hi,
I'm trying to send email when specific rule get matched in the modsecurity
but the modsecurity gives execution error in the mod_audit.log.
I have written my own test rule like this:
SecRule REQUEST_HEADERS:User-Agent "FAKE-USER"
"chain,deny,log,exec:/root/send_alert_email_fake-user.sh,id:1234123455"
SecRule REMOTE_ADDR "^192\.168\.203\.141"
and my script looks like this:
#!/bin/sh
echo "Fake user tried to access the web application" |mail -s "local server
under attack" u...@user.com
echo Done.
The mod_audit.log is giving this message and email is being send.
Message: Exec: Execution failed while reading output:
/root/send_alert_email_fake-user.sh (End of file found)
Message: Failed to execute: /root/send_alert_email_fake-user.sh
Message: Warning. Pattern match "^192\\.168\\.203\\.141" at REMOTE_ADDR.
[file
"/usr/share/modsecurity-crs/activated_rules/check_user_agent_email.conf"]
[line "1"] [id "1234123455"]
Please help me to fix this? I'm also referencing ModSecurity 2.5 by Magnus
Mischel.
thanks.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
