Symptoms
-
Unable to activate/reinstall ModSecurity component or enable Tortix ModSecurityÂ
ruleset with one of the following errors:
Error: Failed to update the ModSecurity rule set: modsecurity_ctl failed:
gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: Signature made Thu Nov 5 10:06:20 2015 EST using RSA key ID 1111AAAA gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: XXXX TERM environment variable not set. aum failed with exitcode
stdout: Checking versions ... ASL version is current:[75G[[1;31m[1;32mPASS[0m[0m] Authorization failed attempting to download an update. The username or password may be invalid, or your license may be expired. Please log in to the License Manager at https://www.atomicorp.com/amember/member.php and verify your account. Further information may be found at: https://www.atomicorp.com/wiki/index.php/ASL_FAQ#HTTP_Error_401:_Authorization_Required.Syntax error on line 39 of /etc/apache2/modsecurity.d/rules/tortix/modsec/98_asl_scanner.conf:
Invalid command 'SecTmpSaveUploadedFiles', perhaps misspelled or defined by a module not included in the server configuration
apache2.service: control process exited, code=exited status=1
Failed to start The Apache Webserver. -
Verifying license at https://www.atomicorp.com/amember/member.php shows the following error:
"Active Licenses: You have no active licenses".
-
Going to Tools & Settings > License Management > Additional License Keys contains a paid license
Security Core for VPS with Complete Atomicorp ModSecurity
Rules (Security Pack)
Cause
Corrupted installation of aum
package. As a result, the license was not uploaded to the Atomicorp website.
Resolution
Reinstall aum and ModSecurity in order to resolve the issue:
-
Connect to the server via SSH
-
Back up the content of the following directories and remove them:
MYSQL_LIN: /etc/asl/*
/var/asl/*
/etc/httpd/modsecurity.d/rules/* -
Check whether
aum
package was removed. If not, remove it manually:# rpm -e –nodeps aum-4.0.19-37.el7.art.x86_64
-
Make sure that ModSecurity license is updated in Tools & Settings > License Management > Additional Licenses > Retrieve
If paid Tortix ruleset is in use, additionally do the following:
-
Enable Atomic Professional ModSecurity ruleset going to Tools & Settings > Web Application Firewall (ModSecurity)
Note: Do not select (Subscription) as this option is for the keys purchased directly from Atomic, see the following article:Â Why username and password are asked when switching to Advanced ModSecurity Rules by Atomicorp ruleset?
-
Make sure that “tortix” rules appeared in
/etc/httpd/conf/modsecurity.d/rules/
directory. If not, update the ruleset:# plesk php /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateModSecurityRuleSet daily