我的服务器上安装了 Centos 7。由于 clamav 导致问题,Yum 更新无法正常工作,因此我删除了它。因此它允许我执行 Yum 更新。更新成功后,Apache 服务器加载失败。我该如何修复它?谢谢你!
[root@waaaa ~]# systemctl -l status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-10-02 09:28:49 UTC; 12min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 2482 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 2480 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 2480 (code=exited, status=1/FAILURE)
Oct 02 09:28:49 waaaa.com systemd[1]: Starting The Apache HTTP Server...
Oct 02 09:28:49 waaaa.com httpd[2480]: [Wed Oct 02 09:28:49.794195 2019] [so:warn] [pid 2480] AH01574: module unique_id_module is already loaded, skipping
Oct 02 09:28:49 waaaa.com httpd[2480]: httpd: Syntax error on line 360 of /etc/httpd/conf/httpd.conf: Syntax error on line 13 of /etc/httpd/conf.d/00_mod_security.conf: No matches for the wildcard '00*exclude.conf' in '/etc/httpd/modsecurity.d', failing (use IncludeOptional if required)
Oct 02 09:28:49 waaaa.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 02 09:28:49 waaaa.com kill[2482]: kill: cannot find process ""
Oct 02 09:28:49 waaaa.com systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 02 09:28:49 waaaa.com systemd[1]: Failed to start The Apache HTTP Server.
Oct 02 09:28:49 waaaa.com systemd[1]: Unit httpd.service entered failed state.
Oct 02 09:28:49 waaaa.com systemd[1]: httpd.service failed.
我还检查了“Apachectl configtest”,结果显示:
[root@waaaa ~]# apachectl configtest
[Wed Oct 02 09:46:16.221482 2019] [so:warn] [pid 6980] AH01574: module unique_id_module is already loaded, skipping
httpd: Syntax error on line 360 of /etc/httpd/conf/httpd.conf: Syntax error on line 13 of /etc/httpd/conf.d/00_mod_security.conf: No matches for the wildcard '00*exclude.conf' in '/etc/httpd/modsecurity.d', failing (use IncludeOptional if required)
[root@waaaa ~]#
更新时间 12:51
第 360 行文件etc/httpd/conf/httpd.conf显示IncludeOptional conf.d/*.conf
这就是包括在etc/httpd/conf.d/00_mod_security.conf
# ASL Free trial ruleset is available at: https://atomicorp.com/amember/signup/cart/
LoadModule security2_module modules/mod_security2.so LoadModule unique_id_module modules/mod_unique_id.so
<IfModule mod_security2.c> # Basic configuration goes in here Include modsecurity.d/tortix_waf.conf
# Rule management is handled by ASL
Include modsecurity.d/00*exclude.conf
Include modsecurity.d/*asl*.conf
Include modsecurity.d/99*exclude.conf
</IfModule>
目录中的文件/etc/httpd/modsecurity.d:
activated_rules
modsecurity_crs_10_config.conf
tortix_waf.conf
答案1
由于包含的文件不存在,我认为如果您按00_mod_security.conf以下方式编辑:
# Rule management is handled by ASL
IncludeOptional modsecurity.d/00*exclude.conf
IncludeOptional modsecurity.d/*asl*.conf
IncludeOptional modsecurity.d/99*exclude.conf
在您能够重新安装并启用 mod_security 之前,apache 会重新运行。您的升级可能破坏了旧的 mod_security,但我们无法确定,因为我们不知道它最初的安装方式。
答案2
确保没有不再存在的恶意配置文件调用。
确保 EPEL 存储库已启用:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
重新安装 Mod_Sec:
yum install mod_security mod_security_crs
确保它处于活动状态:
前往etc/httpd/conf.d/mod_security.conf该SecRuleEngine区域。
重新启动apache:
service httpd restart