issue has been fixed. the problem was that i put that bash script in the /root/ directory. Keeping it inside /usr/share/modsecurity-crs/ it worked.
On Wed, Jan 28, 2015 at 1:54 PM, Sabin Ranjit <think.sa...@gmail.com> wrote: > email is not being send. > > On Wed, Jan 28, 2015 at 1:27 PM, Sabin Ranjit <think.sa...@gmail.com> > wrote: > >> hi, >> I'm trying to send email when specific rule get matched in the >> modsecurity but the modsecurity gives execution error in the mod_audit.log. >> >> I have written my own test rule like this: >> >> SecRule REQUEST_HEADERS:User-Agent "FAKE-USER" >> "chain,deny,log,exec:/root/send_alert_email_fake-user.sh,id:1234123455" >> SecRule REMOTE_ADDR "^192\.168\.203\.141" >> >> and my script looks like this: >> >> #!/bin/sh >> echo "Fake user tried to access the web application" |mail -s "local >> server under attack" u...@user.com >> echo Done. >> >> The mod_audit.log is giving this message and email is being send. >> >> Message: Exec: Execution failed while reading output: >> /root/send_alert_email_fake-user.sh (End of file found) >> Message: Failed to execute: /root/send_alert_email_fake-user.sh >> Message: Warning. Pattern match "^192\\.168\\.203\\.141" at REMOTE_ADDR. >> [file >> "/usr/share/modsecurity-crs/activated_rules/check_user_agent_email.conf"] >> [line "1"] [id "1234123455"] >> >> Please help me to fix this? I'm also referencing ModSecurity 2.5 by >> Magnus Mischel. >> >> thanks. >> >> >> >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
