Atomicorp

Hi,

I have a debian 7.7 system. I wanted to install only the modsec rules by atomiccrp.

I installed modsecurity 2.8 and built it. Then I ran aum. But modsec didnt work.

Later I read somewhere that modsecurity that is compiled from source will not work with atomicorp rules.

Please advise on what I should do to just get the rules.

Will aum install modsecurity? But now that I deleted /var/asl, I cannot get aum to configure. I tried to get just the rules, from an atomicorp wiki, but then it says to install modsecurity from their repo, I couldnt find a debian modsec in the repo.

Please help me fix this urgently.

I have a debian 7.7 system. I wanted to install only the modsec rules by atomiccrp.

I installed modsecurity 2.8 and built it. Then I ran aum. But modsec didnt work.

Later I read somewhere that modsecurity that is compiled from source will not work with atomicorp rules.

Not exactly, what we recommend is using 2.7.7 with our patches applied. 2.8 will work, its just very very buggy. Especially with any IP block translations.

Please advise on what I should do to just get the rules.

Will aum install modsecurity?

It will on rhel, centos and cloudlinux. For the debian distros (and clones) the plesk build for mod_security has some of our patches applied.

But now that I deleted /var/asl, I cannot get aum to configure.

That would be bad Its still going to be listed as installed in the debian package database. So if you tried to install it again, it would fail on it already being in there and not let you.

I tried to get just the rules, from an atomicorp wiki, but then it says to install modsecurity from their repo, I couldnt find a debian modsec in the repo.

We do not have any .deb packages at this time, its something we're planning on having soon though.

scott wrote:We do not have any .deb packages at this time, its something we're planning on having soon though.

Is Debian support planned for ASL entirely or just modsec?

Yes, we're planning on expanding into several other platforms, including debian, ubuntu, and windows. Currently we're working on expanding the WAF into Windows server systems.

scott wrote:Yes, we're planning on expanding into several other platforms, including debian, ubuntu, and windows. Currently we're working on expanding the WAF into Windows server systems.

do you think debian or ubuntu will come first?

and the natural follow up question, is there a rough estimate for when it would be out?

Thanks

Windows will be first, we're working on that right now. Then there be more work next quarter after that on the debian/suse/ubuntu WAF product (ie this is what we include on plesk now, making this more flexible, etc), which builds some dependencies for ASL on debian/ubuntu/suse.

scott wrote:Windows will be first, we're working on that right now. Then there be more work next quarter after that on the debian/suse/ubuntu WAF product (ie this is what we include on plesk now, making this more flexible, etc), which builds some dependencies for ASL on debian/ubuntu/suse.

might be forking our the dough for Alien Vault here soon... i need to run Ubuntu (PHP version support on CentOS just isn't cutting it for long term plans, for example Laravel prereq support). Sorry for asking again, but is it around the corner or still no ETA possible?

on another note, how does ASL compare to OSSIM/USM from Alien Vault?

TIA