[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] Re: mod_ssl: Child could not open SSLMutex
From: Ivan Ristic <ivanr () webkreator ! com>
Date: 2005-05-27 16:54:18
Message-ID: 429750BA.3000709 () webkreator ! com
[Download RAW message or body]
peceka wrote:
> Hi Ivan,
> I've got this same error (FreeBSD and apache+mod_ssl-1.3.33+2.8.22).
OK, I have figured it out. But first here's a step-by-step guide
that I've always been using and that always worked:
I've just made a fresh install of Apache 1.3.33 + mod_ssl
mod_ssl-2.8.22-1.3.33 + mod_security 1.8.7. Here is what I did:
---
tar zxvf apache_1.3.33.tar.gz
tar zxvf mod_ssl-2.8.22-1.3.33.tar.gz
tar zxvf modsecurity-1.8.7.tar.gz
cd mod_ssl-2.8.22-1.3.33
./configure --with-apache=../apache_1.3.33
cd ../cd apache_1.3.33
./configure \
--prefix=/usr/local/apache \
--enable-module=ssl \
--enable-module=so
make
make certificate
make install
/usr/local/apache/bin/apachectl startssl
[Made sure Apache + SSL works]
/usr/local/apache/bin/apachectl stop
cd /usr/local/src/modsecurity-1.8.7/apache1/
/usr/local/apache/bin/apxs -cia mod_security.c
[Added SecChrootDir /chroot/apache to the end of httpd.conf]
mkdir -p /chroot/apache/usr/local
cd /usr/local
mv apache /chroot/apache/usr/local
ln -s /chroot/apache/usr/local/apache
/usr/local/apache/bin/apachectl startssl
[Woohoo!]
---
Anyway, back to the problem. It appears that mod_ssl creates the
lockfile before the chroot takes place, closes it, and then wants to
open it again later, after the chroot. It's not smart enough to create a
new lock file if it doesn't find one. So if you are attempting to create
an Apache jail that leaves its logs/ folder outside you get the error
message. There are two solutions:
1) Easy - use "SSLMutex sem"
2) Dirty - move the logs/ folder into the jail, and create a symlink
to it from the outside (like I did with the main Apache
folder in the example above). It is not necessary to move
all logs into the jail - you can tell mod_ssl (using
SSLMutex file:/xxx) to place the mutex files somewhere else.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic