Nginx doesnt load. binary compatible

[sergiorla]

Hi im having an issue when trying to install NGINX ModSecurity Connector Dynamic Module.
I installed nginx 1.14.0 from apt-get, and it has been running for a couple of months now. Im following the instructions on https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/#mainline
When loading Modsec i receive the following error.
nginx: [emerg] module "/etc/nginx/modules/ngx_http_modsecurity_module.so" is not binary compatible in /etc/nginx/nginx.conf:6

Thanks!

[ejhayes]

@sergiorla I ran into this problem as well. Take a look at #117 (comment)

[victorhora]

Closing this one based on the solution proposed by @ejhayes. Let us know if the bug persists and we'll look into it prior to the next release.

[djkerya]

I have same problem:

nginx: [emerg] module "/usr/local/libexec/nginx/ngx_http_modsecurity_module.so" is not binary compatible in /usr/local/etc/nginx/nginx.conf:3

FreeBSD 11.3-RELEASE-p7
nginx-1.18.0_2,2 (also tried 1.16 before)
modsecurity3-3.0.4
modsecurity3-nginx-1.0.1

nginx -V

nginx version: nginx/1.18.0
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --with-google_perftools_module --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-cc-opt='-DNGX_HAVE_INET6=0 -I /usr/local/include' --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic

if i set modsecurity option in nginx port parameters i got segfault:

gdb nginx nginx.core

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `nginx -t'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libthr.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /lib/libcrypt.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/local/lib/libmodsecurity.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libmodsecurity.so.3
Reading symbols from /usr/local/lib/libpcre.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libpcre.so.1
Reading symbols from /usr/local/lib/libssl.so.11...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libssl.so.11
Reading symbols from /usr/local/lib/libcrypto.so.11...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libcrypto.so.11
Reading symbols from /lib/libz.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.6
Reading symbols from /usr/local/lib/libprofiler.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libprofiler.so.0
Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/lib/libcurl.so.4...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libcurl.so.4
Reading symbols from /usr/local/lib/libGeoIP.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libGeoIP.so.1
Reading symbols from /usr/lib/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /usr/local/lib/libxml2.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /usr/lib/liblzma.so.5...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/liblzma.so.5
Reading symbols from /usr/local/lib/libmaxminddb.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libmaxminddb.so.0
Reading symbols from /usr/local/lib/libyajl.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libyajl.so.2
Reading symbols from /usr/local/lib/gcc9/libstdc++.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/gcc9/libstdc++.so.6
Reading symbols from /lib/libm.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /usr/local/lib/gcc9/libgcc_s.so.1...Error while reading shared library symbols:
Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/local/lib/gcc9/libgcc_s.so.1]
Reading symbols from /usr/lib/libexecinfo.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libexecinfo.so.1
Reading symbols from /usr/lib/libc++.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libc++.so.1
Reading symbols from /lib/libcxxrt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libcxxrt.so.1
Reading symbols from /usr/local/lib/libnghttp2.so.14...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libnghttp2.so.14
Reading symbols from /usr/local/lib/libidn2.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libidn2.so.0
Reading symbols from /lib/libelf.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libelf.so.2
Reading symbols from /usr/local/lib/libunistring.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libunistring.so.2
Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x0000000804490110 in vtable for __cxxabiv1::__si_class_type_info () from /lib/libcxxrt.so.1
(gdb)

If i choose modsecurity 2 port option i got :
unknown directive "modsecurity"

[ARPABoy]

djkerya i have found the solution, in FreeBSD at least you only have to compile Nginx with modsecurity3 support, install modsecurity3 library and load usr/local/libexec/nginx/ngx_http_modsecurity_module.so; in Nginx configuration.
Dont install modsecurity3-nginx its the old connector previous the dynamic module conversion, i think it is explained by that commit:
r537834 | joneum | 2020-06-03 20:49:04 +0200 (Wed, 03 Jun 2020) | 11 lines

Merge r532727 from www/nginx-devel:

Convert the following third-party modules to dynamic:

o) accept_language
o) modsecurity3-nginx

Fix the third-party auth_krb5 module build.

Sponsored by: Netzkommune GmbH

[gs9622]

nginx: [emerg] module "/etc/nginx/modules/ngx_http_modsecurity_module.so" is not binary compatible in /etc/nginx/nginx.conf:8

downloaded the Nginx from the mainline, in oracle linux 7 and still getting the error .

### nginx -V
nginx version: nginx/1.19.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Tried every solution, but still it's not getting resolved

[ARPABoy]

gs9622 the nginx connector is not required by new nginx versions, you have to compile Nginx with modsecurity3 support, install modsecurity3 library and load usr/local/libexec/nginx/ngx_http_modsecurity_module.so; in Nginx configuration.

It is explained in that article:

https://alfaexploit.com/readArticle/345