###
AUM
###


Introduction
============

AUM is the Atomic Update Manager. AUM is used by many Atomicorp products to update components.


------

Atomic Update Manager (AUM)
===========================

   * For Users with an ASL license, aum can update the following:

      1. ASL, including aum
      2. Secure Kernel
      3. Host Based Intrusion Detection System (HIDS)
      4. EDR system
      5. EPP system
      6. Vulnerability Shield
      7. Web Application Firewall (WAF)
      8. Transparent Web Application Firewall (T-WAF)
      9. modsecurity Web Application Firewall
      10. RBLs
      11. Firewall components
      12. Log Intrusion Detection System (LIDS)
      13. Active Response System
      14. GeoIP databases
      15. Web console
      16. Realtime malware protection system
      17. Malware upload protection system
      18. Threat Intelligence system
      19. clamav signatures
      20. Support packages used by ASL
	  
	  
   * AUM is controlled by the following two options in ASL:
   
      * AUTOMATIC_UPDATES
	  
      * UPDATE_TYPE
	  
	  
---------

AUM with Rules Only
===================

   * For users with jut a rules license AUM can update the following:
   
      1. AUM
	  
      2. ModSecurity Rules
	  
      3. ModSecurity
	  
	  
   .. note:: This is controlled by the users configuration of AUM.
   
-------

Installing AUM
==============

   * If you are using ASL then AUM is included.
   
   \
   
   * If you are a Rules Only customer, please follow the process below:
   
      Step 1: Install AUM by running the following command as root
	  
         .. code-block:: console
		 
            wget -q -O - https://updates.atomicorp.com/installers/aum |bash


      Step 2: Configure AUM by running the following command as root
	  
         .. code-block:: console
		 
            aum configure 
			
			
      Step 3: Tell AUM to install the rules by running the following command as root
	  
         .. code-block:: console
		 
            aum -u
			
			
----------

Configuring AUM
===============

For more information on configuring AUM, please visit the `wiki page`_ .

.. _wiki page: aumConfig.html

 
--------

Supported Platforms
===================

   * RedHat 6/7/8
   
   * Centos 6/7/8

   * Rocky Linux 8/9
   
   * CloudLinux 6/7/8
   
   * Debian 9/10/11/12
   
   * Ubuntu 16/18/20/22

   * Alma Linux 9
   	  
-----------

Notes for CPanel Users
======================

**modsec2.user.conf**

   * If apache is not configured to load this file, one easy way to include this is to create a symlink from the /etc/httpd/conf.d directory with the command below:

      .. code-block:: console
	  
         ln -s /usr/local/apache/conf/modsec2.user.conf /etc/httpd/conf.d/99999_modsec2.user.conf

     The /etc/httpd/conf.d directory is the Linux standard directory for apache configuration files. Adding a configuration file to this directory will normally tell apache to load the configuration file. aum will setup cpanel apache systems to use this standard method to support standard apache configuration files.
	 
	 
     .. note:: This configuration is not enabled by default to prevent configuration loops. Some cpanel systems may be misconfigured to load their rules twice. If you have trouble starting apache after symlinking this file, remove the symlink and check your apache configuration for duplicate entries.
	 
	 
--------

Frequently Asked Questions
==========================

**Does aum install more rules than asl-lite?**

   * Yes, aum supports the full range of current rules available to rules only users. asl-lite did not.

-------

**Will aum keep mod_security up to date?**

   * Yes. When an update is required by the rules, it will upgrade mod_security. When an update is not required by the rules, it will not upgrade mod_security.

   .. note:: For rules only customers, you may see that aum has a slightly older version of mod_security installed than with ASL. This is expected, as rules only systems do not have access to the full feature set in ASL, and occasionally we release updates to mod_security that not rule related but contains features ASL uses
   
--------

**How can I enable/disable rules if I dont have ASL?**

   * aum can disable rule class, it can not disable/enable specific rules. You need ASL for that level of granularity.

--------

**How can I enable/disable rule classes if I dont have ASL?**

   * Rule classes are enabled/disabled in the /etc/asl/config file. Setting a rule class to "yes" enables it, and "no" disables it.

---------

**Does aum use the /etc/asl/config file settings**

   * Yes.
   
---------

**Do rule sets still need to be manually disabled?**

   * No, check enable/disable the class in /etc/asl/config

---------

**Can I configure what aum updates?**

   * Yes. The following options in /etc/asl/config are available for rules only aum users:

      1. AUTOMATIC_UPDATES - Configures the update frequency for aum to download and install updates, such as new rules and signatures


      2. UPDATE_TYPE - Configures the behavior of the AUTOMATIC_UPDATE event. There are three options:
	  
            * All - This will upgrade all compotents aum can update. Please see above for a list of components for ASL and rules only users.
			
            * Exclude-kernel - This will upgrade all ASL software, rule and signatures updates but not upgrade the kernel. (Note: This has no effect for rules only users of aum)
			
            * rules-only - This will exclude all software updates except for rules. Note: If a rule update requires an update to a component, for example modsecurity, the component will not be installed and that rule update will also not be installed.
			
			
---------

**How can I disable automatic updates?**

   * Set the AUTOMATIC_UPDATES setting to "none". 
   
   
---------

**What is the /var/awp/data/templates directory for**

   * Templates in this directory are used to generate various configuration files aum needs.

---------

**How can I change the tortix_waf.conf file?**

   * aum will manage this file from settings in /etc/asl/config. Editing this file directly is not supported.

---------

**What are the asl-php rpms for?**

   * This is actually a legacy thing with AUM. AUM doesn't use the asl-php RPMs anymore. It uses curl. As a result these RPMs are no longer used.

