Apache fails to start on a Plesk server: ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory

Comments

31 comments

  • Avatar
    Unknown User

    Very bad bug! Many thanks for the workaround but this is causing a lot of unexpected downtime.

    0
  • Avatar
    Michael Sasinacki

    Ahh Atomic... I'm using Atomic Advanced (bought from Plesk). I hope you resolve this issue quickly. Workaround works. Thanks.

    1
  • Avatar
    Steve West

    In the future, I hope Plesk team can develop a method to do a configtest of mod_sec rules before they are applied on a Plesk server.

    0
  • Avatar
    Anton Kuznetsov

    Hello Steve,

    The thing is, the error happens due to a missing file from Atomic installation and config file syntax is perfectly okay. So there is no way to pre-test it from the Plesk side.

    0
  • Avatar
    Nicolas Labbe (Edited )

    Because of this bug, I've switched off Mod Security and now I can't turn it back on.. Even if I try to use Comodo.
    modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id apache_control_adapter[38496]: apache_action(restart): invoke_httpd_action failed, trying second time

    EDIT: I was able to enable it by running the CLI command provided in the article, and then putting modsec back on in plesk.

    0
  • Avatar
    Donnie Weaver

    Will this page be updated once the bug is fixed?

    0
  • Avatar
    Michael Sasinacki

    I was wondering the same thing. I broke one of my servers trying to find out if the problem is fixed. I applied Atomic Advanced Rule set, no errors. But then i discovered that the web server is not servig content correctly. In some instances i was getting a Apache default page.

    I ended up deinstalling modesecurity and disabling Reverse Proxy Server (nginx).

    1
  • Avatar
    Donnie Weaver

    Some level of communication from Plesk and/or Atomic here would be great. I was told by Plesk support to follow this page for updates. It's concerning many days have passed with no information.

    0
  • Avatar
    Julian Bonpland Mignaquy

    Donnie Weaver hi!, we have direct communication with Atomic internally. Once they fix the issue we will publish it in this article.

    1
  • Avatar
    Unknown User (Edited )

    A fix has been posted but results in the following error:

    [root@~]# aum -u

    Atomic Updater

    Analyzing system ... error:account validation failed

     

    0
  • Avatar
    Filippo Casti

    I see this post is updated but I don't see any fix. News?

    0
  • Avatar
    Unknown User

    Filippo Casti the supposed solution is "aum -u"

    0
  • Avatar
    Filippo Casti

    I don't think so. I can lunch "aum -u" and the update goes fine but when I try to switch from "Comodo" to "Atomic Standard free" I have this error:
    "modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum"

    1
  • Avatar
    Nicolas Labbe

    I was able to enable Atomic rule after running "aum -u" but the rules list is empty. Seems like it's still broken.

    1
  • Avatar
    Hiroki Nagashima

    I ran the "aum -u" command and got an error.

    # aum -u
    Atomic Updater
    Analyzing system ... error:failed to load config:File not found: /var/awp/etc/config
    #

     

    0
  • Avatar
    Donnie Weaver

    Has anyone had success with the resolution of running "aum -u" and enabling Atomic Advanced (bought from Plesk) without issue and back to normal?

    These last two posts from Filippo Casti and Nicolas Labbe don't inspire confidence this issue is indeed resolved.  Thanks.

    0
  • Avatar
    翔 中村

    Running aum -u results in the following error

    error:failed to load config:File not found: /var/awp/etc/config

     

    Can you please tell me how to solve this problem?

    0
  • Avatar
    Michael Sasinacki (Edited )

    On CentOS 7 I get this error after running aum -u

    Warning: fopen():  failed to open stream: No such file or directory in component/c_modsec.php on line XXX

    and this one

    c_modsec::tortix_conf_generat An error occurred attempting to read file /var/asl/data/templates/template-tortix_waf.conf

     

    FIX for me was to do:

    1. cd /var/asl/bin

    ls -la /var/asl/bin directory was empty (after running aum -u first time)

    2. ln /var/awp/bin/aum aum

    3. run aum -u again, no error

    4. goto Web UI and enable / switch to Atomic Advanced (bought from Plesk)

     

    0
  • Avatar
    Michael Schwartz (Edited )

    @ 翔 中村

    I just created the file

    /var/awp/etc/config

    (with a blankspace as content) and ran "aum -u" again ... did work for me ...

    1
  • Avatar
    Chad Reitsma

    Still showing an error after updating AUM:

    modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'

    1
  • Avatar
    Steven Thomas

    Had similar issues as some other comments. At first, couldn't update the rules back to Atomic in Plesk then couldn't run aum -u because of config errors. Noticed config file was present but was the settings were the defaults, not Plesk's (USERNAME="plesk_global_unpaid", UPDATE_PATH="/channels/rules/plesk", etc.). Uninstalling then reinstalling ModSecurity fixed all of the errors.

    0
  • Avatar
    Chad Reitsma

    Tried Steven's suggestion of uninstalling / reinstalling, I still see this error after attempting to switch back to Atomic Standard (Apache ModSecurity 2.9):

    modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'

    0
  • Avatar
    Filippo Casti

    Fix for me was:

    • plesk bin server_pref --update-web-app-firewall -waf-rule-engine on -waf-rule-set tortix -waf-config-preset tradeoff
    • aum -u
    0
  • Avatar
    Chad Reitsma

    Spoke with support regarding the No such file or directory error, the solution is to re-link the binary:

    # mv /var/asl/bin/aum{,.old}
    # ln -s /var/awp/bin/aum /var/asl/bin/aum
    0
  • Avatar
    Donnie Weaver

    "aum -u" did work for me without errors on 3 servers, provided I first switched back to Atomic Advanced (bought from Plesk) from Comodo free, before running the update. 

    I did not need to toggle to Comodo, then back to Atomic, afterwards.

    I discovered on the first server attempt if I left Comodo free selected before running "aum -u" it resulted in "error: account validation failed", which I guess makes sense.

    Glad to have this resolved. Wish everyone else all the best on this issue.

    0
  • Avatar
    Fabien ARAUJO

    aum -u

    Atomic Updater

    Analyzing system ... error:failed to load config:File not found: /var/awp/etc/config

    0
  • Avatar
    Fabien ARAUJO

    modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id
    apache_control_adapter[16503]: apache_action(restart): invoke_httpd_action failed, trying second time
    INFO: [Tue Jun 13 18:34:23 CEST 2023]: Service: apache, Action: start
     Trying to start service httpd... failed
    Jun 13 18:34:23 X systemd[1]: Starting The Apache HTTP Server...
    Jun 13 18:34:23 X httpd[16955]: AH00526: Syntax error on line 24 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf:
    Jun 13 18:34:23 X httpd[16955]: ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory
    Jun 13 18:34:23 X systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Jun 13 18:34:23 X systemd[1]: Failed to start The Apache HTTP Server.
    Jun 13 18:34:23 X systemd[1]: Unit httpd.service entered failed state.
    Jun 13 18:34:23 X systemd[1]: httpd.service failed.

    *****  problem report *****
    Warning: start service httpd failed

    /usr/local/psa/admin/sbin/pleskrc execution failed:
    Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
    /usr/local/psa/admin/sbin/pleskrc execution failed:
    Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

    0
  • Avatar
    Chad Reitsma

    Fabien ARAUJO

    Try this:

    # touch /var/awp/etc/config
    # aum -u


    Then try to switch back to Atomic Standard and if you get an error that says:
    "modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'"

    # ln -s /var/awp/bin/aum /var/asl/bin/aum

     

    0
  • Avatar
    Hiroki Nagashima
    # touch /var/awp/etc/config
    # aum -u

    It works for me.

    But after, when I tried to enable waf from the waf management web screen,
    I got the following error.

    ERROR: TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given (Apache.php:172)
    Search for related Knowledge Base articles

    Is something wrong?

     

    0
  • Avatar
    Stoyan Marinov

    Command 'aum' not found, did you mean: ...

    Someone who could help with this?

    0

Please sign in to leave a comment.

Have more questions? Submit a request