The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Atomic Secured Linux (ASL) cPanel Experiences?

Discussion in 'Security' started by markb14391, Oct 1, 2012.

  1. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    Hi,

    I'm wondering if any of you have been using ASL (Atomic Secured Linux) for cPanel. And, if so, what are your experiences?

    We've been using it for a few months, and we've had a few problems that Atomicorp attributes to cPanel issues. But, of course, we need the two components to work well together no matter which component is at fault.

    I'm curious as to whether others have been running ASL and cPanel together smoothly. That would ease our minds. :)

    Otherwise, in case we decide to drop ASL because of the cPanel issues, it would be great to hear any summaries of other methods being used to secure a cPanel server (e.g., CSF + CSX + this + that + etc.).

    Thanks,

    Mark
     
    #1 markb14391, Oct 1, 2012
    Last edited: Oct 1, 2012
  2. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    works great for me
     
  3. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    Thanks. If I may ask, which PHP handler are you using? We're using FCGI on one server, and that server has had more ASL issues than the suPHP server. I don't know if there's a correlation.
     
  4. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    mod_php and suphp. fcgi is too slow for us.

    we are testin modruid but it has permission problems with cpanel logs
     
  5. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    Thanks for the info!

    Mark
     
  6. srpurdy

    srpurdy Well-Known Member

    Joined:
    Jun 1, 2011
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    suphp and I use this also, works great for me as well. :)

    Some of the issues that can happen is because cPanel is not following standards in terms of how things are compiled with easyapache and package handling. which from what I understand is they will be updating easyapache sometime in the near future to address that.
     
  7. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    Thanks for the reply.

    I do understand that cPanel may have some issues with package management and such. Of course the problem is that, if these issues keep another product like ASL from working, then we have a problem. So I'm wondering how many people are having issues with ASL (whether caused by ASL or cPanel or whatever), and I'm wondering whether we should continue risking future issues as long as cPanel might do things that break ASL (or make ASL break cPanel). It's good to hear that people are having good experiences.

    A side question...for those using suPHP, isn't the performance too slow (especially since you can't use opcode caching with it)? We like the reliability of suPHP, but not the performance.

    Thanks,

    Mark
     
  8. srpurdy

    srpurdy Well-Known Member

    Joined:
    Jun 1, 2011
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Right I get that, but I guess for me the chance of a problem is worth the security ASL provides. :) I don't really often give props to much of anything, but ASL is awesome. :P

    suPHP is fine from my experience it's not as fast as other handlers but it's the most scalable of them all when it comes to a shared box.

    I mean for me anyway on large scale sites with millions of requests. and a load time of 0.3 to 0.5 seconds is not really anything to be too fussy about. (and that's including mysql queries) The actual difference is maybe 0.1 to 0.2 seconds. It's really not much. I'm a performance fanatic too, and I can't even tell the difference between that and other handlers with opcache. Maybe because these heavy sites load in under 1 second anyway and are very optimized. I find much more benefit in optimizing the site itself ( http requests and parallelize urls) have a much bigger impact on site speed than the php handler.

    I might switch to mod_ruid2 one day but that will be after it's been more fine tuned. :)
     
  9. LeadDogGraphics

    LeadDogGraphics Well-Known Member

    Joined:
    Feb 25, 2012
    Messages:
    97
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    West Palm Beach, FL
    cPanel Access Level:
    Root Administrator
    I tried ASL using the free trial for a few days but did not like it at all. I already had CSF and CSX so it did not add anything to what I already had, I was just testing it out as a possible replacement. The only benefit is that it automatically loads a custom kernel based on GRSecurity, but if you load your own, you are covered just as much with CSF and CSX.

    I run mod_php + mod_ruid2 on my server so I need the extra security for privilege escalation prevention.
     
  10. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    If you don't mind sharing, what mod_security rules do you use?
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Those are not mod_security of course, mod_security can bring a lot more security to your server along with, CSF and CSX.
     
  12. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    Of course. I probably didn't word my question well. I assumed that mod_security was being used in conjunction with CSF and CSX, so I was curious which mod_security rules might be used.
     
  13. LeadDogGraphics

    LeadDogGraphics Well-Known Member

    Joined:
    Feb 25, 2012
    Messages:
    97
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    West Palm Beach, FL
    cPanel Access Level:
    Root Administrator
    Sorry if my response was confusing. Yes of course I use mod_security also!

    I use the paid ruleset from atomicorp.com aka gotroot rules. I don't like their new update that blocks fake crawlers because i found that it blocks the real ones, other than that they have been good so far.
     
  14. LeadDogGraphics

    LeadDogGraphics Well-Known Member

    Joined:
    Feb 25, 2012
    Messages:
    97
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    West Palm Beach, FL
    cPanel Access Level:
    Root Administrator
    To bring back a slightly older thread, but I want to ask the same question as the OP. I am still using the GRSecurity kernel along with mod_security, CSF and CSX, but now using mod_fcgi as my php handler. Is anyone using ASL on cPanel lately? Or anyone who has switched from using the ConfigServer utilities to ASL, care to share your experience?
     
Loading...
Similar Threads - Atomic Secured Linux
  1. jcwacky
    Replies:
    5
    Views:
    488

Share This Page