The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Migrate from Atomicorp Rules (AUM) to OWASP

Discussion in 'Security' started by jcwacky, Oct 3, 2015.

  1. jcwacky

    jcwacky Member

    Joined:
    Sep 4, 2002
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I have a CloudLinux 6.6 server running cPanel 11.50.1, it has ModSecurity installed along with the Atomicorp Rules and ConfigServer ModSecurity Control (CMC).

    It was setup this way before ModSecurity became a feature of cPanel. I'm now interested in moving over to the default cPanel ModSecurity setup using the OWASP rules.

    What do I need to do in order to achieve this?
    How can I cleanly remove Atomicorp rules, setup the OWASP rules, and enable ModSecurity via cPanel?
    Will ConfigServer ModSecurity Control (CMC) still work?

    This is how the Atomicorp rules were orignally installed:
    Code:
    wget -q -O - https://www.atomicorp.com/installers/aum |sh
    aum -u
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I would very strongly advise against ditching the atomicorp rules in favor of OWASP. The atomic rules are much more effective and have WAY less false positives.
     
    Infopro likes this.
  3. jcwacky

    jcwacky Member

    Joined:
    Sep 4, 2002
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Ah, I see. Even though I'm using the free Atomicorp rules from a year ago?
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Honestly... yeah. The OWASP rules are pretty much just anomaly based. I'd take a year or two out-dated atomic rules over them any day.
     
  5. jcwacky

    jcwacky Member

    Joined:
    Sep 4, 2002
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Thanks, I'll stick with Atomicorp for the time being then.

    Presume there's no easy way to start using the cPanel ModSecurity Hits List with my current Atomicorp setup?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator

Share This Page