hi, I'm trying to send email when specific rule get matched in the modsecurity but the modsecurity gives execution error in the mod_audit.log.
I have written my own test rule like this: SecRule REQUEST_HEADERS:User-Agent "FAKE-USER" "chain,deny,log,exec:/root/send_alert_email_fake-user.sh,id:1234123455" SecRule REMOTE_ADDR "^192\.168\.203\.141" and my script looks like this: #!/bin/sh echo "Fake user tried to access the web application" |mail -s "local server under attack" u...@user.com echo Done. The mod_audit.log is giving this message and email is being send. Message: Exec: Execution failed while reading output: /root/send_alert_email_fake-user.sh (End of file found) Message: Failed to execute: /root/send_alert_email_fake-user.sh Message: Warning. Pattern match "^192\\.168\\.203\\.141" at REMOTE_ADDR. [file "/usr/share/modsecurity-crs/activated_rules/check_user_agent_email.conf"] [line "1"] [id "1234123455"] Please help me to fix this? I'm also referencing ModSecurity 2.5 by Magnus Mischel. thanks.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set