When i enabled the SecStatusEngine of mod security in their configuration file then restarting the apache shows an error
Invalid command 'SecStatusEngine', perhaps misspelled or defined by a module not included in the server configuration
SecStatusEngine command has been added to mod_security 2.8 and you're probably using mod_security 2.7.* or older.
Please upgrade mod_security or remove SecStatusEngine from your config file.
Related
I'm running presto in K8s and I'm trying to enable file based authentication for the service (using this as a guide https://prestosql.io/docs/current/security/password-file.html). However, as the application is starting up I get an error saying:
java.lang.IllegalStateException: Password authenticator file is not registered
config.properties
coordinator=true
node-scheduler.include-coordinator=false
http-server.http.port=8080
query.max-memory=20GB
query.max-memory-per-node=10GB
query.max-total-memory-per-node=10GB
discovery-server.enabled=true
discovery.uri=http://presto-service.eap.svc.cluster.local:8080
http-server.authentication.type=PASSWORD
http-server.https.enabled=true
http-server.https.port=8443
http-server.https.keystore.path=/opt/presto-server/etc/presto.jks
http-server.https.keystore.key=*************
password-authenticator.properties
password-authenticator.name=file
file.password-file=/opt/presto-server/etc/password.db
The rest of the config looks perfectly sane so does anybody know what I might have missed here?
Thanks,
Password file authentication was added in version 327, so you need to upgrade it.
Security Changes
Add Password File Authentication. (#797)
You can get the latest version from https://prestosql.io/download.html.
Also, you can join the community Slack. https://prestosql.io/slack.html
I'm using these settings in install4j.vmoptions (install4j 7.0.4):
# Clear out cached proxy information
-Dinstall4j.clearProxyCache=true
# and hopefully prevent install4j from reloading it from the default browser
-Dinstall4j.noProxyAutoDetect=true
# Unconditionally shows proxy config dialog
-Dinstall4j.showProxyConfig=true
# Log issues to %TEMP%\install4j_error.log
-Dinstall4j.showConnectError=true
I do not get a proxy dialog; the output in the error log is this:
java.io.IOException: Proxy password required. Please set the parameter -DproxyAuthPassword=[password].
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.askForProxyPassword(HttpRequestHandler.java:335)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.getURLConnection(HttpRequestHandler.java:233)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.connect(HttpRequestHandler.java:124)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:151)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:24)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.connect(HttpRequestHandler.java:117)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:146)
at com.install4j.gui.c.h.c(ejt:72)
at com.install4j.gui.c.h.run(ejt:38)
This runs contrary to the following two assumptions:
1) install4j should record the proxy settings.
2) install4j should show a proxy dialog with these settings.
What did I miss?
UPDATE: -DproxyAuth=false would change the error message, it would now complain about certificate problems.
This concerns the JRE downloads in the install4j IDE and will be fixed in 7.0.7.
Please write to support#ej-technologies.com to get a build that contains the fix.
Alternatively, you can download JRE bundles manually from
https://download.ej-technologies.com/bundles/list
I've been ask to send the logs from a Nessus scanner remotely on a syslog server,
But I can't find a way to bind it to syslog.
Is there a way to do it ?
You would need to use the imfile module of rsyslog and configure a rule for each Nessus log file.
Here's a suggestion on how to proceed:
Edit /etc/rsyslog.conf
Add the following line:
$ModLoad imfile
Create the imfile rules by adding the below lines for each log file (I suggest including nessusd.messages, nessusd.dump and backend.log. By default, they are in /opt/nessus/var/nessus/logs):
# File 1
$InputFileName path_to_file
$InputFileTag tag:
$InputFileStateFile state_file_name
$InputRunFileMonitor
Restart Rsyslog
There are more optional settings available but the aforementioned ones are required. Refer to the "Using Rsyslog Modules" RedHat guide for more info.
Note that you can also configure these rules in a separate file. Should you choose to do so, you'll need to add the $IncludeConfig directive in /etc/rsyslog.conf/. See the Rsyslog documentation.
.
I have an HAProxy install which was configured by someone who left the company. It runs on Ubuntu 10.04 and it seems to use 3 configuration files in the directory /etc/haproxy
haproxy.cfg
haproxy.http.cfg
haproxy.https.cfg
I don't see the point in using the haproxy.https.cfg file as I believe (in our configuration) it can all be configured from a single haproxy.http.cfg file but when I remove that httpS file it complains bitterly and refuses to run. My question
Is this the standard configuration haproxy uses or if not, I can't find a reference to the "S" file anywhere. Can anyone suggest how HAProxy concludes it should use it?
Thanks
The very answer to your question: your haproxy is simply launched with those three config files ( -f haproxy.cfg -f haproxy.http.cfg -f haproxy.https.cfg, maybe from /etc/init.d/haproxy but mileage varies depending on your distribution ).
If you remove the file, of course it will complain.
This is not particularly standard, but ain't bad either, it helps structuring the conf rather than having a very long file.
The task of the .https version will certainly be to redirect the https traffic towards a service that can handle HTTPS (stunnel or nginx usually), since haproxy cannot terminate ssl connections. (stunnel has to be patched, see on the haproxy page)
If you want you can merge those files into one or two, just find out how haproxy is launched (check for init.d or let us know which distribution) and fix it appropriately.
I believe that it is only /etc/haproxy/haproxy.cfg that is used by default.
This may be of use to you (1.4 configuration reference):
http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
I have a basic Apache 2.2.9 setup under fedora core 8. I would like to set my own HTTP headers to come out (HTTP Forbidden / 403).
If I name the file nph-foo.pl, it works. If I name the file foo.pl, it fails and I get a server error, type 500.
According to all web references I've found, the nph-filename convention was no longer necessary effective in Apache 1.3 forward.
Is there a header / apache configuration directive I need to make this work?
Are you sure that you need a no-parsed-header script for this? Have you tried printing a "Status" CGI header?
print "Status: 403\n\n";