Difference between revisions of "Downloading Rules"
m |
m (→Do it Yourself Method) |
||
| Line 24: | Line 24: | ||
==== Do it Yourself Method ==== | ==== Do it Yourself Method ==== | ||
| − | |||
| − | |||
The rules are available from the URL below: | The rules are available from the URL below: | ||
| Line 32: | Line 30: | ||
| − | Step | + | '''Step 1) Download the file VERSION''' |
| − | + | https://www.atomicorp.com/channels/rules/subscription/VERSION | |
This file will contain the following fields: | This file will contain the following fields: | ||
| Line 45: | Line 43: | ||
GRSEC_VERSION=0 | GRSEC_VERSION=0 | ||
KERNEL_VERSION=3.2.48-54 | KERNEL_VERSION=3.2.48-54 | ||
| − | MODSEC_VERSION= | + | MODSEC_VERSION=20130719110199 |
OSSEC_VERSION=201307171751 | OSSEC_VERSION=201307171751 | ||
WAF_DELAYED_VERSION=201305151625 | WAF_DELAYED_VERSION=201305151625 | ||
| Line 51: | Line 49: | ||
</pre> | </pre> | ||
| − | Step | + | '''Step 2) Download the latest rule file''' |
Each rule file will contain the version of that rule file. For example, using the version information above the latest modsecurity rules version would be: | Each rule file will contain the version of that rule file. For example, using the version information above the latest modsecurity rules version would be: | ||
| − | https://www.atomicorp.com/channels/rules/subscription/modsec- | + | https://www.atomicorp.com/channels/rules/subscription/modsec-20130719110199.tar.gz |
| + | |||
| + | Note: This is not a valid version number. Please check the VERSION file for the current version of the real time rules. | ||
We recommend you use a tool like wget or curl to download the rules. | We recommend you use a tool like wget or curl to download the rules. | ||
| + | |||
| + | '''Step 3) Optional: Confirm the rule file is valid''' | ||
| + | |||
| + | We sign each rule file with GNUPG. Each rule file includes a paired file with a .asc extension. This includes the digital signature for that rule file. For example, to download that file for the rule file above you would download this file: | ||
| + | |||
| + | https://www.atomicorp.com/channels/rules/subscription/modsec-201307191101.tar.gz.asc | ||
| + | |||
| + | You can use a tool like gpg or PGP to check the digital signature on this file. For example: | ||
| + | |||
| + | gpg modsec-201307191101.tar.gz.asc | ||
| + | |||
| + | If the file is valid, you will see a response similar to this: | ||
| + | |||
| + | gpg: Signature made Fri 19 Jul 2013 11:01:24 AM EDT using RSA key ID 4520AFA9 | ||
| + | gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>" | ||
| + | |||
| + | You can download our GPG key from this URL: | ||
| + | |||
| + | https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt | ||
| + | |||
| + | '''Step 4) Lint your rules''' | ||
| + | |||
| + | Our rules are built to support the latest stable version of modsecurity. modsecurity changes regularly, including new capabilities, the retiring of old capabilities and changes in the rule language. It is therefore critical that you always use the latest stable version of modsecurity supported by our rules. That version is kept up to date at the URL below: | ||
| + | |||
| + | https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules#Minimum_Version_of_Modsecurity_Required_to_use_the_rules | ||
| + | |||
| + | You will want to check to make sure the latest rules work with the version of modsecurity installed on your system. [[ASL]] does this automatically, if you are not using [[ASL]] you will need to make sure you have a method in place to do this for your DIY setup or a test environment. | ||
== Delayed/Unsupported/Free Rules == | == Delayed/Unsupported/Free Rules == | ||
Revision as of 16:04, 19 July 2013
Contents |
Introduction
The rules come in two forms:
1) Real Time Rules
2) Delayed/Unsupported Rules
Real Time/Supported Rules
Subscription
If you have not already setup a subscription to the Real Time rules (only $14.95 a month, or $99.95 a year), you can do so here:
Download
Once your account is setup, you can download the Real Time by following this process:
Automated Method
Install ASL. ASL will automatically download and keep your rules up to date.
Do it Yourself Method
The rules are available from the URL below:
Step 1) Download the file VERSION
https://www.atomicorp.com/channels/rules/subscription/VERSION
This file will contain the following fields:
ASL_VERSION=3.2.14-31 APPINV_VERSION=201305181247 CLAMAV_VERSION=201307181043 GEOMAP_VERSION=201307191033 GRSEC_VERSION=0 KERNEL_VERSION=3.2.48-54 MODSEC_VERSION=20130719110199 OSSEC_VERSION=201307171751 WAF_DELAYED_VERSION=201305151625 WAF_ENGINE_VERSION=2.7.4-15
Step 2) Download the latest rule file
Each rule file will contain the version of that rule file. For example, using the version information above the latest modsecurity rules version would be:
https://www.atomicorp.com/channels/rules/subscription/modsec-20130719110199.tar.gz
Note: This is not a valid version number. Please check the VERSION file for the current version of the real time rules.
We recommend you use a tool like wget or curl to download the rules.
Step 3) Optional: Confirm the rule file is valid
We sign each rule file with GNUPG. Each rule file includes a paired file with a .asc extension. This includes the digital signature for that rule file. For example, to download that file for the rule file above you would download this file:
https://www.atomicorp.com/channels/rules/subscription/modsec-201307191101.tar.gz.asc
You can use a tool like gpg or PGP to check the digital signature on this file. For example:
gpg modsec-201307191101.tar.gz.asc
If the file is valid, you will see a response similar to this:
gpg: Signature made Fri 19 Jul 2013 11:01:24 AM EDT using RSA key ID 4520AFA9 gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>"
You can download our GPG key from this URL:
https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt
Step 4) Lint your rules
Our rules are built to support the latest stable version of modsecurity. modsecurity changes regularly, including new capabilities, the retiring of old capabilities and changes in the rule language. It is therefore critical that you always use the latest stable version of modsecurity supported by our rules. That version is kept up to date at the URL below:
You will want to check to make sure the latest rules work with the version of modsecurity installed on your system. ASL does this automatically, if you are not using ASL you will need to make sure you have a method in place to do this for your DIY setup or a test environment.
Delayed/Unsupported/Free Rules
The Delayed/Unsupported/Free rules are available at the URL below. Keep in mind the Delayed feed is released at least 90 days after the realtime feed (that includes any fixes) and is unsupported.
Delayed/Unsupported Feed Download
If you want to try out the Real Time rules please sign up here.
Or if you want to try the full security suite, Atomic Secured Linux (ASL), on a trial basis, just sign up for a 30 day free trial here.
Questions
Please see the https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules_FAQ.
