Apache fails to start on a Plesk server: ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory

Follow

Comments

31 comments

  • Avatar
    Unknown User

    Very bad bug! Many thanks for the workaround but this is causing a lot of unexpected downtime.

    0
    Comment actions Permalink
  • Avatar
    Michael Sasinacki

    Ahh Atomic... I'm using Atomic Advanced (bought from Plesk). I hope you resolve this issue quickly. Workaround works. Thanks.

    1
    Comment actions Permalink
  • Avatar
    Steve West

    In the future, I hope Plesk team can develop a method to do a configtest of mod_sec rules before they are applied on a Plesk server.

    0
    Comment actions Permalink
  • Avatar
    Anton Kuznetsov

    Hello Steve,

    The thing is, the error happens due to a missing file from Atomic installation and config file syntax is perfectly okay. So there is no way to pre-test it from the Plesk side.

    0
    Comment actions Permalink
  • Avatar
    Nicolas Labbe (Edited )

    Because of this bug, I've switched off Mod Security and now I can't turn it back on.. Even if I try to use Comodo.
    modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id apache_control_adapter[38496]: apache_action(restart): invoke_httpd_action failed, trying second time

    EDIT: I was able to enable it by running the CLI command provided in the article, and then putting modsec back on in plesk.

    0
    Comment actions Permalink
  • Avatar
    Donnie Weaver

    Will this page be updated once the bug is fixed?

    0
    Comment actions Permalink
  • Avatar
    Michael Sasinacki

    I was wondering the same thing. I broke one of my servers trying to find out if the problem is fixed. I applied Atomic Advanced Rule set, no errors. But then i discovered that the web server is not servig content correctly. In some instances i was getting a Apache default page.

    I ended up deinstalling modesecurity and disabling Reverse Proxy Server (nginx).

    1
    Comment actions Permalink
  • Avatar
    Donnie Weaver

    Some level of communication from Plesk and/or Atomic here would be great. I was told by Plesk support to follow this page for updates. It's concerning many days have passed with no information.

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Donnie Weaver hi!, we have direct communication with Atomic internally. Once they fix the issue we will publish it in this article.

    1
    Comment actions Permalink
  • Avatar
    Unknown User (Edited )

    A fix has been posted but results in the following error:

    [root@~]# aum -u

    Atomic Updater

    Analyzing system ... error:account validation failed

     

    0
    Comment actions Permalink
  • Avatar
    Filippo Casti

    I see this post is updated but I don't see any fix. News?

    0
    Comment actions Permalink
  • Avatar
    Unknown User

    Filippo Casti the supposed solution is "aum -u"

    0
    Comment actions Permalink
  • Avatar
    Filippo Casti

    I don't think so. I can lunch "aum -u" and the update goes fine but when I try to switch from "Comodo" to "Atomic Standard free" I have this error:
    "modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum"

    1
    Comment actions Permalink
  • Avatar
    Nicolas Labbe

    I was able to enable Atomic rule after running "aum -u" but the rules list is empty. Seems like it's still broken.

    1
    Comment actions Permalink
  • Avatar
    Hiroki Nagashima

    I ran the "aum -u" command and got an error.

    # aum -u
    Atomic Updater
    Analyzing system ... error:failed to load config:File not found: /var/awp/etc/config
    #

     

    0
    Comment actions Permalink
  • Avatar
    Donnie Weaver

    Has anyone had success with the resolution of running "aum -u" and enabling Atomic Advanced (bought from Plesk) without issue and back to normal?

    These last two posts from Filippo Casti and Nicolas Labbe don't inspire confidence this issue is indeed resolved.  Thanks.

    0
    Comment actions Permalink
  • Avatar
    翔 中村

    Running aum -u results in the following error

    error:failed to load config:File not found: /var/awp/etc/config

     

    Can you please tell me how to solve this problem?

    0
    Comment actions Permalink
  • Avatar
    Michael Sasinacki (Edited )

    On CentOS 7 I get this error after running aum -u

    Warning: fopen():  failed to open stream: No such file or directory in component/c_modsec.php on line XXX

    and this one

    c_modsec::tortix_conf_generat An error occurred attempting to read file /var/asl/data/templates/template-tortix_waf.conf

     

    FIX for me was to do:

    1. cd /var/asl/bin

    ls -la /var/asl/bin directory was empty (after running aum -u first time)

    2. ln /var/awp/bin/aum aum

    3. run aum -u again, no error

    4. goto Web UI and enable / switch to Atomic Advanced (bought from Plesk)

     

    0
    Comment actions Permalink
  • Avatar
    Michael Schwartz (Edited )

    @ 翔 中村

    I just created the file

    /var/awp/etc/config

    (with a blankspace as content) and ran "aum -u" again ... did work for me ...

    1
    Comment actions Permalink
  • Avatar
    Chad Reitsma

    Still showing an error after updating AUM:

    modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'

    1
    Comment actions Permalink
  • Avatar
    Steven Thomas

    Had similar issues as some other comments. At first, couldn't update the rules back to Atomic in Plesk then couldn't run aum -u because of config errors. Noticed config file was present but was the settings were the defaults, not Plesk's (USERNAME="plesk_global_unpaid", UPDATE_PATH="/channels/rules/plesk", etc.). Uninstalling then reinstalling ModSecurity fixed all of the errors.

    0
    Comment actions Permalink
  • Avatar
    Chad Reitsma

    Tried Steven's suggestion of uninstalling / reinstalling, I still see this error after attempting to switch back to Atomic Standard (Apache ModSecurity 2.9):

    modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'

    0
    Comment actions Permalink
  • Avatar
    Filippo Casti

    Fix for me was:

    • plesk bin server_pref --update-web-app-firewall -waf-rule-engine on -waf-rule-set tortix -waf-config-preset tradeoff
    • aum -u
    0
    Comment actions Permalink
  • Avatar
    Chad Reitsma

    Spoke with support regarding the No such file or directory error, the solution is to re-link the binary:

    # mv /var/asl/bin/aum{,.old}
    # ln -s /var/awp/bin/aum /var/asl/bin/aum
    0
    Comment actions Permalink
  • Avatar
    Donnie Weaver

    "aum -u" did work for me without errors on 3 servers, provided I first switched back to Atomic Advanced (bought from Plesk) from Comodo free, before running the update. 

    I did not need to toggle to Comodo, then back to Atomic, afterwards.

    I discovered on the first server attempt if I left Comodo free selected before running "aum -u" it resulted in "error: account validation failed", which I guess makes sense.

    Glad to have this resolved. Wish everyone else all the best on this issue.

    0
    Comment actions Permalink
  • Avatar
    Fabien ARAUJO

    aum -u

    Atomic Updater

    Analyzing system ... error:failed to load config:File not found: /var/awp/etc/config

    0
    Comment actions Permalink
  • Avatar
    Fabien ARAUJO

    modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id
    apache_control_adapter[16503]: apache_action(restart): invoke_httpd_action failed, trying second time
    INFO: [Tue Jun 13 18:34:23 CEST 2023]: Service: apache, Action: start
     Trying to start service httpd... failed
    Jun 13 18:34:23 X systemd[1]: Starting The Apache HTTP Server...
    Jun 13 18:34:23 X httpd[16955]: AH00526: Syntax error on line 24 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf:
    Jun 13 18:34:23 X httpd[16955]: ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory
    Jun 13 18:34:23 X systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Jun 13 18:34:23 X systemd[1]: Failed to start The Apache HTTP Server.
    Jun 13 18:34:23 X systemd[1]: Unit httpd.service entered failed state.
    Jun 13 18:34:23 X systemd[1]: httpd.service failed.

    *****  problem report *****
    Warning: start service httpd failed

    /usr/local/psa/admin/sbin/pleskrc execution failed:
    Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
    /usr/local/psa/admin/sbin/pleskrc execution failed:
    Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

    0
    Comment actions Permalink
  • Avatar
    Chad Reitsma

    Fabien ARAUJO

    Try this:

    # touch /var/awp/etc/config
    # aum -u


    Then try to switch back to Atomic Standard and if you get an error that says:
    "modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'"

    # ln -s /var/awp/bin/aum /var/asl/bin/aum

     

    0
    Comment actions Permalink
  • Avatar
    Hiroki Nagashima
    # touch /var/awp/etc/config
    # aum -u

    It works for me.

    But after, when I tried to enable waf from the waf management web screen,
    I got the following error.

    ERROR: TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given (Apache.php:172)
    Search for related Knowledge Base articles

    Is something wrong?

     

    0
    Comment actions Permalink
  • Avatar
    Stoyan Marinov

    Command 'aum' not found, did you mean: ...

    Someone who could help with this?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request