On 11/4/11 6:41 PM, "Ross Lawrie" <[email protected]> wrote:
>On Fri, 2011-11-04 at 16:58 -0500, Ryan Barnett wrote: >> On 11/4/11 4:29 PM, "Ross Lawrie" <[email protected]> wrote: >> >> >Hi, >> > >> >I've done some searches hoping to find some help, and while I did find >>a >> >reference to the same error earlier in the list, I didn't see a clear >> >solution - or at least one that seemed clear to me. >> > >> >I'm looking at getting ModSecurity upgraded on our web server, using >> >2.6.2 with the 2.2.0 CRS. What I'm encountering is a Lua error that has >> >me confused. >> > >> > Message: Lua: Script execution failed: attempt to call a nil value >> > Message: Rule processing failed. >> >> Do you happen to have Selinux running? I believe I ran into this >>recently >> as well with a Lua script. Although I had set OS level permissions >>which >> allowed my Apache user to read/execute the Lua scripts, the Selinux >> permissions were not set correctly and I got a similar error message. >>If >> this is the case, then you will want to execute the chcon command to set >> appropriate context for the Lua scripts/directory to allow the httpd >> process to read/execute it. See a similar post here - >> http://permalink.gmane.org/gmane.comp.apache.mod-security.user/7268 >> >> -Ryan > >Hi Ryan, > >Thanks for the reply, unfortunately selinux is not active on the machine >in question. Events are successfully going to our SecAuditLogStorageDir, >so I believe the permissions are okay on it. > >I've increased the SecDebugLogLevel to 9, and I think this is the >relevant entries from the resulting log, not sure if it's of any help: > >[04/Nov/2011:15:31:43 --0700] >[xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][4] Recipe: >Invoking rule 2ccfde8; [file >"/usr/local/apache/conf/modsecurity-crs_2.2.0/activated_rules/modsecurity_ >crs_41_advanced_filters.conf"] [line "17"]. >[04/Nov/2011:15:31:43 --0700] >[xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][5] Rule 2ccfde8: >SecRuleScript "@" "phase:2,log,t:none,pass" >[04/Nov/2011:15:31:43 --0700] >[xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][8] Lua: Executing >script: >/usr/local/apache/conf/modsecurity-crs_2.2.0/activated_rules/../lua/advanc >ed_filter_converter.lua >[04/Nov/2011:15:31:43 --0700] >[xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][1] Lua: Script >execution failed: attempt to call a nil value >[04/Nov/2011:15:31:43 --0700] >[xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][4] Rule returned >-1. >[04/Nov/2011:15:31:43 --0700] >[xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][1] Rule processing >failed. >[04/Nov/2011:15:31:43 --0700] >[xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][9] Rule failed, >not chained -> mode NEXT_RULE. > >Ross. Update the path to Lua in the advanced_filter_converter.lua script to ensure it matches where the lua binary is installed on your system. See if that helps. -Ryan > > > > >> >> >> > >> >This is an installation on a Debian 5.0.9 server, I believe that the >> >necessary requirements are installed: >> > >> >libapr1 : 1.2.12-5+lenny4 >> >libapr1-dev : 1.2.12-5+lenny4 >> >libaprutil1 : 1.2.12+dfsg-8+lenny5 >> >libaprutil1-dev : 1.2.12+dfsg-8+lenny5 >> >lua5.1 : 5.1.3-1 >> >liblua5.1-0 : 5.1.3-1 >> >liblua5.1-0-dev : 5.1.3-1 >> >libpcre3 : 7.6-2.1 >> >libpcre3-dev : 7.6-2.1 >> >libxml2 : 2.6.32.dfsg-5+lenny4 >> >libxml2-dev : 2.6.32.dfsg-5+lenny4 >> > >> >Apache 2.2.21 is installed from source using the following configure: >> > >> >./configure \ >> >--prefix=/usr/local/apache \ >> >--disable-userdir \ >> >--enable-rewrite \ >> >--enable-so \ >> >--enable-status \ >> >--enable-info \ >> >--enable-ssl \ >> >--enable-cgi \ >> >--enable-unique-id \ >> >--enable-mime-magic \ >> >--with-included-apr \ >> >--with-pcre=/usr/bin/pcre-config \ >> >--enable-deflate \ >> >--enable-expires \ >> >--enable-headers >> > >> >ModSecurity 2.6.2 is installed with the following configure: >> > >> >./configure \ >> >--with-apxs=/usr/local/apache/bin/apxs \ >> >--with-apr=/usr/local/apache/bin/apr-1-config >> > >> >I've only made minor path changes to the ModSecurity config, and a few >> >rule rewrites for some false positives in the CRS configuration. >> > >> >I'm assuming this is a result of >> >modsecurity_crs_41_advanced_filters.conf somehow, but I'm not entirely >> >sure how -- or whether this is necessary, or purely optional (although >> >it's part of the base_rules). >> > >> >Appreciate any help or suggestions that anyone can give. >> > >> >Ross. >> > >> >_______________________________________________ >> >Owasp-modsecurity-core-rule-set mailing list >> >[email protected] >> >>>https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> > >> >> >> This transmission may contain information that is privileged, >>confidential, and/or exempt from disclosure under applicable law. If you >>are not the intended recipient, you are hereby notified that any >>disclosure, copying, distribution, or use of the information contained >>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you >>received this transmission in error, please immediately contact the >>sender and destroy the material in its entirety, whether in electronic >>or hard copy format. >> > > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
