Atomic ModSecurity Rules

From Wiki

Jump to: navigation, search

Atomic Secured Linux includes the Atomic Modsecurity Rules. If you have ASL, you probably dont need to configure your rules, ASL will do this for you. These docs are targeted at users that need to configure the rules for non-ASL environments.

[edit] ModSecurity 2.5 Installation Notes

[edit] Rule Installation Notes

Assuming you have modsecurity 2.5, you will want to create this directory:

/etc/httpd/modsecurity.d

And you will want to add these lines to your modsecurity.conf file:

Include modsecurity.d/*asl*.conf

And then copy the ASL rules into /etc/httpd/modsecurity.d and finally make sure you have these defined in your modsecurity.conf file:

(If you already have these set, you can leave them alone, they just need to be set for 2.5, here are some examples we use:)

SecDataDir /var/asl/data/msa SecTmpDir /tmp SecAuditLogStorageDir /var/asl/data/audit

And last but not least, if you use this file:

05_asl_scanner.conf

Make sure you have clamav installed. This forces all uploads to go thru clamav to look for malware, viruses, etc. If you dont need that, then you can leave this config file out.

Retrieved from "http://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules"
Personal tools