File injection problem
-
- Forum User
- Posts: 18
- Joined: Tue Jun 08, 2010 4:50 am
Re: File injection problem
Ok my boss just authorised the purchase of ASL, looking forward to seeing how it all works.
-
- Forum User
- Posts: 18
- Joined: Tue Jun 08, 2010 4:50 am
Re: File injection problem
A quick question, I just installed ASL, what is going to happen to the existing installation of mod security? Should I remove it?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: File injection problem
If you're using mod_security from the atomic repo its the same package
-
- Forum User
- Posts: 18
- Joined: Tue Jun 08, 2010 4:50 am
Re: File injection problem
Is there a way I can scan the server for malware?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: File injection problem
Yeah that should be running after installation, you can check /root/asl-malware-scan.log
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: File injection problem
https://www.atomicorp.com/wiki/index.ph ... malware.3F
Keep in mind thats just one of the tools in ASL that will look for bad things, the kernel will detect malware trying to do bad things (and will stop it), if you enable dazuko that will check for and stop malware in real time, and ASL will also baseline all your software and will report if anything changes so that you can know if some if trying to replace system components or backdoor the system.
Also the WAF will detect malware running through the webserver, and will stop it from running. So there are a lot of things in ASL that will also detect malware for you in realtime, and the default configuration is to stop it from running too.
Keep in mind thats just one of the tools in ASL that will look for bad things, the kernel will detect malware trying to do bad things (and will stop it), if you enable dazuko that will check for and stop malware in real time, and ASL will also baseline all your software and will report if anything changes so that you can know if some if trying to replace system components or backdoor the system.
Also the WAF will detect malware running through the webserver, and will stop it from running. So there are a lot of things in ASL that will also detect malware for you in realtime, and the default configuration is to stop it from running too.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum User
- Posts: 18
- Joined: Tue Jun 08, 2010 4:50 am
Re: File injection problem
Thanks for that info, im performing a malware scan right now as after install i restarted the server too quickly and the scan did not complete (log file was empty) now things are showing up on screen...
Another quick question, when I go to my control panel www.mydomain.com:30000 it displays the wrong SSL cert, how can I change this?
Another quick question, when I go to my control panel www.mydomain.com:30000 it displays the wrong SSL cert, how can I change this?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: File injection problem
Sure, we store the certificates in the normal location:
/etc/pki/tls/certs/
which is called from /var/asl/etc/httpd/conf.d/ssl.conf
The standard redhat/centos procedures apply for changing the certificate on the system
/etc/pki/tls/certs/
which is called from /var/asl/etc/httpd/conf.d/ssl.conf
The standard redhat/centos procedures apply for changing the certificate on the system
Re: File injection problem
ASL uses its own instance of Apache on port 30000. If you want to add a signed certificate I would guess you'd do it in /var/asl/etc/httpd/conf/asl-httpd.conf (which appears to be the only Apache config file).
"Its not a mac. I run linux... I'm actually cool." - scott
-
- Forum User
- Posts: 18
- Joined: Tue Jun 08, 2010 4:50 am
Re: File injection problem
Ok the certificate inside this directory is for a different domain name and it is expired, My control panel certificate is stored in:
/usr/local/psa/admin/conf/httpsd.pem and /usr/local/psa/admin/conf/rootchain.pem, however the ssl.conf points to crt files:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
How do I convert the .pem server certificate to .crt and how do I create a localhost.key file?
/usr/local/psa/admin/conf/httpsd.pem and /usr/local/psa/admin/conf/rootchain.pem, however the ssl.conf points to crt files:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
How do I convert the .pem server certificate to .crt and how do I create a localhost.key file?
Re: File injection problem
Before we go any further, why do you want the ASL tool to have a signed certificate? This tool is separate from your main instance of Apache and will only likely be used by you and your coworkers/employees.
"Its not a mac. I run linux... I'm actually cool." - scott
-
- Forum User
- Posts: 18
- Joined: Tue Jun 08, 2010 4:50 am
Re: File injection problem
Because if I click on the "Atomic Secured Linux" link in plesk (under "Links to Additional Services") I get an ugly message:
Code: Select all
This web page is not available
The web page at https://xxx.xxx.xxx.xxx:30000/ might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.
Re: File injection problem
Ah, OK, that's not because of your SSL certificate, that's something else entirely. Looks like asl-httpd is down. Can you try relaunching the service and see what happens?
"Its not a mac. I run linux... I'm actually cool." - scott