Difference between revisions of "Downloading Rules"
m (→nginx) |
m (→IIS) |
||
Line 150: | Line 150: | ||
===== IIS ===== | ===== IIS ===== | ||
− | Note: modsecurity with IIS should be considered beta quality at best. This has nothing to do with the rules. The IIS port of modsecurity has several known bugs causing it to in some cases miss attacks, and in others to interfere with traffic. We recommend using a proxy server with apache with IIS for best results. | + | Note: modsecurity with IIS should be considered beta quality at best. This has nothing to do with the rules. The IIS port of modsecurity has several known bugs and does not support all the capabilities of either the nginx or apache versions, causing it to in some cases miss attacks, and in others to interfere with traffic. We recommend using a proxy server with apache with IIS for best results. |
The VERSION file contains the current supported version number of that ruleset. For example, using the data above the current version of the realtime modsecurity rules that are supported is: | The VERSION file contains the current supported version number of that ruleset. For example, using the data above the current version of the realtime modsecurity rules that are supported is: |
Revision as of 13:17, 21 December 2016
Contents |
Introduction
The rules came in two forms
1) Real Time Rules
2) Delayed/Unsupported Rules (Discontinued)
Real Time/Supported Rules
Subscription
If you have not already setup a subscription to the Real Time rules ($199.99 a year), you can do so here:
Download
Once your account is setup, you can download the Real Time by following this process:
Automated Method
Full Management Suite
Install ASL.
ASL will automatically download and keep your rules up to date, and will ensure that modsecurity stays up to date so your system can support the latest rules. ASL also provides you with a full security management suite, which will allow you to manage, edit and configure your rules through a web console. It will also protect you from uploaded malware, brute force attacks, DOS attacks, rootkits and many other threats that a WAF can not protect you from.
A full list of ASLs features is available at the URL below:
https://www.atomicorp.com/products/asl.html
Just a downloader
We also provide an automated rule updater and modsecurity installation tool, called aum. You can read more about it on the aum page. You can install it by running these commands as root:
Pre Step)
Remove any modsecurity installation, rules and configuration from your system before installing aum.
Step 1) Install aum
wget -q -O - https://updates.atomicorp.com/installers/aum |bash
Step 2) Configure aum
aum configure
Step 3) Tell aum to install the rules
aum -u
You can read more about aum on the aum documentation page.
Note: This capability is included in ASL. ASL users do not need to install aum, its already included.
Do it Yourself Method
Step 1) Download the file VERSION
https://updates.atomicorp.com/channels/rules/subscription/VERSION
This file will contain the following fields:
ASL_VERSION=3.2.14-31 APPINV_VERSION=20130518124799 CLAMAV_VERSION=20130718104399 GEOMAP_VERSION=20130719103399 GRSEC_VERSION=0 KERNEL_VERSION=3.2.48-54 MODSEC_VERSION=20130719110199 OSSEC_VERSION=20130717175199 WAF_DELAYED_VERSION=20130515162599 WAF_ENGINE_VERSION=2.7.4-15
Step 2) Download the latest rule file
Apache
The VERSION file contains the current supported version number of that ruleset. For example, using the data above the current version of the realtime modsecurity rules that are supported is:
20130719110199
If you want to download that rule file, the format is:
rulefiletype-version.tar.gz
For example, using the version information above the latest modsecurity rules version would be:
https://updates.atomicorp.com/channels/rules/subscription/modsec-20130719110199.tar.gz
Using the VERSION information above, the latest clamav rules would be:
https://updates.atomicorp.com/channels/rules/subscription/clamav-20130718104399.tar.gz
Note: These are not a valid version number. Please check the VERSION file for the current version of the real time rules.
We recommend you use ASL or our free tool aum to keep your rules up to date.
Step 3) Lint your rules
Our rules are built to support the latest stable version of modsecurity. modsecurity changes regularly, including new capabilities, the retiring of old capabilities and changes in the rule language. It is therefore critical that you always use the latest stable version of modsecurity supported by our rules. That version is kept up to date at the URL below:
You will want to check to make sure the latest rules work with the version of modsecurity installed on your system. ASL does this automatically, if you are not using ASL you will need to make sure you have a method in place to do this for your DIY setup or a test environment.
nginx
Note: modsecurity with nginx should be considered beta quality at best. This has nothing to do with the rules. The nginx port of modsecurity has several known bugs causing it to insome cases miss attacks, and in others to interfere with nginx traffic.
The VERSION file contains the current supported version number of that ruleset. For example, using the data above the current version of the realtime modsecurity rules that are supported is:
20130719110199
If you want to download that rule file, the format is:
rulefiletype-version.tar.gz
For example, using the version information above the latest modsecurity rules version would be:
https://updates.atomicorp.com/channels/rules/subscription/experimental/modsec-20130719110199.tar.gz
Using the VERSION information above, the latest clamav rules would be:
https://updates.atomicorp.com/channels/rules/subscription/experimental/clamav-20130718104399.tar.gz
Note: These are not a valid version number. Please check the VERSION file for the current version of the real time rules.
We recommend you use ASL to keep your rules up to date. If you are a DIY customer, we recommend using a tool like wget or curl to download the rules.
Step 3) Lint your rules
Our rules are built to support the latest stable version of modsecurity. modsecurity changes regularly, including new capabilities, the retiring of old capabilities and changes in the rule language. It is therefore critical that you always use the latest stable version of modsecurity supported by our rules. That version is kept up to date at the URL below:
You will want to check to make sure the latest rules work with the version of modsecurity installed on your system. ASL does this automatically, if you are not using ASL you will need to make sure you have a method in place to do this for your DIY setup or a test environment.
IIS
Note: modsecurity with IIS should be considered beta quality at best. This has nothing to do with the rules. The IIS port of modsecurity has several known bugs and does not support all the capabilities of either the nginx or apache versions, causing it to in some cases miss attacks, and in others to interfere with traffic. We recommend using a proxy server with apache with IIS for best results.
The VERSION file contains the current supported version number of that ruleset. For example, using the data above the current version of the realtime modsecurity rules that are supported is:
20130719110199
If you want to download that rule file, the format is:
rulefiletype-version.tar.gz
For example, using the version information above the latest modsecurity rules version would be:
https://updates.atomicorp.com/channels/rules/subscription/experimental/modsec-20130719110199.tar.gz
Using the VERSION information above, the latest clamav rules would be:
https://updates.atomicorp.com/channels/rules/subscription/experimental/clamav-20130718104399.tar.gz
Note: These are not a valid version number. Please check the VERSION file for the current version of the real time rules.
We recommend you use ASL to keep your rules up to date. If you are a DIY customer, we recommend using a tool like wget or curl to download the rules.
Step 3) Install with windows versions of the rules
Within the archive file is a sub directory "windows". This contains the version of the modsecurity rules that will work with IIS. (IIS does not support some of the functions in apache and nginx, and those rulesets are either removed or modified for this lack of funtionality in the IIS port of modsecurity)
Step 4) Lint your rules
Our rules are built to support the latest stable version of modsecurity. modsecurity changes regularly, including new capabilities, the retiring of old capabilities and changes in the rule language. It is therefore critical that you always use the latest stable version of modsecurity supported by our rules. That version is kept up to date at the URL below:
You will want to check to make sure the latest rules work with the version of modsecurity installed on your system. ASL does this automatically, if you are not using ASL you will need to make sure you have a method in place to do this for your DIY setup or a test environment.
Unsupported third party scripts
One of our customers has put together a script to keep your rules up to date, you can get this script from the URL below:
http://puntapirata.com/ModSec-Updater.php
This script is not supported by Atomicorp, please direct any questions you may have regarding this script to the author.
If you require an automated solution that is supported by Atomicorp, please use ASL or aum.
Delayed/Unsupported/Free Rules
The Delayed/Unsupported/Free rules are no longer available.
Delayed/Unsupported Feed Download
If you want to try out the Real Time rules please sign up here.
Or if you want to try the full security suite, Atomic Secured Linux (ASL), on a trial basis, just sign up for a 10 day free trial here.
Questions
Please see the https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules_FAQ.