Hi!
I have been a user of CloudLinux 6 and cPanel for a long time now and it works fine. Now I'd like to secure my servers with better mod_security rules (and better security at large) and I'm looking at ASL or your mod_security rules product.
Since CL6 works so fine, I'm not ready to switch kernel to ASL. Which is why I'm wondering how ASL works together with CL.
Which features of ASL will I miss by not using the ASL kernel?
Is there no point in getting the ASL package, since I will not be running the ASL kernel, and instead just get the mod_security rules?
Will some features of CL "collide" with ASL?
How well will the two work together?
How will I experience my servers after installing ASL on my CL/cPanel server? Higher load? Higher response times? Broken scripts?
I'm also planning on running CL's "KernelCare" feature soon. Any issues together with ASL there?
Thanks in advance.
/E
ASL with CloudLinux ?
Re: ASL with CloudLinux ?
*bump*
No one? Nothing?
No one? Nothing?
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: ASL with CloudLinux ?
> Since CL6 works so fine, I'm not ready to switch kernel to ASL. Which is why I'm wondering how ASL works together with CL.
Thanks for the questions. ASL is fully supported with Cloudlinux:
https://www.atomicorp.com/wiki/index.php/CloudLinux
> Which features of ASL will I miss by not using the ASL kernel?
You wont have any of the kernel level protections that make your system immune to lots of things. Heres the list of what you wont get with the CL kernel:
• Advanced Kernel Protection: The most secure kernel available for Linux, including state of the art kernel protection from the PaX and grsecurity projects.
• KIPS - Kernel Intrusion Prevention System: prevents insertion of rootkits and malware into kernel, protects against memory and stack based attacks and other methods rootkits use to take over your system, Role Based and Mandatory Access Control, Trusted Path and more!
• More secure and powerful than standard Linux kernels.
• Prevents rootkit installations, detects and stops application attacks such as buffer overflows, brute force attacks and more.
• Includes powerful immunizations against kernel and software vulnerabilities not found in standard Linux kernels.
• Protects your Linux server against entire classes of exploits in services on the system, such as vulnerabilities in apache, mysql, postgres, bind, secure shell (ssh), control panels and others.
• Trusted Path Execution - restricts untrusted users such as apache to execute only trusted applications and commands thus simply preventing a whole class of exploit techniques used by attackers, or internet worms. This can also be used to automatically prevent your users from executing and even uploading dangerous software to your servers!
• Built in Virtualization: ASL also includes the KVM/QEMU, lguest and VServer virtualization technologies.
• Automatically disables unsafe functions in web technologies such as PHP to help prevent entire classes of vulnerabilities.
• Specially hardened chroot capabilities, and protection against exploitable null-pointer dereference bugs in the kernel, and other enhancements from the Grsecurity project.
• Users are restricted to only view their processes.
• Sensitive kernel functions are denied to normal users.
• Auto-learning Role Based Access Control. An intelligent and highly secure robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration, from the Grsecurity project.
• Realtime malware/virus/trojan protection from web, file and local based attacks.
>Is there no point in getting the ASL package, since I will not be running the ASL kernel, and instead just get the mod_security rules?
Not at all. ASL is a lot more than just the kernel, our secure kernel is just a tiny fraction of the features ASL includes. A full feature list is available here:
https://www.atomicorp.com/products/asl.html
Heres a short list:
• HIPS - Host Intrusion Prevention System: includes built-in rootkit detection and prevention.
• WIPS/WAF - Web Intrusion Prevention System/Web Application Firewall: Application layer firewalling using the industry leading GotRoot Real Time ModSecurity rules created by Atomciorp and optimized for web hosting environments. A must for PCI-DSS compliance! Protects against cross site scripting, SQL injection, remote code inclusion, directory recursion and many many other web based attacks. Plus, it intelligently detects search engines to prevent accidental blocking of webcrawlers.
• Stateful Packet Inspection Firewall
• Quick and easy setup for powerful stateful firewall
• Advanced firewall management GUI for advanced users
• Realtime Shunning/Firewalling and Blocking of Attack Sources, including user control over automatic "deshunning" time lines.
• Realtime blacklisting of spammers, malware and attackers.
• Repeat offender shunning (automatically increases with repeated attacks).
• Full RBL support - works with all DNS based RBLs such as spamhaus and others.
• Geoblocking based on countries.
• Brute Force Attack Detection and Prevention
• Detects and blocks brute force and "low and slow" attacks on the systems daemons including, ssh, mysql, ftp, mail servers, control panels, suhosin failures, samba and others.
• Detects and blocks brute force and "low and slow" attacks on web applications! Intelligently identifies when a web application has denied access, even complex applications! Not a simple tool that just looks for htaccess failures, this is a real web application brute force protection system.
• Automatic Self Healing System - ASL is truly unlike any other security product! Not only will ASL protect your system, but it will also automatically fix problems on the system as they occur. From crashed processes, to broken applications and system errors, you name it! ASL intelligently analyzes the systems logs and condition, and will take action to repair errors, fix misconfigurations, protect processes and so much more. And the Self Healing system is flexible too, using an XML based system to allow you to easily create your own self healing rules.
• "Just in Time" Virtual Patching for web applications. Helps to protect vulnerable applications that can not be patched immediately.
• Automated File Upload Scanning Protection - upload prevention of malicious file uploads such as rootkits, viruses, worms, shells, spambots and more!. Scans all Web, FTP and SSH based file uploads. Files can be quarantined for further investigation, or can be automatically deleted before they are ever uploaded to the system!
• Built in Vulnerability and Compliance Scanner and Remediation System - ensures that your system is operating in a safe, secure and compliant manner.
• Suspicious Event Detection and Notification
• Detects suspicious events and events of importance and sends alerts. Events such as privilege escalation (su events), log ins at strange times, software installation and modification, file privilege changes and more!
• Detects suspicious processes, files, user actions, hidden ports, kernel activity, open ports and other indicators of unauthorized activity or compromise.
• Web Comment/Blog/Referrer Spam Protection
• Denial of Service Protection
• Real Time malware removal system - helps protect a system from accidentally serving up malware.
• Third party signatures such as Google Blacklists, SaneSecurity, SecuriteInfo, MalDet and others.
• Data Loss Protection and Real Time Web Content Redaction System - prevents data leakage of information, such as credit cards, SSNs or other sensitive customer data.
• Automated Secure Log Management with Secure Remote Logging - intelligent log reduction, event detection and alerting! Ships with a world class set of policies that requires no tuning or configuration and works out of the box to detect intrusions, policy violations and system emergencies.
• Real-time e-mail notifications of attacks and system emergencies.
• GUI management of alerting rules and per domain controls.
• Intelligent log reduction and event detection.
• Event correlation.
• Easy to use XML based policies for custom event detection and alerting.
• Web Based GUI Management
• Domain based control over security features.
• Easy to use GUI rule manager for detection and prevention rules and alerts.
Thanks for the questions. ASL is fully supported with Cloudlinux:
https://www.atomicorp.com/wiki/index.php/CloudLinux
> Which features of ASL will I miss by not using the ASL kernel?
You wont have any of the kernel level protections that make your system immune to lots of things. Heres the list of what you wont get with the CL kernel:
• Advanced Kernel Protection: The most secure kernel available for Linux, including state of the art kernel protection from the PaX and grsecurity projects.
• KIPS - Kernel Intrusion Prevention System: prevents insertion of rootkits and malware into kernel, protects against memory and stack based attacks and other methods rootkits use to take over your system, Role Based and Mandatory Access Control, Trusted Path and more!
• More secure and powerful than standard Linux kernels.
• Prevents rootkit installations, detects and stops application attacks such as buffer overflows, brute force attacks and more.
• Includes powerful immunizations against kernel and software vulnerabilities not found in standard Linux kernels.
• Protects your Linux server against entire classes of exploits in services on the system, such as vulnerabilities in apache, mysql, postgres, bind, secure shell (ssh), control panels and others.
• Trusted Path Execution - restricts untrusted users such as apache to execute only trusted applications and commands thus simply preventing a whole class of exploit techniques used by attackers, or internet worms. This can also be used to automatically prevent your users from executing and even uploading dangerous software to your servers!
• Built in Virtualization: ASL also includes the KVM/QEMU, lguest and VServer virtualization technologies.
• Automatically disables unsafe functions in web technologies such as PHP to help prevent entire classes of vulnerabilities.
• Specially hardened chroot capabilities, and protection against exploitable null-pointer dereference bugs in the kernel, and other enhancements from the Grsecurity project.
• Users are restricted to only view their processes.
• Sensitive kernel functions are denied to normal users.
• Auto-learning Role Based Access Control. An intelligent and highly secure robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration, from the Grsecurity project.
• Realtime malware/virus/trojan protection from web, file and local based attacks.
>Is there no point in getting the ASL package, since I will not be running the ASL kernel, and instead just get the mod_security rules?
Not at all. ASL is a lot more than just the kernel, our secure kernel is just a tiny fraction of the features ASL includes. A full feature list is available here:
https://www.atomicorp.com/products/asl.html
Heres a short list:
• HIPS - Host Intrusion Prevention System: includes built-in rootkit detection and prevention.
• WIPS/WAF - Web Intrusion Prevention System/Web Application Firewall: Application layer firewalling using the industry leading GotRoot Real Time ModSecurity rules created by Atomciorp and optimized for web hosting environments. A must for PCI-DSS compliance! Protects against cross site scripting, SQL injection, remote code inclusion, directory recursion and many many other web based attacks. Plus, it intelligently detects search engines to prevent accidental blocking of webcrawlers.
• Stateful Packet Inspection Firewall
• Quick and easy setup for powerful stateful firewall
• Advanced firewall management GUI for advanced users
• Realtime Shunning/Firewalling and Blocking of Attack Sources, including user control over automatic "deshunning" time lines.
• Realtime blacklisting of spammers, malware and attackers.
• Repeat offender shunning (automatically increases with repeated attacks).
• Full RBL support - works with all DNS based RBLs such as spamhaus and others.
• Geoblocking based on countries.
• Brute Force Attack Detection and Prevention
• Detects and blocks brute force and "low and slow" attacks on the systems daemons including, ssh, mysql, ftp, mail servers, control panels, suhosin failures, samba and others.
• Detects and blocks brute force and "low and slow" attacks on web applications! Intelligently identifies when a web application has denied access, even complex applications! Not a simple tool that just looks for htaccess failures, this is a real web application brute force protection system.
• Automatic Self Healing System - ASL is truly unlike any other security product! Not only will ASL protect your system, but it will also automatically fix problems on the system as they occur. From crashed processes, to broken applications and system errors, you name it! ASL intelligently analyzes the systems logs and condition, and will take action to repair errors, fix misconfigurations, protect processes and so much more. And the Self Healing system is flexible too, using an XML based system to allow you to easily create your own self healing rules.
• "Just in Time" Virtual Patching for web applications. Helps to protect vulnerable applications that can not be patched immediately.
• Automated File Upload Scanning Protection - upload prevention of malicious file uploads such as rootkits, viruses, worms, shells, spambots and more!. Scans all Web, FTP and SSH based file uploads. Files can be quarantined for further investigation, or can be automatically deleted before they are ever uploaded to the system!
• Built in Vulnerability and Compliance Scanner and Remediation System - ensures that your system is operating in a safe, secure and compliant manner.
• Suspicious Event Detection and Notification
• Detects suspicious events and events of importance and sends alerts. Events such as privilege escalation (su events), log ins at strange times, software installation and modification, file privilege changes and more!
• Detects suspicious processes, files, user actions, hidden ports, kernel activity, open ports and other indicators of unauthorized activity or compromise.
• Web Comment/Blog/Referrer Spam Protection
• Denial of Service Protection
• Real Time malware removal system - helps protect a system from accidentally serving up malware.
• Third party signatures such as Google Blacklists, SaneSecurity, SecuriteInfo, MalDet and others.
• Data Loss Protection and Real Time Web Content Redaction System - prevents data leakage of information, such as credit cards, SSNs or other sensitive customer data.
• Automated Secure Log Management with Secure Remote Logging - intelligent log reduction, event detection and alerting! Ships with a world class set of policies that requires no tuning or configuration and works out of the box to detect intrusions, policy violations and system emergencies.
• Real-time e-mail notifications of attacks and system emergencies.
• GUI management of alerting rules and per domain controls.
• Intelligent log reduction and event detection.
• Event correlation.
• Easy to use XML based policies for custom event detection and alerting.
• Web Based GUI Management
• Domain based control over security features.
• Easy to use GUI rule manager for detection and prevention rules and alerts.
If I understand your question, no nothing will collide.Will some features of CL "collide" with ASL?
We have lots of CL customers now, so quite well.How well will the two work together?
No broken scripts, higher load or higher response times.How will I experience my servers after installing ASL on my CL/cPanel server? Higher load? Higher response times? Broken scripts?
Since you wont be using the secure ASL kernel, no that wont have anything effect on ASL.I'm also planning on running CL's "KernelCare" feature soon. Any issues together with ASL there?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone