Atomicorp

I have been testing the free rules on a cPanel server and am now thinking of moving to the paid asl-lite subscription, however I have a few questions about the potential move.

1) Do I need to remove the current installation of ModSec that was done using EasyApache, or will asl-lite installer recognise it's already installed and integrate with it?
2) I use ConfigServer Security&Firewall with settings to blocks ips for multiple ModSecurity alerts. If I do need to remove the current ModSec installation and reinstall using asl-lite installer, will CSF still integrate correctly with ModSec?
3) I also use ConfigServer ModSec Control plugin to manage ModSec so have the following queries:
a) will this still work?
b) is it still needed?
c) if it won't work, does asl-lite provide some kind of admin tool in WHM?

Any advice will be greatly appreciated

asl-lite itself is just a rule downloader, the implementation of mod_security is up to you.

ASL 3.0 on the other hand is what you're talking about, it knows about easyapache and how to download/configure/install mod_security in a cpanel environment. It will automatically manage itself whenever you upgrade apache on the system, and you don't need to know anything about mod_security to use it.

If you were planning on putting your own mod_security, then check out this page here:
http://www.atomicorp.com/wiki/index.php ... _using_ASL

Thanks Scott

Yeah, I've taken a quick look at the info on ASL 3.0 for cPanel and may look at that further down the track. For now though, I'm just wanting to get hold of the most current rules as they are released so I figure asl-lite should be ok.

So basically, all I would need to do to switch to using asl-lite would be to remove the current rules I have in place and then install asl-lite which would download the latest rule set. Is that correct?

Thanks for your help.

Yup pretty much, its going to download the rules, copy them to the directory you specify, and then restart apache (again the way you specify). Its also set up to let you configure which rule classes to install.

I also highly recommend configuring it the way we outlined in the wiki. The default way they build and load the module is prone to a number of bypass vulnerabilities.

scott wrote:I also highly recommend configuring it the way we outlined in the wiki. The default way they build and load the module is prone to a number of bypass vulnerabilities.

Cool, thanks Scott.

Are you referring in the comment above to making the additions to the main config file? If so, all good cause I have them in place already.

are the version numbers in that wiki still accurate?

are the version numbers in that wiki still accurate?

For modsecurity? Yes. Or did you mean some other version number?

apr, pcre, modsec are all listed there with a specific version to download and install

If you are using cpanel, use ASL. ASL will make sure all the versions are right, compiled correctly and are working. Do not compile modsecurity from scratch if you are using ASL, ASL will take care of it for you.

If you are not using ASL with cpanel then yes those are correct today. You have to build modsecurity from scratch, and those versions should work.

Or just make sure you have ASL with cpanel and you will be fine.

With that said, I hope cpanel embraces rpms for apache so we can provide known tested builds that we know always work, because when you compile from scratch on a box in an unknown state all bets are off.