Symptoms
-
On a Plesk for Linux server, Apache fails to start with the following error shown on the Plesk Home page:
Template_Exception: AH00526: Syntax error on line 24 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf:
ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory -
Enabling ModSecurity in the menu Tools & Settings > Web Application Firewall (ModSecurity) fails:
modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id apache_control_adapter[29113]: apache_action(restart): invoke_httpd_action failed, trying second time
modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum' -
The following error is shown in the menu Tools & Settings > Web Application Firewall (ModSecurity):
Failed to update the ModSecurity rule set: modsecurity_ctl failed: Command '['sed', '-i', '-e', 's#^MODSEC_RULES_PATH\\s*=.*#MODSEC_RULES_PATH="/etc/httpd/conf/modsecurity.d/rules/tortix/modsec"#g', '-e', 's#^RESTART_APACHE\\s*=.*#RESTART_APACHE="no"#g', '-e', 's#^AUTOMATIC_UPDATES\\s*=.*#AUTOMATIC_UPDATES="no"#g', '-e', 's#^MODSEC_50_PLESK\\s*=.*#MODSEC_50_PLESK="yes"#g', '/etc/asl/config']' returned non-zero exit status 2.
-
Atomic Standard rule set is in use.
Cause
Issue on the Atomic side, fixed in the update of the aum package (updater of Atomic rule set) 6.0.48-29386.
Resolution
- Connect to the server using SSH.
- Update the
aumpackage to the latest version:
# touch /var/awp/etc/config
# aum -u - Log into Plesk.
- Go to Tools & Settings > Web Application Firewall (ModSecurity).
- Change Rule set option to Comodo rule set and click OK or Apply.
- Change Rule set option back to Atomic Standard rule set and click OK or Apply.
Note: I'll leave it as internal because when Atomic fixes the issue it will be easier to switch back via UI and not mess with this file.
-
Connect to the server via SSH
-
Create the
/etc/asl/whitelistfile with your favorite command-line text editor and enter the following as content within it:127.0.0.1/8
-
Save the changes
- Adjust permissions to the file:
# chown tortix:root /etc/asl/whitelist -
Go to Tools and settings > Web application firewall (Modsecurity)
-
Turn the WAF on and switch to the Atomic ruleset
Comments
31 comments
Very bad bug! Many thanks for the workaround but this is causing a lot of unexpected downtime.
Ahh Atomic... I'm using Atomic Advanced (bought from Plesk). I hope you resolve this issue quickly. Workaround works. Thanks.
In the future, I hope Plesk team can develop a method to do a configtest of mod_sec rules before they are applied on a Plesk server.
Hello Steve,
The thing is, the error happens due to a missing file from Atomic installation and config file syntax is perfectly okay. So there is no way to pre-test it from the Plesk side.
Because of this bug, I've switched off Mod Security and now I can't turn it back on.. Even if I try to use Comodo.
modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id apache_control_adapter[38496]: apache_action(restart): invoke_httpd_action failed, trying second time
EDIT: I was able to enable it by running the CLI command provided in the article, and then putting modsec back on in plesk.
Will this page be updated once the bug is fixed?
I was wondering the same thing. I broke one of my servers trying to find out if the problem is fixed. I applied Atomic Advanced Rule set, no errors. But then i discovered that the web server is not servig content correctly. In some instances i was getting a Apache default page.
I ended up deinstalling modesecurity and disabling Reverse Proxy Server (nginx).
Some level of communication from Plesk and/or Atomic here would be great. I was told by Plesk support to follow this page for updates. It's concerning many days have passed with no information.
Donnie Weaver hi!, we have direct communication with Atomic internally. Once they fix the issue we will publish it in this article.
A fix has been posted but results in the following error:
[root@~]# aum -u
Atomic Updater
Analyzing system ... error:account validation failed
I see this post is updated but I don't see any fix. News?
Filippo Casti the supposed solution is "aum -u"
I don't think so. I can lunch "aum -u" and the update goes fine but when I try to switch from "Comodo" to "Atomic Standard free" I have this error:
"modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum"
I was able to enable Atomic rule after running "aum -u" but the rules list is empty. Seems like it's still broken.
I ran the "aum -u" command and got an error.
# aum -u
Atomic Updater
Analyzing system ... error:failed to load config:File not found: /var/awp/etc/config
#
Has anyone had success with the resolution of running "aum -u" and enabling Atomic Advanced (bought from Plesk) without issue and back to normal?
These last two posts from Filippo Casti and Nicolas Labbe don't inspire confidence this issue is indeed resolved. Thanks.
Running aum -u results in the following error
Can you please tell me how to solve this problem?
On CentOS 7 I get this error after running aum -u
Warning: fopen(): failed to open stream: No such file or directory in component/c_modsec.php on line XXX
and this one
c_modsec::tortix_conf_generat An error occurred attempting to read file /var/asl/data/templates/template-tortix_waf.conf
FIX for me was to do:
1. cd /var/asl/bin
ls -la /var/asl/bin directory was empty (after running aum -u first time)
2. ln /var/awp/bin/aum aum
3. run aum -u again, no error
4. goto Web UI and enable / switch to Atomic Advanced (bought from Plesk)
@ 翔 中村
I just created the file
(with a blankspace as content) and ran "aum -u" again ... did work for me ...
Still showing an error after updating AUM:
modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'
Had similar issues as some other comments. At first, couldn't update the rules back to Atomic in Plesk then couldn't run aum -u because of config errors. Noticed config file was present but was the settings were the defaults, not Plesk's (USERNAME="plesk_global_unpaid", UPDATE_PATH="/channels/rules/plesk", etc.). Uninstalling then reinstalling ModSecurity fixed all of the errors.
Tried Steven's suggestion of uninstalling / reinstalling, I still see this error after attempting to switch back to Atomic Standard (Apache ModSecurity 2.9):
modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'
Fix for me was:
Spoke with support regarding the No such file or directory error, the solution is to re-link the binary:
"aum -u" did work for me without errors on 3 servers, provided I first switched back to Atomic Advanced (bought from Plesk) from Comodo free, before running the update.
I did not need to toggle to Comodo, then back to Atomic, afterwards.
I discovered on the first server attempt if I left Comodo free selected before running "aum -u" it resulted in "error: account validation failed", which I guess makes sense.
Glad to have this resolved. Wish everyone else all the best on this issue.
aum -u
Atomic Updater
Analyzing system ... error:failed to load config:File not found: /var/awp/etc/config
modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id
apache_control_adapter[16503]: apache_action(restart): invoke_httpd_action failed, trying second time
INFO: [Tue Jun 13 18:34:23 CEST 2023]: Service: apache, Action: start
Trying to start service httpd... failed
Jun 13 18:34:23 X systemd[1]: Starting The Apache HTTP Server...
Jun 13 18:34:23 X httpd[16955]: AH00526: Syntax error on line 24 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf:
Jun 13 18:34:23 X httpd[16955]: ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory
Jun 13 18:34:23 X systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jun 13 18:34:23 X systemd[1]: Failed to start The Apache HTTP Server.
Jun 13 18:34:23 X systemd[1]: Unit httpd.service entered failed state.
Jun 13 18:34:23 X systemd[1]: httpd.service failed.
***** problem report *****
Warning: start service httpd failed
/usr/local/psa/admin/sbin/pleskrc execution failed:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
/usr/local/psa/admin/sbin/pleskrc execution failed:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Fabien ARAUJO
Try this:
Then try to switch back to Atomic Standard and if you get an error that says:
"modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'"
It works for me.
But after, when I tried to enable waf from the waf management web screen,
I got the following error.
ERROR: TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given (Apache.php:172)
Search for related Knowledge Base articles
Is something wrong?
Someone who could help with this?
Please sign in to leave a comment.