Are you saving it locally? Or are you using it via wget?

locally

Ok dont do that Always use wget -q -O - http://www.atomicorp.com/installers/cpanel/installer |sh

That installer can change several times in an hour.

I did run wget -q -O - http://www.atomicorp.com/installers/cpanel/installer |sh , same error, not luck
...


asl-2.0 | 1.9 kB 00:00
asl-2.0-testing | 1.9 kB 00:00
Setting up Upgrade Process
No Packages marked for Update
Shutting down ossec-hids: [ OK ]
Starting ossec-hids: 2011/05/21 09:40:49 ossec-testrule: INFO: Reading decoder file etc/decoder.xml.
2011/05/21 09:40:49 ossec-testrule: INFO: Reading decoder file etc/decoders.d/01-asl-decoder.xml.
2011/05/21 09:40:49 ossec-analysisd(2102): ERROR: Duplicated decoder with prematch: 'smtpauth-failed'.
2011/05/21 09:40:49 ossec-analysisd(2105): ERROR: Error loading decoder options.
2011/05/21 09:40:49 ossec-analysisd(2106): ERROR: Error adding decoder plugin.
2011/05/21 09:40:49 ossec-testrule(1202): ERROR: Configuration error at 'etc/decoders.d/01-asl-decoder.xml'. Exiting.
2011/05/21 09:40:49 ossec-execd: INFO: Adding offenders timeout: 1200 (for #1)
2011/05/21 09:40:49 ossec-execd: INFO: Adding offenders timeout: 2400 (for #2)
2011/05/21 09:40:49 ossec-execd: INFO: Adding offenders timeout: 4800 (for #3)
2011/05/21 09:40:52 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2011/05/21 09:40:52 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2011/05/21 09:41:00 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2011/05/21 09:41:00 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2011/05/21 09:41:13 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2011/05/21 09:41:13 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up..
[FAILED]
[root@mun ~]#

Still havent nailed down what action causes that, but reinstalling the ossec-hids packages should fix it.

I have installed ASL and I can access to the web gui, now the problem I can't install psmon, in the web gui ther's an error:

Moderate Risk: psmon is not installed. Psmon is the daemon that monitors critical system, and ASL services for downtime. Read More...

If I run: yum install psmon

Excluding Packages in global exclude list
Finished
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package psmon.noarch 0:1.39-5.el5.art set to be updated
--> Processing Dependency: perl-Unix-Syslog for package: psmon
--> Processing Dependency: perl-Config-General for package: psmon
--> Processing Dependency: perl(Proc::ProcessTable) for package: psmon
--> Processing Dependency: perl-Proc-ProcessTable for package: psmon
--> Processing Dependency: perl(Config::General) for package: psmon
--> Finished Dependency Resolution
psmon-1.39-5.el5.art.noarch from asl-2.0 has depsolving problems
--> Missing Dependency: perl-Config-General is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
psmon-1.39-5.el5.art.noarch from asl-2.0 has depsolving problems
--> Missing Dependency: perl-Proc-ProcessTable is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
psmon-1.39-5.el5.art.noarch from asl-2.0 has depsolving problems
--> Missing Dependency: perl-Unix-Syslog is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
psmon-1.39-5.el5.art.noarch from asl-2.0 has depsolving problems
--> Missing Dependency: perl(Config::General) is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
psmon-1.39-5.el5.art.noarch from asl-2.0 has depsolving problems
--> Missing Dependency: perl(Proc::ProcessTable) is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
Error: Missing Dependency: perl-Unix-Syslog is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
Error: Missing Dependency: perl(Config::General) is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
Error: Missing Dependency: perl-Proc-ProcessTable is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
Error: Missing Dependency: perl(Proc::ProcessTable) is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
Error: Missing Dependency: perl-Config-General is needed by package psmon-1.39-5.el5.art.noarch (asl-2.0)
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest
[root@mun ~]#

Also, I have apache problems,

Apache Restart Output:
httpd: Syntax error on line 28 of /usr/local/apache/conf/httpd.conf: Syntax error on line 2 of /usr/local/apache/conf/includes/pre_main_global.conf: Syntax error on line 4 of /usr/local/apache/conf/modsec2.conf: module unique_id_module is built-in and can't be loaded

Unfortunately, you can't install psmon with cpanel via yum. Perl isnt package managed with cpanel, sorry.

The good news is we understand cpanel is moving over to package management, so it should be earier to solve dependencies problems in the future and you will be able to use yum and rpms more with cpanel. To that end, we recommend you encourage them to move over to packages sooner.

For now, you can try to install it from source, but I can't say 100% if all the parts are there in the cpanel perl installation.

Well thats inconsistent, up to this point cpanel hasnt compiled that in. OK, can you send the output of these commands as root:

/usr/local/apache/bin/httpd -l
/usr/local/apache/bin/httpd -V

Sure:

Compiled in modules:
core.c
mod_authn_file.c
mod_authn_dbm.c
mod_authn_dbd.c
mod_authn_default.c
mod_authn_alias.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_dbm.c
mod_authz_default.c
mod_auth_basic.c
mod_auth_digest.c
mod_file_cache.c
mod_cache.c
mod_disk_cache.c
mod_include.c
mod_filter.c
mod_deflate.c
mod_log_config.c
mod_log_forensic.c
mod_logio.c
mod_env.c
mod_mime_magic.c
mod_expires.c
mod_headers.c
mod_unique_id.c
mod_setenvif.c
mod_version.c
mod_proxy.c
mod_proxy_connect.c
mod_proxy_ftp.c
mod_proxy_http.c
mod_proxy_scgi.c
mod_proxy_ajp.c
mod_proxy_balancer.c
mod_ssl.c
event.c
http_core.c
mod_mime.c
mod_dav.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_info.c
mod_suexec.c
mod_cgid.c
mod_dav_fs.c
mod_dav_lock.c
mod_negotiation.c
mod_dir.c
mod_actions.c
mod_speling.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
mod_so.c


[root@mun conf]# /usr/local/apache/bin/httpd -V
Server version: Apache/2.2.17 (Unix)
Server built: Mar 1 2011 11:51:06
Cpanel::Easy::Apache v3.2.0 rev5291
Server's Module Magic Number: 20051115:25
Server loaded: APR 1.4.2, APR-Util 1.3.10
Compiled using: APR 1.4.2, APR-Util 1.3.10
Architecture: 32-bit
Server MPM: Event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/experimental/event"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/usr/local/apache"
-D SUEXEC_BIN="/usr/local/apache/bin/suexec"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Perfect, we'll add in check for that module. For now, just comment that line out.

which line?

/usr/local/apache/conf/modsec2.conf
LoadModule unique_id_module

However, the cpanel version of ASL shouldnt be installing that now that I think about it. Its not even in the template. Can you post the contents of:

/var/asl/data/templates/template-01_mod_security.conf

And the output of these commands:

asl -v
grep SYSTEM_TYPE /etc/asl/config

And was modsecurity setup by ASL, or was it already installed on the system? (Or manually modified?)

I just comment the line:
LoadModule unique_id_module

I did restart apache, apache works, but all my pages that use mysql say: 500 internal server error
---------------------------
/var/asl/data/templates/template-01_mod_security.conf

# ASL mod_security Template: /var/asl/data/templates/template-01_mod_security.conf
# Special custom version for cpanel environments

LoadModule security2_module modules/mod_security2.so

<IfModule mod_security2.c>
# Basic configuration goes in here
Include modsecurity.d/tortix_waf.conf

# Rule management is handled by ASL
Include modsecurity.d/*asl*.conf

</IfModule>
---------------------------
asl -v
ASL Version 2.9.3: UNSUPPORTED: Development Build
--------------------------
grep SYSTEM_TYPE /etc/asl/config

SYSTEM_TYPE="webserver"

------------------------
Also, I was install modsecurity using yum because the asl installer didn't install it..

You may want to ask cpanel about that, ASL doesnt do anything with mysql. Did you by any chance remove any of the rpm excludes for the system and install mysql from yum? Also, what errors is apache logging (and mysql)?



No you can't do that with cpanel (the ASL installer doesnt do that either with cpanel). cpanel doesnt work with apache rpms at all, you can only use rpms with a package managed system, like Plesk. I'm honestly surprised you were able to do it at all, it shouldnt even work with cpanel. You may have other issues with cpanel now I'm afraid, modsecurity has to be compiled for cpanel and if the rpm worked at all somethings not right.



Yeah thats not right, how was ASL installed? For a cpanel system the installer will always set that to "cpanel", was anything done using the non-cpanel installer or anything else via yum?