Atomicorp Documentation
Before Installation
IMPORTANT
Prerequisites
Atomic Endpont Defender Client Prerequisites
Atomic Endpoint Defender Server Prerequisites
Operating System
Hardware
File Systems
Database
Advanced
Recommendations
Atomic Endpoint Defender Installation Recommendations
Memory
CPU
Databases
Dedicated I/O Channel
MySQL Tuning
Atomic Endpoint Defender User Guide
Installing Atomic Endpoint Defender
Before Installation
IMPORTANT
Prerequisites
Recommendations
AED Installation Guide
Introduction
Before You Start
Prerequisites
Installation and Downloads
Post-Installation Quickstart/Configuration
Utilizing the Command Line to control AED
Important Notes
Upgrading Atomic Endpoint Defender
General-Upgrade Instructions
Version Specific Upgrade Instructions
Automatic Upgrading System
Per Component Upgrade
Upgrading the AED Kernel
Configuring Atomic Endpoint Defender
Atomic Endpoint Defender Configuration
Introduction
Post Installation Configuration
Authentication Information
AED Web Settings
Data Paths
AED General Settings
AED Firewall Settings
AED Kernel Settings
ClamAV Settings
PSMON Settings
OSSEC Settings
Mod Security Settings
PHP Settings
SSH Daemon Settings
Denial of Service Settings
MySQL Security Settings
Plesk Security Settings
Tortixd Configuration
Introduction
Tortixd Settings
Log Files
SSL Certificates
Atomic Endpoint Defender Firewall Configuration
Introduction
How the Firewall Works
Stateful Packet Inspection
Firewall Log Messages
Console Firewall Messages
Fast/Easy Mode
Engine Settings
Advanced Firewall Rule Manager
Using the Firewall Manager
Per Port ACLs
Examples of Using Fast/Easy Mode to Add a Firewall Rule
Examples of Using the Advanced Firewall Manager to Add a Firewall Rule
Using the Advanced Firewall Manager and Fast/Easy Mode together
Frequently Asked Questions
Atomic WAF Configuration
Introduction
Configuring AED WAF
SSL/TLS
AED WAF Configuration Settings
Rule Manager
Configuring Specific Rules
Rule Tuning
Events
Configuring Web Servers to Use the T-WAF
Atomic Endpoint Defender HIDS Configuration
Introduction
Configuring AED HIDS
Editing AED HIDS Rules
Suspicious Behavior Rules
Reconfiguring HIDS Rules
Atomic Endpoint Defender Kernel Configuration
Overview
Do I have the AED Kernel Installed?
How do I know if the AED Kernel is running?
Installing the AED Kernel
Upgrading the AED Kernel
What do I do if the Kernel is not Installed or won’t Upgrade?
Rolling back the Kernel
Setting which Kernel to Boot
Kernel Options
Testing the AED Kernel
Manually Installing the AED Kernel
Kernel Tuning
Technical Abstract of the AED Kernel
Kernel Panics
Additional Kernel Features
Kernel Modules
Source Code
Atomic Endpoint Anti-asl Configuration
Introduction
Configuring Atomic Secured Anti-asl
Real Time Malware Protection
Rebooting the System
Testing Your Protection
Detecting False Positives
Atomic Endpoint Defender File Integrity Manager (FIM) Configuration
Introduction
Accessing
Configuring AED FIM
Usage
Types of Events
Directories
Atomic Endpoint Defender Usage Guide
Introduction
Atomic Endpoint Defender Web Console
Scanning for Malware
Blocking/Unblocking an IP/Network(s)
Debugging Usage
AED X11 Usage
Enabling/Disabling Usage
Active Response Usage
Editing Rules
AED Vulnerability Scanner Usage
Managing PHP by using AED
Manage SSH by using AED
Network Firewall Usage
VPS Errors
Web Application Firewall Usage
AED Data Retention Usage
AED Firewall Usage
AED Kernel Usage
Types of Virtualization Technologies
OSSEC Usage
Advanced Configuration of Atomic Endpoint Defender
Configuring a Remote AED Database
Atomic Endpoint Defender Release Notes
Atomic Endpoint Defender V6
Atomic Endpoint Defender V5
Atomic Endpoint Defender Supporting Documentation
Reporting False Postives/Negatives with AED
General Questions and Answers
WAF/Modsecurity rules False Positives/Negatives
ClamAV False Positives/Negatives
AED HIPS/KIPS/WIPS False Postives/Negatives
Vulnerability Scanner False Positives/Negatives
Reporting a New Piece of Malware
To report a new piece of malware
Atomic CLAMAV Signatures
About the Signatures
Licensing
What does each signature ruleset do?
Third Party Signatures
Easy One Step Installation
Manual Installation
Frequently Asked Questions (FAQ)
Atomic Update Manager (AUM)
Configuring AUM
Introduction
Ruleset Settings
AUM
Introduction
Atomic Update Manager (AUM)
AUM with Rules Only
Installing AUM
Configuring AUM
Supported Platforms
Notes for CPanel Users
Frequently Asked Questions
Atomic Secured Windows
Introduction
Atomicorp ModSecurity Rules
Atomic ModSecurity Rules
About the Rules
Need Atomic ModSecurity Rules?
What does each rule family do?
Before you begin installing ModSecurity Rules
Easy Installation of Rules
Do It Youself Installation of Rules
ModSecurity for Windows
Troubleshooting ModSecurity Rules
Tuning Atomic ModSecurity Rules
Frequently Asked Questions
Special Notes for Cpanel Users Not Using ASL
CPanel Errors
Support
Licensing
ModSecurity RPMS
Intoduction
Installation
Current Versions Available by Platform
Atomic Endpoint Defender Support Guide
AED Standard Support Methods
Atomicorp Support Portal
AED Extended Support Methods
AED Support Levels
Support Status
Unofficial Support Methods
Frequently Asked Questions (FAQ)
Atomic Endpoint Defender FAQ
How can I buy an Atomic Endpoint Defender (AED) license?
Can I try Atomic Endpoint Defender (AED) before I purchase it?
What is the benefit of Subscribing to AED?
What is the SLA for critical security or support issues in AED?
I need help!
MODSEC version is not current. False reporting has been disabled
How can I give atomicorp support access to my system?
Can I just set up access myself?
How can I verify the integrity of the ssh keys?
Can I set a password for the atomic account?
How can I remove atomicorp access to my system?
Wheres the AED Web GUI?
Does AED have any PHP dependencies?
Does AED install PHP on my system?
Does AED replace PHP on my system?
What are the asl-php rpms?
My system has experienced a kernel panic.
What should I do if I believe a system has been compromised?
Do you have pre-defined access policies , or do we have to configure these policies?
How long are major releases supported?
How can I upgrade a trial?
Do the VPS licenses need to be used on one physical machine or can the VPS boxes be located on different physical machines in different locations?
If we use more than 5 licenses, do we have to add additional licenses 5 at a time, or can we add just 1 at a time after we purchase the initial 5?
Do VPS licenses include support for the kernel?
Can I use AED as a reverse proxy for my other servers?
What Linux distributions do you support?
Is AED compatible with AWS instances?
AED does not support my version of my operating system
Do you support custom builds of apache, or other custom non-standard Linux distributions or hybrids?
Does AED require a control panel?
Does AED work with Plesk?
Can you use AED without plesk?
Will I lose any functionality in Plesk if I use AED?
If predefined will your policy fit into a PLESK system? Since Plesk uses its own chroot enforcements on some deamons?
Does AED work with Directadmin?
Does AED work with Virtualmin?
Does AED work with CPanel?
Does AED work with Interworx?
Does AED work with Apache?
Does AED work with LiteSpeed?
Does AED work with NGINX?
Does AED work with IonCube?
Does AED work with Zend Optimizer?
Is Ipv6 supported?
Does AED work with X11/Xorg?
Is AED compatible with ConfigServer?
Does AED support ipset?
Is AED easy to install?
Is AED safe to install?
Will AED replace core components of my system?
Does AED need to be installed on a system before Plesk/Cpanel/etc. is installed?
Does installing AED require any downtime?
I just purchased an installation from you, what now?
It is OK to install CS4 with AED?
Does AED works with php sites running under fast_cgi?
Is mod_ruid2 supported?
Does AED works with php sites running under suphp?
How easy is it with AED to debug and use modsecurity?
If I face problems with the installation/setup of AED do you provide support?
What are the minimum system requirement for AED?
I also had previously installed rkhunter and chkrootkit, should I have uninstalled those prior to installing AED?
Is there an install log for AED?
What are testing channels for?
What are bleeding channels for?
How do I install AED?
How can I reinstall AED?
How can I disable AED?
How do I remove or uninstall AED?
How can I enable password based authentication?
How can I migrate AED to a new server?
Signatures & Modules window. What do they mean?
Will AED automatically update the rules and signatures?
Will AED automatically update itself?
How can I set the update interval?
How can I set AED to only update the rules and not AED itself?
How do I upgrade AED?
How do I get firewall upgrades and updates?
I cannot connect to the update server?
Where is the license manager?
How can I reset my license manager password?
How can I reset my support portal account password?
How can I update my license manager password in AED?
How can I reset my AED GUI password(s)?
How can I create new accounts in the AED GUI?
What is the default username and password for AED Web?
How can I change the port tortixd listens on?
Does AED modify /etc/hosts.deny?
Does AED modify /etc/hosts.allow?
I want to have greylisting. What do I do?
How do you view/find/install the extra modules/areas for statistics reporting?
vmware-tools will not compile
/usr/bin/vmware-config-tools.pl
What is included in the open-vm-tools?
Why does Linux report that all memory is in use?
How can I find out what process is using swap?
How are malware domains aged out?
How are malware domains added?
Do you use third party malware domain lists?
How are spam domains added?
How are spam domains aged out?
Do you use third party spam domain lists?
Both atomic and asl yum channels are enabled, is this normal?
What are the IPs AED will use to update itself?
I can’t upload files via web
Do you have pre-defined access policies , or do we have to configure these policies?
Does AED include SELinux?
If predefined can you give us a sample policy that mitigates the critical server file access when mod_perl is called via a client, or in other words how hard is your tuning. (intrusion log..etc)?
I’m seeing files owned by apache in /tmp
Why do they call it Europe?
Atomic Mod Security FAQ
Are these the gotroot rules?
Are these the real time rules?
Do I need a real time rules subscription if I am using AED?
How can I purchase your realtime modsecurity rules?
Does a rules subscription include support for setting up mod_security?
Help! I need help!
I have a false positive/negative, how do report it?
What is your approximate support response time?
Do you offer support outside of your normal support coverage?
Do you offer phone support?
How can I give atomicorp support access to my system?
What should I do if I believe a system has been compromised?
Is there any limit on name based or “vhosts”?
Do the Rules provide Brute Force protection?
How can I reset my License Manager password?
How can I reset my support portal password?
What do the Atomic ModSecurity Rules protect against?
What versions of modsecurity do the rules work with?
How often are the rules updated?
Are these the gotroot.com rules?
What is included with an Atomic ModSecurity Rules subscription?
Does a real time subscription include both the modsecurity and clamav rules?
Are there any performance issues with your rules?
Does your rule-set have any performance enhancements built-in?
Are there any issues for high traffic sites with mod_security?
Do I need to edit or modify the rules?
I have unpatched web applications, will your modsecurity rules protect me?
Do I need to install mod_security to use your rules?
What about MODevasive and Suhosin, do i need also those for full protection?
Why do you use a VERSION file method?
Should the VERSION match the latest rule file available?
Why don’t you just use a “latest” file?
What Operating Systems is ModSecurity compatible with?
Does ModSecurity work with Control Panels?
What webservers does ModSecurity work with?
How do I install modsecurity?
How do I configure your modsecurity rules?
How can I modify or disable mod_security rules for a domain, rule, or globally?
How do you exclude a domain from the modsecurity rules?
Why should I change my CPanel mod_Security config file?
How can I keep the rules updated?
Can I setup a cronjob to automatically update the rules?
Error parsing actions: Invalid transformation function: utf8toUnicode
Error creating rule: Failed to resolve operator: detectSQLi
No action id present within the rule
httpd: ModSecurity: WARNING Using transformations in SecDefaultAction is deprecated
Error from ssl wrapper: Unable to produce a valid Apache configuration file
Error creating rule: Unknown variable: MATCHED_VARS
I’m getting this error “Rule execution error - PCRE limits exceeded (-8): (null).”
/usr/bin/modsec-clamscan.pl is not installed on the server.
Exec: Execution failed while reading output: /usr/bin/modsec-clamscan.pl (End of file found)
ModSecurity: Failed to access DBM file “/var/asl/data/msa/
Apache Segmentation Faults
Atomic Endpoint Defender Troubleshooting Guide
Can’t connect to Web GUI on port 30000
Not getting any emails from AED
AED Web Console Not Running
Empty Web Console
No Events in AED Web Console
AED Firewall
Additional Information
Atomicorp Threat Intelligence System (TIS)
Introduction
Enabling the Threat Intelligence System
Looking up Addresses
Zones
Local DNS Mirror
About rbldnsd
Requesting Access to Zones
Local Only Resolver
Remote Resolver
Terms of Use
Frequently Asked Questions
Free and Open Source Community Projects
Atomic Offline Operating System Installer
Introduction
Downloads
Atomic
Introduction
Installation
Uninstallation
GPG/PGP Key
Support
Frequently Asked Questions
Atomic Rocket Turtle Repository
Introduction
Error Messages
Atomic Endpoint Defender Error Messages
Installation Error Messages
AED Command Line Errors
aum Errors
tortixd Errors
Generic Errors
Up2date Issues
Yum Update Errors
Update Errors
ModSecurity Errors
ClamAV Error Messages
ProFTP Errors
Mod_Evasive Errors
Apache Errors
Kernel Errors
MySQL Errors
OSSEC Errors
PSMON Errors
Apache Errors
CPanel Errors
Segfaults
PHP Segfaults
Tomcat Segfaults
Apache Segfaults
Non-AED Error Messages
Browser Errors
Apache Errors
MySQL Errors
SSHD Errors
Yum Errors
Atomicorp Documentation
Docs
»
Free and Open Source Community Projects
Free and Open Source Community Projects
¶
Atomic Offline Operating System Installer
Atomic
Atomic Rocket Turtle Repository