Atomic Rules with EA4

I've been using the Atomic Rules for Mod Security for years on cPanel with Easy Apache 3.

What's the consensus about Atomic on EA4? The documentation at Atomic is so confusing, the price has doubled (from $99 to $199), their aum installer doesn't seem to work for me on CentOS7, and I'm not certain that CMC (Config Server Modsec Control) is working properly, at least not with my attempt at installing the Atomic Rules and getting them to work.

Is there some friction between cPanel and Atomic? I mean neither party seems that interested in making things easy. Why doesn't WHM have a way to install Atomic as a Vendor in ModSec Vendors?

It's very tempting at this point to just use the OWSAP rules . . . 1 click and it's done.

Any opinions?

 

After a frustrating bit of back and forth and reading their wiki I found that they have an installer "aum" that will install everything and provides automatic updates of the ruleset.

- Removed Subscription based rules installer -

They do not support the yaml method of being added as a vendor.

 

What's not clear to me after the aum install . . . is Mod Security processing the Atomic rules?

There is nothing in the WHM interface to let me know what's going on.

Should I disable the OWSAP rules in Security > Mod Security Vendors?

 

But that's only the OWASP rules correct?
There seems to be no indication of Atomic rules or hits anywhere in Security Center.

 

The "aum" installer seems to do everything.
It's just that there's no feedback from WHM.

 

cPanel support says that the rules are being processed, you can see them in the apache error logs, and I get emails from lfd telling me about them. Then suggested I go back to Atomic to see if there's any GUI available.

Atomic has already said they won't support the YAML integration for security and anti-piracy reasons.