switch from manual updates to aum

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
mr_exclusive
New Forum User
New Forum User
Posts: 4
Joined: Mon Nov 26, 2012 7:07 am
Location: Poland

switch from manual updates to aum

Unread post by mr_exclusive »

Hi,

i have switched from manual updates to aum and I've noticed that aum deleted 2 rule files and added some other is that normal?

i used for manual update rules from your wiki
Include /full/path/to/your/rules/modsecurity.d/00_asl_0_global.conf
Include /full/path/to/your/rules/modsecurity.d/00_asl_z_antievasion.conf
Include /full/path/to/your/rules/modsecurity.d/00_asl_zz_strict.conf
Include /full/path/to/your/rules/modsecurity.d/09_asl_rules.conf
Include /full/path/to/your/rules/modsecurity.d/10_asl_antimalware.conf
Include /full/path/to/your/rules/modsecurity.d/10_asl_rules.conf
Include /full/path/to/your/rules/modsecurity.d/11_asl_adv_rules.conf
Include /full/path/to/your/rules/modsecurity.d/11_asl_data_loss.conf
Include /full/path/to/your/rules/modsecurity.d/20_asl_useragents.conf
Include /full/path/to/your/rules/modsecurity.d/30_asl_antispam.conf
Include /full/path/to/your/rules/modsecurity.d/50_asl_rootkits.conf
Include /full/path/to/your/rules/modsecurity.d/51_asl_rootkits.conf
Include /full/path/to/your/rules/modsecurity.d/60_asl_recons.conf
Include /full/path/to/your/rules/modsecurity.d/61_asl_recons_dlp.conf
Include /full/path/to/your/rules/modsecurity.d/99_asl_jitp.conf

those two rules were deleted by aum
00_asl_zz_strict.conf
11_asl_data_loss.conf

Regards,
ajsu
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: switch from manual updates to aum

Unread post by scott »

Sure you need to enable them with MODSEC_00_STRICT, and MODSEC_11_DLP in your /etc/asl/config

https://www.atomicorp.com/wiki/index.ph ... figuration
Post Reply