I can no longer open the ASL page

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

I just found a huge number of Load warning errors in my mailbox. After inspecting, i found about 50 processes like this:

/bin/sh /var/asl/lib/modules/configuration_setup.sh

Probably caused by my crontab which loads asl -u every 15 minutes to load new rules. (maybe an idea to seperate the rule update commandline option with an option to update asl itself?)

Anyway, i found that this happened because of an upgrade to ASL 2.2 which needs manual input to continue. I restarted the VPS to clear all those processes. Then updated ASL to 2.2 (i guess 2.2 is stable now that it updates automatically to that).

However, i am now no longer able to open the ASL pages in my Plesk control panel. It states that the page at port 30000 can't open? I added the port to the firewall, but that did not help.

Edit: I did find that i can still open ASL by manually going to https://<mydomain>:8443/asl . So it seems there is an error somewhere in this new ASL 2.2 in combination with Plesk.

I also noted the following change when i SSH to my vps running ASL. A message is now displayed when i logged in, and i did not put that message there. ASL did that?:

Quote:

***************************************************************************
NOTICE TO USERS
This computer system is the private property of its owner.
It is for authorized use only. Users (authorized or unauthorized)
have no explicit or implicit expectation of privacy.

Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.

By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************

scott · **Posted:** Wed Aug 26, 2009 10:11 am

yes it adds that banner, and I'd make sure you've got mysql set up to allow connections over TCP to localhost.

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

But my real problem is that i am not able to open the ASL page:

"However, i am now no longer able to open the ASL pages in my Plesk control panel. It states that the page at port 30000 can't open? I added the port to the firewall, but that did not help."

The tortic database is populated and new info does get in. I can also manually access the ASl page by going to:

https://<mydomain>:8443/asl

Not from the link within Plesk, there it wants to connect to port 30000?

Also my other issue regarding "asl -u". Your way of upgrading does not allow for setting up a crontab to update the asl ruleset, as it does effectively kill the server when you bring out an update of ASL itself, see my original post above. I had a load of over 100 from those 40+ configuration processes that were spawned.

scott · **Posted:** Wed Aug 26, 2009 10:32 am

That sounds like the asl-httpd daemon isnt running, you can start it with /etc/init.d/asl-httpd start

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

There is no "asl-httpd" on the system.

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

This is frustrating, please read the complete post as all answers to your questions are in there. I'll summarize below:

1. There is no "asl-httpd" on the system, so there is no asl daemon, yet i can open the page when i login to plesk and then go to:

https://<mydomain>:8443/asl

So if there is no asl-httpd, and if that is required for ASl to run, then why didnt ASL install that when I dis asl-u?

2. asl -u does more than just update rulesets. I woke up today to find tons of messages in my mailbox stating that my server was experiencing heavy load. I got in and found a load of over 100!

There were 40+ processes called:

/bin/sh /var/asl/lib/modules/configuration_setup.sh

And those were spawned by the crontab "asl -u".

I rebooted the VPS to clear all those processes, killed the crontab, and typed:

asl -u

There it wanted to update to ASL 2.2. It went through all the steps again like in the originall installation, except for the ASL member uid/pwd.

So it seems that, since this upgrade requires manual input, it kept open, and new processes were spawned every 15 minutes. I was lucky to catch it in time.

mikeshinn · **Posted:** Wed Aug 26, 2009 11:30 am

Quote:

I also noted the following change when i SSH to my vps running ASL. A message is now displayed when i logged in, and i did not put that message there. ASL did that?:

Yes, ASL adds that.

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

mikeshinn wrote:

Is everything working for you now? Can you check to see if 2.2 is fully installed? Please post the results of this command:

rpm -qa | grep asl

If you read through this post, then you would know that this problem is nowhere near solved. Please read the post i made above in reply to your prior post.

Output of the command:

--
cyrus-sasl-sqlite3-1.0.0-0.277763
asl-2.2-1.el5.art
cyrus-sasl-devel-2.1.22-4
asl-web-gui-1.0.4-2.el5.art
cyrus-sasl-2.1.22-4
cyrus-sasl-md5-2.1.22-4
asl-stream-client-1.0-4.el5.art
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-lib-2.1.22-4
--

And output of the command you edited in your post:

--
asl-2.2-1.el5.art
vzdummy-kernel-el5-2.0-1.ce.swsoft
ossec-hids-server-2.0-3.el5.art
asl-web-gui-1.0.4-2.el5.art
asl-stream-client-1.0-4.el5.art
ossec-hids-2.0-3.el5.art
roadsend-php-libs-2.9.8-3.el5.art
kernel-headers-2.6.18-128.1.16.el5
--

It's a openvz kernel, so no kernel mods by ASL.

mikeshinn · **Posted:** Wed Aug 26, 2009 1:01 pm

Looks like you are missing some rpms, please post the output of this command:

yum upgrade

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

I can't it returns an error:

"Error: Missing Dependency: mod_jk is needed by package psa-tomcat-configurator-9.2.2-cos5.build92090714.19.noarch (installed)"

I'm not using tomcat nor PSA's tomcat features, so that's why it produces that error.

scott · **Posted:** Wed Aug 26, 2009 1:34 pm

Yeah thats a Plesk bug with their packaging not being up to date with the latest from CentOS/RHEL. You just need to remove it with:

yum remove psa-tomcat-configurator

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

Quote:

Dependencies Resolved

====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Installing:
asl-web x86_64 1:2.2-1.el5.art asl-2.0 233 k
replacing asl-web-gui.noarch 1.0.4-2.el5.art

httpd x86_64 2.2.3-22.el5.centos.2 updates 1.2 M
replacing mod_jk.x86_64 1.2.15-6.98051

psa-mail-pc-driver x86_64 1.0.0-cos5.build92090714.19 plesk 1.9 M
replacing psa-mail-qc-driver.x86_64 1.0.0-cos5.build92090714.19

Updating:
apr x86_64 1.2.7-11.el5_3.1 updates 118 k
apr-devel x86_64 1.2.7-11.el5_3.1 updates 237 k
apr-util x86_64 1.2.7-7.el5_3.2 updates 75 k
apr-util-devel x86_64 1.2.7-7.el5_3.2 updates 53 k
curl i386 7.15.5-2.1.el5_3.5 updates 232 k
curl x86_64 7.15.5-2.1.el5_3.5 updates 229 k
glibc i686 2.5-34.el5_3.1 updates 5.2 M
glibc x86_64 2.5-34.el5_3.1 updates 4.7 M
glibc-common x86_64 2.5-34.el5_3.1 updates 16 M
glibc-devel x86_64 2.5-34.el5_3.1 updates 2.4 M
glibc-headers x86_64 2.5-34.el5_3.1 updates 589 k
httpd-devel x86_64 2.2.3-22.el5.centos.2 updates 145 k
java-1.6.0-openjdk x86_64 1:1.6.0.0-1.2.b09.el5 updates 27 M
java-1.6.0-openjdk-devel x86_64 1:1.6.0.0-1.2.b09.el5 updates 9.2 M
kernel-headers x86_64 1:2.6.29.6-1.art asl-2.0 832 k
mod_ssl x86_64 1:2.2.3-22.el5.centos.2 updates 88 k
nscd x86_64 2.5-34.el5_3.1 updates 161 k
ossec-hids x86_64 2.1.1-6.el5.art asl-2.0 47 k
ossec-hids-server x86_64 2.1.1-6.el5.art asl-2.0 1.3 M
perl-Compress-Zlib x86_64 1.42-1.rhel5 4PSA 90 k
perl-HTML-Parser x86_64 3.55-1.rhel5 4PSA 103 k
psa-atmail noarch 1:1.03-2.el5.art atomic 1.9 M
psa-kronolith noarch 2.1.8-2.el5.art atomic 3.2 M
psa-proftpd x86_64 1.3.2a-1.el5.art asl-2.0 1.9 M
python x86_64 2.4.3-24.el5_3.6 updates 5.9 M
samba x86_64 3.0.33-3.7.el5_3.1 updates 16 M
samba-client x86_64 3.0.33-3.7.el5_3.1 updates 5.7 M
samba-common x86_64 3.0.33-3.7.el5_3.1 updates 8.8 M
samba-swat x86_64 3.0.33-3.7.el5_3.1 updates 8.2 M
tomcat5 x86_64 5.5.23-0jpp.7.el5_3.2 updates 360 k
tomcat5-admin-webapps x86_64 5.5.23-0jpp.7.el5_3.2 updates 3.4 M
tomcat5-common-lib x86_64 5.5.23-0jpp.7.el5_3.2 updates 223 k
tomcat5-jasper x86_64 5.5.23-0jpp.7.el5_3.2 updates 1.1 M
tomcat5-jsp-2.0-api x86_64 5.5.23-0jpp.7.el5_3.2 updates 102 k
tomcat5-server-lib x86_64 5.5.23-0jpp.7.el5_3.2 updates 4.0 M
tomcat5-servlet-2.4-api x86_64 5.5.23-0jpp.7.el5_3.2 updates 162 k
tomcat5-webapps x86_64 5.5.23-0jpp.7.el5_3.2 updates 1.2 M
tzdata noarch 2009k-1.el5 updates 783 k
Installing for dependencies:
asl-httpd x86_64 2.2.3-22.16.el5.art asl-2.0 1.1 M
asl-mod_ssl x86_64 1:2.2.3-22.16.el5.art asl-2.0 88 k
asl-php x86_64 5.2.10-5.el5.art asl-2.0 3.8 M
asl-php-cli x86_64 5.2.10-5.el5.art asl-2.0 2.5 M
asl-php-common x86_64 5.2.10-5.el5.art asl-2.0 521 k
asl-php-gd x86_64 5.2.10-5.el5.art asl-2.0 359 k
asl-php-mysql x86_64 5.2.10-5.el5.art asl-2.0 284 k
asl-php-pdo x86_64 5.2.10-5.el5.art asl-2.0 170 k
inotify-tools x86_64 3.13-2.el5.art asl-2.0 49 k

Transaction Summary
====================================================================================================================================
Install 12 Package(s)
Update 38 Package(s)
Remove 0 Package(s)

Total download size: 145 M
Is this ok [y/N]:

Seems like your updater does not update or upgrade everything required for an upgrade from ASL 2.0 to 2.2?

scott · **Posted:** Wed Aug 26, 2009 2:57 pm

We use yum as our updater, all that looks good to me.

mikeshinn · **Posted:** Wed Aug 26, 2009 3:11 pm

Quote:

Seems like your updater does not update or upgrade everything required for an upgrade from ASL 2.0 to 2.2?

This may be a bug, we'll look into it. The upgrade tool should install everything in the asl class, but maybe something is buggy in the relationships between the rpm packages.

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

I installed:

asl-httpd x86_64 2.2.3-22.16.el5.art asl-2.0 1.1 M
asl-mod_ssl x86_64 1:2.2.3-22.16.el5.art asl-2.0 88 k
asl-php x86_64 5.2.10-5.el5.art asl-2.0 3.8 M
asl-php-cli x86_64 5.2.10-5.el5.art asl-2.0 2.5 M
asl-php-common x86_64 5.2.10-5.el5.art asl-2.0 521 k
asl-php-gd x86_64 5.2.10-5.el5.art asl-2.0 359 k
asl-php-mysql x86_64 5.2.10-5.el5.art asl-2.0 284 k
asl-php-pdo x86_64 5.2.10-5.el5.art asl-2.0 170 k
asl-web x86_64 1:2.2-1.el5.art asl-2.0 233 k

And now i can open the page.

However, there are no security events displayed in the Security Evenst window. It just continues to say "loading" in the title bar. Since i installed ASL a couple of days ago, i have had a steady flood of Security events being displayed in the old ASL, but not so anymore. I found out that they are displayed in firefox, which means the list is not compatible with IE8.

I can no longer open the ASL page

Who is online