The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security rules, Atomic and CSF

Discussion in 'Security' started by 11Laurence, May 27, 2013.

  1. 11Laurence

    11Laurence Member

    Joined:
    May 27, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Re: CENTOS 6.4 x86_64 standard – WHM11.36.1 (build 6)

    This question is adressed tot he community of cpanel because I’m not sure if I can get help outside.

    To increase the level of security ConfigServer Mail scanner, ConfigServerSecurity&Firewall, Mod Security control have been installed.

    I follow this tuto from ukhost4u.co.uk and wrote in config plugin /mod security/WHM:

    I add these two lines from safesrv.net

    Then I pay for .... the paid rules at atomiccorp and receive a username and password.
    I read the wiki and saw for the first time the FAQ :

    Then there is a link to get the rules: updates.atomicorp.com/channels/rules/subscription/
    The browser sends a warning : « security problem »

    (Not sure it is a good start !!! they don'have updated the ssl?)

    I say to the browser it’s an exception and get the following list

    I don’t want to change my config and keep csf.
    These are my questions :
    1) What is the way (code) to get the paid rules and to give to their server my username /password in the plugin „mod security“ (edit config) from whm - see tuto ukhost4u.co.uk
    2) How do we know what is related to what rule (for instance file modsec-201303280927.tar.gz.asc is related to 51_asl_rootkits.conf ?)
    3) Is there a known conflict between cpanel, configserver security or config modsec and arules from atomiccorp.

    Thanks
    Best regards
    Francois

    N.B.: Perhap's it's a language problem and I miss a step?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You will likely get a more detailed response from Atomicorp as it relates to their custom rules. I found the following document on their website that may be helpful:

    Atomicorp Wiki

    Thank you.
     
  3. 11Laurence

    11Laurence Member

    Joined:
    May 27, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I read these pages. It seems to me they talk about rules installed with ASL (I don’t want this product). I ask here beacause I’m pretty sure other fellows have perfomed this job.

    Thanks
    regards
     
  4. 11Laurence

    11Laurence Member

    Joined:
    May 27, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    No answer.
    paid rules from atomicoep are no more used? deprecated?
     
  5. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  6. 11Laurence

    11Laurence Member

    Joined:
    May 27, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    Actually, not.
    I can get asl-lite, but it works (display) not properly and we cannot put username or password

    centOS 6.4 Linux 3.8.13-xxxx-std-ipv6-64 #2 SMP Fri May 17 05:54:07 CEST 2
    Putty

    Other way?

    thanks

    regards
     
Loading...

Share This Page