Difference between revisions of "ASL prerequisites"
m (→OS Updates) |
m |
||
| Line 5: | Line 5: | ||
= Requirements = | = Requirements = | ||
| − | == Operating system == | + | == Server == |
| + | |||
| + | === Operating system === | ||
ASL is tested on up to date versions of the supported operating systems. This means that you will need to have all vendor patches installed for ASL to work correctly. | ASL is tested on up to date versions of the supported operating systems. This means that you will need to have all vendor patches installed for ASL to work correctly. | ||
| − | === Supported Operating Systems === | + | ==== Supported Operating Systems ==== |
A listed of supported operating systems is provided at this url: | A listed of supported operating systems is provided at this url: | ||
| Line 15: | Line 17: | ||
https://www.atomicorp.com/wiki/index.php/ASL_FAQ#What_Linux_distributions_do_you_support.3F | https://www.atomicorp.com/wiki/index.php/ASL_FAQ#What_Linux_distributions_do_you_support.3F | ||
| − | === OS Updates === | + | ==== OS Updates and patches ==== |
ASL is tested on up to date versions of the supported operating systems. This means that you will need to have all vendor patches installed for ASL to install and work correctly. | ASL is tested on up to date versions of the supported operating systems. This means that you will need to have all vendor patches installed for ASL to install and work correctly. | ||
| Line 21: | Line 23: | ||
ASL will not install on a system that is missing vendors updates, and will generate an alert during installation if vendor updates are missing. You must have you system patched and up to date to install ASL. | ASL will not install on a system that is missing vendors updates, and will generate an alert during installation if vendor updates are missing. You must have you system patched and up to date to install ASL. | ||
| − | == Hardware == | + | === Hardware === |
| − | === Memory === | + | ==== Memory ==== |
ASL requires at least 1 GB of memory. 2 GB of memory is highly recommend to make use of all of ASLs features. | ASL requires at least 1 GB of memory. 2 GB of memory is highly recommend to make use of all of ASLs features. | ||
| − | === CPU === | + | ==== CPU ==== |
ASL does not require a 64bit CPU, however the use of 64Bit CPUs is highly recommended. | ASL does not require a 64bit CPU, however the use of 64Bit CPUs is highly recommended. | ||
| Line 54: | Line 56: | ||
ASL components will be installed in the /boot, /usr, /etc and /var partitions. A minimum of 100MB of free space is required to install ASL, and additional space is required in /var as described above. | ASL components will be installed in the /boot, /usr, /etc and /var partitions. A minimum of 100MB of free space is required to install ASL, and additional space is required in /var as described above. | ||
| − | == Database == | + | === Database === |
| − | === Supported versions === | + | ==== Supported databases ==== |
| + | |||
| + | ASL is supported with MySQL. | ||
| + | |||
| + | ==== Supported versions ==== | ||
ASL optionally can use a database to store event information (this configuration is highly recommended). ASL can use MySQL to do this, and is built to support the version of mysql provided by the vendors of the OSes as described above. It is tested with the software provided by the OS vendor, and therefore, ASL is fully supported with the current version of MySQL provided and supported by the OS vendor on the platform (for supported platforms), as well as the free mysql packages provided by us as part of the atomic rpm repository. | ASL optionally can use a database to store event information (this configuration is highly recommended). ASL can use MySQL to do this, and is built to support the version of mysql provided by the vendors of the OSes as described above. It is tested with the software provided by the OS vendor, and therefore, ASL is fully supported with the current version of MySQL provided and supported by the OS vendor on the platform (for supported platforms), as well as the free mysql packages provided by us as part of the atomic rpm repository. | ||
| Line 66: | Line 72: | ||
Please contact your OS vendor for details about what versions of MySQL they support. | Please contact your OS vendor for details about what versions of MySQL they support. | ||
| − | === MySQL Configuration === | + | ==== MySQL Configuration ==== |
When using mysql, querying caching must be enabled. The following setting in mysql must be set for ASL to perform correctly. Failure to set this will result in significant performance impact to ASL, and the system. | When using mysql, querying caching must be enabled. The following setting in mysql must be set for ASL to perform correctly. Failure to set this will result in significant performance impact to ASL, and the system. | ||
| Line 72: | Line 78: | ||
query_cache_size=32m | query_cache_size=32m | ||
| − | == Additional == | + | === Additional === |
| − | === CPanel === | + | ==== CPanel ==== |
If you have CPanel installed, you must have mod_uniqueid installed for mod_security to work correctly. Please contact CPanel for support if you are not sure how to enable this in CPanel. | If you have CPanel installed, you must have mod_uniqueid installed for mod_security to work correctly. Please contact CPanel for support if you are not sure how to enable this in CPanel. | ||
| − | === Third Party Software === | + | ==== Third Party Software ==== |
| + | |||
| + | ===== modsecurity ===== | ||
[[ASL]] is not supported with third party software that manipulates modsecurity. If you have any third party software of this nature installed, and have issues using or installing ASL, you will need to uninstall this third party software. | [[ASL]] is not supported with third party software that manipulates modsecurity. If you have any third party software of this nature installed, and have issues using or installing ASL, you will need to uninstall this third party software. | ||
| − | = | + | ===== firewalls ===== |
| − | == Memory == | + | [[ASL]] is not supported with third party software that manipulates or manages the Linux firewall, iptables or ipset. If you have any third party software of this nature installed, and have issues using or installing ASL, you will need to uninstall this third party software. |
| + | |||
| + | == Recommendations == | ||
| + | |||
| + | === Memory === | ||
4 GB of memory is recommended for sites with lots of events and/or domains. | 4 GB of memory is recommended for sites with lots of events and/or domains. | ||
| − | == CPU == | + | === CPU === |
Multiple 64Bit CPUs are highly recommended for systems with lots of events and/or events. | Multiple 64Bit CPUs are highly recommended for systems with lots of events and/or events. | ||
| − | == Database == | + | === Database === |
| − | === Query caching === | + | ==== Query caching ==== |
When using mysql, querying caching must be enabled. Larger query caches will result in greater performance, however this must be tuned to the capabilities of the system. Larger query caches also require more memory, so to increase this setting you will need at least 2GB of RAM and preferably 4GB of RAM or more. | When using mysql, querying caching must be enabled. Larger query caches will result in greater performance, however this must be tuned to the capabilities of the system. Larger query caches also require more memory, so to increase this setting you will need at least 2GB of RAM and preferably 4GB of RAM or more. | ||
| Line 108: | Line 120: | ||
You can try larger cache sizes, but we find that 128m is generally as high as you need to go. High values may be counter productive. | You can try larger cache sizes, but we find that 128m is generally as high as you need to go. High values may be counter productive. | ||
| − | === Dedicated I/O channel === | + | ==== Dedicated I/O channel ==== |
For systems with high volumes of events we recommend you move your mysql databases to their own I/O channel separate from your web sites and/or other file system intensive operations. This will give the database its own dedicated I/O channel to the database files. Databases can be quite large, and the ASL events database will grow over time based on the archive settings you have configured in your [[ASL Configuration]]. Therefore, a faster way of reading these databases will improve performance on the system. | For systems with high volumes of events we recommend you move your mysql databases to their own I/O channel separate from your web sites and/or other file system intensive operations. This will give the database its own dedicated I/O channel to the database files. Databases can be quite large, and the ASL events database will grow over time based on the archive settings you have configured in your [[ASL Configuration]]. Therefore, a faster way of reading these databases will improve performance on the system. | ||
| − | === mysql tuning === | + | ==== mysql tuning ==== |
If you are using mysql, we highly recommend you tune it with a professionals help. mysql is a wonderful and powerful database server, but it is not tuned in its default configuration and will perform very poorly as a result. Even if mysql appears to be performing well for you, if you are using the default settings your database server is operating much slower than it needs to be. | If you are using mysql, we highly recommend you tune it with a professionals help. mysql is a wonderful and powerful database server, but it is not tuned in its default configuration and will perform very poorly as a result. Even if mysql appears to be performing well for you, if you are using the default settings your database server is operating much slower than it needs to be. | ||
| Line 130: | Line 142: | ||
http://www.mysqltuner.com/ | http://www.mysqltuner.com/ | ||
| − | === Disk Space === | + | ==== Disk Space === |
ASL will keep records as long as you desire. As a result, you should monitor your database and /var partitions drive usage and prepare accordingly to add more space based on event volume for your system. | ASL will keep records as long as you desire. As a result, you should monitor your database and /var partitions drive usage and prepare accordingly to add more space based on event volume for your system. | ||
| Line 136: | Line 148: | ||
ASL will also record other events, such as file changes and software updates in a special monitoring system, this data is also stored in /var. Please see the [[ASL FAQ]] for further details about tuning this system should you wish to use less drive space for this. | ASL will also record other events, such as file changes and software updates in a special monitoring system, this data is also stored in /var. Please see the [[ASL FAQ]] for further details about tuning this system should you wish to use less drive space for this. | ||
| − | == Test Server == | + | === Test Server === |
Each ASL license lets you install ASL on a product server, a QA server and a test server. We recommend, as do all software companies, that you always test ASL and ASL upgrades on a test machine before making any changes to your production environment. We test our products heavily before putting out an updates, but no software company can account for every possible condition, configuration or environment so you should test upgrade on non-production machines before putting them into production. | Each ASL license lets you install ASL on a product server, a QA server and a test server. We recommend, as do all software companies, that you always test ASL and ASL upgrades on a test machine before making any changes to your production environment. We test our products heavily before putting out an updates, but no software company can account for every possible condition, configuration or environment so you should test upgrade on non-production machines before putting them into production. | ||
| + | |||
| + | = Client = | ||
| + | |||
| + | ASL is managed through a web browser. Please see the following FAQ for a list of browsers that ASL is currently supported: | ||
| + | |||
| + | https://www.atomicorp.com/wiki/index.php/ASL_FAQ#What_browsers_does_the_ASL_GUI_work_with.3F | ||
Revision as of 16:06, 28 February 2013
Contents |
Introduction
ASL is a powerful security suite that will be analyzing actions of your system in real time. For it to work correctly it will need a properly tuned system with reasonable resources. This document outlines the requirements for ASL to function, and recommendations for it perform optimally.
Requirements
Server
Operating system
ASL is tested on up to date versions of the supported operating systems. This means that you will need to have all vendor patches installed for ASL to work correctly.
Supported Operating Systems
A listed of supported operating systems is provided at this url:
https://www.atomicorp.com/wiki/index.php/ASL_FAQ#What_Linux_distributions_do_you_support.3F
OS Updates and patches
ASL is tested on up to date versions of the supported operating systems. This means that you will need to have all vendor patches installed for ASL to install and work correctly.
ASL will not install on a system that is missing vendors updates, and will generate an alert during installation if vendor updates are missing. You must have you system patched and up to date to install ASL.
Hardware
Memory
ASL requires at least 1 GB of memory. 2 GB of memory is highly recommend to make use of all of ASLs features.
CPU
ASL does not require a 64bit CPU, however the use of 64Bit CPUs is highly recommended.
ASL disk space requirements
Minimum space requirements per partition:
| Directory | Minimum Free Space Required |
|---|---|
| /var | 5GB |
| /usr | 500 MB |
| /tmp | 10 MB |
| /etc | 100 MB |
| /boot | 100 MB |
ASL will log and record security events on the system. The amount of space required for this will vary depending on the amount of events that occur on your system. ASL will record all of its events in the /var partition. Therefore, you should have adequate free space available in the /var partition for your system. We recommend at least 5GB of space in this partition, but this is a minimum. You should allocate more space if you intend to keep logs for extended periods of time. You may need to increase this depending on the amount of events that occur on your system and the archive period you have set in your ASL Configuration.
ASL components will be installed in the /boot, /usr, /etc and /var partitions. A minimum of 100MB of free space is required to install ASL, and additional space is required in /var as described above.
Database
Supported databases
ASL is supported with MySQL.
Supported versions
ASL optionally can use a database to store event information (this configuration is highly recommended). ASL can use MySQL to do this, and is built to support the version of mysql provided by the vendors of the OSes as described above. It is tested with the software provided by the OS vendor, and therefore, ASL is fully supported with the current version of MySQL provided and supported by the OS vendor on the platform (for supported platforms), as well as the free mysql packages provided by us as part of the atomic rpm repository.
ASL is not tested or supported with other mysql builds or versions.
For example, if the current vendor supported version of mysql on Redhat 5 is "mysql-server", a package named "MySQL50-server" will not be compatible.
Please contact your OS vendor for details about what versions of MySQL they support.
MySQL Configuration
When using mysql, querying caching must be enabled. The following setting in mysql must be set for ASL to perform correctly. Failure to set this will result in significant performance impact to ASL, and the system.
query_cache_size=32m
Additional
CPanel
If you have CPanel installed, you must have mod_uniqueid installed for mod_security to work correctly. Please contact CPanel for support if you are not sure how to enable this in CPanel.
Third Party Software
modsecurity
ASL is not supported with third party software that manipulates modsecurity. If you have any third party software of this nature installed, and have issues using or installing ASL, you will need to uninstall this third party software.
firewalls
ASL is not supported with third party software that manipulates or manages the Linux firewall, iptables or ipset. If you have any third party software of this nature installed, and have issues using or installing ASL, you will need to uninstall this third party software.
Recommendations
Memory
4 GB of memory is recommended for sites with lots of events and/or domains.
CPU
Multiple 64Bit CPUs are highly recommended for systems with lots of events and/or events.
Database
Query caching
When using mysql, querying caching must be enabled. Larger query caches will result in greater performance, however this must be tuned to the capabilities of the system. Larger query caches also require more memory, so to increase this setting you will need at least 2GB of RAM and preferably 4GB of RAM or more.
For example, on a system with 2GB of RAM the query cache should be set to 128M.
query_cache_size=96m
For systems with 4GB of RAM, or more, a large query cache can be used:
query_cache_size=128m
You can try larger cache sizes, but we find that 128m is generally as high as you need to go. High values may be counter productive.
Dedicated I/O channel
For systems with high volumes of events we recommend you move your mysql databases to their own I/O channel separate from your web sites and/or other file system intensive operations. This will give the database its own dedicated I/O channel to the database files. Databases can be quite large, and the ASL events database will grow over time based on the archive settings you have configured in your ASL Configuration. Therefore, a faster way of reading these databases will improve performance on the system.
mysql tuning
If you are using mysql, we highly recommend you tune it with a professionals help. mysql is a wonderful and powerful database server, but it is not tuned in its default configuration and will perform very poorly as a result. Even if mysql appears to be performing well for you, if you are using the default settings your database server is operating much slower than it needs to be.
You can use the excellent tool mysqltuner to help with this, however this tool will just provide recommendations and an experts assistance should be consulted before making any changes to your mysql configuration, and to make the best use of the recommendations mysqltuner may provide.
To install mysqltuner, please run this command as root:
yum install mysqltuner
And to run it, just run this command:
mysqltuner
More information is available about mysqltuner at this website:
= Disk Space
ASL will keep records as long as you desire. As a result, you should monitor your database and /var partitions drive usage and prepare accordingly to add more space based on event volume for your system.
ASL will also record other events, such as file changes and software updates in a special monitoring system, this data is also stored in /var. Please see the ASL FAQ for further details about tuning this system should you wish to use less drive space for this.
Test Server
Each ASL license lets you install ASL on a product server, a QA server and a test server. We recommend, as do all software companies, that you always test ASL and ASL upgrades on a test machine before making any changes to your production environment. We test our products heavily before putting out an updates, but no software company can account for every possible condition, configuration or environment so you should test upgrade on non-production machines before putting them into production.
Client
ASL is managed through a web browser. Please see the following FAQ for a list of browsers that ASL is currently supported:
https://www.atomicorp.com/wiki/index.php/ASL_FAQ#What_browsers_does_the_ASL_GUI_work_with.3F
