Package: libapache-mod-security Version: 2.5.11-1~bpo50+1 Severity: normal I just started using mod_security. I installed it on a test system, created a configuration, then copied the configuration to several other system and installed mod_security. The install enables mod_security and reloads apache. At that point, I thought my configuration should be working. But I noticed that it wasn't logging what I thought it should (specifically, nothing was in the audit log), then I noticed lines like this in the error log:
[Wed Mar 17 18:58:56 2010] [notice] child pid 18662 exit signal Segmentation fault (11) They seem to correlate with when mod_security should be writing to the audit log. The strangest thing is that when I run /etc/init.d/apache reload, the problem goes away and audit logging happens as expected. I attached to the child with gdb and managed to get a backtrace: #0 0x00007fa7b2a17ea4 in apr_global_mutex_lock () from /usr/lib/libapr-1.so.0 #1 0x00007fa7ac52976d in ?? () from /usr/lib/apache2/modules/mod_security2.so #2 0x00007fa7ac524d66 in ?? () from /usr/lib/apache2/modules/mod_security2.so #3 0x00007fa7ac542f6e in ?? () from /usr/lib/apache2/modules/mod_security2.so #4 0x000000000042b5aa in ap_run_log_transaction () #5 0x00000000004495eb in ap_process_request () #6 0x00000000004467a8 in ?? () #7 0x0000000000440403 in ap_run_process_connection () #8 0x000000000044dc80 in ?? () #9 0x000000000044dfd4 in ?? () #10 0x000000000044ec16 in ap_mpm_run () #11 0x0000000000425be5 in main () Not the most helpful, I know. If you are interested in debugging this, I can leave apache running in this state on one system. Otherwise, I will probable just reload apache and watch for further problems. Here is my mod_security configuration. It is set at the top-level of the apache log file. SecRuleEngine On SecAuditEngine RelevantOnly SecRequestBodyAccess On SecRequestBodyNoFilesLimit 16384 SecAuditLog /var/log/apache2/post.log SecAuditLogParts AIZ SecRule REQUEST_METHOD POST auditlog Andrew -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-302-rs (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libapache-mod-security depends on: ii apache2.2-common 2.2.9-10+lenny6 Apache HTTP Server common files ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii liblua5.1-0 5.1.3-1 Simple, extensible, embeddable pro ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi ii libxml2 2.6.32.dfsg-5+lenny1 GNOME XML library ii mod-security-common 2.5.11-1~bpo50+1 Tighten web applications security libapache-mod-security recommends no packages. libapache-mod-security suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
