Following months of remote working, companies everywhere are starting to bring employees back to the office. While this is a positive step forward, it also poses a number of IT security concerns that will need to be tackled to prevent business systems being left vulnerable. Here, we’ll look at what those concerns are and provide …
Security
7 Tips to Improve Remote Working Security
Working from home will become the new normal for many employees. Companies will not want to waste their investment in remote working technology, especially as it enables them to downsize offices and make savings during a period of economic turmoil. As remote working raises a number of security issues, here are some useful tips on …
cPanel Announces Comprehensive New Security Feature Addition, Making Server Security More Robust
As a leader in the hosting management industry, cPanel continuously serves Web Hosting Providers and System Administrators with multiple integrated options to protect their servers. Houston, TX – February 3, 2020 – cPanel, L.L.C., an industry-leading hosting server management solution for the past 20 years, announced it is adding ImunifyAV+ to the suite …
cPanel Newsroom
New Website Security Threats for 2020
For anyone running a website, 2020 promises to be a tough year when it comes to cybersecurity. According to a range of security experts, not only will you have to deal with the many existing risks; there will also be a raft of emerging threats, many of them highly advanced. Here, we’ll look at some …
Auto updating Atomicorp Mod Security Rules
Hello!
If any of you use mod_security as a web application firewall, you might have enlisted the services of Atomicorp for regularly updating your mod_security ruleset with signatures to protect against constantly changing threats to web applications in general.
One of the initial challenges, in a managed hosting environment, was to implement a system that utilizes the Atomicorp mod_security rules and update them regularly on an automated schedule.
When you subscribe to their service, they provide access credentials in order to pull the rules. You then need to integrate the rule files into your mod_security implementation and gracefully restart apache or nginx to ensure all the updated rules are loaded.
We developed a very simple python script, intended to run as a cron scheduled task, in order to accomplish this. We thought we would share it here in case anyone else may find it useful at all to accomplish the same thing. This script could easily be modified to download rules from any similar service, alternatively. This script was written for nginx, but can be changed to be integrated with apache.
Find the code below. Enjoy!
#!/usr/bin/python import urllib2,re,requests,tarfile,os,time username = 'yourusername' password = 'yourpassword' # create a password manager password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm() top_level_url = "http://updates.atomicorp.com/channels/rules/subscription/" password_mgr.add_password(None, top_level_url, username, password) handler = urllib2.HTTPBasicAuthHandler(password_mgr) opener = urllib2.build_opener(handler) urllib2.install_opener(opener) #data = urllib2.urlopen('http://updates.atomicorp.com/channels/rules/subscription/VERSION') for line in urllib2.urlopen('http://updates.atomicorp.com/channels/rules/subscription/VERSION'): if 'MODSEC_VERSION' in line: var = line.split('=',1) version = var[1].replace('n', '') # they throttle connection requests time.sleep(10) atomicdl = 'http://updates.atomicorp.com/channels/rules/subscription/modsec-' + version + '.tar.gz' atomicfile = urllib2.urlopen(atomicdl) output = open('/etc/nginx/modsecurity.d/modsecrules.tar.gz', 'wb') output.write(atomicfile.read()) output.close() tar = tarfile.open('/etc/nginx/modsecurity.d/modsecrules.tar.gz', 'r:gz') tar.extractall('/etc/nginx/modsecurity.d/') tar.close() os.system("rsync -ravzp /etc/nginx/modsecurity.d/modsec/ /etc/nginx/modsecurity.d") os.system("rm -rf /etc/nginx/modsecurity.d/modsec /etc/nginx/modsecurity.d/modsecrules.tar.gz") os.system("sed -i '//d' /etc/nginx/modsecurity.d/*.conf")
The post Auto updating Atomicorp Mod Security Rules appeared first on Managed WordPress Hosting | Managed VPS Hosting | Stack Star.
Managed WordPress Hosting | Managed VPS Hosting | Stack Star
Auto updating Atomicorp Mod Security Rules
Hello!
If any of you use mod_security as a web application firewall, you might have enlisted the services of Atomicorp for regularly updating your mod_security ruleset with signatures to protect against constantly changing threats to web applications in general.
One of the initial challenges, in a managed hosting environment, was to implement a system that utilizes the Atomicorp mod_security rules and update them regularly on an automated schedule.
When you subscribe to their service, they provide access credentials in order to pull the rules. You then need to integrate the rule files into your mod_security implementation and gracefully restart apache or nginx to ensure all the updated rules are loaded.
We developed a very simple python script, intended to run as a cron scheduled task, in order to accomplish this. We thought we would share it here in case anyone else may find it useful at all to accomplish the same thing. This script could easily be modified to download rules from any similar service, alternatively. This script was written for nginx, but can be changed to be integrated with apache.
Find the code below. Enjoy!
#!/usr/bin/python import urllib2,re,requests,tarfile,os,time username = 'yourusername' password = 'yourpassword' # create a password manager password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm() top_level_url = "http://updates.atomicorp.com/channels/rules/subscription/" password_mgr.add_password(None, top_level_url, username, password) handler = urllib2.HTTPBasicAuthHandler(password_mgr) opener = urllib2.build_opener(handler) urllib2.install_opener(opener) #data = urllib2.urlopen('http://updates.atomicorp.com/channels/rules/subscription/VERSION') for line in urllib2.urlopen('http://updates.atomicorp.com/channels/rules/subscription/VERSION'): if 'MODSEC_VERSION' in line: var = line.split('=',1) version = var[1].replace('n', '') # they throttle connection requests time.sleep(10) atomicdl = 'http://updates.atomicorp.com/channels/rules/subscription/modsec-' + version + '.tar.gz' atomicfile = urllib2.urlopen(atomicdl) output = open('/etc/nginx/modsecurity.d/modsecrules.tar.gz', 'wb') output.write(atomicfile.read()) output.close() tar = tarfile.open('/etc/nginx/modsecurity.d/modsecrules.tar.gz', 'r:gz') tar.extractall('/etc/nginx/modsecurity.d/') tar.close() os.system("rsync -ravzp /etc/nginx/modsecurity.d/modsec/ /etc/nginx/modsecurity.d") os.system("rm -rf /etc/nginx/modsecurity.d/modsec /etc/nginx/modsecurity.d/modsecrules.tar.gz") os.system("sed -i '//d' /etc/nginx/modsecurity.d/*.conf")
The post Auto updating Atomicorp Mod Security Rules appeared first on Managed WordPress Hosting | Managed VPS Hosting | Stack Star.
Managed WordPress Hosting | Managed VPS Hosting | Stack Star