Re: Important Changes for ModSecurity Core Rule Set - Please Read

On Fri, Jul 31, 2009 at 9:28 PM, Ryan Barnett<ryan.barnett <at> breach.com> wrote:
> Greetings everyone,
> We have some big news/changes with regards to the Core Rule Set (CRS).
> Please follow the information here to make sure that you understand the
> changes moving forward.
>
> 1) New Home for CRS
> The Core Rule Set is now an official OWASP Project! Here is the new project
> site -
> http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project.
> This is the new home of the CRS. The main goal of moving the CRS to OWASP is
> to better facilitate documentation and development of the rules. As you
> know, the OWASP pages are wiki-based so you all can go in there and help to
> document them :) I will add some example template pages soon to help get the
> ball rolling however my thinking is that we should emulate what Snort Sigs
> DB used to do and document the goal of each group of rules, what are they
> looking for, how are they looking for it and any false positive/exception
> fixes, etc...
>
> Here is the new Download link page -
> http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Download
>
> 2) New Mail-list for CRS
> We now have a new OWASP mail-list just for the CRS. Important - we will no
> longer be discussing ModSecurity rules on this list.
>
> Sign up for the new list here -
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
> Once you are subscribed, you can then email the list -

Re: [Owasp-modsecurity-core-rule-set] error log

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

MODSEC-70

According to:

https://www.modsecurity.org/tracker/browse/MODSEC-70

The issue is solved in modsecurity 2.6.0. AFAIK version 2.6.0 is not
available for public download yet. Is there a patch or some other
workaround available for this issue in version 2.5.9 in the meantime?

Thanks,
Chris

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: MODSEC-70

Chris Datfung wrote:
> According to:
>
> https://www.modsecurity.org/tracker/browse/MODSEC-70
>
> The issue is solved in modsecurity 2.6.0. AFAIK version 2.6.0 is not
> available for public download yet. Is there a patch or some other
> workaround available for this issue in version 2.5.9 in the meantime?

It was not fixed in in this version (the ticket is still open), but "is 
targeted to be fixed in this version".

As a workaround, you can implement a piped log filter or change your 
Apache log level.

-B

--

-- 
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Regular Expression Engine in Modsecurity

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

can't start apache with mod_security

Hi all,

I have apache2.2.11 built in chroot on Solaris 9 but when trying to start the server I get the following
complaint from mod_security: 

(2)No such file or directory: mod_security: Could not create modsec_auditlog_lock

The mod_security is 1.9.5 since the newest one wouldn't install. Any idea what am I missing? I thought might
be problem with some of the device missing. This is what I have in my dev file in chroot:

# ls -l /chroot/dev
total 0
crw-rw-rw-   1 root     other     13,  2 Aug  5 18:02 null
crw-r--r--   1 root     other    190,  0 Aug  5 18:03 random
crw-rw-rw-   1 root     other     41,  0 Aug  5 17:27 udp
crw-r--r--   1 root     other    190,  1 Aug  5 18:03 urandom
crw-rw-rw-   1 root     other     13, 12 Aug  5 18:02 zero

Thanks a lot for any help.

Igor

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: can't start apache with mod_security

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: can't start apache with mod_security

Hi,

Unfortunately that's the only line in the error log file and I have set the LogLevel to debug and I have
"RewriteLogLevel 3" in the httpd.conf

[Thu Aug 06 17:09:18 2009] [crit] (2)No such file or directory: mod_rewrite: could not create rewrite_log_lock
Configuration Failed
[Thu Aug 06 17:10:54 2009] [crit] (2)No such file or directory: mod_rewrite: could not create rewrite_log_lock
Configuration Failed
[Thu Aug 06 17:32:48 2009] [crit] (2)No such file or directory: mod_rewrite: could not create rewrite_log_lock
Configuration Failed

That's all.

Thanks,

Igor

--- On Thu, 8/6/09, Junyong Jiang <dreamice.jiang <at> gmail.com> wrote:

> From: Junyong Jiang <dreamice.jiang <at> gmail.com>
> Subject: Re: [mod-security-users] can't start apache with mod_security
> To: icicimov <at> yahoo.com
> Cc: mod-security-users <at> lists.sourceforge.net
> Date: Thursday, August 6, 2009, 9:29 AM
> Could you show more error info,
> please?
> 
> 
> 2009/8/6 <icicimov <at> yahoo.com>
> 
> 
> Hi all,
> 
> I have apache2.2.11 built in chroot on Solaris 9 but when
> trying to start the server I get the following complaint
> from mod_security:
> 
> 
> (2)No such file or directory: mod_security: Could not
> create modsec_auditlog_lock
> 
> The mod_security is 1.9.5 since the newest one wouldn't
> install. Any idea what am I missing? I thought might be
> problem with some of the device missing. This is what I have
> in my dev file in chroot:
> 
> 
> # ls -l /chroot/dev
> total 0
> crw-rw-rw-   1 root     other     13,  2 Aug  5
> 18:02 null
> crw-r--r--   1 root     other    190,  0 Aug  5
> 18:03 random
> crw-rw-rw-   1 root     other     41,  0 Aug  5
> 17:27 udp
> 
> crw-r--r--   1 root     other    190,  1 Aug  5
> 18:03 urandom
> crw-rw-rw-   1 root     other     13, 12 Aug  5 18:02
> zero
> 
> Thanks a lot for any help.
> 
> Igor
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> 
> Let Crystal Reports handle the reporting - Free Crystal
> Reports 2008 30-Day
> trial. Simplify your report design, integration and
> deployment - and focus on
> what you do best, core application coding. Discover
> what's new with
> 
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> 
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> 
> http://www.modsecurity.org/breach/index.html
> 
> 
> 

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: can't start apache with mod_security

Hi,

That's the only line from mod_security in the error file and I have set the log level to debug.

Thanks,

Igor

--- On Thu, 8/6/09, Junyong Jiang <dreamice.jiang <at> gmail.com> wrote:

> From: Junyong Jiang <dreamice.jiang <at> gmail.com>
> Subject: Re: [mod-security-users] can't start apache with mod_security
> To: icicimov <at> yahoo.com
> Cc: mod-security-users <at> lists.sourceforge.net
> Date: Thursday, August 6, 2009, 9:29 AM
> Could you show more error info,
> please?
> 
> 
> 2009/8/6 <icicimov <at> yahoo.com>
> 
> 
> Hi all,
> 
> I have apache2.2.11 built in chroot on Solaris 9 but when
> trying to start the server I get the following complaint
> from mod_security:
> 
> 
> (2)No such file or directory: mod_security: Could not
> create modsec_auditlog_lock
> 
> The mod_security is 1.9.5 since the newest one wouldn't
> install. Any idea what am I missing? I thought might be
> problem with some of the device missing. This is what I have
> in my dev file in chroot:
> 
> 
> # ls -l /chroot/dev
> total 0
> crw-rw-rw-   1 root     other     13,  2 Aug  5
> 18:02 null
> crw-r--r--   1 root     other    190,  0 Aug  5
> 18:03 random
> crw-rw-rw-   1 root     other     41,  0 Aug  5
> 17:27 udp
> 
> crw-r--r--   1 root     other    190,  1 Aug  5
> 18:03 urandom
> crw-rw-rw-   1 root     other     13, 12 Aug  5 18:02
> zero
> 
> Thanks a lot for any help.
> 
> Igor
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> 
> Let Crystal Reports handle the reporting - Free Crystal
> Reports 2008 30-Day
> trial. Simplify your report design, integration and
> deployment - and focus on
> what you do best, core application coding. Discover
> what's new with
> 
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> 
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> 
> http://www.modsecurity.org/breach/index.html
> 
> 
> 

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Re: can't start apache with mod_security

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html