The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Atomic Secured Linux and cPanel. Does it work?

Discussion in 'Security' started by Domenico, Dec 1, 2009.

  1. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16
  2. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16
    Nobody? It seems a good product.
     
  3. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Hi did you tried it? I am also considering in implementing their suite.
     
  4. InDeep

    InDeep Member

    Joined:
    Feb 28, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    You can see my frustrations here in this thread.

    atomicorp.com • View topic - Cpanel Install problems

    My understanding is that it will not work with cpanel unless you use the lite version.

    At this point I have no idea what the lite version includes or the price. Still trying to find that one out
     
  5. InDeep

    InDeep Member

    Joined:
    Feb 28, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I am going to give the lite version a go, Will post my progress hopefully with good results :)
     
  6. John W

    John W Member

    Joined:
    Aug 24, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Orlando
    How did the lite version work out?
     
  7. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    I think ASL has a great product but is not for CPanel, I still think that CSF does a great job for cpanel users.

    I have used the Lite version but to be honest it doesn't do anything of the hardening that the complete suite of ASL does, the Lite version will only help you to update modsec rules, but for that I still prefer my own updater as it is more easy to implement and straight forward for cpanel users.

    On the other hand, I recommend to pay for the modsec rule suscription, as the rules are updated very often and they help you in case there is a false positive in any of them.

    Sergio.
     
  8. John W

    John W Member

    Joined:
    Aug 24, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Orlando
    Wel, I decided to try the paid rules and use the asl-lite installer but it wasn't impressive. Do you run the full set of rules for each ruleset or do you pull some out to make it less resource intensive?

    Have you tried updating mod security like Mike suggested?

    Yes, I like CSF a lot also and Configserver has great instructions and info overall. Assp Deluxe has great instructions and info also. Atomic is kind of a mess, but that's me.
     
  9. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    If you check on my updater http://forums.cpanel.net/f185/modsecurity-auto-updater-147745.html you can tweak it to pull out any rules that you want if you know how to modify the shebang file. I do it in my own updater, because it is a little bit more complex as I have a few rules of my own.

    ASL-Lite is ok, but I think is not from the point of view of a cpanel user, it ask a lot of questions before you completly install it. The good thing is that they tried to do a script that could be used for cpanel users, maybe in a future they could change it a little bit more.
     
  10. Reado

    Reado Well-Known Member

    Joined:
    Sep 8, 2009
    Messages:
    161
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    United Kingdom
    cPanel Access Level:
    DataCenter Provider
    I wouldn't want ASL on my cPanel servers, since the ASL team come across as very anti-cPanel to begin with, as in properly slating the product because of how cPanel have decided to use EA instead of installing via YUM, etc. Doesn't give the right sort of impression.

    ConfigServer however have a cPanel version and a standalone version of CSF, so anyone can pretty much use it. If they took on ASL and did their own security suite, it would win IMO.
     
  11. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    Actually the issue with cpanel is just package management. Everything we do, and everything CPanel does should work just fine - and there are people running ASL on cPanel boxes.

    Its automating installations and upgrades with CPanel thats currently problematic. Unless cpanel has changed in the last couple of months the issue is that CPanel doesnt use package management for things like mod_secuirty, PER and mysql. This creates a problem for something as robust as ASL because:

    1. We don't know what is and is not installed on the system (is mysql installed for example? what version? what version of mod_sec? etc.)
    2. If something is built against version X of mysql, for example, we can know that on any Linux system using the many package management solutions (deb, rpm, etc.) and will know what version to install against - its all automatic, with lots of great dependency analysis support - with cpanel, that doesnt exist - we just don't know.
    3. This means things get overwritten and broken when cpanel is installed and upgraded.
    4. We dont like breaking things.

    We'd LOVE to be able to support cpanel, and we are trying to sort out a way to do this, but package management is a pretty standard thing and only cPanel seems to have taken this path - so I'd say if the cpanel guys were willing to work with us we'd be delighted to be able to support Cpanel. Nothing would make us happier.
     
  12. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    Sergio you know that we love your feedback (and as customer of the Real Time rules thank you for your business)! All you have to do is ask and we'd be happy to make whatever changes you want. :)

    Did I mention we really want to able to support cPanel? Really, I'm working on a big glob clobber installer and have been for several weeks to try and work around the lack of package management.
     
  13. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    mike i just subscribed to the asl-lite and ran the installer on a cPanel centos5.4_64 box and it threw some dep errors.

    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * addons: mirrors.service.softlayer.com
    * atomic: www6.atomicorp.com
    * base: mirrors.service.softlayer.com
    * extras: mirrors.service.softlayer.com
    * updates: mirrors.service.softlayer.com
    Excluding Packages in global exclude list
    Finished
    Setting up Install Process
    Resolving Dependencies
    --> Running transaction check
    ---> Package asl-lite.x86_64 1:2.2.6-0.1.el5.art set to be updated
    --> Processing Dependency: roadsend-php-libs for package: asl-lite
    --> Running transaction check
    ---> Package roadsend-php-libs.x86_64 0:2.9.8-9.el5.art set to be updated
    --> Processing Dependency: libbigloo_u-3.0c.so()(64bit) for package: roadsend-php-libs
    --> Processing Dependency: libbigloogc-3.0c.so()(64bit) for package: roadsend-php-libs
    --> Processing Dependency: libodbc.so.1()(64bit) for package: roadsend-php-libs
    --> Processing Dependency: libmysqlclient.so.15()(64bit) for package: roadsend-php-libs
    --> Running transaction check
    ---> Package bigloo-libs.x86_64 0:3.0c-1.el5.art set to be updated
    ---> Package roadsend-php-libs.x86_64 0:2.9.8-9.el5.art set to be updated
    --> Processing Dependency: libmysqlclient.so.15()(64bit) for package: roadsend-php-libs
    ---> Package unixODBC.x86_64 0:2.2.11-7.1 set to be updated
    --> Finished Dependency Resolution
    roadsend-php-libs-2.9.8-9.el5.art.x86_64 from atomic has depsolving problems
    --> Missing Dependency: libmysqlclient.so.15()(64bit) is needed by package roadsend-php-libs-2.9.8-9.el5.art.x86_64 (atomic)
    Error: Missing Dependency: libmysqlclient.so.15()(64bit) is needed by package roadsend-php-libs-2.9.8-9.el5.art.x86_64 (atomic)
    You could try using --skip-broken to work around the problem
    You could try running: package-cleanup --problems
    package-cleanup --dupes
    rpm -Va --nofiles --nodigest
    The program package-cleanup is found in the yum-utils package.

    without attempting on any other boxes, i figured i would give it a shot in here since this thread got my attention to try it. I am running latest and greatest php/mysql and apache. any suggestions to make this easier? I didn't look into solving any deps (yet)
     
  14. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    Thank you for the question. The best way to report a support issue is to email our support team: support@atomicorp.com or post on our forums:

    atomicorp.com forums

    On first glance, that looks like you might not be running the latest cpanel. I just did a fresh install of cpanel and then asl-lite without issue.

    What version of cpanel are you running?
     
    #14 mikegotroot, Oct 14, 2010
    Last edited: Oct 14, 2010
  15. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    my version is so much "latest" that it's EDGE
     
  16. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    fresh box, figure di would try it again on another box.

    root@goff2 [~]# yum install asl-lite
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * atomic: www6.atomicorp.com
    atomic/primary_db | 435 kB 00:00
    http://www6.atomicorp.com/channels/atomic/centos/5/x86_64/repodata/primary.sqlite.bz2: [Errno -1] Metadata file does not match checksum
    Trying other mirror.
    atomic/primary_db | 435 kB 00:00
    http://www4.atomicorp.com/channels/atomic/centos/5/x86_64/repodata/primary.sqlite.bz2: [Errno -1] Metadata file does not match checksum
    Trying other mirror.
    atomic/primary_db | 435 kB 00:00
     
  17. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    Thats just a yum error, you just need to clean your cache:

    yum clean all
     
  18. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    first thing I did. got same error and a ton of deps.

    Resolving Dependencies
    --> Running transaction check
    ---> Package asl-lite.x86_64 1:2.2.6-0.1.el5.art set to be updated
    --> Processing Dependency: roadsend-php-libs for package: asl-lite
    --> Running transaction check
    ---> Package roadsend-php-libs.x86_64 0:2.9.8-9.el5.art set to be updated
    --> Processing Dependency: libbigloo_u-3.0c.so()(64bit) for package: roadsend-php-libs
    --> Processing Dependency: libbigloogc-3.0c.so()(64bit) for package: roadsend-php-libs
    --> Processing Dependency: libodbc.so.1()(64bit) for package: roadsend-php-libs
    --> Processing Dependency: libmysqlclient.so.15()(64bit) for package: roadsend-php-libs
    --> Running transaction check
    ---> Package bigloo-libs.x86_64 0:3.0c-1.el5.art set to be updated
    ---> Package roadsend-php-libs.x86_64 0:2.9.8-9.el5.art set to be updated
    --> Processing Dependency: libmysqlclient.so.15()(64bit) for package: roadsend-php-libs
    ---> Package unixODBC.x86_64 0:2.2.11-7.1 set to be updated
    --> Finished Dependency Resolution
    roadsend-php-libs-2.9.8-9.el5.art.x86_64 from atomic has depsolving problems
    --> Missing Dependency: libmysqlclient.so.15()(64bit) is needed by package roadsend-php-libs-2.9.8-9.el5.art.x86_64 (atomic)
    Error: Missing Dependency: libmysqlclient.so.15()(64bit) is needed by package roadsend-php-libs-2.9.8-9.el5.art.x86_64 (atomic)
    You could try using --skip-broken to work around the problem
    You could try running: package-cleanup --problems
    package-cleanup --dupes
    rpm -Va --nofiles --nodigest
    The program package-cleanup is found in the yum-utils package.

    get thsi on all my cpanel boxes
     
  19. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    Hmmm, thats odd, I dont get that error at all when I install on a fresh cpanel install. Could you open a case with the support team? Just send an email to support@atomicorp.com.
     
  20. kthxbai2u

    kthxbai2u Member

    Joined:
    Nov 7, 2010
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Wayyyy too expensive...

    Although I bet it's worth it...

    I also bet the average person cant afford it :P
     
Loading...
Similar Threads - Atomic Secured Linux
  1. jcwacky
    Replies:
    5
    Views:
    492

Share This Page