Debian Squeeze apache2 mod_security’s REQBODY_ERROR

 Linux  No Responses »
Jul 122012
 

Hello, last night i tried to install mod_security on a debian squeeze server, at first i thought that it would be an easy task but i was wrong, it turned out quite tricky to get it running the main reason was that debian has version 2.5.12-1 at its repository which it is not support the latest Core Rule Set so if you too are seeing this error:

Syntax error on line 91 of /etc/apache2/modsecurity_crs/activated_rules/modsecurity_crs_20_protocol_violations.conf:
Error creating rule: Unknown variable: REQBODY_ERROR
Action 'configtest' failed.
The Apache error log may have more information.
 failed!

You are lucky,there is a bugfix, go to the mentioned line of apache’s error and change 

REQBODY_ERROR

with 

REQBODY_PROCESSOR_ERROR

solution was given here https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2011-May/000779.html

if you are not feeling well with this for whatever reason, you can always use the outdated CRS that it comes with the package from the debian repository and it is located at /usr/share/doc/mod-security-common/examples/rules

root@debian ~ # ls -la /usr/share/doc/mod-security-common/examples/rules
total 92K
drwxr-xr-x 5 root root 4.0K Jul 11 23:27 .
drwxr-xr-x 3 root root 4.0K Jul 11 23:27 ..
drwxr-xr-x 2 root root 4.0K Jul 11 23:27 base_rules
-rw-r--r-- 1 root root  22K Feb  5  2010 CHANGELOG
-rw-r--r-- 1 root root  18K Jul 31  2009 LICENSE
-rw-r--r-- 1 root root 6.6K Feb  5  2010 modsecurity_crs_10_config.conf
drwxr-xr-x 2 root root 4.0K Jul 11 23:27 optional_rules
-rw-r--r-- 1 root root  17K Feb  5  2010 README
drwxr-xr-x 2 root root 4.0K Jul 11 23:27 util

Hope this helps somebody to avoid much time going from site to site

Installing TP-LINK TL-WN727N USB Wireless N 150Mbps Adapter on Debian Squeeze

 Debian, Linux  22 Responses »
Feb 122012
 

Lets start with the product, TP-LINK L-WN727N is a USB Wireless N Adapter, and it has 150Mbps throughput on 802.11n Wireless Networks, it uses the RT5370 Chipset from Ralink (Link). The price from a local store here in Greece is 8 Euros, which makes this adapter very attractive low-cost solution. You can read more on product’s specification page here

This thing was tough… it took me almost 10 hours of posts reading, downloads, installs, builds to find a clean and easy solution to make it work, but first i must thank the VirtualBox for its support, without it the procedure of installing/cloning would have took me more than 24 hours.

I think that the problem mainly caused by the kernel hardware support of Debian Squeeze which is too old to support this chipset because the same adapter works out of the box on Debian Wheezy which is currently in testing stage with newer kernel (3.2.5), but i dont like the idea of working on test releases. Anyway, The result is tested with latest Debian Squeeze 6.0.4-i386 installation.

Step 1: Gather The files

First we need the drivers which fortunately are available through chipset maker’s Ralink website, i have downloaded from this url the latest drivers which currently are the version 2.5.0.3, The downloaded filename is 2011_0719_RT3070_RT3370_RT5370_RT5372_Linux_STA_V2.5.0.3_DPO.bz2 which is wrong and it needs to be renamed to 2011_0719_RT3070_RT3370_RT5370_RT5372_Linux_STA_V2.5.0.3_DPO.tar.bz2 because it really is a tar archive compressed with bzip2.

Step 2: Compile and install the driver

After you have obtained the drivers file, put it in your box and do the following in order to uncompress/compile/install the driver:

root@debian:~# tar jxvf 2011_0719_RT3070_RT3370_RT5370_RT5372_Linux_STA_V2.5.0.3_DPO.tar.bz2
root@debian:~# cd 2011_0719_RT3070_RT3370_RT5370_RT5372_Linux_STA_V2.5.0.3_DPO
root@debian:~/2011_0719_RT3070_RT3370_RT5370_RT5372_Linux_STA_V2.5.0.3_DPO# make
root@debian:~/2011_0719_RT3070_RT3370_RT5370_RT5372_Linux_STA_V2.5.0.3_DPO# make install

Next, Download and install latest non-free ralink firmwares:

root@debian:~# wget http://ftp.gr.debian.org/debian/pool/non-free/f/firmware-nonfree/firmware-ralink_0.35_all.deb
root@debian:~# dpkg -i firmware-ralink_0.35_all.deb

Now if everything finished without errors you are ready to plug in your usb adapter, and verify that the system “see” it and has loaded the needed modules, in my situation the output was:

root@debian:~# dmesg
<----- TEXT OMMITED ----->

[   51.276088] usb 1-2: new full speed USB device using ohci_hcd and address 3
[   51.951155] usb 1-2: New USB device found, idVendor=148f, idProduct=5370
[   51.951159] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.951162] usb 1-2: Product: 802.11 n WLAN
[   51.951163] usb 1-2: Manufacturer: TPlink
[   51.951165] usb 1-2: SerialNumber: 1.0
[   51.953625] usb 1-2: configuration #1 chosen from 1 choice
[   52.046122] rtusb init rt2870 --->
[   52.046354]
[   52.046354]
[   52.046355] === pAd = e1ec6000, size = 517232 ===
[   52.046356]
[   52.047306] <-- RTMPAllocTxRxRingMemory, Status=0
[   52.047409] <-- RTMPAllocAdapterBlock, Status=0
[   52.054416] usbcore: registered new interface driver rt2870

root@debian:~# lsusb | grep 5370
Bus 001 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter

root@debian:~# lsmod | grep 5370
rt5370sta             575832  0
usbcore                99329  5 rt5370sta,usbhid,ohci_hcd,ehci_hcd

Step 3: Configure WPA/PSK and Automatic activation on startup.

The created network device name is ra0, Ralink's driver doesnt need the help of wpasupplicant in order to join WPA/PSK networks, it has its own way to do this. After you plugged in the USB Adapter, the module dynamically created a configuration file for the adapter and stored in as /etc/Wireless/RT2870STA/RT2870STA.dat, now open it with your favorite editor and change the values below to match your setup:

SSID=<your-ssid>
AuthMode=WPAPSK
EncrypType=TKIP
WPAPSK=<your wpa password>

If you want to start the wireless connection on system's startup, just add the below lines to your /etc/network/interfaces file:

auto ra0
iface ra0 inet dhcp

If you dont, add only the below line in your /etc/network/interfaces file:

iface ra0 inet dhcp

Now, you can "pull up" your connection manually from command line with the command:

root@debian:~# ifup ra0

or just reboot your machine to test it.

Thats it, i hope this guide will help some people out there who bought the same device or similar with the same chipset and trying to figure out how to use it in current Debian's stable release at least until Wheezy goes stable and this guide will get obsolete