OWASP V3 error when installing.

TheGrumpyOne

• September 08, 2018 15:51

I'm getting this error when attempting to install OWASP V3 using the command line. Anyone have any ideas? Thanks! [root@server1 ~]# /usr/local/cpanel/scripts/modsec_vendor list [OWASP3] OWASP ModSecurity Core Rule Set V3.0 (not installed) cpanel_provided 1 description SpiderLabs OWASP V3 curated ModSecurity rule set installed 0 installed_from http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml name OWASP ModSecurity Core Rule Set V3.0 vendor_id OWASP3 vendor_url OWASP ModSecurity CRS - cPanel Knowledge Base - cPanel Documentation [root@server1 ~]# /usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml warn [modsec_vendor] The system could not add the vendor: The configuration name must contain the string "modsec". at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277. info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup warn [modsec_vendor] The system could not uninstall the vendor: The configuration name must contain the string "modsec". at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277. warn [modsec_vendor] The system failed to add the vendor from the URL "http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml": The configuration name must contain the string "modsec". at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277.
And i get this error when i use WHM to attempt installing. Error: The system experienced the following error when it attempted to install the "OWASP ModSecurity Core Rule Set V3.0" vendor: API failure: The configuration name must contain the string "modsec". at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277.

• 

  fuzzylogic

  • September 09, 2018 05:05

  That error message is confusing. The response from... /usr/local/cpanel/scripts/modsec_vendor list
  indicates that "OWASP ModSecurity Core Rule Set V3.0" is already added but not enabled, so to then use the command... /usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
  is not a logical action. I would try... /usr/local/cpanel/scripts/modsec_vendor enable OWASP3
  See... /usr/local/cpanel/scripts/modsec_vendor help
  In WHM are you trying to add it when it is already added? Try simply enabling it instead. Looks like confusion originating in the use of the words "not installed" in the command output of the list command.

  0
• 

  cPanelLauren

  • September 12, 2018 15:43

  Hi @TheGrumpyOne That's odd behavior, trying to replicate this I removed my OWASP vendor installation. 1. I received the same results as you (once it was removed) when checking the vendor list: /usr/local/cpanel/scripts/modsec_vendor list [OWASP3] OWASP ModSecurity Core Rule Set V3.0 (not installed) cpanel_provided 1 description SpiderLabs OWASP V3 curated ModSecurity rule set installed 0 installed_from http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml name OWASP ModSecurity Core Rule Set V3.0 vendor_id OWASP3 vendor_url https://go.cpanel.net/modsecurityowasp
  But when I go to install it I don't run into any issues: 2. /usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml info [modsec_vendor] You have added the vendor "OWASP ModSecurity Core Rule Set V3.0". [OWASP3] OWASP ModSecurity Core Rule Set V3.0 archive_url http://httpupdate.cpanel.net/modsecurity-rules/OWASP3_1501094486.zip description SpiderLabs OWASP curated ModSecurity rule set dist_md5 2697e62531ab49f3907d10049bfc18a0 dist_sha512 cee19f6abb78e52f7ea51a4cfbc3783fa8e60d88f5ae8b959026eeafff4d0d49f0538daf9302c61df26209f28a1eebc0b0e2ddd02036411ab8dae3c2d464f5ef distribution OWASP3_1501094486 enabled 1 inst_dist OWASP3_1501094486 installed 1 installed_from http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml meta_yaml_file /var/cpanel/modsec_vendors/meta_OWASP3.yaml name OWASP ModSecurity Core Rule Set V3.0 path /etc/apache2/conf.d/modsec_vendor_configs/OWASP3 progress_bar report_url https://www.modsecurity.org/rule_issue_report/cPanel/report/new supported_versions (2) vendor_id OWASP3 vendor_url https://go.cpanel.net/modsecurityowasp
  This makes me wonder about your configuration - do you have any customizations in place? What is present in /var/cpanel/modsec_vendors/
  as well as /etc/apache2/conf.d/modsec /etc/apache2/conf.d/modsec_vendor_configs
  

  0

Please sign in to leave a comment.