Difference between revisions of "Downloading Rules"

From Atomicorp Wiki
Jump to: navigation, search
(Just a downloader)
(Replaced content with "Please see our new documentation website: https://docs.atomicorp.com/gotrootModsec/installation.html")
 
(34 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Introduction =
+
Please see our new documentation website:
  
The rules came in two forms
+
https://docs.atomicorp.com/gotrootModsec/installation.html
 
+
1) Real Time Rules
+
 
+
2) Delayed/Unsupported Rules (Discontinued)
+
 
+
== Real Time/Supported Rules ==
+
 
+
=== Subscription ===
+
 
+
If you have not already setup a subscription to the '''Real Time rules''' (only $14.95 a month, or $99.95 a year), you can do so here:
+
 
+
[https://www.atomicorp.com/acshop.html Real Time Feed Signup]
+
 
+
=== Download ===
+
 
+
Once your account is setup, you can download the Real Time by following this process:
+
 
+
==== Automated Method ====
+
 
+
===== Full Management Suite =====
+
 
+
Install [[ASL]]. 
+
 
+
ASL will automatically download and keep your rules up to date, and will ensure that modsecurity stays up to date so your system can support the latest rules.  ASL also provides you with a full security management suite, which will allow you to manage, edit and configure your rules through a web console.  It will also protect you from uploaded malware, brute force attacks, DOS attacks, rootkits and many other threats that a WAF can not protect you from.
+
 
+
A full list of ASLs features is available at the URL below:
+
 
+
https://www.atomicorp.com/products/asl.html
+
 
+
===== Just a downloader =====
+
 
+
We also provide an automated rule downloader and modsecurity installation tool, called "aum".  You can install it by running this command as root:
+
 
+
wget -q -O - http://updates.atomicorp.com/installers/aum |sh
+
 
+
You can read more about aum on the [[aum]] documentation page.
+
 
+
Note:  This capability is included in [[ASL]].  ASL users do not need to install aum, its already included.
+
 
+
==== Do it Yourself Method ====
+
 
+
The rules are also available for download from the URL below:
+
 
+
[http://updates.atomicorp.com/channels/rules/subscription/ Real Time Rules Download]
+
 
+
 
+
'''Step 1) Download the file VERSION'''
+
 
+
http://updates.atomicorp.com/channels/rules/subscription/VERSION
+
 
+
This file will contain the following fields:
+
 
+
<pre>
+
ASL_VERSION=3.2.14-31
+
APPINV_VERSION=20130518124799
+
CLAMAV_VERSION=20130718104399
+
GEOMAP_VERSION=20130719103399
+
GRSEC_VERSION=0
+
KERNEL_VERSION=3.2.48-54
+
MODSEC_VERSION=20130719110199
+
OSSEC_VERSION=20130717175199
+
WAF_DELAYED_VERSION=20130515162599
+
WAF_ENGINE_VERSION=2.7.4-15
+
</pre>
+
 
+
'''Step 2) Download the latest rule file'''
+
 
+
The VERSION file contains the current supported version number of that ruleset.  For example, using the data above the current version of the realtime modsecurity rules that are supported is:
+
 
+
20130719110199
+
 
+
If you want to download that rule file, the format is:
+
 
+
rulefiletype-version.tar.gz
+
 
+
For example, using the version information above the latest modsecurity rules version would be:
+
 
+
http://updates.atomicorp.com/channels/rules/subscription/modsec-20130719110199.tar.gz
+
 
+
Using the VERSION information above, the latest clamav rules would be:
+
 
+
http://updates.atomicorp.com/channels/rules/subscription/clamav-20130718104399.tar.gz
+
 
+
Note:  These are not a valid version number.  Please check the VERSION file for the current version of the real time rules.
+
 
+
We recommend you use [[ASL]] to keep your rules up to date.  If you are a DIY customer, we recommend using a tool like wget or curl to download the rules.
+
 
+
'''Step 3) Optional:  Confirm the rule file is valid'''
+
 
+
We sign each rule file with GNUPG.  Each rule file includes a paired file with a .asc extension.  This includes the digital signature for that rule file.  For example, to download that file for the rule file above you would download this file:
+
 
+
http://updates.atomicorp.com/channels/rules/subscription/modsec-201307191101.tar.gz.asc
+
 
+
You can use a tool like gpg or PGP to check the digital signature on this file.  For example:
+
 
+
gpg modsec-201307191101.tar.gz.asc
+
 
+
If the file is valid, you will see a response similar to this:
+
 
+
gpg: Signature made Fri 19 Jul 2013 11:01:24 AM EDT using RSA key ID 4520AFA9
+
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>"
+
 
+
You can download our GPG key from this URL:
+
 
+
https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt
+
 
+
'''Step 4) Lint your rules'''
+
 
+
Our rules are built to support the latest stable version of modsecurity.  modsecurity changes regularly, including new capabilities, the retiring of old capabilities and changes in the rule language.  It is therefore critical that you always use the latest stable version of modsecurity supported by our rules.  That version is kept up to date at the URL below:
+
 
+
https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules#Minimum_Version_of_Modsecurity_Required_to_use_the_rules
+
 
+
You will want to check to make sure the latest rules work with the version of modsecurity installed on your system.  [[ASL]] does this automatically, if you are not using [[ASL]] you will need to make sure you have a method in place to do this for your DIY setup or a test environment.
+
 
+
==== Unsupported third party scripts ====
+
 
+
One of our customers has put together a script to keep your rules up to date, you can get this script from the URL below:
+
 
+
http://puntapirata.com/ModSec-Updater.php
+
 
+
This script is not supported by Atomicorp, please direct any questions you may have regarding this script to the author.
+
 
+
If you require an automated solution that is supported by Atomicorp, please use [[ASL]].
+
 
+
== Delayed/Unsupported/Free Rules ==
+
 
+
The '''Delayed/Unsupported/Free''' rules are no longer available.
+
 
+
[http://updates.atomicorp.com/channels/rules/delayed/ Delayed/Unsupported Feed Download]
+
 
+
If you want to try out the Real Time rules please sign up [https://www.atomicorp.com/amember/signup.php?price_group=-2&product_id=22&hide_paysys=free here].
+
 
+
Or if you want to try the full security suite, Atomic Secured Linux (ASL), on a trial basis, just sign up for a [https://www.atomicorp.com/amember/signup.php?price_group=-1&product_id=17&hide_paysys=free 30 day free trial here].
+
 
+
= Questions =
+
 
+
Please see the https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules_FAQ.
+

Latest revision as of 19:43, 4 February 2022

Please see our new documentation website:

https://docs.atomicorp.com/gotrootModsec/installation.html

Personal tools