Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Atomic Rules with EA4

Discussion in 'Security' started by jimlongo, Oct 29, 2017.

Tags:
  1. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    193
    Likes Received:
    7
    Trophy Points:
    68
    I've been using the Atomic Rules for Mod Security for years on cPanel with Easy Apache 3.

    What's the consensus about Atomic on EA4? The documentation at Atomic is so confusing, the price has doubled (from $99 to $199), their aum installer doesn't seem to work for me on CentOS7, and I'm not certain that CMC (Config Server Modsec Control) is working properly, at least not with my attempt at installing the Atomic Rules and getting them to work.

    Is there some friction between cPanel and Atomic? I mean neither party seems that interested in making things easy. Why doesn't WHM have a way to install Atomic as a Vendor in ModSec Vendors?

    It's very tempting at this point to just use the OWSAP rules . . . 1 click and it's done.

    Any opinions?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,792
    Likes Received:
    83
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    You can install the Atomic rule directly via WHM modsecurity vendor section. This is the section which has been specially designed to implement the ModSecurity rules at ease.. Contact the Atomic support and get their yaml file from them that can be loaded directly into this vendor section to load the Atomic rules.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    193
    Likes Received:
    7
    Trophy Points:
    68
    After a frustrating bit of back and forth and reading their wiki I found that they have an installer "aum" that will install everything and provides automatic updates of the ruleset.

    - Removed Subscription based rules installer -

    They do not support the yaml method of being added as a vendor.
     
    #3 jimlongo, Oct 30, 2017
    Last edited by a moderator: Oct 31, 2017
  4. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    193
    Likes Received:
    7
    Trophy Points:
    68
    What's not clear to me after the aum install . . . is Mod Security processing the Atomic rules?

    There is nothing in the WHM interface to let me know what's going on.

    Should I disable the OWSAP rules in Security > Mod Security Vendors?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Disabling the OWASP ruleset is not required, but it may lead to issues if there are duplicate rule IDs. You should be able to see a list of existing rules via:

    "WHM Home » Security Center » ModSecurity™ Tools » Rules List"

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    193
    Likes Received:
    7
    Trophy Points:
    68
    But that's only the OWASP rules correct?
    There seems to be no indication of Atomic rules or hits anywhere in Security Center.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You won't see it listed as a vendor if they do not provide a YAML file. I recommend reaching out to their support team for help setting up their rules if their existing installation method doesn't lead to the addition of new rules.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    193
    Likes Received:
    7
    Trophy Points:
    68
    The "aum" installer seems to do everything.
    It's just that there's no feedback from WHM.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look at your system to see what's happening.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Atomic has great rules, but IMHO it's really a shame how they package and push them.

    Between their pricing model and them trying to push the whole ASL package on me, I gave up on them a while ago. I had nothing but problems with their installers. If they provided just a nice vendor rule set, or even just a reliable feed of flat text config files like they used to, I'd probably pick them back up in a heartbeat.

    Best of luck getting it to work. They really are awesome rules if you can pull it off.
     
    Infopro likes this.
  11. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    193
    Likes Received:
    7
    Trophy Points:
    68
    cPanel support says that the rules are being processed, you can see them in the apache error logs, and I get emails from lfd telling me about them. Then suggested I go back to Atomic to see if there's any GUI available.

    Atomic has already said they won't support the YAML integration for security and anti-piracy reasons.
     
  12. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I use RPM instead of YAML myself, so I can understand not wanting to use the yaml system. My personal issue with atomic is more their chosen alternative being clunky and the fact that they gave me (multiple) broken install methods for the ASL package some years back, when all I wanted was to buy ModSecurity rules.

    The WHM modsecurity GUI itself has a lot of potential but the details seem sorely unpolished, especially if rules are in includes anywhere other than vendor files. For example you'll get errors retrieving rules. It would be really nice to see a good overhaul of that interface, as well as the cPanel user level one, to make it usable so that we can stop relying on CMC by default to let our users make exceptions/customizations.

    That said in your case maybe CMC (configserver modsec control) will give you the visibility and tools you need.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice