Atomicorp

Can you send us the output of the uninstaller at support@atomicorp.com? Also, we're releasing the Ubuntu version of ASL this summer. Would you like to sign up for the early beta? also, kernel aside, how does ASL compare to Trend Micro Deep Security? do you have any ansible scripts for installing an...

mikeshinn wrote:Can you send us the output of the uninstaller at support@atomicorp.com?

Also, we're releasing the Ubuntu version of ASL this summer. Would you like to sign up for the early beta?

done. yes pls sign me up for the early beta.

I would like to ideally remove ASL from a CentOS 6.9 system. When I follow the instructions , it tries to remove for dependencies packages from @base, @updates, @epel and worst, @virtualmin and @virtualmin-universal. It doesn't seem that the dependencies are being properly calculated. Maybe I should...

Windows will be first, we're working on that right now. Then there be more work next quarter after that on the debian/suse/ubuntu WAF product (ie this is what we include on plesk now, making this more flexible, etc), which builds some dependencies for ASL on debian/ubuntu/suse. might be forking our...

Well for this specific attack, and only this one, you could get away with not turning it on. But in general brute force attacks are stopped better if you can enable all of these. The TI rules are stopping 75% of the attacks we see, so we highly recommend enabling them. Thanks for the clarification....

Yes. If you have these rulesets enabled: https://www.atomicorp.com/wiki/index.php?title=ASL_WAF#MODSEC_00_THREAT https://www.atomicorp.com/wiki/index.php?title=ASL_WAF#MODSEC_03_DOS https://www.atomicorp.com/wiki/index.php?title=ASL_WAF#MODSEC_12_BRUTE Note: If you use litespeed it doesnt support o...

https://blog.sucuri.net/2015/10/brute-f ... mlrpc.html

Is it already handled by ASL?

TIA

Warning: Suspicious file types found in /dev: /dev/.udev/db/input:event4: ASCII text /dev/.udev/db/input:event0: ASCII text /dev/.udev/db/input:js0: ASCII text /dev/.udev/db/input:event3: ASCII text /dev/.udev/db/input:mouse2: ASCII text /dev/.udev/db/input:event1: ASCII text /dev/.udev/db/input:ev...

breun wrote:You can install the ansible package from the EPEL repository.

I meant an Ansible recipe for installing ASL

breun wrote:Something for the atomic repository?

Ansible is a radically simple model-driven configuration management, deployment, and command execution framework.

http://ansible.github.com/

I also would like to use Ansible to deploy ASL. Or at least parts of it.

Yes, we're planning on expanding into several other platforms, including debian, ubuntu, and windows. Currently we're working on expanding the WAF into Windows server systems. do you think debian or ubuntu will come first? and the natural follow up question, is there a rough estimate for when it wo...

scott wrote:We do not have any .deb packages at this time, its something we're planning on having soon though.

Is Debian support planned for ASL entirely or just modsec?

Even if just for the fact that it spiked up resource usage to the point that I got an alert, I would like to stop these attacks: HEAD /?MDM0OTEwOTQzOTIwMzQwMTUwMDEwODc1MTI1NDQ0MDEzMDIxNzE1ODA0NDc0NzY2ODgxOTg5MzE5MDA3MDQ5Mjk3MjI0MDExNTE0NDE1MzkxMjMyNjAyOTM1MDUwMTY3NTE5MzEzNDI3NTIyNjAwMjg5MTU5ODA3MDQy...

Can you share your access logs with me, I'll see what we might be able to do on the RBL side as well. Since we can create as many RBLs as you can imagine, I'm thinking we might create some RBLs for things like "impolite bots" similar to the spammer RBLs and others we already have. PM me a...

We could add in a capability to make the lookups non-verified (the PTR doesnt have to match the A) - or both (you decide how verified it needs to be). This would only work on ASL systems so if thats something you'd like we can add it into the FRs and see about rolling it out next week. That would b...