On Fri, 2011-11-04 at 16:58 -0500, Ryan Barnett wrote: > On 11/4/11 4:29 PM, "Ross Lawrie" <[email protected]> wrote: > > >Hi, > > > >I've done some searches hoping to find some help, and while I did find a > >reference to the same error earlier in the list, I didn't see a clear > >solution - or at least one that seemed clear to me. > > > >I'm looking at getting ModSecurity upgraded on our web server, using > >2.6.2 with the 2.2.0 CRS. What I'm encountering is a Lua error that has > >me confused. > > > > Message: Lua: Script execution failed: attempt to call a nil value > > Message: Rule processing failed. > > Do you happen to have Selinux running? I believe I ran into this recently > as well with a Lua script. Although I had set OS level permissions which > allowed my Apache user to read/execute the Lua scripts, the Selinux > permissions were not set correctly and I got a similar error message. If > this is the case, then you will want to execute the chcon command to set > appropriate context for the Lua scripts/directory to allow the httpd > process to read/execute it. See a similar post here - > http://permalink.gmane.org/gmane.comp.apache.mod-security.user/7268 > > -Ryan
Hi Ryan, Thanks for the reply, unfortunately selinux is not active on the machine in question. Events are successfully going to our SecAuditLogStorageDir, so I believe the permissions are okay on it. I've increased the SecDebugLogLevel to 9, and I think this is the relevant entries from the resulting log, not sure if it's of any help: [04/Nov/2011:15:31:43 --0700] [xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][4] Recipe: Invoking rule 2ccfde8; [file "/usr/local/apache/conf/modsecurity-crs_2.2.0/activated_rules/modsecurity_crs_41_advanced_filters.conf"] [line "17"]. [04/Nov/2011:15:31:43 --0700] [xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][5] Rule 2ccfde8: SecRuleScript "@" "phase:2,log,t:none,pass" [04/Nov/2011:15:31:43 --0700] [xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][8] Lua: Executing script: /usr/local/apache/conf/modsecurity-crs_2.2.0/activated_rules/../lua/advanced_filter_converter.lua [04/Nov/2011:15:31:43 --0700] [xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][1] Lua: Script execution failed: attempt to call a nil value [04/Nov/2011:15:31:43 --0700] [xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][4] Rule returned -1. [04/Nov/2011:15:31:43 --0700] [xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][1] Rule processing failed. [04/Nov/2011:15:31:43 --0700] [xxxxxxxxx.xxx/sid#36acbf0][rid#3ad72f0][/xxxxxx.cgi][9] Rule failed, not chained -> mode NEXT_RULE. Ross. > > > > > >This is an installation on a Debian 5.0.9 server, I believe that the > >necessary requirements are installed: > > > >libapr1 : 1.2.12-5+lenny4 > >libapr1-dev : 1.2.12-5+lenny4 > >libaprutil1 : 1.2.12+dfsg-8+lenny5 > >libaprutil1-dev : 1.2.12+dfsg-8+lenny5 > >lua5.1 : 5.1.3-1 > >liblua5.1-0 : 5.1.3-1 > >liblua5.1-0-dev : 5.1.3-1 > >libpcre3 : 7.6-2.1 > >libpcre3-dev : 7.6-2.1 > >libxml2 : 2.6.32.dfsg-5+lenny4 > >libxml2-dev : 2.6.32.dfsg-5+lenny4 > > > >Apache 2.2.21 is installed from source using the following configure: > > > >./configure \ > >--prefix=/usr/local/apache \ > >--disable-userdir \ > >--enable-rewrite \ > >--enable-so \ > >--enable-status \ > >--enable-info \ > >--enable-ssl \ > >--enable-cgi \ > >--enable-unique-id \ > >--enable-mime-magic \ > >--with-included-apr \ > >--with-pcre=/usr/bin/pcre-config \ > >--enable-deflate \ > >--enable-expires \ > >--enable-headers > > > >ModSecurity 2.6.2 is installed with the following configure: > > > >./configure \ > >--with-apxs=/usr/local/apache/bin/apxs \ > >--with-apr=/usr/local/apache/bin/apr-1-config > > > >I've only made minor path changes to the ModSecurity config, and a few > >rule rewrites for some false positives in the CRS configuration. > > > >I'm assuming this is a result of > >modsecurity_crs_41_advanced_filters.conf somehow, but I'm not entirely > >sure how -- or whether this is necessary, or purely optional (although > >it's part of the base_rules). > > > >Appreciate any help or suggestions that anyone can give. > > > >Ross. > > > >_______________________________________________ > >Owasp-modsecurity-core-rule-set mailing list > >[email protected] > >https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
