File injection problem

[arctic_ged]

Ok my boss just authorised the purchase of ASL, looking forward to seeing how it all works.

[arctic_ged]

A quick question, I just installed ASL, what is going to happen to the existing installation of mod security? Should I remove it?

[scott]

If you're using mod_security from the atomic repo its the same package

[arctic_ged]

Is there a way I can scan the server for malware?

[scott]

Yeah that should be running after installation, you can check /root/asl-malware-scan.log

[mikeshinn]

https://www.atomicorp.com/wiki/index.ph ... malware.3F

Keep in mind thats just one of the tools in ASL that will look for bad things, the kernel will detect malware trying to do bad things (and will stop it), if you enable dazuko that will check for and stop malware in real time, and ASL will also baseline all your software and will report if anything changes so that you can know if some if trying to replace system components or backdoor the system.

Also the WAF will detect malware running through the webserver, and will stop it from running. So there are a lot of things in ASL that will also detect malware for you in realtime, and the default configuration is to stop it from running too.

[arctic_ged]

Thanks for that info, im performing a malware scan right now as after install i restarted the server too quickly and the scan did not complete (log file was empty) now things are showing up on screen...

Another quick question, when I go to my control panel www.mydomain.com:30000 it displays the wrong SSL cert, how can I change this?

[scott]

Sure, we store the certificates in the normal location:

/etc/pki/tls/certs/

which is called from /var/asl/etc/httpd/conf.d/ssl.conf

The standard redhat/centos procedures apply for changing the certificate on the system

[Highland]

ASL uses its own instance of Apache on port 30000. If you want to add a signed certificate I would guess you'd do it in /var/asl/etc/httpd/conf/asl-httpd.conf (which appears to be the only Apache config file).

[arctic_ged]

Ok the certificate inside this directory is for a different domain name and it is expired, My control panel certificate is stored in:
/usr/local/psa/admin/conf/httpsd.pem and /usr/local/psa/admin/conf/rootchain.pem, however the ssl.conf points to crt files:

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

How do I convert the .pem server certificate to .crt and how do I create a localhost.key file?

[Highland]

Before we go any further, why do you want the ASL tool to have a signed certificate? This tool is separate from your main instance of Apache and will only likely be used by you and your coworkers/employees.

[arctic_ged]

Because if I click on the "Atomic Secured Linux" link in plesk (under "Links to Additional Services") I get an ugly message:

Code: Select all

This web page is not available
The web page at https://xxx.xxx.xxx.xxx:30000/ might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.

[Highland]

Ah, OK, that's not because of your SSL certificate, that's something else entirely. Looks like asl-httpd is down. Can you try relaunching the service and see what happens?