728x90

LAMP stack refers to Linux, Apache, MySQL and PHP . With this bundle you can create web applications / services with Linux serving as the OS, Apache as the Web-Server, MySQL as the database server and PHP as the server-side programming language.

So what is ModSecurity?

ModSecurity is an open-source Web Application Firewall (WAF). It sits before your Web Server and so is able to monitor the incoming as well as the outgoing traffic. With this, we can, to some extent, prevent attacks, information leakage, etc..

Installation

Installing LAMP Stack:

Installing the LAMP Stack on Ubuntu is a breeze! You have this meta-package called lamp-serverthat lets you install all the required packages and configures them so that you're ready to start playing at the end of it.

So open up a terminal and type,

$ sudo apt-get update && sudo apt-get install -y lamp-server^

Supply your password upon prompt and it'll proceed with the installation. In between, you'll be prompted to set the MySQL root user's password. After that, when you get your terminal prompt back, you should have a fully working LAMP stack, ready to go!

Don't believe me? Check it out yourself by browsing to http://localhost/. You should be able to see the default Apache page.

Default locations:

  • Apache Webroot: /var/www/html/
  • Apache Config: 1/etc/apache2/
  • Apache Log folder: /var/log/apache2/
  • PHP config: /etc/php5/
  • php.ini location for PHP Apps served by Apache: /etc/php5/apache2/php.ini

Installing ModSecurity

We are going to be installing ModSecurity as a module to Apache, so, please key in the following command in a terminal.

$ sudo apt-get install libapache2-modsecurity

Once that has finished installing, you can verify that ModSecurity has been installed and is running by running the following command:

$ apache2ctl -M | grep -i security

security2_module (shared)

Installing ModSecurity Core Rule Set

You might have noticed during installation that a package called modsecurity-crs got installed when you installed ModSecurity. That is the ModSecurity Core Rule Set, which is an OWASPproject of ModSecurity rules that you can use to defend yourself against common web application attacks.

Installing the Github version

Some people like installing the Github version, since it provides more flexibility in terms of fetching any updates, switching between branches, etc.. To install the ModSecurity CRS from its Github repo, we need to replace the /usr/share/modsecurity-crs directory and then clone the repo at that location.

  $ sudo rm -rf /usr/share/modsecurity-crs
  $ sudo apt-get install -y git
  $ sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs

Finally, just copy/rename the example setup file to have a .confextension.

  $ sudo cp /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf.example /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf

Now we can continue with the following steps.

To set up the ModSecurity CRS, lets first switch to the /usr/share/modsecurity-crs directory.

$ cd /usr/share/modsecurity-crs

To activate the rules that you need, you need to place it in the activated_rules directory. First let's include the setup file by creating a soft link to it from the activated_rules directory.

$ sudo ln -s ../modsecurity_crs_10_setup.conf activated_rules/modsecurity_crs_10_setup.conf

Next, we'll include all the base_rules,

$ for f in `ls base_rules`; do sudo ln -s ../base_rules/$f activated_rules/$f; done

Now you're activated_rules directory should look something like this:

$ ll activated_rules/
total 20
drwxr-xr-x 2 root root 4096 Jun 26 14:15 ./
drwxr-xr-x 9 root root 4096 Jun 26 13:56 ../
lrwxrwxrwx 1 root root   44 Jun 26 14:07 modsecurity_35_bad_robots.data -> ../base_rules/modsecurity_35_bad_robots.data
lrwxrwxrwx 1 root root   42 Jun 26 14:07 modsecurity_35_scanners.data -> ../base_rules/modsecurity_35_scanners.data
lrwxrwxrwx 1 root root   49 Jun 26 14:07 modsecurity_40_generic_attacks.data -> ../base_rules/modsecurity_40_generic_attacks.data
lrwxrwxrwx 1 root root   42 Jun 26 14:07 modsecurity_50_outbound.data -> ../base_rules/modsecurity_50_outbound.data
lrwxrwxrwx 1 root root   50 Jun 26 14:07 modsecurity_50_outbound_malware.data -> ../base_rules/modsecurity_50_outbound_malware.data
lrwxrwxrwx 1 root root   32 Jun 26 14:15 modsecurity_crs_10_setup.conf -> ../modsecurity_crs_10_setup.conf
lrwxrwxrwx 1 root root   57 Jun 26 14:07 modsecurity_crs_20_protocol_violations.conf -> ../base_rules/modsecurity_crs_20_protocol_violations.conf
lrwxrwxrwx 1 root root   56 Jun 26 14:07 modsecurity_crs_21_protocol_anomalies.conf -> ../base_rules/modsecurity_crs_21_protocol_anomalies.conf
lrwxrwxrwx 1 root root   52 Jun 26 14:07 modsecurity_crs_23_request_limits.conf -> ../base_rules/modsecurity_crs_23_request_limits.conf
lrwxrwxrwx 1 root root   49 Jun 26 14:07 modsecurity_crs_30_http_policy.conf -> ../base_rules/modsecurity_crs_30_http_policy.conf
lrwxrwxrwx 1 root root   48 Jun 26 14:07 modsecurity_crs_35_bad_robots.conf -> ../base_rules/modsecurity_crs_35_bad_robots.conf
lrwxrwxrwx 1 root root   53 Jun 26 14:07 modsecurity_crs_40_generic_attacks.conf -> ../base_rules/modsecurity_crs_40_generic_attacks.conf
lrwxrwxrwx 1 root root   59 Jun 26 14:07 modsecurity_crs_41_sql_injection_attacks.conf -> ../base_rules/modsecurity_crs_41_sql_injection_attacks.conf
lrwxrwxrwx 1 root root   49 Jun 26 14:07 modsecurity_crs_41_xss_attacks.conf -> ../base_rules/modsecurity_crs_41_xss_attacks.conf
lrwxrwxrwx 1 root root   52 Jun 26 14:07 modsecurity_crs_42_tight_security.conf -> ../base_rules/modsecurity_crs_42_tight_security.conf
lrwxrwxrwx 1 root root   45 Jun 26 14:07 modsecurity_crs_45_trojans.conf -> ../base_rules/modsecurity_crs_45_trojans.conf
lrwxrwxrwx 1 root root   55 Jun 26 14:07 modsecurity_crs_47_common_exceptions.conf -> ../base_rules/modsecurity_crs_47_common_exceptions.conf
lrwxrwxrwx 1 root root   62 Jun 26 14:07 modsecurity_crs_48_local_exceptions.conf.example -> ../base_rules/modsecurity_crs_48_local_exceptions.conf.example
lrwxrwxrwx 1 root root   54 Jun 26 14:07 modsecurity_crs_49_inbound_blocking.conf -> ../base_rules/modsecurity_crs_49_inbound_blocking.conf
lrwxrwxrwx 1 root root   46 Jun 26 14:07 modsecurity_crs_50_outbound.conf -> ../base_rules/modsecurity_crs_50_outbound.conf
lrwxrwxrwx 1 root root   55 Jun 26 14:07 modsecurity_crs_59_outbound_blocking.conf -> ../base_rules/modsecurity_crs_59_outbound_blocking.conf
lrwxrwxrwx 1 root root   49 Jun 26 14:07 modsecurity_crs_60_correlation.conf -> ../base_rules/modsecurity_crs_60_correlation.conf
-rw-r--r-- 1 root root 5720 Jul 12  2013 README

You can include other rules found in other directories in the same way as well. Just remember to place all the rules you want activated in the activated_rules directory.

Now, let's head to the /etc/modsecurity/ directory to continue with the configuration.

$ cd /etc/modsecurity

Copy the recommended configuration file and name it modsecurity.conf

$ cp modsecurity.conf-recommended modsecurity.conf

Open the modsecurity.conf file and change the line that reads SecRuleEngine DetectionOnlyto SecRuleEngine On . This changes ModSecurity from a passive monitoring mode to an active blocking mode. The rest of the default configurations that ship with the modsecurity-crspackage on Ubuntu are more than sufficient. However, if you're interested in tweaking them, please refer to the ModSecurity Reference Manual. Here's the diff of the recommended file and the actual configuration file,

$ diff modsecurity.conf-recommended modsecurity.conf
7c7
< SecRuleEngine DetectionOnly
---
> SecRuleEngine On

One final configuration file to tweak - the /etc/apache2/mods-available/security2.conf . Add the line IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf to it and so you're configuration file would read,

<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
        IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
</IfModule>

Finally, we reload Apache for all the changes to take effect.

$ sudo service apache2 reload

Testing if it all works!

We can test if it all works, by sending some typical malicious requests to our Web Server and see if the requests are being blocked.

## XSS
$ curl 'http://localhost/?q="><script>alert(1)</script>'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<hr>
<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
</body></html>

## SQLi
$ curl "http://localhost/?q='1 OR 1=1"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<hr>
<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
</body></html>

And yay! It works! If you're curious to know more, you can look in the ModSecurity Audit Log file at /var/log/apache2/modsec_audit.log

And that's it! We now have a working LAMP Stack with ModSecurity and the ModSecurity CRS installed. If you want to customize your ModSecurity installation further and fine-tune it or write your own rules or disable some of them, please refer to the ModSecurity Reference Manual.

Note: In the above post, we just discussed how to install the LAMP Stack, ModSecurity WAF with the ModSecurity CRS on Ubuntu 16.04. Please do NOT assume your server is magically secured because of this. Please do not use this in production.


'LINUX' 카테고리의 다른 글

How to access reference documentation for the Wowza Streaming Engine REST API  (0) 2018.06.15
libkeccak-tiny  (0) 2018.06.15
Ubuntu 16.04 LTS ModSecurity2.9.2 manully Install  (0) 2018.06.15
httpd library load check  (0) 2018.06.14
apache 2.x + openssl 설치시 오류 해결 방법  (0) 2018.06.08
728x90

Ubuntu 16.04 LTS ModSecurity2.9.2 Install



서론

아파치에는 ModSecurity 라는 자체적인 Security Firewall 이 존재하는데 (GNU, GPL) 기반의 Open Source Firewall 이다. 기존에 ModSecurity2 자체는 Apache에 타겟팅하여 나타난 형태이기 때문에, 다른 서버를 쓴다면 ModSecurity3 을 install 해야한다. 하지만 ModSecurity3 는 아직 stable 버전이 존재하지 않는다. 


1. 의존 패키지 설치


해당 라이브러리들은 dependency 를 가지는 패키지들로써, 이들이 없다면 자체적으로 소스 컴파일이 되지 않는다.

apt-get install gcc gcc-c++ make perl zip unzip wget git zlib-devel libxml2 libxml2-devel ncurses ncurses-devel expat expat-devel


Installation for Apache

Prerequisites

ModSecurity 2.x works only with Apache 2.0.x or higher

The ModSecurity team works hard to ensure that ModSecurity version 2.x will work with all versions of Apache 2.x and higher. If you find incompatibilities on any version (2.2.x, 2.4.x, or 2.6.x) please immediately inform the ModSecurity team

mod_uniqueid

Make sure you have mod_unique_id installed. mod_unique_id is packaged with Apache httpd.

libapr and libapr-util

libapr and libapr-util - http://apr.apache.org/

libpcre

http://www.pcre.org/

libxml2

http://xmlsoft.org/downloads.html

liblua v5.x.x

This library is optional and only needed if you will be using the new Lua engine - http://www.lua.org/download.html

Note : that ModSecurity requires the dynamic libraries. These are not built by default in the source distribution, so the binary distribution is recommended.
Note : libModSecurity (aka v3) is compatible with Lua 5.2+.

libcurl v7.15.1 or higher

If you will be using the ModSecurity Log Collector (mlogc) to send audit logs to a central repository, then you will also need the curl library.

http://curl.haxx.se/libcurl/

Note : Many have had issues with libcurl linked with the GnuTLS library for SSL/TLS support. It is recommended that the openssl library be used for SSL/TLS support in libcurl.


여기서 liblua 는 option적인 항목으로써 반드시 적어주지 않아도 된다.


위의 대부분의 라이브러리들은 httpd (Apache2)를 설치할때 자동으로 의존성에 의해서 같이 설치되긴 하나, 필자의 경우 소스컴파일로 각자 다른 디렉토리에 불러들였기 때문에, 직접 일일히 지정해줘야한다. 


만약 apache 가 /etc/apache 위에 설치되어있는 아주 편안한 상황이라면 굳이 이 메뉴얼을 쓰지 않았다.



2. mod_uniqueid 를 활성화한다. 

 httpd.conf 파일에 접근한다.

#vi /home/apache/conf/httpd.conf


그리고 LoadModule 을 검색해보면


#LoadModule unique_id_module modules/mod_unique_id.so 

가 주석처리 되어있다. 주석처리를 해제해준다.


또, 다음과 같은 모듈도 주석처리 해준다. (있다가 설치한 이후에, 이놈이 주석처리 되어있지 않다면, 에러가 뜬다.)

#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so


위의 사항들을 다 마쳤다면 (제대로 따라오고 있다면), 다음의 페이지에 접근한다.


3. https://github.com/SpiderLabs/ModSecurity/releases  에 접속한다.

v2.9.2

@zimmerle zimmerle released this on 19 Jul 2017

Assets

Bug fixes

  • IIS build refactoring and dependencies update
    [Issue #1487 - @victorhora]
  • Best practice: Initialize msre_var pointers
    [Commit fbd57 - Allan Boll]
  • nginx: Obtain port from r->connection->local_sockaddr. As reported by Przemyslaw Duda the lack of this commit may lead to a DoS. This patch is now merged on all nginx trees. But we still recommend nginx users to move forward to version 3.
    [Commit 51314 - @defanator and Przemyslaw Duda]
  • Updates libinjection to v3.10.0
    [Issue #1412 - @client9@zimmerle and @bjdijk]
  • Avoid log flood while using SecConnEngine
    [Issue #1436 - @victorhora]
  • Make url path absolute for SecHashEngine only when it is relative in the first place.
    [Issue #752#1071 - @hideaki]
  • Fix the hex digit size for SHA1 on msc_crypt implementation.
    [Issue #1354 - @zimmerle and @parthasarathi204]
  • Avoid to flush xml buffer while assembling the injected html.
    [Issue #742 - @zimmerle]
  • Avoid additional operator invokation if last transform of a multimatch doesn't modify the input
    [Issue #1086#1087 - Daniel Stelter-Gliese]
  • Adds a sanity check before use ctl:ruleRemoveTargetByTag.
    [Issue #1353 - @LukeP21 and @zimmerle]
  • Uses an optional global lock while manipulating collections.
    [Issues #1224 - @mturk and @zimmerle]
  • Fix collection naming problem while merging collections.
    [Issue #1274 - Coty Sutherland and @zimmerle]
  • Fix --enable-docs adding missing Makefile, modifying autoconf and filenames
    [Issue #1322 - @victorhora]
  • Change from using rand() to thread-safe ap_random_pick.
    [Issue #1289 - Robert Bost]
  • Cosmetics: added comments on odd looking code to prevent future scrutiny
    [Issue #1279 - Coty Sutherland]
  • {dis|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log.
    [Issue #1069 - Marc Stern]
  • Allow drop to work with mod_http2
    [Issue #1308#992 - @bazzadp]
  • Fix SecConn(Read|Write)StateLimit on Apache 2.4
    [Issue #1340#1337#786 - Sander Hoentjen]
  • {dis|en}able-stopwatch-logging: Option to disable logging of stopwatches
    in audit log.
    [Issue #1067 - Marc Stern]
  • {dis|en}able-dechunk-logging: Option to disable logging of dechunking in audit log when log level < 9.
    [Issue #1068 - Marc Stern]
  • Updates libinjection to: da027ab52f9cf14401dd92e34e6683d183bdb3b4
    [ModSecurity team]
  • {dis|en}able-handler-logging: Option to disable logging of Apache handler in audit log
    [Issue #1070#1381 - Marc Stern]
  • {dis|en}able-collection-delete-problem-logging: Option to disable logging of collection delete problem in audit log when log level < 9.
    [Issue #1380 - Marc Stern]
  • Adds rule id in logs whenever a rule fail.
    [Issue #1379#391 - Marc Stern]
  • {dis|en}able-server-logging: Option to disable logging of "Server" in audit log when log level < 9.
    [Issue #1070 - Marc Stern]
  • {dis|en}able-filename-logging: Option to disable logging of filename in audit log.
    [Issue #1065 - Marc Stern]
  • Reads fuzzy hash databases on init
    [Issue #1339 - Robert Paprocki and @Rendername]
  • Changes the configuration to recognize soap+xml as XML
    [Issue #1374 - @emphazer and Chaim Sanders]
  • Fix building with nginx >= 1.11.11
    [Issue #1373#1359 - Andrei Belov and Thomas Deutschmann]
  • Using Czechia instea of Czech Republic
    [Issue #1258 - Michael Kjeldsen]
  • {dis|en}able-rule-id-validation: Option to disable rule id validation
    [Issue #1150 - Marc Stern and ModSecurity team]
  • JSON Log: Append a newline to concurrent JSON audit logs
    [Issue #1233 - Robert Paprocki]
  • JSON Log: Don't unnecessarily rename request body parts in cleanup
    [Issue #1223 - Robert Paprocki]
  • Fix error message inside audit logs
    [Issue #1216 and #1073 - Armin Abfalterer]
  • Remove port from IPV4 address when running under IIS.
    [Issue #1220#1109 and #734 - Robert Culyer]
  • Remove logdata and msg fields from JSON audit log rule.
    [Issue #1190 and #1174 - Robert Paprocki]
  • Better handle the json parser cleanup
    [Issue #1204 - Ephraim Vider]
  • Fix status failing to report in Nginx auditlogs
    [Issue #977#1171 - @charlymps and Chaim Sanders]
  • Fix file upload JSON audit log entry
    [Issue #1181 and #1173 - Robert Paprocki and Christian Folini]
  • configure: Fix detection whether libcurl is linked against gnutls and, move verbose_output declaration up to the beginning.
    [Issue #1158 - Thomas Deutschmann (@Whissi)]
  • Treat APR_INCOMPLETE as APR_EOF while receiving the request body.
    [Issue #1060#334 - Alexey Sintsov]

Security Issues

  • Allan Boll reported an uninitialize variable that may lead to a crash on Windows platform.
  • Brian Adeloye reported an infinite loop on the version of libInjection used on ModSecurity 2.9.1.


그렇다. ModSecurity2 는 2.9.2 가 마지막 버전이다. 링크를 따온다. 

 #wget hhttps://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.2/modsecurity-2.9.2.tar.gz

 #tar -xvf modsecurity-2.9.2.tar.gz


이렇게 되면 modsecurity-2.9.2 라는 directory 가 생성되는데, 해당 디렉토리로 이동한다.

 # cd modsecurity-2.9.2


여러가지로 난잡하게 되어있다. 여기서 httpd 가 소스컴파일을 통하여 되었을 경우라면 일일히 위치들을 잡아 lib를 지정해줘야한다.


총 지정해줘야 될 관문은 apxs 의 경로, apr-1-config 의 경로, pcre-config의 경로 (필자의 경우는 apache 폴더에서 찾을 수 없어 find 로 찾아서 가져다 넣었다), apu-1-config 의 경로이다. 이 중에 하나라도 제대로 인식되지 않는다면, ./configure 에서 다양한 에러메세지를 관광가능하니 반드시 참고한다.


# ./configure --prefix=/home/apache --with-apxs=/home/apache/bin/apxs --with-apr=/home/apache/bin/apr-1-config --with-pcre=/usr/bin/pcre-config --with-apu=/home/apache/bin/apu-1-config


# make && make install

--prefix 로 /home/apache 를 잡아주게 되면 /home/apache/modules 에 자동으로 mod-security2.so 파일이 올라가게 된다.


4. 이제 거의 다왔다. 조금만 더 힘내자.


아까 tar 에서 풀었던 디렉토리로 다시 처들어간다. 
// 설정파일 복사
# cp modsecurity.conf-recommended /home/apache/conf/modsecurity.conf
# cp unicode.mapping /home/apache/conf/
 
// 권한 변경
# chmod 755 /home/apache/modules/mod_security2.so
 
// 룰 다운로드 * OWASP 에서 지정한 Core Rull Set 이다. OWASP 에 대해선 알아서 알아보라.
# cd /home/apache/
# git clone https://github.com/spiderLabs/owasp-modsecurity-crs.git
# mv owasp-modsecurity-crs/ modsecurity-crs
# cd modsecurity-crs
# cp crs-setup.conf.example crs-setup.conf

 


5. httpd.conf 파일 수정에 들어간다. 마지막 라운드다.

$ vi /home/apache/conf/httpd.conf
// 모듈 추가
LoadModule security2_module modules/mod_security2.so
 
// 최하단에 아래 내용 추가
# ModSecurity configuration
<IfModule security2_module>
    Include conf/modsecurity.conf
    Include modsecurity-crs/crs-setup.conf
    Include modsecurity-crs/rules/*.conf
</IfModule>

마지막으로 httpd 를 재가동 한다.
# ./httpd -k restart



'LINUX' 카테고리의 다른 글

libkeccak-tiny  (0) 2018.06.15
ModSecurity-CRS config  (0) 2018.06.15
httpd library load check  (0) 2018.06.14
apache 2.x + openssl 설치시 오류 해결 방법  (0) 2018.06.08
Tshark Usage  (0) 2018.06.04
728x90

 was installing apache2 on Ubuntu 13.10, but after installation I tried to run apache showin error:

$ sudo ./httpd start
./httpd: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory

I tried solutions given on web, none of them working, please help!!

$ ldd httpd
    linux-vdso.so.1 =>  (0x00007ffff05fe000)
    libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x00007f60741a5000)
    libaprutil-1.so.0 => not found
    libapr-1.so.0 => /usr/local/apr/lib/libapr-1.so.0 (0x00007f6073f71000)
    libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f6073d54000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f607398c000)
    libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f6073786000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f6073582000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f60743d9000)
shareimprove this question
up vote3down voteaccepted

first try configure dynamic linker run-time bindings

ldconfig

If this don't solve your problem try to reinstall libaprutil1

sudo apt-get install --reinstall libaprutil1


'LINUX' 카테고리의 다른 글

ModSecurity-CRS config  (0) 2018.06.15
Ubuntu 16.04 LTS ModSecurity2.9.2 manully Install  (0) 2018.06.15
apache 2.x + openssl 설치시 오류 해결 방법  (0) 2018.06.08
Tshark Usage  (0) 2018.06.04
How do I make tshark write a pcap capture rather than a pcapng capture?  (0) 2018.06.04
728x90

안녕하세요 기술지원팀 서정민입니다.

apache 2.x 버전대랑 openssl 설치시 에러 났을때 해결하는 방법을 포스팅하려고 합니다.
SSL 인증서 설정이 완료된 후 아파치를 재시작했을 때 다음과 같은 에러가 발생할 수 있습니다.

SSLSessionCache: ‘shmcb’ session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

이런 경우에는 아파치 환경설정 파일인 httpd.conf 파일을 열어서 수정해주면 오류를 해결할 수 있습니다.

#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
vim 편집기로 httpd.conf 파일을 열었을 때 오류나는 모듈이 주석처리 되어 있는 것을 볼 수 있습니다.

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
주석처리 되어 있는 것을 해제하고 파일을 저장합니다.
물론 /usr/local/apache/modules에 해당 모듈이 있어야 합니다.

다시 아파치를 재시작하면 오류가 사라지고 정상적으로 SSL이 적용되는 것을 확인할 수 있습니다.

'LINUX' 카테고리의 다른 글

Ubuntu 16.04 LTS ModSecurity2.9.2 manully Install  (0) 2018.06.15
httpd library load check  (0) 2018.06.14
Tshark Usage  (0) 2018.06.04
How do I make tshark write a pcap capture rather than a pcapng capture?  (0) 2018.06.04
[WireShark] CLI Version Tshark  (0) 2018.06.04

+ Recent posts

티스토리툴바