Difference between revisions of "Aum"

From Atomicorp Wiki
Jump to: navigation, search
m (Rules Only licenses)
m (ASL)
(19 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
= Introduction =
 
= Introduction =
  
aum is the atomic update manager.  It is used by many Atomicorp products to update components.
+
aum is the atomic update manager.  It is used by many Atomicorp products to update components.  
 +
 
 +
== ASL ==
 +
 
 +
For users with an ASL license, aum can update the following:
 +
 
 +
# ASL, including aum
 +
# Secure Kernel
 +
# Host Based Intrusion Detection System (HIDS)
 +
# EDR system
 +
# EPP system
 +
# Vulnerability Shield
 +
# Web Application Firewall (WAF)
 +
# Transparent Web Application Firewall (T-WAF)
 +
# modsecurity Web Application Firewall
 +
# RBLs
 +
# Firewall components
 +
# Log Intrusion Detection System (LIDS)
 +
# Active Response System
 +
# RBLs
 +
# GeoIP databases
 +
# Web console
 +
# Realtime malware protection system
 +
# Malware upload protection system
 +
# Threat Intelligence system
 +
# clamav signatures
 +
# Support packages used by ASL
 +
 
 +
Note: This is controlled by the following options:
 +
 
 +
https://www.atomicorp.com/wiki/index.php/ASL_Configuration#AUTOMATIC_UPDATES
 +
 
 +
https://www.atomicorp.com/wiki/index.php/ASL_Configuration#UPDATE_TYPE
 +
 
 +
== Rules Only ==
 +
 
 +
For users with just a rules license aum can update the following:
 +
 
 +
# aum
 +
# modsecurity rules
 +
# modsecurity
 +
 
 +
Note:  This is controlled by the users configuration of aum.
 +
 
 +
== Supported Platforms ==
 +
 
 +
* redhat 5/6
 +
* centos 5/6
 +
* cloudlinux 5/6
 +
* debian 6/7/8
 +
* ubuntu 10/12/14
 +
* opensuse 12/13
  
 
= Installation =
 
= Installation =
Line 7: Line 58:
 
== ASL ==
 
== ASL ==
  
aum is included in ASL.  There is no need to install itDo not manually install aum with ASL.
+
aum is included in ASL.  There is no need to install it, its already on your system!
 +
 
 +
Note: Do not manually install aum if you have ASL installed.
  
 
== Rules Only licenses ==
 
== Rules Only licenses ==
Line 14: Line 67:
  
 
https://www.atomicorp.com/wiki/index.php/Downloading_Rules#Just_a_downloader
 
https://www.atomicorp.com/wiki/index.php/Downloading_Rules#Just_a_downloader
 +
 +
== Configuration ==
 +
 +
Please see this page:
 +
 +
[[aum configuration]]
 +
 +
=== Cpanel specific notes ===
 +
 +
==== modsec2.user.conf ====
 +
 +
If apache is not configured to load this file, one easy way to include this is to create a symlink from the /etc/httpd/conf.d directory with the command below:
 +
 +
''ln -s /usr/local/apache/conf/modsec2.user.conf  /etc/httpd/conf.d/99999_modsec2.user.conf''
 +
 +
The /etc/httpd/conf.d directory is the Linux standard directory for apache configuration files.  Adding a configuration file to this directory will normally tell apache to load the configuration file.  aum will setup cpanel apache systems to use this standard method to support standard apache configuration files.
 +
 +
Note:  This configuration is not enabled by default to prevent configuration loops.  Some cpanel systems may be misconfigured to load their rules twice.  If you have trouble starting apache after symlinking this file, remove the symlink and check your apache configuration for duplicate entires.
  
 
= Frequently Asked Questions =
 
= Frequently Asked Questions =
Line 26: Line 97:
  
 
Yes, aum supports the full range of current rules available to rules only users.  asl-lite did not.
 
Yes, aum supports the full range of current rules available to rules only users.  asl-lite did not.
 +
 +
== Will aum keep mod_security up to date? ==
 +
 +
Yes.  When an update is required by the rules, it will upgrade mod_security.  When an update is not required by the rules, it will not upgrade mod_security.
 +
 +
Note:  For rules only customers, you may see that aum has a slightly older version of mod_security installed than with ASL.  This is expected, as rules only systems do not have access to the full feature set in ASL, and occasionally we release updates to mod_security that not rule related but contains features ASL uses.
  
 
== How can I enable/disable rules if I dont have ASL? ==
 
== How can I enable/disable rules if I dont have ASL? ==
Line 42: Line 119:
  
 
No, check enable/disable the class in /etc/asl/config
 
No, check enable/disable the class in /etc/asl/config
 +
 +
== Can I configure what aum updates? ==
 +
 +
Yes.  The following options in /etc/asl/config are available for rules only aum users:
 +
 +
 +
=== AUTOMATIC_UPDATES ===
 +
 +
Configures the update frequency for aum to download and install updates, such as new rules and signatures
 +
 +
NOTE: Updates can be run manually from the command line with aum -u.
 +
 +
If a software update is available you should follow your normal patch management procedure. We recommend that all users test upgrades on a test system before deploying to a production system. See "UPDATE_TYPE" below.
 +
 +
=== UPDATE_TYPE ===
 +
 +
Configures the behavior of the AUTOMATIC_UPDATE event. There are three options:
 +
 +
All: This will upgrade all compotents aum can update.  Please see above for a list of components for ASL and rules only users.
 +
 +
Exclude-kernel: This will upgrade all ASL software, rule and signatures updates but not upgrade the kernel.  (Note:  This has no effect for rules only users of aum)
 +
 +
rules-only: This will exclude all software updates except for rules.  Note:  If a rule update requires an update to a component, for example modsecurity, the component will not be installed and that rule update will also not be installed.
 +
 +
Important Notice: Some rule and signature updates may not work without other compoents being updated, so if you set this to "rules only" be sure to regularly check your system for any software updates for ASL, or other components for rules only users (such as modsecurity) to be fully protected and to ensure compatibility.
  
 
== How can I disable automatic updates? ==
 
== How can I disable automatic updates? ==
Line 62: Line 164:
 
== How can I change the tortix_waf.conf file? ==
 
== How can I change the tortix_waf.conf file? ==
  
aum will generate an initial configuration file.  Except for [[ASL]], aum will not change this file.  Therefore, you can manually change it.
+
aum will manage this file from settings in /etc/asl/configEditing this file directly is not supported.
  
 
== What are the asl-php rpms for? ==
 
== What are the asl-php rpms for? ==
  
aum has its own, independent PHP engine that is only used by aum. aum does not use your operating systems PHP installation, and aums independent PHP engine is not used by your web server, web applications or Operating system. aum will not remove, replace, modify or upgrade or otherwise change your existing PHP installation. The asl-php RPMs are a completely separate independent isolated PHP engine that is not used by your operating system, or web server (apache, nginx, litespeed or any other web server), nor will they have any effect on any other application on your system, including any web or PHP applications.
+
This is actually a legacy thing with AUM. AUM doesn't use the asl-php RPMs anymore. It uses curl. As a result these RPMs are no longer used.
 
+
These rpms will not and do not have any effect on your operating systems and are only installed in /var/asl and are only used by aum.
+
 
+
The as-php rpm packages will always start with the name "asl", for example:
+
 
+
asl-php-cli-5.4.17-15.el6.art.x86_64
+
asl-php-5.4.17-15.el6.art.x86_64
+
asl-php-process-5.4.17-15.el6.art.x86_64
+
asl-php-gd-5.4.17-15.el6.art.x86_64
+
asl-php-pecl-apc-3.1.13-4.el6.art.x86_64
+
asl-php-common-5.4.17-15.el6.art.x86_64
+
asl-php-mysqlnd-5.4.17-15.el6.art.x86_64
+
asl-php-pdo-5.4.17-15.el6.art.x86_64
+
 
+
Do not change, remove, configure, block the installation or upgrade of, or otherwise modify the asl-php rpms or their configuration files, they are only used by ASL for its web console.
+
 
+
If you are having problems with your operating systems PHP, webservers PHP handler, webservers PHP applications or other PHP applications: aum did not install, upgrade, replace, configure or remove any part of your systems or web servers PHP installation. Contact your PHP vendor for assistance.
+

Revision as of 17:43, 9 July 2018

Contents

Introduction

aum is the atomic update manager. It is used by many Atomicorp products to update components.

ASL

For users with an ASL license, aum can update the following:

  1. ASL, including aum
  2. Secure Kernel
  3. Host Based Intrusion Detection System (HIDS)
  4. EDR system
  5. EPP system
  6. Vulnerability Shield
  7. Web Application Firewall (WAF)
  8. Transparent Web Application Firewall (T-WAF)
  9. modsecurity Web Application Firewall
  10. RBLs
  11. Firewall components
  12. Log Intrusion Detection System (LIDS)
  13. Active Response System
  14. RBLs
  15. GeoIP databases
  16. Web console
  17. Realtime malware protection system
  18. Malware upload protection system
  19. Threat Intelligence system
  20. clamav signatures
  21. Support packages used by ASL

Note: This is controlled by the following options:

https://www.atomicorp.com/wiki/index.php/ASL_Configuration#AUTOMATIC_UPDATES

https://www.atomicorp.com/wiki/index.php/ASL_Configuration#UPDATE_TYPE

Rules Only

For users with just a rules license aum can update the following:

  1. aum
  2. modsecurity rules
  3. modsecurity

Note: This is controlled by the users configuration of aum.

Supported Platforms

  • redhat 5/6
  • centos 5/6
  • cloudlinux 5/6
  • debian 6/7/8
  • ubuntu 10/12/14
  • opensuse 12/13

Installation

ASL

aum is included in ASL. There is no need to install it, its already on your system!

Note: Do not manually install aum if you have ASL installed.

Rules Only licenses

Please see the link below:

https://www.atomicorp.com/wiki/index.php/Downloading_Rules#Just_a_downloader

Configuration

Please see this page:

aum configuration

Cpanel specific notes

modsec2.user.conf

If apache is not configured to load this file, one easy way to include this is to create a symlink from the /etc/httpd/conf.d directory with the command below:

ln -s /usr/local/apache/conf/modsec2.user.conf /etc/httpd/conf.d/99999_modsec2.user.conf

The /etc/httpd/conf.d directory is the Linux standard directory for apache configuration files. Adding a configuration file to this directory will normally tell apache to load the configuration file. aum will setup cpanel apache systems to use this standard method to support standard apache configuration files.

Note: This configuration is not enabled by default to prevent configuration loops. Some cpanel systems may be misconfigured to load their rules twice. If you have trouble starting apache after symlinking this file, remove the symlink and check your apache configuration for duplicate entires.

Frequently Asked Questions

ASL

aum is fully integrated into ASL and can be managed fully from the ASL web console. Please see the ASL_Configuration page for configuration options for ASL.

Rules only users

Does aum install more rules than asl-lite?

Yes, aum supports the full range of current rules available to rules only users. asl-lite did not.

Will aum keep mod_security up to date?

Yes. When an update is required by the rules, it will upgrade mod_security. When an update is not required by the rules, it will not upgrade mod_security.

Note: For rules only customers, you may see that aum has a slightly older version of mod_security installed than with ASL. This is expected, as rules only systems do not have access to the full feature set in ASL, and occasionally we release updates to mod_security that not rule related but contains features ASL uses.

How can I enable/disable rules if I dont have ASL?

aum can disable rule classs, it can not disable/enable specific rules. You need ASL for that level of granularity.

How can I enable/disable rule classes if I dont have ASL?

Rule classes are enabled/disabled in the /etc/asl/config file. Setting a rule class to "yes" enables it, and "no" disables it.

Does aum use the /etc/asl/config file settings

Yes.

Do rule sets still need to be manually disabled?

No, check enable/disable the class in /etc/asl/config

Can I configure what aum updates?

Yes. The following options in /etc/asl/config are available for rules only aum users:


AUTOMATIC_UPDATES

Configures the update frequency for aum to download and install updates, such as new rules and signatures

NOTE: Updates can be run manually from the command line with aum -u.

If a software update is available you should follow your normal patch management procedure. We recommend that all users test upgrades on a test system before deploying to a production system. See "UPDATE_TYPE" below.

UPDATE_TYPE

Configures the behavior of the AUTOMATIC_UPDATE event. There are three options:

All: This will upgrade all compotents aum can update. Please see above for a list of components for ASL and rules only users.

Exclude-kernel: This will upgrade all ASL software, rule and signatures updates but not upgrade the kernel. (Note: This has no effect for rules only users of aum)

rules-only: This will exclude all software updates except for rules. Note: If a rule update requires an update to a component, for example modsecurity, the component will not be installed and that rule update will also not be installed.

Important Notice: Some rule and signature updates may not work without other compoents being updated, so if you set this to "rules only" be sure to regularly check your system for any software updates for ASL, or other components for rules only users (such as modsecurity) to be fully protected and to ensure compatibility.

How can I disable automatic updates?

Change this setting in /etc/asl/config


AUTOMATIC_UPDATES

to:

AUTOMATIC_UPDATES="none"

What is the /var/asl/data/templates directory for

Warning: modifications of these templates is not supported.

Templates in this directory are used to generate various configuration files aum needs.

How can I change the tortix_waf.conf file?

aum will manage this file from settings in /etc/asl/config. Editing this file directly is not supported.

What are the asl-php rpms for?

This is actually a legacy thing with AUM. AUM doesn't use the asl-php RPMs anymore. It uses curl. As a result these RPMs are no longer used.

Personal tools