Search found 16 matches

by kirkre
Thu Dec 10, 2015 4:58 pm
Forum: Atomic Protector (formerly ASL)
Topic: Multiple SSH ports?
Replies: 0
Views: 2078

Multiple SSH ports?

We have SSH running on two ports. Port 22 which is only open to specific IPs, and another port which is open but with restricted features available. Is there any support in ASL for multiple SSH ports? I see rules like HIDS 5706 and 5701 which presumably work on a single port. If you change the SSH p...
by kirkre
Mon Nov 16, 2015 8:51 pm
Forum: Atomic Protector (formerly ASL)
Topic: tortix-kernel-xen, repository not found
Replies: 4
Views: 3489

Re: tortix-kernel-xen, repository not found

Trying this on a fresh but identical server type, the yum repo was setup by asl, and the Atomic kernel was installed and booted with no problems. Either the hosting provider fixed something in the newer images, or more likely I had tweaked something that broke this. Atomic support has graciously tri...
by kirkre
Sun Nov 15, 2015 8:58 pm
Forum: Atomic Protector (formerly ASL)
Topic: tortix-kernel-xen, repository not found
Replies: 4
Views: 3489

Re: tortix-kernel-xen, repository not found

Checking the repos against a backup showed the repos were fresh in spite of the time stamps, so I manually added tortix-kernel-xen to tortix.repo and installed Atomic kernel 3.2.69-81.xen.art.x86_64. System did not come up :-/ This is on a Rackspace server which as far as I have read is tested and k...
by kirkre
Sun Nov 15, 2015 12:31 am
Forum: Atomic Protector (formerly ASL)
Topic: tortix-kernel-xen, repository not found
Replies: 4
Views: 3489

Re: tortix-kernel-xen, repository not found

Since tortix-kernel-xen is not in my Atomic repos, I'm thinking maybe my old tortix/asl repos were not updated by the install, and that is why it's missing? My tortix.repo for instance is dated 1/17/2014. I also have asl.repo, atomic.repo and tortix.common.repo, and only asl.repo has a current date ...
by kirkre
Sat Nov 14, 2015 11:21 pm
Forum: Atomic Protector (formerly ASL)
Topic: tortix-kernel-xen, repository not found
Replies: 4
Views: 3489

tortix-kernel-xen, repository not found

I get the following error trying to install the ASL kernel for my xen system: Error getting repository data for tortix-kernel-xen, repository not found I get this whether I try to install the ASL xen kernel through the ASL install, or via yum with: yum --disableexcludes=all --enablerepo=tortix-kerne...
by kirkre
Mon Nov 09, 2015 9:43 pm
Forum: Atomic Protector (formerly ASL)
Topic: Firewall rule triggered by modsec state limit?
Replies: 3
Views: 2917

Re: Firewall rule triggered by modsec state limit?

Great! I'd like to try the trial on our test server first to make sure everything works. I think I'll need to open another account to put the trial on the test server since we already have a rules only subscription, but let me know if there is a better way to do this.

Thanks!

Kirk
by kirkre
Mon Nov 09, 2015 8:04 pm
Forum: Atomic Protector (formerly ASL)
Topic: Firewall rule triggered by modsec state limit?
Replies: 3
Views: 2917

Firewall rule triggered by modsec state limit?

Does ASL have the capability to block an IP at the firewall level when that IP exceeds a mod_security state limit such as this?: /var/log/httpd/error_log:[Sun Nov 08 21:50:19 2015] [warn] ModSecurity: Access denied with code 400. Too many threads [255] of 100 allowed in WRITE state from 177.141.142....
by kirkre
Thu Aug 27, 2015 5:36 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: asl yum repos for rules only subscription?
Replies: 0
Views: 3550

asl yum repos for rules only subscription?

Is there any way for rules only users to install the asl-4.0 yum repo in order to get the atomic release of mod_evasive? I could use the atomic rpm, or I could use the epel repo, but assuming it is advisable to use the atomic release outside of ASL, it would be nice to have access to the repo. Thank...
by kirkre
Fri Aug 21, 2015 8:58 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Managing Rules with AUM for rules only accounts
Replies: 6
Views: 6008

Re: Managing Rules with AUM for rules only accounts

Thanks, that makes sense, although I do hope aum has the capability to update clam some day, subject of course to the users setup. I notice the rules only clam signatures license states: The Real Time Atomic CLAMAV Signatures are licensed by the server. For each license you can also run the rules on...
by kirkre
Fri Aug 21, 2015 6:15 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Managing Rules with AUM for rules only accounts
Replies: 6
Views: 6008

Re: Managing Rules with AUM for rules only accounts

Thanks Michael. I'm glad to see there is an option to upgrade from a rules account to ASL. Not only do I see more and more what ASL can do by looking at the rule sets, but when I find I am reading things backwards, I have to wonder if it's wise to configure my security solutions by hand! I will defi...
by kirkre
Wed Aug 19, 2015 10:29 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Managing Rules with AUM for rules only accounts
Replies: 6
Views: 6008

Re: Managing Rules with AUM for rules only accounts

Thanks! I knew I was missing something. Since I'm used to updating rule sets manually, I didn't realize this should be done through the config. Going over the rest of the rule sets, I have a few more questions. 00_asl_z_antievasion.conf Since our newer mod sec version does not support this rule set ...
by kirkre
Wed Aug 19, 2015 1:25 am
Forum: Atomicorp Modsecurity Rules Support
Topic: Managing Rules with AUM for rules only accounts
Replies: 6
Views: 6008

Managing Rules with AUM for rules only accounts

I'm new to AUM and used to managing rule sets manually. First question I have that I can't find the answer to, the default 00_mod_security.conf installed by AUM loads all rule sets including for instance 99_asl_a_redactor.conf, which according to the description in the WAF rule families wiki should ...
by kirkre
Mon Oct 31, 2011 10:49 pm
Forum: Atomicorp Free Modsecurity Rules
Topic: 00_asl_rbl.conf loaded by default when using delayed rules?
Replies: 5
Views: 8815

Re: 00_asl_rbl.conf loaded by default when using delayed rul

I guess my confusion from the start was in thinking ANY of the includes were meant to go outside of the IfModule section. If it takes a little effort to sort this out, it is still nothing compared to the effort it would take to get other mod security rule sets working without issue. Even with all th...
by kirkre
Mon Oct 31, 2011 1:53 pm
Forum: Atomicorp Free Modsecurity Rules
Topic: 00_asl_rbl.conf loaded by default when using delayed rules?
Replies: 5
Views: 8815

Re: 00_asl_rbl.conf loaded by default when using delayed rul

Thanks I got it now. The first time I read your replies I missed something and sent a further inquiry which hasn't shown up, maybe the moderator can delete it? Now I see that both your replies are crystal clear. Just needed another cup of tea before my brain was fully working :-)

Thanks,

Kirk
by kirkre
Mon Oct 31, 2011 12:54 pm
Forum: Atomicorp Free Modsecurity Rules
Topic: 00_asl_rbl.conf loaded by default when using delayed rules?
Replies: 5
Views: 8815

Re: 00_asl_rbl.conf loaded by default when using delayed rul

Thanks mikeshinn. But is what faris says true? <IfModule mod_security2.c> # This is the ModSecurity Core Rules Set. # Basic configuration goes in here Include modsecurity.d/modsecurity_crs_10_config.conf # Rule management is handled by ASL Include modsecurity.d/*asl*.conf </IfModule> If the line 'In...