Conflict with malware.expert

gevensen · April 24, 2019, 2:23pm

I use a subscription for modsecurity rules malware.expert
On my ubuntu 16.04 server its flawless
On ubuntu 18.04 I had to comment out line 38
restart apache
run certbot
remove the comment out
restart apache
and everything was ok
this is the 1st time i have run into this
any ideas???
below is from my apache error log
when i ran certbot only it threw all kinds of errors to terminal

Blockquote

sudo certbot --preferred-challenges http -d .org -d .org -d mail..org

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Error in checking parameter list: AH00526: Syntax error on line 38 of /etc/modsecurity/modsecurity.conf:

Failed to download: "Commercial ModSecurity Rules - Malware Expert" error: Couldn't resolve host name

Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

Blockquote

orangepizza · April 24, 2019, 2:28pm

modsecurity fail while downloading rules.malware.expert due to DNS error. did you check your dns?

gevensen · April 24, 2019, 2:30pm

yes once i commented out and restarted installed and restarted all the rules downloaded fine
my concern is why is letsencrypt looking at that line and kicking it

orangepizza · April 24, 2019, 2:35pm

I think it’s because modsecurity is an apache mod (libapache2-modsecurity), so it called while parsing apache conf?

gevensen · April 24, 2019, 2:36pm

the crazy thing is on my other server ubuntu 16.04 which is set up the same way in the conf files there in no issue at all

orangepizza · April 24, 2019, 2:39pm

it’s DNS failer - most likely config error on DNS part.
does sudo apt update works?

gevensen · April 24, 2019, 2:40pm

yes but my dns is run thru noip.com

gevensen · April 24, 2019, 2:41pm

i have static ips but im not ready to host my own dns until i get another backup server

schoen · April 24, 2019, 3:41pm

This is seemingly a problem with your server’s own ability to resolve DNS hostnames, not a problem with DNS records that are pointed at your server. You can try curl https://rules.malware.expert/download.php?rules=generic on the server for comparison. It will likely fail too for the same reason.

system · May 24, 2019, 3:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.