Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Test ModSecurity Cpanel Install

https://forums.atomicorp.com/viewtopic.php?t=6548

Page 1 of 1

Test ModSecurity Cpanel Install

Posted: Tue Jan 29, 2013 2:06 pm
by DustinO
I would like to run a simple test to see if ModSecurity is indeed working on my cpanel install. I noticed the wget test on

http://www.atomicorp.com/wiki/index.php ... ules#Notes

but I am not sure if that test will work for the rules included for the cpanel install.

Re: Test ModSecurity Cpanel Install

Posted: Tue Jan 29, 2013 5:08 pm
by mikeshinn
Do you mean the default cpanel modsecurity rules? I dont think they stop that kind of attack.

Re: Test ModSecurity Cpanel Install

Posted: Wed Jan 30, 2013 11:01 am
by DustinO
This is listed at the default for cpanel. I would like to test somehow that they are working. The wget test did not work for me, should it have? If not, what would be another test?

Code: Select all

SecRequestBodyAccess On
 SecAuditLogType Concurrent
 SecResponseBodyAccess On
 SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 2621440
 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 SecServerSignature Apache
 SecUploadDir /var/asl/data/suspicious
 SecUploadKeepFiles Off
 SecAuditLogParts ABIFHZ
 SecArgumentSeparator "&"
 SecCookieFormat 0
 SecRequestBodyInMemoryLimit 131072
 SecDataDir /var/asl/data/msa
 SecTmpDir /tmp
 SecAuditLogStorageDir /var/asl/data/audit
 SecResponseBodyLimitAction ProcessPartial
  
 Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
 Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
 Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
 Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
 Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
 Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
 Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf

Re: Test ModSecurity Cpanel Install

Posted: Wed Jan 30, 2013 1:51 pm
by mikeshinn
Oh, I apologize I misunderstood you. You mean *our* modsecurity configuration using *our* rules. Yes, our rules stop that attack, and that test procedure will work provided you installed and configured modsecurity exactly as described in this document:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

You'll find the test procedure here:

https://www.atomicorp.com/wiki/index.ph ... are_loaded
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited