jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
I've been using the Atomic Rules for Mod Security for years on cPanel with Easy Apache 3.

What's the consensus about Atomic on EA4? The documentation at Atomic is so confusing, the price has doubled (from $99 to $199), their aum installer doesn't seem to work for me on CentOS7, and I'm not certain that CMC (Config Server Modsec Control) is working properly, at least not with my attempt at installing the Atomic Rules and getting them to work.

Is there some friction between cPanel and Atomic? I mean neither party seems that interested in making things easy. Why doesn't WHM have a way to install Atomic as a Vendor in ModSec Vendors?

It's very tempting at this point to just use the OWSAP rules . . . 1 click and it's done.

Any opinions?
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,

You can install the Atomic rule directly via WHM modsecurity vendor section. This is the section which has been specially designed to implement the ModSecurity rules at ease.. Contact the Atomic support and get their yaml file from them that can be loaded directly into this vendor section to load the Atomic rules.
 

jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
After a frustrating bit of back and forth and reading their wiki I found that they have an installer "aum" that will install everything and provides automatic updates of the ruleset.

- Removed Subscription based rules installer -

They do not support the yaml method of being added as a vendor.
 
Last edited by a moderator:

jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
What's not clear to me after the aum install . . . is Mod Security processing the Atomic rules?

There is nothing in the WHM interface to let me know what's going on.

Should I disable the OWSAP rules in Security > Mod Security Vendors?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Should I disable the OWSAP rules in Security > Mod Security Vendors?
Disabling the OWASP ruleset is not required, but it may lead to issues if there are duplicate rule IDs. You should be able to see a list of existing rules via:

"WHM Home » Security Center » ModSecurity™ Tools » Rules List"

Thank you.
 

jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
But that's only the OWASP rules correct?
There seems to be no indication of Atomic rules or hits anywhere in Security Center.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello,

You won't see it listed as a vendor if they do not provide a YAML file. I recommend reaching out to their support team for help setting up their rules if their existing installation method doesn't lead to the addition of new rules.

Thank you.
 

jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
The "aum" installer seems to do everything.
It's just that there's no feedback from WHM.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look at your system to see what's happening.

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Atomic has great rules, but IMHO it's really a shame how they package and push them.

Between their pricing model and them trying to push the whole ASL package on me, I gave up on them a while ago. I had nothing but problems with their installers. If they provided just a nice vendor rule set, or even just a reliable feed of flat text config files like they used to, I'd probably pick them back up in a heartbeat.

Best of luck getting it to work. They really are awesome rules if you can pull it off.
 
  • Like
Reactions: Infopro

jimlongo

Well-Known Member
Mar 20, 2008
242
20
68
cPanel support says that the rules are being processed, you can see them in the apache error logs, and I get emails from lfd telling me about them. Then suggested I go back to Atomic to see if there's any GUI available.

Atomic has already said they won't support the YAML integration for security and anti-piracy reasons.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I use RPM instead of YAML myself, so I can understand not wanting to use the yaml system. My personal issue with atomic is more their chosen alternative being clunky and the fact that they gave me (multiple) broken install methods for the ASL package some years back, when all I wanted was to buy ModSecurity rules.

The WHM modsecurity GUI itself has a lot of potential but the details seem sorely unpolished, especially if rules are in includes anywhere other than vendor files. For example you'll get errors retrieving rules. It would be really nice to see a good overhaul of that interface, as well as the cPanel user level one, to make it usable so that we can stop relying on CMC by default to let our users make exceptions/customizations.

That said in your case maybe CMC (configserver modsec control) will give you the visibility and tools you need.