Atomic Secured Linux (ASL) cPanel Experiences?

[markb14391]

Hi,

I'm wondering if any of you have been using ASL (Atomic Secured Linux) for cPanel. And, if so, what are your experiences?

We've been using it for a few months, and we've had a few problems that Atomicorp attributes to cPanel issues. But, of course, we need the two components to work well together no matter which component is at fault.

I'm curious as to whether others have been running ASL and cPanel together smoothly. That would ease our minds.

Otherwise, in case we decide to drop ASL because of the cPanel issues, it would be great to hear any summaries of other methods being used to secure a cPanel server (e.g., CSF + CSX + this + that + etc.).

Thanks,

Mark

 

[d'argo]

works great for me

 

[markb14391]

Thanks. If I may ask, which PHP handler are you using? We're using FCGI on one server, and that server has had more ASL issues than the suPHP server. I don't know if there's a correlation.

 

[d'argo]

mod_php and suphp. fcgi is too slow for us.

we are testin modruid but it has permission problems with cpanel logs

 

[markb14391]

mod_php and suphp. fcgi is too slow for us.

we are testin modruid but it has permission problems with cpanel logs

Thanks for the info!

Mark

 

[srpurdy]

suphp and I use this also, works great for me as well.

Some of the issues that can happen is because cPanel is not following standards in terms of how things are compiled with easyapache and package handling. which from what I understand is they will be updating easyapache sometime in the near future to address that.

 

[markb14391]

suphp and I use this also, works great for me as well.

Some of the issues that can happen is because cPanel is not following standards in terms of how things are compiled with easyapache and package handling. which from what I understand is they will be updating easyapache sometime in the near future to address that.

Thanks for the reply.

I do understand that cPanel may have some issues with package management and such. Of course the problem is that, if these issues keep another product like ASL from working, then we have a problem. So I'm wondering how many people are having issues with ASL (whether caused by ASL or cPanel or whatever), and I'm wondering whether we should continue risking future issues as long as cPanel might do things that break ASL (or make ASL break cPanel). It's good to hear that people are having good experiences.

A side question...for those using suPHP, isn't the performance too slow (especially since you can't use opcode caching with it)? We like the reliability of suPHP, but not the performance.

Thanks,

Mark

 

[srpurdy]

Right I get that, but I guess for me the chance of a problem is worth the security ASL provides. I don't really often give props to much of anything, but ASL is awesome. :P

suPHP is fine from my experience it's not as fast as other handlers but it's the most scalable of them all when it comes to a shared box.

I mean for me anyway on large scale sites with millions of requests. and a load time of 0.3 to 0.5 seconds is not really anything to be too fussy about. (and that's including mysql queries) The actual difference is maybe 0.1 to 0.2 seconds. It's really not much. I'm a performance fanatic too, and I can't even tell the difference between that and other handlers with opcache. Maybe because these heavy sites load in under 1 second anyway and are very optimized. I find much more benefit in optimizing the site itself ( http requests and parallelize urls) have a much bigger impact on site speed than the php handler.

I might switch to mod_ruid2 one day but that will be after it's been more fine tuned.

 

[LeadDogGraphics]

I tried ASL using the free trial for a few days but did not like it at all. I already had CSF and CSX so it did not add anything to what I already had, I was just testing it out as a possible replacement. The only benefit is that it automatically loads a custom kernel based on GRSecurity, but if you load your own, you are covered just as much with CSF and CSX.

I run mod_php + mod_ruid2 on my server so I need the extra security for privilege escalation prevention.

 

[markb14391]

I tried ASL using the free trial for a few days but did not like it at all. I already had CSF and CSX so it did not add anything to what I already had, I was just testing it out as a possible replacement. The only benefit is that it automatically loads a custom kernel based on GRSecurity, but if you load your own, you are covered just as much with CSF and CSX.

I run mod_php + mod_ruid2 on my server so I need the extra security for privilege escalation prevention.

If you don't mind sharing, what mod_security rules do you use?

 

[Infopro]

I already had CSF and CSX so it did not add anything to what I already had, I was just testing it out as a possible replacement.

Those are not mod_security of course, mod_security can bring a lot more security to your server along with, CSF and CSX.

 

[markb14391]

Those are not mod_security of course, mod_security can bring a lot more security to your server along with, CSF and CSX.

Of course. I probably didn't word my question well. I assumed that mod_security was being used in conjunction with CSF and CSX, so I was curious which mod_security rules might be used.

 

[LeadDogGraphics]

Sorry if my response was confusing. Yes of course I use mod_security also!

I use the paid ruleset from atomicorp.com aka gotroot rules. I don't like their new update that blocks fake crawlers because i found that it blocks the real ones, other than that they have been good so far.

 

[LeadDogGraphics]

To bring back a slightly older thread, but I want to ask the same question as the OP. I am still using the GRSecurity kernel along with mod_security, CSF and CSX, but now using mod_fcgi as my php handler. Is anyone using ASL on cPanel lately? Or anyone who has switched from using the ConfigServer utilities to ASL, care to share your experience?