Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle.
[root@maggie ~]# asl -s -f
Starting Atomic Secured Linux scan, please be patient...
Checking Kernel security settings
ASL kernel: detected [OK]
KERNEXEC protections: detected [OK]
UDEREF protections: detected [OK]
Runtime module loading: disabled [OK]
GRsecurity administrative password: not set [INFO]
GRsecurity ACL database: not found [INFO]
Executable anonymous mapping: no [OK]
Executable bss: no [OK]
Executable data: no [OK]
Executable heap: no [OK]
Executable stack: no [OK]
Executable anonymous mapping (mprotect): no [OK]
Executable bss (mprotect): no [OK]
Executable data (mprotect): no [OK]
Executable heap (mprotect): no [OK]
Executable shared library bss (mprotect): no [OK]
Executable shared library data (mprotect): no [OK]
Executable stack (mprotect): no [OK]
Anonymous mapping randomisation test: no [OK]
Heap randomisation test (ET_EXEC): no [OK]
Heap randomisation test (ET_DYN): no [OK]
Main executable randomisation (ET_EXEC): no [OK]
Shared library randomisation test: no [OK]
Stack randomisation test (SEGMEXEC): no [OK]
Stack randomisation test (PAGEEXEC): no [OK]
Executable shared library bss: no [OK]
Executable shared library data: no [OK]
Writable text segments: no [OK]
Kernel Enforced Security Policies
Trusted Path Execution(TPE): enforced [OK]
TPE Mode: Unless Deny, Allow [INFO]
Disable Privileged I/O: enforced [OK]
Audit mount() events: not enforced [INFO]
Audit chdir() events: not enforced [INFO]
Audit ptrace() events: enforced [OK]
Audit text relocation events: not enforced [INFO]
Restrict chroot() capabilities: enforced [OK]
Chroot restrictions, deny chmod(): enforced [OK]
Chroot restrictions, deny chroot(): enforced [OK]
Chroot restrictions, deny fchdir(): enforced [OK]
Chroot restrictions, deny mknod(): enforced [OK]
Chroot restrictions, deny mount(): enforced [OK]
Chroot restrictions, deny pivot(): enforced [OK]
Chroot restrictions, deny external shmem access: enforced[OK]
Chroot restrictions, deny sysctl: enforced [OK]
Chroot restrictions, deny unix domain sockets: enforced [OK]
Chroot restrictions, set cwd to chroot dir: enforced [OK]
Chroot restrictions, process controls: enforced [OK]
Restrict dmesg: enforced [OK]
Enhanced FIFO restrictions: enforced [OK]
Fork() failure logging: enforced [OK]
Harden ptrace(): enforced [OK]
Network Stack, IP Blackhole policy: enforced [OK]
Linking Restrictions: enforced [OK]
Resource Logging: enforced [OK]
RWX map Logging: not enforced [INFO]
Signal Logging: enforced [OK]
Timechange Logging: enforced [OK]
Failed to set locale, defaulting to C
Checking General security settings
Checking for unnecessary services
Service FreeWnn: disabled [OK]
Service annacron: disabled [OK]
Service apmd: disabled [OK]
Service autofs: disabled [OK]
Service avahi-daemon: disabled [OK]
Service avahi-dnsconfd: disabled [OK]
Service bluetooth: disabled [OK]
Service canna: disabled [OK]
Service cups: disabled [OK]
Service cups-config-daemon: disabled [OK]
Service gpm: disabled [OK]
Service haldaemon: disabled [OK]
Service hidd: disabled [OK]
Service hplip: disabled [OK]
Service iiim: disabled [OK]
Service isdn: disabled [OK]
Service kdump: disabled [OK]
Service mDNSResponder: disabled [OK]
Service mcstrans: disabled [OK]
Service nfs: disabled [OK]
Service nfslock: disabled [OK]
Service nifd: disabled [OK]
Service pcscd: disabled [OK]
Service portmap: disabled [OK]
Service rpcidmapd: disabled [OK]
Service sbadm: disabled [OK]
Service xfs: disabled [OK]
Service X11: disabled [OK]
Checking for End of Life (EOL) operating systems
centos/6: Supported [OK]
Checking for POSIX ACL support: detected [OK]
Checking for updater: yum detected [OK]
Checking for updates: system is up to date [OK]
Checking for Superuser accounts (UID0)
Checking for Suspicious cron jobs
Checking for non-secure services
Telnet: not detected [OK]
Rlogin: not detected [OK]
Rsh: not detected [OK]
Checking system logging
Rsyslogd: detected [OK]
Rsyslog imklog module: detected [OK]
Checking mod_security settings
mod_security set to: enabled [OK]
Server signature set to: Apache [OK]
SecUploadDir set to: /var/asl/data/suspicious [OK]
SecUploadKeepFiles set to: off [OK]
Logfile set to: audit_log [OK]
Logging set to: Concurrent [OK]
Audit Logging to: /var/asl/data/audit [OK]
Logging elements set to: ABIFHZ [OK]
SecRequestBodyInMemoryLimit set to: 131072 [OK]
SecRequestBodyLimit set to: 134217728 [OK]
SecResponseBodyLimitAction set to: ProcessPartial [OK]
SecDataDir set to: /var/asl/data/msa [OK]
SecTmpDir set to: /tmp [OK]
Checking rule class settings
RBL Ruleset: off [LOW]
Bogus Search Engine Ruleset: off [HIGH]
Autowhitelist Search Engine Ruleset: off [LOW]
Antievasion Ruleset: on [OK]
Strict Multiform Ruleset: off [MODERATE]
Whitelist Ruleset: off [OK]
Advanced Antievasion Ruleset: off [HIGH]
Slow Denial of Service Protection: on [OK]
Exclude Ruleset: on [OK]
Anti-Malware Ruleset: on [OK]
Application Specific Rules: off [LOW]
Generic Attack Ruleset: on [OK]
Advanced Attack Ruleset: off [HIGH]
Data Loss Protection Ruleset: off [MODERATE]
Brute Force Protection Ruleset: on [OK]
Malicious Useragents Ruleset: on [OK]
Anti-Spam Ruleset: on [OK]
Anti-Spam URI RBL Ruleset: off [LOW]
Rootkit Detection Ruleset: on [OK]
Reconnaissance Attacks Ruleset: on [OK]
Data Leak Prevention Ruleset: on [OK]
Just In Time Patches: on [OK]
Malicious Output Removal Ruleset: on [OK]
Malicious Output Detector: on [OK]
Web Malware Upload Scanner: on [OK]
Checking for disabled rules
Error: does not exist.
Checking php settings
Checking for php installation: installed [OK]
Enforce safe_mode: enforced [OK]
Disable register_globals: enforced [OK]
Disable URL fopen: enforced [OK]
Disable expose_php: enforced [OK]
Disable display_errors: enforced [OK]
Checking for High-Risk functions
Function curl_exec: allowed [HIGH]
Function curl_multi_exec: allowed [HIGH]
Function dl: not allowed [OK]
Function exec: not allowed [OK]
Function fsockopen: allowed [HIGH]
Function passthru: not allowed [OK]
Function pcntl_exec: not allowed [OK]
Function pfsockopen: not allowed [OK]
Function popen: not allowed [OK]
Function posix_kill: not allowed [OK]
Function posix_mkfifo: not allowed [OK]
Function posix_setuid: not allowed [OK]
Function proc_close: not allowed [OK]
Function proc_open: not allowed [OK]
Function proc_terminate: not allowed [OK]
Function shell_exec: not allowed [OK]
Function system: not allowed [OK]
Checking for Moderate-Risk functions
Function ftp_exec: not allowed [OK]
Function leak: not allowed [OK]
Function posix_setpgid: not allowed [OK]
Function posix_setsid: not allowed [OK]
Function proc_get_status: not allowed [OK]
Function proc_nice: not allowed [OK]
Function show_source: not allowed [OK]
Checking for Low-Risk functions
Function escapeshellcmd: not allowed [OK]
Function phpinfo: allowed [LOW]
Checking executable stack flag on PHP extensions
/etc/init.d/ossec-hids: line 18: [: =: unary operator expected
Checking ossec-hids settings
Checking for ossec-hids installation: installed [OK]
ossec-hids set to: enabled [OK]
OSSEC is configured in server mode.
Checking for server installation: installed [OK]
Enable email notification: enabled [OK]
Notifications to address: servers@hsws.com [OK]
Notifications from address: asl@maggie.hsws.com [OK]
SMTP server: 127.0.0.1 [OK]
Max email per hour setting: 1 [OK]
Active Response: enabled [OK]
Active Response timeout: 600 [OK]
Verifying OSSEC whitelists
checking: 2.139.14.47 [OK]
checking: 61.17.231.6 [OK]
checking: 67.43.164.34 [OK]
checking: 77.206.98.122 [OK]
checking: 81.101.185.48 [OK]
checking: 82.152.125.29 [OK]
checking: 83.91.58.130 [OK]
checking: 85.13.231.163 [OK]
checking: 86.176.108.135 [OK]
checking: 88.48.243.18 [OK]
checking: 89.222.135.198 [OK]
checking: 89.234.7.214 [OK]
checking: 92.18.111.164 [OK]
checking: 92.23.32.41 [OK]
checking: 92.239.159.248 [OK]
checking: 94.194.44.251 [OK]
checking: 109.75.167.216 [OK]
checking: 109.75.167.217 [OK]
checking: 109.224.154.8 [OK]
checking: 117.218.70.51 [OK]
checking: 118.127.11.241 [OK]
checking: 122.166.240.148 [OK]
checking: 123.236.66.178 [OK]
checking: 127.0.0.1 [OK]
checking: 151.42.16.179 [OK]
checking: 151.42.49.185 [OK]
checking: 173.245.53.109 [OK]
checking: 182.188.206.44 [OK]
checking: 193.38.100.250 [OK]
checking: 195.195.237.10 [OK]
Excessive whitelists not detected: 30 [OK]
Checking for monitored log files
/var/log/messages: monitored [OK]
/var/log/secure: monitored [OK]
/var/log/maillog: monitored [OK]
/var/log/httpd/access_log: monitored [OK]
/var/log/httpd/audit_log: monitored [OK]
/var/log/tortixd/audit_log: monitored [OK]
/var/log/httpd/error_log: monitored [OK]
/var/log/httpd/suexec_log: monitored [OK]
/var/log/mysqld.log: monitored [OK]
Reloading ossec-hids: [ OK ]
Checking rkhunter settings
Checking for rkhunter installation: installed [OK]
rkhunter set to: enabled [OK]
Notifications sent to: servers@hsws.com [FIXED]
SSH root login check: enabled [FIXED]
Checking ssh settings
Enforce Protocol Version 2: enforced [OK]
SSH Port: 2633 [OK]
Strict modes enabled: enforced [OK]
Ignore .rhosts: enforced [OK]
Enforce Public Key authentication for users: enforced [OK]
Administrative users are: not defined [HIGH]
WARNING: SSH authentication will not be reconfigured at this time.
Disable Root Logins: no [HIGH]
Disable Password Authentication: no [HIGH]
Enable Privilege separation: enabled [OK]
Disallow GSSAPIAuthentication: enforced [OK]
Disallow GSSAPICleanupCredentials: enforced [OK]
SSH Banner: /etc/asl/banner [OK]
Enable UseDNS: enforced [OK]
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Checking httpd settings
Checking mod_evasive settings
Checking for mod_evasive installation: installed [OK]
mod_evasive set to: enabled [OK]
DOSHashTableSize set to: 4096 [OK]
DOSPageCount set to: 5 [OK]
DOSSiteCount set to: 200 [OK]
DOSPageInterval set to: 2 [OK]
DOSSiteInterval set to: 2 [OK]
DOSBlockingPeriod set to: 25 [OK]
checking: 2.139.14.47 [OK]
checking: 61.17.231.6 [OK]
checking: 67.43.164.34 [OK]
checking: 77.206.98.122 [OK]
checking: 81.101.185.48 [OK]
checking: 82.152.125.29 [OK]
checking: 83.91.58.130 [OK]
checking: 85.13.231.163 [OK]
checking: 86.176.108.135 [OK]
checking: 88.48.243.18 [OK]
checking: 89.222.135.198 [OK]
checking: 89.234.7.214 [OK]
checking: 92.18.111.164 [OK]
checking: 92.23.32.41 [OK]
checking: 92.239.159.248 [OK]
checking: 94.194.44.251 [OK]
checking: 109.75.167.216 [OK]
checking: 109.75.167.217 [OK]
checking: 109.224.154.8 [OK]
checking: 117.218.70.51 [OK]
checking: 118.127.11.241 [OK]
checking: 122.166.240.148 [OK]
checking: 123.236.66.178 [OK]
checking: 127.0.0.1 [OK]
checking: 151.42.16.179 [OK]
checking: 151.42.49.185 [OK]
checking: 173.245.53.109 [OK]
checking: 182.188.206.44 [OK]
checking: 193.38.100.250 [OK]
checking: 195.195.237.10 [OK]
Checking Mysql security settings
mysql security policy set to: enforced [OK]
Mysql Local LOAD DATA: disabled [OK]
Mysql Log Errors: enabled [OK]
Mysql Log authentication failures: enabled [OK]
Mysql symbolic links : disabled [OK]
Mysql query caching: enabled [OK]
Restarting clamav, this could take a moment...
Checking clamav settings
Checking for clamav installation: installed [OK]
ClamAV set to: enabled [OK]
Clamd listen address: 127.0.0.1 [OK]
Clamd log to syslog: yes [OK]
Clamav is in: application-only mode
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
Checking psmon settings
Checking for psmon installation: not installed [FAILED]
Generating Report: Complete
So that means the WAF is working, it could just be a cache issue with your browser. At some point the WAF was disabled on your system, have you made any changes or upgrades to your system recently?
