Skip to content

Nginx Modescurity add module failure due to pcre #2756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chandrakanta-uptycs opened this issue Jun 2, 2022 · 4 comments
Closed

Nginx Modescurity add module failure due to pcre #2756

chandrakanta-uptycs opened this issue Jun 2, 2022 · 4 comments

Comments

@chandrakanta-uptycs
Copy link

Describe the bug
I ma facing issue buildpackage nginx with Modsecurity

Details-
Server (please complete the following information):

  • ModSecurity version (and connector): [e.g. ModSecurity v3.0.16 with nginx-connector v1.0.3]
  • WebServer: [e.g. nginx-1.22.0]
  • OS (and distro): [e.g. Ubuntu 20 ]

Logs and dumps

Commands Used to builds Modsecurity -

DEBIAN_FRONTEND=noninteractive apt-get build-dep nginx curl pkg-config libxml2 libxml2-dev libpcre3-dev libpcre++-dev -y &&                                            \
cd /usr/local/src &&                                                                                    \
git clone https://github.com/SpiderLabs/ModSecurity.git &&                                              \
cd /usr/local/src/ModSecurity &&                                                                        \
git checkout v3.0.6 &&                                                                                  \
git submodule init &&                                                                                   \
git submodule update &&                                                                                 \
./build.sh &&                                                                                           \
./configure --disable-shared --enable-static &&                                                         \
make -j`nproc` &&                                                                                       \
make install

Then cloning connector -

RUN set -ex;
cd /usr/local/src &&
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git &&
cd /usr/local/src/ModSecurity-nginx &&
git checkout $(git describe --tags git rev-list --tags --max-count=1)

Then when I trying to build nginx deb file using command (dpkg-buildpackage -rfakeroot -b) , getting below error

bjs/ngx_modules.o
-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -ldl -lpthread -lpthread -lcrypt -Wl,-rpath,/usr/local/modsecurity/lib -L/usr/local/modsecurity/lib -lmodsecurity -lpcre2-8 /usr/local/src/openssl-1.1.1l/.openssl/lib/libssl.a /usr/local/src/openssl-1.1.1l/.openssl/lib/libcrypto.a -ldl -lpthread -lz
-Wl,-E -lstdc++
/usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-verify_cc.o): in function modsecurity::operators::VerifyCC::~VerifyCC()': /usr/local/src/ModSecurity/src/operators/verify_cc.cc:37: undefined reference to pcre_free'
/usr/bin/ld: /usr/local/src/ModSecurity/src/operators/verify_cc.cc:42: undefined reference to pcre_free_study' /usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-verify_cc.o): in function modsecurity::operators::VerifyCC::init(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::__cxx11::basic_string<char, std::char_traits, std::allocator >)':
/usr/local/src/ModSecurity/src/operators/verify_cc.cc:96: undefined reference to pcre_compile' /usr/bin/ld: /usr/local/src/ModSecurity/src/operators/verify_cc.cc:103: undefined reference to pcre_study'
/usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-verify_cc.o): in function modsecurity::operators::VerifyCC::evaluate(modsecurity::Transaction*, modsecurity::RuleWithActions*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::shared_ptr<modsecurity::RuleMessage>)': /usr/local/src/ModSecurity/src/operators/verify_cc.cc:129: undefined reference to pcre_exec'
/usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::crlfIsNewline()': /usr/local/src/ModSecurity/src/utils/regex.cc:39: undefined reference to pcre_config'
/usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::Regex::~Regex()': /usr/local/src/ModSecurity/src/utils/regex.cc:73: undefined reference to pcre_free'
/usr/bin/ld: /usr/local/src/ModSecurity/src/utils/regex.cc:78: undefined reference to pcre_free_study' /usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::Regex::search(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&) const':
/usr/local/src/ModSecurity/src/utils/regex.cc:214: undefined reference to pcre_exec' /usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::Regex::searchOneMatch(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::vector<modsecurity::Utils::SMatchCapture, std::allocatormodsecurity::Utils::SMatchCapture >&) const':
/usr/local/src/ModSecurity/src/utils/regex.cc:124: undefined reference to pcre_exec' /usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::Regex::searchGlobal(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::vector<modsecurity::Utils::SMatchCapture, std::allocatormodsecurity::Utils::SMatchCapture >&) const':
/usr/local/src/ModSecurity/src/utils/regex.cc:152: undefined reference to pcre_exec' /usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::Regex::search(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, modsecurity::Utils::SMatch) const':
/usr/local/src/ModSecurity/src/utils/regex.cc:200: undefined reference to pcre_exec' /usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::Regex::Regex(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, bool)':
/usr/local/src/ModSecurity/src/utils/regex.cc:64: undefined reference to pcre_compile' /usr/bin/ld: /usr/local/src/ModSecurity/src/utils/regex.cc:67: undefined reference to pcre_study'
/usr/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(libmodsecurity_la-regex.o): in function modsecurity::Utils::Regex::searchAll(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const': /usr/local/src/ModSecurity/src/utils/regex.cc:95: undefined reference to pcre_exec'
collect2: error: ld returned 1 exit status
make[2]: *** [objs/Makefile:300: objs/nginx] Error 1
make[2]: Leaving directory '/usr/local/src/nginx-1.22.0/debian/build-nginx'
make[1]: *** [Makefile:10: build] Error 2
make[1]: Leaving directory '/usr/local/src/nginx-1.22.0/debian/build-nginx'
make: *** [debian/rules:52: build-arch.nginx] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
The command '/bin/sh -c set -ex; DEBIAN_FRONTEND=noninteractive apt-get source nginx -y && cd /usr/local/src/nginx-* && sed -i 's#with-http_auth_request_module#with-http_auth_request_module --with-openssl=/usr/local/src/openssl-1.1.1l --with-openssl-opt="-fPIC -Wno-missing-field-initializers no-idea no-mdc2 no-rc5 no-zlib no-ssl2 no-ssl3 enable-ec_nistp_64_gcc_128"#g' debian/rules && sed -i 's#"-Wl,-E"#"-Wl,-E -lstdc++"#g' auto/cc/conf && sed -i -e 's#./configure #./configure --add-module=/usr/local/src/ModSecurity-nginx #g' -e 's#--with-http_addition_module##g' -e 's#with-http_auth_request_module#with-http_auth_request_module --with-openssl=/usr/local/src/openssl-1.0.2u --with-openssl-opt="-fPIC fips no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2 no-ssl3 enable-ec_nistp_64_gcc_128"#g' -e 's#--with-http_addition_module##g' -e 's#--with-http_dav_module##g' -e 's#--with-http_flv_module##g' -e 's#--with-http_gunzip_module##g' -e 's#--with-http_mp4_module##g' -e 's#--with-http_random_index_module##g' -e 's#--with-http_realip_module##g' -e 's#--with-http_secure_link_module##g' -e 's#--with-http_slice_module##g' -e 's#--with-http_sub_module##g' -e 's#--with-mail_ssl_module##g' -e 's#--with-mail##g' -e 's#--with-stream_realip_module##g' -e 's#--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp#--without-http_fastcgi_module#g' -e 's#--http-scgi-temp-path=/var/cache/nginx/scgi_temp#--without-http_scgi_module#g' -e 's#--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp#--without-http_uwsgi_module#g' debian/rules && sed -i's#r->headers_out.server == NULL#0#g' src/http/ngx_http_header_filter_module.c && sed -i 's#r->headers_out.server == NULL#0#g' src/http/v2/ngx_http_v2_filter_module.c && dpkg-buildpackage -rfakeroot -b' returned a non-zero code: 2

Can anyone help me , what I am doing wrong ?
@martinhsv
Copy link
Contributor

martinhsv commented Jun 2, 2022
edited
Loading

Recent versions of nginx ( >= 21.1.5 ) use PCRE2 by default, but with ModSecurity v3.0.6 you must use PCRE1.

That is almost certainly the root of your issue given that the 'undefined reference' lines refer to PCRE1 functions but your build is using PCRE2 ( -lpcre2-8 )

With that combination of versions (ModSecurity v3.0.6 with nginx 1.22.0) you should be able to build successfully as long as you use --without-pcre2 when doing the './configure' for building of the connector. See for example owasp-modsecurity/ModSecurity-nginx#261 (comment)

@chandrakanta-uptycs
Copy link
Author

Thanks @martinhsv for you help , will look in to that .

@martinhsv
Copy link
Contributor

Was there anything further on this?

@chandrakanta-uptycs
Copy link
Author

chandrakanta-uptycs commented Jun 15, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinhsv @chandrakanta-uptycs