• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Questions about Atomic Secured Linux

S

sethdavis

New Pleskian
Dear forum,

My company is growing and I'm (finally) making the switch over to a true dedicated server...

I'm pretty proficient in *nix, so I've opted for the non-managed route. I've been reading up on Atomic's ASL and like what I see, but I have a few questions:

1. How exactly does ASL "sit" together with Plesk? Is it a seamless fit or should I expect a few annoyances?

2. How will Plesk updates work with ASL? Is ASL guaranteed to support future versions of Plesk, or does ASL manage it's own updates of Plesk? How quickly is a new version of Plesk supported once it's released?

3. I have several sites using stuff like OSCommerce/CRELoaded which use custom PHP settings (register_globals on, file_uploads on, allow_url_fopen, register_long_arrays, etc). Will there be any interference here?

4. Should I expect any other types of interference due to the hardening of the environment?

5. I don't use the Plesk PowerPack, but manage my spamassassin options on my own. Will ASL support SA/ClamAV w/o Plesk's Power Pack?


I'd love to hear from you if you've had experience with ASL. Why should I give it a try and what should I be wary of?

Much thanks in advance,
Seth
 
Great questions, I was actually going to post a separate announcement about this. First off, in reference to Clamav and Spamassassin, we just put out the beta for Atomic Scanner, which you can see screenshots of here:
http://www.atomicrocketturtle.com/gallery2/main.php?g2_itemId=604

It is a web based module to manage clamav (and several other AV scanners), as well as spamassassin in plesk. It replaces drweb completely, and does all kinds of other neat things (escrow, lets you set up disclaimers, statistics etc).

To question #1, ASL, Atomic-Scanner, and Atomic-Yum web interfaces all drop in as modules to plesk. The rest of ASL is based on the standards set out by the vendor (CentOS, Red Hat, Fedora). Plesk is not required to use ASL, and as long as Plesk sticks to the same standards everything is just a simple rpm update/install.

#2, Updates can be handled with the autoupdater, or yum/atomic-yum. We use yum ourselves. We intend on supporting the latest versions of plesk, generally we can get the changes in place for a new version in a week or so. Sometimes less, and there is a yum channel (-testing) that would let you get access to packages as we develop them internally as well if theres a real rush.

#3, It would depend on the settings, there are ways to make exceptions on a per-vhost or even per-application level depending on the circumstances. We ship it with a default security policy that is pretty tight, its not hard coded and can be manipulated fairly easily if you need to adjust for something specific.

#4, If you do run into problems, let us know. You'll see in parts of ASL that there is a button that allows you to directly report problems to us with one click, and there is an additional support portal built in. For example we can usually get out a rule update in less than an hour if you use the Report False Positive button.

#5, see above. But yes, we plan on doing a lot more fun stuff with Atomic-Scanner. The released version is just the tip of the iceburg.
 
Excellent!

Atomicturtle,

Thanks for your quick reply. The scanner looks great and you might have just sold me...

Seth
 
ASL is great, you will be glad you got it after you see the threats blocked.

Art, can we install the Atomic scanner if so what channel is it in? in the screenshots i also noticed atomic yum updater gui for plesk, how can i install this if it's available.
 
Yup you can install atomic-scanner right now, its still in [asl-2.0-testing] so use:

yum --enablerepo=asl-2.0-testing install atomic-scanner

it should go into stable this week, theres nothing left to do internally. We just made some changes in the asl core (unreleased) that have to be tweaked a bit for it.

The yum gui we talked in about in another thread here, its in the [atomic] channel, you can grab that with:

yum install atomic-yum

and if you ever need a guide to write a plesk module, thats a good package to look at for pointers.
 
the atomic scanner installed fine but the yum-updater complained of a yum-repolist which i cant locate or install by running yum install yum-repolist.
 
So after installing the scanner and restarting Qmail without errors and confirming the web gui was installed, i thought the installation went well, NOT.
I woke up to complaints that email weren't delivered, so when i checked my log i saw this error;
corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2, well it appears that this was causing the emails to be stored in a tmp folder and not delivering them to the recipients mailbox, so i removed the scanner and removed qmail-scanner, and the emails of 12hrs+ starts pouring in.
My box is centos 5.2
 
yup, you were right clamd wasnt runnin and qmail worked fine after starting it.
Will qmail-scanner conflict with psa-spamassasin?
 
Eventually yes, its going to replace it and drweb completely. Right now it should work with it, you'll just be duplicating the scanning internally. Its safe, its just putting unnecessary load on the system.
 
You must log in or register to reply here.

Similar threads

Denis Gomes Franco
Resolved Learn from my mistakes...
Replies
6
Views
2K
weltonw
W
Hex
Forwarded to devs Code Editor Malfunction with Atomic Secured Linux Extension
Replies
3
Views
485
IgorG
IgorG
A
Atomic Secured Linux (2.2.2) for Plesk 9.2
Replies
0
Views
2K
atomicturtle
A
A
Atomic Secured Linux (2.0.7) for Plesk 9
Replies
0
Views
2K
atomicturtle
A
A
Atomic Secured Linux 2.0
Replies
0
Views
2K
atomicturtle
A
Back
Top