headers
UpFront Technology | 3 Aug 2004 20:46

chroot trouble

Hello All.

I am having trouble using the newest release 1.8.4 chroot functionality.  I
run apache in a chroot...everything is fine, about 24-48 hours later, apache
shuts down, the only error message in am getting from error_log is:

httpd: could not open document config file /etc/httpd/conf/httpd.conf

I am assuming that the chroot (/chroot/apache) can't read the file outside
of the chroot.  Help is appreciated.  I am sure I am doing something stupid.

Where exactly should the apache files be stored for proper chroot
functionality?

Joe
UpFront Technology

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
Permalink | Reply | 1 comment |
headers
Ivan Ristic | 4 Aug 2004 22:19
Gravatar

Re: chroot trouble

UpFront Technology wrote:

> Hello All.
> 
> I am having trouble using the newest release 1.8.4 chroot functionality.  I
> run apache in a chroot...everything is fine, about 24-48 hours later, apache
> shuts down, the only error message in am getting from error_log is:
> 
> httpd: could not open document config file /etc/httpd/conf/httpd.conf
> 
> I am assuming that the chroot (/chroot/apache) can't read the file outside
> of the chroot.

  Sounds right. Is there an automated script that tries to restart
  Apache? Apache can't restart if the configuration file is out of
  its reach. You either have to stop and then start it, or keep
  the httpd.conf inside the jail.

--

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
Permalink | Reply | 0 comments |
headers
Tkachenko Alexei | 5 Aug 2004 08:22
Picon

JPG upload problem

Peace be with you,

I have the following settings:
***********************
SecFilterScanPOST  On
SecFilter  "\.\./"
***********************
But these filters does not allow some JPG files to be uploaded.
Is there any way to disable this checking for JPG files uploading only?

-----
Regards,
Alex A. Tkachenko

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
Permalink | Reply | 1 comment |
headers
Ivan Ristic | 5 Aug 2004 09:44
Gravatar

Re: JPG upload problem

Tkachenko Alexei wrote:
> Peace be with you,
> 
> I have the following settings:
> ***********************
> SecFilterScanPOST  On
> SecFilter  "\.\./"
> ***********************
> But these filters does not allow some JPG files to be uploaded.
> Is there any way to disable this checking for JPG files uploading only?

  Hi,

  First make sure you are running the latest version of mod_security.
  There was a bug in one of the previous versions that would manifest
  itself like you are describing.

  If that's not the problem then send us as much information
  about your configuration as possible and we'll track the
  problem down. The best thing to do is to name your versions,
  send the configuration, turn the debug level to 9 and send
  the debug log and the audit log of a problematic upload.

--

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
(Continue reading)

Permalink | Reply | 0 comments |
headers
diego.vandenbossche | 6 Aug 2004 10:50
Picon

Chroot problem

Hi,

I have a problem with the Chroot directive.

In my configuration file, i've writed the two directives that follow :

Pidfile /opt/web/pids/pid-secure
.
.
SecChrootDir /opt/web

And my apache  does not start : in de errot log file, i can read :

No such file or directory:could not create /opt/web/pids/pid-secure

I'm sure that the rights are correct on the folders and when i delete the
SecChrootDir directive my apache works without problem.

I uses an apache 2.0.48 and mod-security 1.8.4. on solaris 9

Could you help my.

BR

Diégo

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
(Continue reading)

Permalink | Reply | 4 comments |
headers
Ivan Ristic | 6 Aug 2004 11:01
Gravatar

Re: Chroot problem

diego.vandenbossche <at> b-rail.be wrote:
> Hi,
> 
> I have a problem with the Chroot directive.
> 
> In my configuration file, i've writed the two directives that follow :
> 
> Pidfile /opt/web/pids/pid-secure
> .
> .
> SecChrootDir /opt/web
> 
> And my apache  does not start : in de errot log file, i can read :
> 
> No such file or directory:could not create /opt/web/pids/pid-secure
> 
> I'm sure that the rights are correct on the folders and when i delete the
> SecChrootDir directive my apache works without problem.

  When you configure Apache like that it will attempt
  to create the pid file at /opt/web/opt/web/pids/pid-secure.

  The following should work provided there are no other problems:

  Pidfile /pids/pid-secure

--

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
(Continue reading)

Permalink | Reply | 2 comments |
headers
diego.vandenbossche | 6 Aug 2004 14:33
Picon

Re(2): Chroot problem

Thank u very much.

The error message has disappeard.

It's quite strange that you can not write the entire path in de configuation
file to access to the pid !

I have now an other problem :

The apache is started, the process runs but the apache does not respond to any
request : there are no child processes......

In the access log file, there is no trace of request and in the error log file,
there is no error but there is a new message with the level (emergency) : No
such file or directory : Couldn't create accept lock !!!!

If someone has an idea......

Thanks

Diégo

Ivan Ristic  (06/08/2004  11:01):
>diego.vandenbossche <at> b-rail.be wrote:
>> Hi,
>>
>> I have a problem with the Chroot directive.
>>
>> In my configuration file, i've writed the two directives that follow :
>>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ivan Ristic | 6 Aug 2004 21:29
Gravatar

Re: Chroot problem

diego.vandenbossche <at> b-rail.be wrote:

> Thank u very much.
> 
> The error message has disappeard.
> 
> It's quite strange that you can not write the entire path in de configuation
> file to access to the pid !

  It's not strange, that's how chroot works. You can no longer use the
  entire path after the chroot(2) call has been made.

> I have now an other problem :
> 
> The apache is started, the process runs but the apache does not respond to any
> request : there are no child processes......
> 
> In the access log file, there is no trace of request and in the error log file,
> there is no error but there is a new message with the level (emergency) : No
> such file or directory : Couldn't create accept lock !!!!
> 
> If someone has an idea......

  Send the httpd.conf and the filesystem layout to the list
  and we might be able to help.

--

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
(Continue reading)

Permalink | Reply | 0 comments |
headers
UpFront Technology | 13 Aug 2004 05:03

chroot and <VirtualHost>

I have noticed that any virtualhost files INSIDE the jail can not be
accessed when the chroot directive is enabled.  Am I missing something?  I
thought all data needed to be INSIDE the jail.

Joe

UpFront Technology

-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
Permalink | Reply | 1 comment |
headers
Ivan Ristic | 13 Aug 2004 15:22
Gravatar

Re: chroot and <VirtualHost>

UpFront Technology wrote:

> I have noticed that any virtualhost files INSIDE the jail can not be
> accessed when the chroot directive is enabled.

  Can't be accessed how? Through tbe web server or some application?

> Am I missing something?  I
> thought all data needed to be INSIDE the jail.

  After the chroot whatever is outside the jail is not
  accessable to the web server/application.

--

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
Permalink | Reply | 0 comments |

Gmane