS_HOME/bin/apu-config
>You may need to use the following configure options to work with older
>APR/PCRE:
>This if you have errors compiling:
>--disable-modsec-api
>This if you are using an older PCRE as 2.5.12 and later use some newer
>features...
>--disable-pcre-study
>--disable-pcre-match-limit
>--disable-pcre-match-limit-recursion
>> make
>> make install
>> Edit your /$IHS_HOME/conf/httpd.conf file to include the following.
>> Add the LoadModule directive:
>>
>> LoadModule security2_module modules/mod_security2.so
>> Then add the relevant bit from the minimal-mod_security.httpd.conf file
>>
>>
>> Then go down into your VirutalHost config and add the rules.
>> Restart apache/ihs and you should have it running now.
>Thanks for the writup!
>-B
Np! By the way Congrats on being acquired.
>
> -----Original Message-----
> From: Brian Rectanus [mailto:Brian.Rectanus <at> breach.com]
> Sent: Monday, June 14, 2010 11:22 AM
> To: Richard Gardner
> Cc: mod-security-users <at> lists.sourceforge.net
> Subject: Re: [mod-security-users] Install/compile help on aix 6.1 with ihs 6.1
>
> On 06/11/2010 01:47 PM, Richard Gardner wrote:
>> We are running a ihs(6.1.0.27) server on aix 6.1.0. I have been trying
>
> This is known to have problems due to the ancient version of Apache
> being used by IHS 6. Can you upgrade to 7?
>
>> to install mod_security for the last 2 days with no luck. First I read
>> the documentation and ran the apxs -cia mod_security.c which seems to
>
> That is for version 1.9. What version are you trying to build?
>
>> run and compile fine, but when you go to restart apache you get this:
>> "bash-3.00# ../bin/apachectl restart
>> Syntax error on line 875 of /$IHS_HOME/conf/httpd.conf:
>> Cannot load /$IHS_HOME/modules/mod_security2.so into server:
>> rtld: 0712-001 Symbol msr_log was referenced\n from module
>> /$IHS_HOME/modules/mod_security2.so(), but a runtime definition\n
>> of the symbol was not found.\nrtld: 0712-001 Symbol sec_audit_logger was
>> referenced\n from module
>> /$IHS_HOME/modules/mod_security2.so(), but a runtime definition\n
>> of the symbol was not found.\nrtld: 0712-001 Symbol
>> msre_ruleset_process_phase was referenced\n from module
>> /$IHS_HOME/modules/mod_security2.so(), but a runtime definition\n
>> of the symbol was not found.\nrtld: 0712-001 Symbol msc_regexec was
>> referenced\n from module
>> /$IHS_HOME/modules/mod_security2.so(), but a runtime definition\n
>> of the symbol was not found.\nrtld: 0712-001 Symbol msre_format_metadata
>> was referenced\n from module
>> /$IHS_HOME/modules/mod_security2.so(), but a runtime definition\n
>> of the symbol was not found.\nrtld: 0712-001 Symbol parse_arguments was
>> referenced\n from module
>> /$IHS_HOME/modules/mod_security2.so(), but a runtime definition\n
>> of the symbol was not found.\nrtld: 0712-001 Symbol parse_cookies_v0 was
>> referenced\n from module
>> /$IHS_HOME/modules/mod_security2.so(), but a runtime definition\n
>> of the symbol was not found.\n\t0509-021 Additional errors occurred but
>> are not reported."
>> and later tried
>> "./configure --with-apxs=/$IHS_HOME/bin/apxs
>> --with-apr=/$IHS_HOME/bin/ --with-apu=/$IHS_HOME/bin/
>> --with-pcre=/usr/local/bin/ --enable-verbose-output"
>>
>> The configure runs fine, and make && make install, but you would still
>> end up with the above error on ihs restart.
>
> The same symbol errors? That does not sound right. Are you sure that
> it installed mod_security2.so in the correct place and that it is the
> updated version?
>
>
>>
>> I've tried building older versions all the way back to 1.9.4. 1.9 will
>> build the mod_security module, but it's not current enough to fix my
>> problem, as it doesn't seem to recognize the "SecRule" and anything
>> newer that tries to build mod_security2 will fail like above.
>
> Remove mod_security2.so from your install. Make sure you run a "make
> clean", then rerun configure/make/make install. Check this for any
> warnings/errors (send me the full output if you want). Make sure that
> the mod_security2.so is installed correctly and that your config file is
> loading it from the correct path.
>
> -B
>
--
--
Brian Rectanus
Breach Security
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
RSS Feed