Atomicorp Documentation
  • Atomic Enterprise OSSEC
    • Hub Server
      • Requirements
        • Supported Operating Systems
        • Recommended System resources
        • Network Security policy
      • Installation
        • Command Line Network Installer
        • Offline ISO Installer
      • Upgrading
        • Web Console (Configuration)
        • Command Line (Manual)
        • Offline ISO Installer
      • Marketplace Installation
        • Azure Marketplace
      • Clustering
        • Configuring a cluster Primary node
        • Configure a cluster Secondary node
      • Backup / Restore
        • Backup: Alert data (Cold Storage)
        • Restore: Alert data (Cold Storage)
      • Syslog Output
        • AEO Syslog Output
        • Local Log collection agent
      • OpenID Connect
    • Agents
      • Requirements
        • Supported Operating Systems
        • Recommended System resources
        • Network Security Policy
      • Installation
        • Linux
        • Windows: Manual Installation with Powershell
        • Windows: MSI Installer
        • Windows: Automated Installation using Active Directory (GPO)
        • AIX
        • Solaris
        • OSX
    • Agentless
  • Atomic Protector
    • Installing Atomic Endpoint Defender
      • Before Installation
        • IMPORTANT
        • Prerequisites
        • Recommendations
      • AED Installation Guide
        • Introduction
        • Before You Start
        • Prerequisites
        • Installation and Downloads
        • Post-Installation Quickstart/Configuration
        • Utilizing the Command Line to control AED
        • Important Notes
    • Upgrading Atomic Endpoint Defender
      • General-Upgrade Instructions
      • Version Specific Upgrade Instructions
      • Automatic Upgrading System
      • Per Component Upgrade
      • Upgrading the AED Kernel
    • Configuring Atomic Endpoint Defender
      • Atomic Endpoint Defender Configuration
        • Introduction
        • Post Installation Configuration
        • Authentication Information
        • AED Web Settings
        • Data Paths
        • AED General Settings
        • AED Firewall Settings
        • AED Kernel Settings
        • ClamAV Settings
        • PSMON Settings
        • OSSEC Settings
        • Mod Security Settings
        • PHP Settings
        • SSH Daemon Settings
        • Denial of Service Settings
        • MySQL Security Settings
        • Plesk Security Settings
      • Tortixd Configuration
        • Introduction
        • Tortixd Settings
        • Log Files
        • SSL Certificates
      • Atomic Endpoint Defender Firewall Configuration
        • Introduction
        • How the Firewall Works
        • Stateful Packet Inspection
        • Firewall Log Messages
        • Console Firewall Messages
        • Fast/Easy Mode
        • Engine Settings
        • Advanced Firewall Rule Manager
        • Using the Firewall Manager
        • Per Port ACLs
        • Examples of Using Fast/Easy Mode to Add a Firewall Rule
        • Examples of Using the Advanced Firewall Manager to Add a Firewall Rule
        • Using the Advanced Firewall Manager and Fast/Easy Mode together
        • Frequently Asked Questions
      • Atomic WAF Configuration
        • Introduction
        • Configuring AED WAF
        • SSL/TLS
        • AED WAF Configuration Settings
        • Rule Manager
        • Configuring Specific Rules
        • Rule Tuning
        • Events
        • Configuring Web Servers to Use the T-WAF
      • Atomic Endpoint Defender HIDS Configuration
        • Introduction
        • Configuring AED HIDS
        • Editing AED HIDS Rules
        • Suspicious Behavior Rules
        • Reconfiguring HIDS Rules
      • Atomic Endpoint Defender Kernel Configuration
        • Overview
        • Do I have the AED Kernel Installed?
        • How do I know if the AED Kernel is running?
        • Installing the AED Kernel
        • Upgrading the AED Kernel
        • What do I do if the Kernel is not Installed or won’t Upgrade?
        • Rolling back the Kernel
        • Setting which Kernel to Boot
        • Kernel Options
        • Testing the AED Kernel
        • Manually Installing the AED Kernel
        • Kernel Tuning
        • Technical Abstract of the AED Kernel
        • Kernel Panics
        • Additional Kernel Features
        • Kernel Modules
        • Source Code
      • Atomic Endpoint Anti-asl Configuration
        • Introduction
        • Configuring Atomic Secured Anti-asl
        • Real Time Malware Protection
        • Rebooting the System
        • Testing Your Protection
        • Detecting False Positives
      • Atomic Endpoint Defender File Integrity Manager (FIM) Configuration
        • Introduction
        • Accessing
        • Configuring AED FIM
        • Usage
        • Types of Events
        • Directories
    • Atomic Endpoint Defender Usage Guide
      • Introduction
      • Atomic Endpoint Defender Web Console
      • Scanning for Malware
      • Blocking/Unblocking an IP/Network(s)
      • Debugging Usage
      • AED X11 Usage
      • Enabling/Disabling Usage
      • Active Response Usage
      • Editing Rules
      • AED Vulnerability Scanner Usage
      • Managing PHP by using AED
      • Manage SSH by using AED
      • Network Firewall Usage
      • VPS Errors
      • Web Application Firewall Usage
      • AED Data Retention Usage
      • AED Firewall Usage
      • AED Kernel Usage
      • Types of Virtualization Technologies
      • OSSEC Usage
    • Advanced Configuration of Atomic Endpoint Defender
      • Configuring a Remote AED Database
    • Atomic Endpoint Defender Release Notes
      • Atomic Endpoint Defender V6
      • Atomic Endpoint Defender V5
    • Atomic Endpoint Defender Supporting Documentation
      • Reporting False Postives/Negatives with AED
        • General Questions and Answers
        • WAF/Modsecurity rules False Positives/Negatives
        • ClamAV False Positives/Negatives
        • AED HIPS/KIPS/WIPS False Postives/Negatives
        • Vulnerability Scanner False Positives/Negatives
      • Reporting a New Piece of Malware
        • To report a new piece of malware
      • Atomic CLAMAV Signatures
        • About the Signatures
        • Licensing
        • What does each signature ruleset do?
        • Third Party Signatures
        • Easy One Step Installation
        • Manual Installation
        • Frequently Asked Questions (FAQ)
  • Atomicorp Threat Intelligence System (TIS)
    • Introduction
    • Enabling the Threat Intelligence System
    • Looking up Addresses
    • Zones
    • Local DNS Mirror
    • About rbldnsd
    • Requesting Access to Zones
    • Local Only Resolver
    • Remote Resolver
    • Terms of Use
    • Frequently Asked Questions
  • Atomic Update Manager (AUM)
    • Configuring AUM
      • Introduction
      • Ruleset Settings
    • AUM
      • Introduction
      • Atomic Update Manager (AUM)
      • AUM with Rules Only
      • Installing AUM
      • Configuring AUM
      • Supported Platforms
      • Notes for CPanel Users
      • Frequently Asked Questions
  • Atomic ModSecurity Rules
    • Requirements
      • Supported Operating Systems
      • Versions
    • Installation
      • Linux
        • Automated Installation: Apache
        • Manual Installation: Apache
        • Manual Installation: Nginx
        • Manual Installation: Cpanel
      • Windows
        • Manual Installation: IIS
    • WAF Rule Families
      • 000000000000000000000000_asl_notconfigured.conf
      • 000_asl_threat_intelligence.conf
      • 00_asl_x_searchengines.conf
      • 00_asl_y_searchengines.conf
      • 00_asl_zz_strict.conf
      • 00_asl_0_global.conf
      • 00_asl_rbl.conf
      • 00_asl_blacklist.conf
      • 00_asl_whitelist.conf
      • 01_asl_content.conf
      • 01_asl_domain_blocks.conf
      • 01_asl_rules_special.conf
      • 03_asl_dos.conf
      • 05_asl_exclude.conf
      • 00_asl_z_antievasion.conf
      • 05_asl_scanner.conf
      • 11_asl_rules.conf
      • 10_asl_antimalware.conf
      • 09_asl_rules.conf
      • 10_asl_rules.conf
      • 11_asl_adv_rules.conf
      • 11_asl_data_loss.conf
      • 12_asl_adv_xss_rules.conf
      • 12_asl_brute.conf
      • 20_asl_useragents.conf
      • 30_asl_antispam.conf
      • 30_asl_antispam_advanced.conf
      • 30_asl_antispam_referrer.conf
      • 40_asl_apache2-rules.conf
      • 50_asl_rootkits.conf
      • 51_asl_rootkits.conf
      • 60_asl_recons.conf
      • 61_asl_recons_dlp.conf
      • 99_asl_a_redactor.conf
      • 99_asl_exclude.conf
      • 98_asl_adv_redactor.conf
      • 98_asl_jitp.conf
      • 99_asl_jitp.conf
      • 99_asl_a_redactor.conf
      • 99_asl_redactor.conf
      • 99_asl_redactor_post.conf
      • 99_asl_scanner.conf
      • 99_asl_z_adv_scanner.conf
      • Paranoid Mode Rules
      • Beta Rules
    • Atomicorp WAF Rules Troubleshooting
      • Introduction
      • Invalid command ‘SecRemoteRulesFailAction’, perhaps misspelled or defined by a module not included in the server configuration
      • Invalid command ‘SecTmpSaveUploadedFiles’
      • Error creating rule: Unknown variable: FILES_TMP_CONTENT
      • Error creating rule: Failed to resolve operator: fuzzyHash
      • Error creating rule: Could not open phrase file “/etc/asl/custom-domain-blocks”: No such file or directory
      • SecReadStateLimit is depricated, use SecConnReadStateLimit instead.
      • Error creating rule: Could not add entry
      • ModSecurity: IPmatch: bad IPv4 specification
      • httpd: ModSecurity: WARNING Using transformations in SecDefaultAction is deprecated
      • ModSecurity: Failed to access DBM file “/var/asl/data/msa/
      • Failed to create subdirectories
      • Error creating rule: Unknown variable: MATCHED_VARS
      • Exec: Execution failed while reading output: /usr/bin/modsec-clamscan.pl (End of file found)
      • /usr/bin/modsec-clamscan.pl is not installed on the server.
      • No action id present within the rule
      • httpd: ModSecurity: WARNING Using transformations in SecDefaultAction is deprecated
      • ModSecurity: Found another rule with the same id
      • Rule execution error - PCRE limits exceeded (-8): (null).
      • High Memory Usage
    • ModSecurity Rules Guide
      • Installing ModSecurity Rules
      • Disabling Global Rules
      • Disabling Rules Per Domain
      • Disabling ModSecurity Per Domain for an IP Address
      • Disable a Rule for a Single Domain
      • Disable a Rule for All Domains
      • Disabling Rules Per IP or Network
      • Disabling ModSecurity Rules Per Application
      • Changing the Action of a Rule
      • Disabling POST Inspection for a Specific URL
      • Enabling Rules for only Specific Domains
      • Disabling Rules Using .htaccess
      • Customizing a Rule
      • Customizing a Rule for a Domain
      • Custom Rules in ModSecurity
      • Modifying a Rule
      • Configuring and Setting Up ModSecurity
    • Atomic Mod Security FAQ
      • Are these the gotroot rules?
      • Are these the real time rules?
      • Do I need a real time rules subscription if I am using AED?
      • How can I purchase your realtime modsecurity rules?
      • Does a rules subscription include support for setting up mod_security?
      • Help! I need help!
      • I have a false positive/negative, how do report it?
      • What is your approximate support response time?
      • Do you offer support outside of your normal support coverage?
      • Do you offer phone support?
      • How can I give atomicorp support access to my system?
      • What should I do if I believe a system has been compromised?
      • Is there any limit on name based or “vhosts”?
      • Do the Rules provide Brute Force protection?
      • How can I reset my License Manager password?
      • How can I reset my support portal password?
      • What do the Atomic ModSecurity Rules protect against?
      • What versions of modsecurity do the rules work with?
      • How often are the rules updated?
      • Are these the gotroot.com rules?
      • What is included with an Atomic ModSecurity Rules subscription?
      • Does a real time subscription include both the modsecurity and clamav rules?
      • Are there any performance issues with your rules?
      • Does your rule-set have any performance enhancements built-in?
      • Are there any issues for high traffic sites with mod_security?
      • Do I need to edit or modify the rules?
      • I have unpatched web applications, will your modsecurity rules protect me?
      • Do I need to install mod_security to use your rules?
      • What about MODevasive and Suhosin, do i need also those for full protection?
      • Why do you use a VERSION file method?
      • Should the VERSION match the latest rule file available?
      • Why don’t you just use a “latest” file?
      • What Operating Systems is ModSecurity compatible with?
      • Does ModSecurity work with Control Panels?
      • What webservers does ModSecurity work with?
      • How do I install modsecurity?
      • How do I configure your modsecurity rules?
      • How can I modify or disable mod_security rules for a domain, rule, or globally?
      • How do you exclude a domain from the modsecurity rules?
      • Why should I change my CPanel mod_Security config file?
      • How can I keep the rules updated?
      • Can I setup a cronjob to automatically update the rules?
      • Error parsing actions: Invalid transformation function: utf8toUnicode
      • Error creating rule: Failed to resolve operator: detectSQLi
      • No action id present within the rule
      • httpd: ModSecurity: WARNING Using transformations in SecDefaultAction is deprecated
      • Error from ssl wrapper: Unable to produce a valid Apache configuration file
      • Error creating rule: Unknown variable: MATCHED_VARS
      • I’m getting this error “Rule execution error - PCRE limits exceeded (-8): (null).”
      • /usr/bin/modsec-clamscan.pl is not installed on the server.
      • Exec: Execution failed while reading output: /usr/bin/modsec-clamscan.pl (End of file found)
      • ModSecurity: Failed to access DBM file “/var/asl/data/msa/
      • Apache Segmentation Faults
  • Support Guide
    • Standard Support Methods
    • Atomicorp Support Portal
    • Extended Support Methods
    • Support Levels
    • Support Status
    • Unofficial Support Methods
  • Frequently Asked Questions (FAQ)
    • Atomic Endpoint Defender FAQ
      • How can I buy an Atomic Endpoint Defender (AED) license?
      • Can I try Atomic Endpoint Defender (AED) before I purchase it?
      • What is the benefit of Subscribing to AED?
      • What is the SLA for critical security or support issues in AED?
      • I need help!
      • MODSEC version is not current. False reporting has been disabled
      • How can I give atomicorp support access to my system?
      • Can I just set up access myself?
      • How can I verify the integrity of the ssh keys?
      • Can I set a password for the atomic account?
      • How can I remove atomicorp access to my system?
      • Where is the Atomic Protetor Web Console?
      • Does Atomic Protector have any PHP dependencies?
      • Does AED install PHP on my system?
      • Does AED replace PHP on my system?
      • What are the asl-php rpms?
      • My system has experienced a kernel panic.
      • What should I do if I believe a system has been compromised?
      • Do you have pre-defined access policies , or do we have to configure these policies?
      • How long are major releases supported?
      • How can I upgrade a trial?
      • Do the VPS licenses need to be used on one physical machine or can the VPS boxes be located on different physical machines in different locations?
      • If we use more than 5 licenses, do we have to add additional licenses 5 at a time, or can we add just 1 at a time after we purchase the initial 5?
      • Do VPS licenses include support for the kernel?
      • Can I use AED as a reverse proxy for my other servers?
      • What Linux distributions do you support?
      • Is AED compatible with AWS instances?
      • AED does not support my version of my operating system
      • Do you support custom builds of apache, or other custom non-standard Linux distributions or hybrids?
      • Does AED require a control panel?
      • Does AED work with Plesk?
      • Can you use AED without plesk?
      • Will I lose any functionality in Plesk if I use AED?
      • If predefined will your policy fit into a PLESK system? Since Plesk uses its own chroot enforcements on some deamons?
      • Does AED work with Directadmin?
      • Does AED work with Virtualmin?
      • Does AED work with CPanel?
      • Does AED work with Interworx?
      • Does AED work with Apache?
      • Does AED work with LiteSpeed?
      • Does AED work with NGINX?
      • Does AED work with IonCube?
      • Does AED work with Zend Optimizer?
      • Is Ipv6 supported?
      • Does AED work with X11/Xorg?
      • Is AED compatible with ConfigServer?
      • Does AED support ipset?
      • Is AED easy to install?
      • Is AED safe to install?
      • Will AED replace core components of my system?
      • Does AED need to be installed on a system before Plesk/Cpanel/etc. is installed?
      • Does installing AED require any downtime?
      • I just purchased an installation from you, what now?
      • It is OK to install CS4 with AED?
      • Does AED works with php sites running under fast_cgi?
      • Is mod_ruid2 supported?
      • Does AED works with php sites running under suphp?
      • How easy is it with AED to debug and use modsecurity?
      • If I face problems with the installation/setup of AED do you provide support?
      • What are the minimum system requirement for AED?
      • I also had previously installed rkhunter and chkrootkit, should I have uninstalled those prior to installing AED?
      • Is there an install log for AED?
      • What are testing channels for?
      • What are bleeding channels for?
      • How do I install AED?
      • How can I reinstall AED?
      • How can I disable AED?
      • How do I remove or uninstall AED?
      • How can I enable password based authentication?
      • How can I migrate AED to a new server?
      • Signatures & Modules window. What do they mean?
      • Will AED automatically update the rules and signatures?
      • Will AED automatically update itself?
      • How can I set the update interval?
      • How can I set AED to only update the rules and not AED itself?
      • How do I upgrade AED?
      • How do I get firewall upgrades and updates?
      • I cannot connect to the update server?
      • Where is the license manager?
      • How can I reset my license manager password?
      • How can I reset my support portal account password?
      • How can I update my license manager password in AED?
      • How can I reset my AED GUI password(s)?
      • How can I create new accounts in the AED GUI?
      • What is the default username and password for AED Web?
      • How can I change the port tortixd listens on?
      • Does AED modify /etc/hosts.deny?
      • Does AED modify /etc/hosts.allow?
      • I want to have greylisting. What do I do?
      • How do you view/find/install the extra modules/areas for statistics reporting?
      • vmware-tools will not compile
      • /usr/bin/vmware-config-tools.pl
      • What is included in the open-vm-tools?
      • Why does Linux report that all memory is in use?
      • How can I find out what process is using swap?
      • How are malware domains aged out?
      • How are malware domains added?
      • Do you use third party malware domain lists?
      • How are spam domains added?
      • How are spam domains aged out?
      • Do you use third party spam domain lists?
      • Both atomic and asl yum channels are enabled, is this normal?
      • What are the IPs AED will use to update itself?
      • I can’t upload files via web
      • Do you have pre-defined access policies , or do we have to configure these policies?
      • Does AED include SELinux?
      • If predefined can you give us a sample policy that mitigates the critical server file access when mod_perl is called via a client, or in other words how hard is your tuning. (intrusion log..etc)?
      • I’m seeing files owned by apache in /tmp
      • Why do they call it Europe?
    • Atomic Mod Security FAQ
      • Are these the gotroot rules?
      • Are these the real time rules?
      • Do I need a real time rules subscription if I am using AED?
      • How can I purchase your realtime modsecurity rules?
      • Does a rules subscription include support for setting up mod_security?
      • Help! I need help!
      • I have a false positive/negative, how do report it?
      • What is your approximate support response time?
      • Do you offer support outside of your normal support coverage?
      • Do you offer phone support?
      • How can I give atomicorp support access to my system?
      • What should I do if I believe a system has been compromised?
      • Is there any limit on name based or “vhosts”?
      • Do the Rules provide Brute Force protection?
      • How can I reset my License Manager password?
      • How can I reset my support portal password?
      • What do the Atomic ModSecurity Rules protect against?
      • What versions of modsecurity do the rules work with?
      • How often are the rules updated?
      • Are these the gotroot.com rules?
      • What is included with an Atomic ModSecurity Rules subscription?
      • Does a real time subscription include both the modsecurity and clamav rules?
      • Are there any performance issues with your rules?
      • Does your rule-set have any performance enhancements built-in?
      • Are there any issues for high traffic sites with mod_security?
      • Do I need to edit or modify the rules?
      • I have unpatched web applications, will your modsecurity rules protect me?
      • Do I need to install mod_security to use your rules?
      • What about MODevasive and Suhosin, do i need also those for full protection?
      • Why do you use a VERSION file method?
      • Should the VERSION match the latest rule file available?
      • Why don’t you just use a “latest” file?
      • What Operating Systems is ModSecurity compatible with?
      • Does ModSecurity work with Control Panels?
      • What webservers does ModSecurity work with?
      • How do I install modsecurity?
      • How do I configure your modsecurity rules?
      • How can I modify or disable mod_security rules for a domain, rule, or globally?
      • How do you exclude a domain from the modsecurity rules?
      • Why should I change my CPanel mod_Security config file?
      • How can I keep the rules updated?
      • Can I setup a cronjob to automatically update the rules?
      • Error parsing actions: Invalid transformation function: utf8toUnicode
      • Error creating rule: Failed to resolve operator: detectSQLi
      • No action id present within the rule
      • httpd: ModSecurity: WARNING Using transformations in SecDefaultAction is deprecated
      • Error from ssl wrapper: Unable to produce a valid Apache configuration file
      • Error creating rule: Unknown variable: MATCHED_VARS
      • I’m getting this error “Rule execution error - PCRE limits exceeded (-8): (null).”
      • /usr/bin/modsec-clamscan.pl is not installed on the server.
      • Exec: Execution failed while reading output: /usr/bin/modsec-clamscan.pl (End of file found)
      • ModSecurity: Failed to access DBM file “/var/asl/data/msa/
      • Apache Segmentation Faults
  • Atomic Protector Troubleshooting Guide
    • Can’t connect to Web Console on port 30000
    • Not getting any emails from AED
    • AED Web Console Not Running
    • Empty Web Console
    • No Events in AED Web Console
    • AED Firewall
    • Additional Information
  • Free and Open Source Community Projects
    • Atomic
      • Introduction
      • Installation
      • Uninstallation
      • GPG/PGP Key
      • Support
      • Frequently Asked Questions
  • Error Messages
    • Atomic Endpoint Defender Error Messages
      • Installation Error Messages
      • AED Command Line Errors
      • aum Errors
      • tortixd Errors
      • Generic Errors
      • Up2date Issues
      • Yum Update Errors
      • Update Errors
      • ModSecurity Errors
      • ClamAV Error Messages
      • ProFTP Errors
      • Mod_Evasive Errors
      • Apache Errors
      • Kernel Errors
      • MySQL Errors
      • OSSEC Errors
      • PSMON Errors
      • Apache Errors
      • CPanel Errors
      • Segfaults
      • PHP Segfaults
      • Tomcat Segfaults
      • Apache Segfaults
    • Non-AED Error Messages
      • Browser Errors
      • Apache Errors
      • MySQL Errors
      • SSHD Errors
      • Yum Errors
Atomicorp Documentation
  • »
  • Atomic Enterprise OSSEC »
  • Hub Server

Hub Server¶

  • Requirements
    • Supported Operating Systems
    • Recommended System resources
    • Network Security policy
  • Installation
    • Command Line Network Installer
    • Offline ISO Installer
  • Upgrading
    • Web Console (Configuration)
    • Command Line (Manual)
    • Offline ISO Installer
  • Marketplace Installation
    • Azure Marketplace
  • Clustering
    • Configuring a cluster Primary node
    • Configure a cluster Secondary node
  • Backup / Restore
    • Backup: Alert data (Cold Storage)
    • Restore: Alert data (Cold Storage)
  • Syslog Output
    • AEO Syslog Output
    • Local Log collection agent
  • OpenID Connect
Next Previous

© Copyright 2020, Atomicorp Inc..