[Owasp-modsecurity-core-rule-set] Input filter: failed to create temporary file

Matthew Saltzman mjs at clemson.edu
Mon Jan 11 12:50:00 EST 2010


On Mon, 2010-01-11 at 11:57 -0500, Ryan Barnett wrote: 
> On Friday 08 January 2010 08:26:35 pm Matthew Saltzman wrote:
> > Hello, I hope I'm in the right place--I'm a complete newbie at this and
> > it's not my day job.
> > 
> > Could someone please explain to me what's going on with the following:
> > 
> >         [Fri Jan 08 13:07:45 2010] [error] [client 129.138.19.192]
> >  ModSecurity: Input fi lter: Failed to create temporary file:
> >  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC F9asQAAAAB-request_body-RFm2a5
> >  [hostname "projects.coin-or.org"] [uri "/Csdp/att
> >  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"] [Fri Jan
> >  08 13:07:45 2010] [error] [client 129.138.19.192] ModSecurity: Input fi
> >  lter: Failed to delete temporary file:
> >  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC F9asQAAAAB-request_body-RFm2a5
> >  [hostname "projects.coin-or.org"] [uri "/Csdp/att
> >  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"]
> > 
> > I have a pristine installation of mod_security-2.5.9-1.el5 from the EPEL
> > repository on a Red Hat Enterprise 5 system.  The problem is from a
> > trac-0.11.5-1.el5.rf project page.
> > 
> > If you need more info to help, I'm glad to provide whatever I can, or if
> > I should be asking elsewhere, please let me know.  TIA for your kind
> > assistance.
> > 
> 
> Matt,
> Looking at the error message and the temporary path/filename ModSecurity is attempting to 
> create, this looks like it is related to either the SecTmpDir or SecUploadDir directives - 
> 
> http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/modsecurity2-apache-
> reference.html#N10C18
> 
> Check your mod configs and see where you have specified /tmp/httpd in those directives.  You 
> will need to follow the ownership/perms requirements for these directives related to the 
> Apache user.

Both of these directives in modsecurity_crs_10_config.conf are set
to /tmp.

$ ls -ld /tmp
drwxrwxrwt 7 root root 4096 Jan 11 12:45 /tmp

Actually,

$ ls -ldZ /tmp
drwxrwxrwt. root root system_u:object_r:tmp_t:s0       /tmp

Could this be an SELinux issue?

> 
> -Ryan
> 

-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs


More information about the Owasp-modsecurity-core-rule-set mailing list