Steve | 1 Sep 01:46 2008
Picon
Picon

mod_security 2.5.6 and logging

Hello list,

is there a possibility to completely turn of logging in mod_security 2.5.6? I mean even the one appearing in
the Apache error log? I have the following configuration:
-----
SecRuleEngine On
SecRequestBodyAccess Off
SecResponseBodyAccess Off
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 524288
SecDefaultAction "phase:2,allow,nolog,noauditlog,ctl:ruleEngine=Off,ctl:auditEngine=Off,t:lowercase,t:replaceNulls,t:compressWhitespace"
SecComponentSignature "core ruleset/1.6.1"
SecUploadDir /tmp
SecUploadKeepFiles Off
SecAuditEngine Off
SecAuditLogRelevantStatus "^(?:999)"
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
SecAuditLogParts "ABIFHKZ"
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDebugLog             /var/log/apache2/modsec_debug.log
SecDebugLogLevel        0
SecDataDir /tmp
SecTmpDir /tmp
-----

I added the code below into a <VirtualHost></VirtualHost>:
----
(Continue reading)

Brian Rectanus | 1 Sep 02:03 2008

Re: mod_security 2.5.6 and logging

Looks like you have performance measurements on?

See ./configure --help and don't specify that --with option as it is for internal testing of rule
performance. 

-B 


----- Original Message -----
From: mod-security-users-bounces <at> lists.sourceforge.net <mod-security-users-bounces <at> lists.sourceforge.net>
To: mod-security-users <at> lists.sourceforge.net <mod-security-users <at> lists.sourceforge.net>
Sent: Sun Aug 31 19:46:55 2008
Subject: [mod-security-users] mod_security 2.5.6 and logging

Hello list,

is there a possibility to completely turn of logging in mod_security 2.5.6? I mean even the one appearing in
the Apache error log? I have the following configuration:
-----
SecRuleEngine On
SecRequestBodyAccess Off
SecResponseBodyAccess Off
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 524288
SecDefaultAction "phase:2,allow,nolog,noauditlog,ctl:ruleEngine=Off,ctl:auditEngine=Off,t:lowercase,t:replaceNulls,t:compressWhitespace"
SecComponentSignature "core ruleset/1.6.1"
SecUploadDir /tmp
SecUploadKeepFiles Off
SecAuditEngine Off
SecAuditLogRelevantStatus "^(?:999)"
(Continue reading)

Brian Rectanus | 1 Sep 05:19 2008

Re: modsec-2.5.6 on SLES 10.2

Brian Rectanus wrote:
> Müller wrote:
>  > Hello,
>  >
>  > has anyone out there successfully compiled and installed mod-security on
>  > Suse Linux Enterprise Server (SLES) 10.2 ?
>  >
>  > When compiling mod-security I got "undefined reference to ap_strchr..."
>  > - errors during the "make test" - procedure. After installing and
>  > activating mod-security, the apache segfaults !
>  >
>  > So I tried to modify the spec-file of the apache-rpm and rebuilt it.
>  > When configuring apache without "--enable-maintainer-mode" switch,
>  > compiling and installing it, the "make test" of mod-security runs
>  > without any problems, but after installing and activating mod-security I
>  > get segfaults again.
> 
> 
> I believe this happens because Suse compiles Apache with AP_DEBUG.
> 
>  >
>  > I assume, this is a Suse-specific issue, because on debian-linux there
>  > is no problem, compiling, testing and running mod-security !
>  >
>  > The technical details:
>  > Linux: SUSE Linux Enterprise Server 10 SP2 (i586)
>  > Apache: apache2-2.2.3-16.18 (Suse-rpms)
>  >
>  > p.s.: mod-security-2.1.3 is compiling and running without any problems.
>  >
(Continue reading)

Steve | 1 Sep 06:11 2008
Picon
Picon

Re: mod_security 2.5.6 and logging


-------- Original-Nachricht --------
> Datum: Sun, 31 Aug 2008 20:03:10 -0400
> Von: "Brian Rectanus" <brian.rectanus <at> breach.com>
> An: steeeeeveee <at> gmx.net, mod-security-users <at> lists.sourceforge.net
> Betreff: Re: [mod-security-users] mod_security 2.5.6 and logging

> Looks like you have performance measurements on?
> 
Yes! Where is my head? I completely forgot that I turned it on. Thanks for reminding me about it.

> See ./configure --help and don't specify that --with option as it is for
> internal testing of rule performance. 
> 
> -B 
> 
// Steve

> 
> ----- Original Message -----
> From: mod-security-users-bounces <at> lists.sourceforge.net
> <mod-security-users-bounces <at> lists.sourceforge.net>
> To: mod-security-users <at> lists.sourceforge.net
> <mod-security-users <at> lists.sourceforge.net>
> Sent: Sun Aug 31 19:46:55 2008
> Subject: [mod-security-users] mod_security 2.5.6 and logging
> 
> Hello list,
> 
> is there a possibility to completely turn of logging in mod_security
(Continue reading)

Werthmann | 1 Sep 11:02 2008
Picon

mod-security and console II

Hello 
where can I find the so named central audit log repository?
And where can I find or define the SENSOR_USERNAME, SENSOR_PASSWORD?

Could someone give an example?

thx st. w.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Samuel Salson | 1 Sep 11:58 2008
Picon

[sensor connection problem] console empty

I have problems in the console, nothing goes back my console remains 
empty, my modsecurity on the client works very well and my sensors is 
properly configured.

my log : /var/log/mlogc/mlogc-error.log

[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: About to connect() 
to opti_024 port 8888
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL:   Trying 
192.168.2.215...
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: connected
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Connected to 
opti_024 (192.168.2.215) port 8888
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Server auth using 
Basic with user 'test'
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Connection #0 to 
host opti_024 left intact
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Request returned with 
status "500 Invalid, missing, or expired licence.": xJhcRX8AAAEAADUBWzsAAAAF
[Mon Sep 01 12:25:55 2008] [2] [13551/1f4b6968] Flagging server as 
errored after failure to submit entry xJhcRX8AAAEAADUBWzsAAAAF with HTTP 
response code 50
0: Invalid, missing, or expired licence.
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Sleeping for 50 msec.
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Loop completed.
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Shutting down due to 
server error.
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] Thread done.
[Mon Sep 01 12:26:05 2008] [4] [13551/2aaaab127150] Management thread: 
Initiating a checkpoint (previous was 20 seconds ago).
(Continue reading)

Brian Rectanus | 1 Sep 21:14 2008

Re: [sensor connection problem] console empty

Request returned with 
status "500 Invalid, missing, or expired license.": xJhcRX8AAAEAADUBWzsAAAAF

I believe it will state the same sort of message at the top of the console web page. 

As the error says, you need to update the license. You can do so from bsn.breach.com. 

-B

----- Original Message -----
From: mod-security-users-bounces <at> lists.sourceforge.net <mod-security-users-bounces <at> lists.sourceforge.net>
To: mod-security-users <at> lists.sourceforge.net <mod-security-users <at> lists.sourceforge.net>
Sent: Mon Sep 01 05:58:31 2008
Subject: [mod-security-users] [sensor connection  problem] console empty

I have problems in the console, nothing goes back my console remains 
empty, my modsecurity on the client works very well and my sensors is 
properly configured.

my log : /var/log/mlogc/mlogc-error.log

[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: About to connect() 
to opti_024 port 8888
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL:   Trying 
192.168.2.215...
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: connected
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Connected to 
opti_024 (192.168.2.215) port 8888
[Mon Sep 01 12:25:55 2008] [4] [13551/1f4b6968] CURL: Server auth using 
Basic with user 'test'
(Continue reading)

Samuel Salson | 2 Sep 15:13 2008
Picon

[question] console.conf

hello all,

I have this in my console.conf

<Service remoteControl 
com.thinkingstone.juggler.components.XmlRpcRemoteControlService>
        Property port "8887"
        Property adminNetwork "127.0.0.1"
        Property password "relgguj"

what is it ?

thanks

samuel.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ivan Ristic | 2 Sep 18:01 2008
Picon

Re: [question] console.conf

It was originally designed to control the console (as in stop,
restart, reload, etc). I don't think it is used any more, though.

On Tue, Sep 2, 2008 at 2:13 PM, Samuel Salson <samuel.salson <at> midian.fr> wrote:
> hello all,
>
> I have this in my console.conf
>
> <Service remoteControl
> com.thinkingstone.juggler.components.XmlRpcRemoteControlService>
>        Property port "8887"
>        Property adminNetwork "127.0.0.1"
>        Property password "relgguj"
>
> what is it ?
>
> thanks
>
> samuel.
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
(Continue reading)

Samuel Salson | 2 Sep 18:20 2008
Picon

Re: [question] console.conf

OK thanks Ivan

Ivan Ristic a écrit :
> It was originally designed to control the console (as in stop,
> restart, reload, etc). I don't think it is used any more, though.
>
> On Tue, Sep 2, 2008 at 2:13 PM, Samuel Salson <samuel.salson <at> midian.fr> wrote:
>   
>> hello all,
>>
>> I have this in my console.conf
>>
>> <Service remoteControl
>> com.thinkingstone.juggler.components.XmlRpcRemoteControlService>
>>        Property port "8887"
>>        Property adminNetwork "127.0.0.1"
>>        Property password "relgguj"
>>
>> what is it ?
>>
>> thanks
>>
>> samuel.
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
(Continue reading)


Gmane