Search found 26 matches
- Fri Jun 23, 2017 1:37 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Unable to unload kcare kmod 1
- Replies: 4
- Views: 13532
Unable to unload kcare kmod 1
With Kernel Care installed, I should be able to apply kernel patch by executing `kcarectl --update` However, it gives this error: Updates already downloaded Updates already downloaded rmmod: ERROR: could not remove 'kcare': Operation not permitted rmmod: ERROR: could not remove module kcare: Operati...
- Tue May 30, 2017 2:46 am
- Forum: Requests
- Topic: Openresty + mod_security rules ?
- Replies: 0
- Views: 16209
Openresty + mod_security rules ?
Nginx with Lua module (openresty) looks very promising in terms of performance and capabilities.
https://openresty.org/en/
https://github.com/p0pr0ck5/lua-resty-waf
Have you discovered these and are you considering them as ugly Apache replacement (or alternative)?
https://openresty.org/en/
https://github.com/p0pr0ck5/lua-resty-waf
Have you discovered these and are you considering them as ugly Apache replacement (or alternative)?
- Sat Apr 15, 2017 8:43 am
- Forum: Atomic Protector (formerly ASL)
- Topic: wordpress websites compromised
- Replies: 5
- Views: 14343
Re: wordpress websites compromised
How did you ensure your ASL is working? Simply installing it does not guarantee it will work. To test it, try this terminal command from a non-ASL-whitelisted IP address: wget http://websitetotest/foo.php?foo=httpwww.example.com If you get 403 access denied - ASL works. If you get 404 not found - AS...
- Thu Apr 13, 2017 8:36 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: aum gives error: Error parsing actions: Unknown action: logd
- Replies: 2
- Views: 10207
Re: aum gives error: Error parsing actions: Unknown action:
Posted. That error is also causing minutely email with this content: Command executed: /sbin/service tortixd restart Exit value: 1 Signal number: 0 Dumped core?: 0 Restarting tortixd (via systemctl): Job for tortixd.service failed because the control process exited with error code. See "systemc...
- Thu Apr 13, 2017 8:05 am
- Forum: Atomic Protector (formerly ASL)
- Topic: aum gives error: Error parsing actions: Unknown action: logd
- Replies: 2
- Views: 10207
aum gives error: Error parsing actions: Unknown action: logd
CentOS 7 server with cPanel/CloudLinux. Executing 'aum -uf' gives the following error in the end: Generating report ... Syntax error on line 510 of /var/asl/etc/httpd/modsecurity.d/10_asl_rules.conf: Error parsing actions: Unknown action: logda Finished apachectl-t says configuration ok rpm -qa | gr...
- Thu Jan 26, 2017 1:21 am
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL 5 all sites are timing out
- Replies: 1
- Views: 9299
ASL 5 all sites are timing out
Since the ASL automated upgrade last night, all sites on all servers with ASL (independently of OS version, stack, config) are timing out. The only way to resolve is to uninstall ASL. Disabling components one by one does not resolve the problem. No reason logged in any logs, Apache just keeps restar...
- Wed Jan 25, 2017 7:13 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Unable to activate T-WAF
- Replies: 1
- Views: 9845
Re: Unable to activate T-WAF
Thank you for all your responses all those who tried to help. In case someone encounters problem like that: You would expect that configuring ASL T-WAF via web interface would work, right? Not with ASL T-WAF. You have to SSH into the server and restart tortixd in order to activate your changes. Even...
- Tue Jul 05, 2016 12:51 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Unable to activate T-WAF
- Replies: 1
- Views: 9845
Unable to activate T-WAF
This is the first time I see such a problem: on a vanilla install of CentOS 7, Nginx 1.10, MariaDB 10.1, PHP 5.6 (no Apache) Fresh install of ASL via the installer script. No issues during the installation. Upon first login to ASL console it reports no ossec-* services are running. Started the servi...
- Thu Aug 06, 2015 10:33 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Brute force questions
- Replies: 2
- Views: 5174
Re: Brute force questions
You dont have to disable CPHulk, but ive found i dont need it. CPHulk is a little less secure imo because it wont block the attacker, it just prevents them from logging in. Thats not enough for me i prefer to block an attacker so they cant do other things to my customers systems. Completely wrong! ...
- Thu Jun 04, 2015 5:17 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Access denied with code 400. Too many threads
- Replies: 2
- Views: 5322
Re: Access denied with code 400. Too many threads
i think something is wrong with your system. that means you have 16K connections to apache. i dont even know how is that even possible unless someone is attacking you or your system is misconfigured. is 16K connections even something apache handle? my advice would be to see what all those connectio...
- Thu Jun 04, 2015 4:39 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Tortix (T-WAF) kills SPDY protocol
- Replies: 2
- Views: 4575
Re: Tortix (T-WAF) kills SPDY protocol
Would be nice to have it as T-WAF integrated feature.scott wrote:Other than an nginx->apache config (like plesk uses) no, but we can look into adding spdy support to the T-WAF.
- Thu Jun 04, 2015 4:37 am
- Forum: Atomic Protector (formerly ASL)
- Topic: IP whitelist increases the server load
- Replies: 33
- Views: 28206
Re: IP whitelist increases the server load
Won't work with CloudLinux. Had to deactivate ASL firewall to stop loosing customers.octet wrote:As promised, back with an update, the server works perfectly fine with the new kernel, no more iptables problems, no more load, no more crashes. Thanks a lot guys!
- Thu Jun 04, 2015 4:34 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Clamd, Exim & cPanel
- Replies: 6
- Views: 7541
Re: Clamd, Exim & cPanel
I think you refer to ASL with ASL kernel, which is not the case in CloudLInux cPanel. If this is true (ASL kernel is required), then most of ClamAV features you're talking about won't work. In addition to the socket location, cPanel's clamav implementation modifies Exim configuration to add directiv...
- Wed Jun 03, 2015 5:59 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Access denied with code 400. Too many threads
- Replies: 2
- Views: 5322
Access denied with code 400. Too many threads
Can't seem to find the answer in your board nor Google. After updating Apache from 2.2.x to 2.4.x the (cPanel server, CentOS 6) Apache error log is flooded with the following: [Wed Jun 03 20:55:59.777267 2015] [:warn] [pid 286756:tid 140205325903616] ModSecurity: Access denied with code 400. Too man...
- Sun May 24, 2015 11:27 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Tortix (T-WAF) kills SPDY protocol
- Replies: 2
- Views: 4575
Tortix (T-WAF) kills SPDY protocol
In setup where Nginx is used alone (no Apache) with SSL/SDPY enabled, activating T-WAF for port 443 disables SPDY. The only way to preserve SPDY is to add Apache + ASL as the upstream proxy. This has drastic impact on memory usage and performance for busy servers. Is there a way to tell tortix to ke...