File injection problem

arctic_ged · **Joined:** Tue Jun 08, 2010 4:50 am **Posts:** 18

Ok my boss just authorised the purchase of ASL, looking forward to seeing how it all works.

arctic_ged · **Joined:** Tue Jun 08, 2010 4:50 am **Posts:** 18

A quick question, I just installed ASL, what is going to happen to the existing installation of mod security? Should I remove it?

scott · **Posted:** Wed Mar 23, 2011 9:43 am

If you're using mod_security from the atomic repo its the same package

arctic_ged · **Joined:** Tue Jun 08, 2010 4:50 am **Posts:** 18

Is there a way I can scan the server for malware?

scott · **Posted:** Wed Mar 23, 2011 2:44 pm

Yeah that should be running after installation, you can check /root/asl-malware-scan.log

mikeshinn · **Posted:** Wed Mar 23, 2011 6:03 pm

https://www.atomicorp.com/wiki/index.ph ... malware.3F

Keep in mind thats just one of the tools in ASL that will look for bad things, the kernel will detect malware trying to do bad things (and will stop it), if you enable dazuko that will check for and stop malware in real time, and ASL will also baseline all your software and will report if anything changes so that you can know if some if trying to replace system components or backdoor the system.

Also the WAF will detect malware running through the webserver, and will stop it from running. So there are a lot of things in ASL that will also detect malware for you in realtime, and the default configuration is to stop it from running too.

arctic_ged · **Joined:** Tue Jun 08, 2010 4:50 am **Posts:** 18

Thanks for that info, im performing a malware scan right now as after install i restarted the server too quickly and the scan did not complete (log file was empty) now things are showing up on screen...

Another quick question, when I go to my control panel www.mydomain.com:30000 it displays the wrong SSL cert, how can I change this?

scott · **Posted:** Thu Mar 24, 2011 8:40 am

Sure, we store the certificates in the normal location:

/etc/pki/tls/certs/

which is called from /var/asl/etc/httpd/conf.d/ssl.conf

The standard redhat/centos procedures apply for changing the certificate on the system

Highland · **Joined:** Mon Apr 10, 2006 12:55 pm **Posts:** 656

ASL uses its own instance of Apache on port 30000. If you want to add a signed certificate I would guess you'd do it in /var/asl/etc/httpd/conf/asl-httpd.conf (which appears to be the only Apache config file).

arctic_ged · **Joined:** Tue Jun 08, 2010 4:50 am **Posts:** 18

Ok the certificate inside this directory is for a different domain name and it is expired, My control panel certificate is stored in:
/usr/local/psa/admin/conf/httpsd.pem and /usr/local/psa/admin/conf/rootchain.pem, however the ssl.conf points to crt files:

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

How do I convert the .pem server certificate to .crt and how do I create a localhost.key file?

Highland · **Joined:** Mon Apr 10, 2006 12:55 pm **Posts:** 656

Before we go any further, why do you want the ASL tool to have a signed certificate? This tool is separate from your main instance of Apache and will only likely be used by you and your coworkers/employees.

arctic_ged · **Joined:** Tue Jun 08, 2010 4:50 am **Posts:** 18

Because if I click on the "Atomic Secured Linux" link in plesk (under "Links to Additional Services") I get an ugly message:

Code:

This web page is not available
The web page at https://xxx.xxx.xxx.xxx:30000/ might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.

Highland · **Joined:** Mon Apr 10, 2006 12:55 pm **Posts:** 656

Ah, OK, that's not because of your SSL certificate, that's something else entirely. Looks like asl-httpd is down. Can you try relaunching the service and see what happens?

File injection problem

Who is online