Atomicorp rules on Debian 7.7

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
april10
New Forum User
New Forum User
Posts: 1
Joined: Wed Jan 21, 2015 3:50 am
Location: Bahrain

Atomicorp rules on Debian 7.7

Unread post by april10 »

Hi,

I have a debian 7.7 system. I wanted to install only the modsec rules by atomiccrp.

I installed modsecurity 2.8 and built it. Then I ran aum. But modsec didnt work.

Later I read somewhere that modsecurity that is compiled from source will not work with atomicorp rules.

Please advise on what I should do to just get the rules.

Will aum install modsecurity? But now that I deleted /var/asl, I cannot get aum to configure. I tried to get just the rules, from an atomicorp wiki, but then it says to install modsecurity from their repo, I couldnt find a debian modsec in the repo.

Please help me fix this urgently.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Atomicorp rules on Debian 7.7

Unread post by scott »

I have a debian 7.7 system. I wanted to install only the modsec rules by atomiccrp.

I installed modsecurity 2.8 and built it. Then I ran aum. But modsec didnt work.

Later I read somewhere that modsecurity that is compiled from source will not work with atomicorp rules.
Not exactly, what we recommend is using 2.7.7 with our patches applied. 2.8 will work, its just very very buggy. Especially with any IP block translations.
Please advise on what I should do to just get the rules.

Will aum install modsecurity?
It will on rhel, centos and cloudlinux. For the debian distros (and clones) the plesk build for mod_security has some of our patches applied.
But now that I deleted /var/asl, I cannot get aum to configure.
That would be bad :P Its still going to be listed as installed in the debian package database. So if you tried to install it again, it would fail on it already being in there and not let you.
I tried to get just the rules, from an atomicorp wiki, but then it says to install modsecurity from their repo, I couldnt find a debian modsec in the repo.
We do not have any .deb packages at this time, its something we're planning on having soon though.
gaia
Forum Regular
Forum Regular
Posts: 213
Joined: Tue Jun 09, 2009 12:57 pm

Re: Atomicorp rules on Debian 7.7

Unread post by gaia »

scott wrote:We do not have any .deb packages at this time, its something we're planning on having soon though.
Is Debian support planned for ASL entirely or just modsec?
CentOS 6.9
ASL 4.0.19-37
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Atomicorp rules on Debian 7.7

Unread post by scott »

Yes, we're planning on expanding into several other platforms, including debian, ubuntu, and windows. Currently we're working on expanding the WAF into Windows server systems.
gaia
Forum Regular
Forum Regular
Posts: 213
Joined: Tue Jun 09, 2009 12:57 pm

Re: Atomicorp rules on Debian 7.7

Unread post by gaia »

scott wrote:Yes, we're planning on expanding into several other platforms, including debian, ubuntu, and windows. Currently we're working on expanding the WAF into Windows server systems.
do you think debian or ubuntu will come first?

and the natural follow up question, is there a rough estimate for when it would be out?

Thanks
CentOS 6.9
ASL 4.0.19-37
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Atomicorp rules on Debian 7.7

Unread post by scott »

Windows will be first, we're working on that right now. Then there be more work next quarter after that on the debian/suse/ubuntu WAF product (ie this is what we include on plesk now, making this more flexible, etc), which builds some dependencies for ASL on debian/ubuntu/suse.
gaia
Forum Regular
Forum Regular
Posts: 213
Joined: Tue Jun 09, 2009 12:57 pm

Re: Atomicorp rules on Debian 7.7

Unread post by gaia »

scott wrote:Windows will be first, we're working on that right now. Then there be more work next quarter after that on the debian/suse/ubuntu WAF product (ie this is what we include on plesk now, making this more flexible, etc), which builds some dependencies for ASL on debian/ubuntu/suse.
might be forking our the dough for Alien Vault here soon... i need to run Ubuntu (PHP version support on CentOS just isn't cutting it for long term plans, for example Laravel prereq support). Sorry for asking again, but is it around the corner or still no ETA possible?

on another note, how does ASL compare to OSSIM/USM from Alien Vault?

TIA
CentOS 6.9
ASL 4.0.19-37
Post Reply