store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Jul 24, 2014 2:24 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: [asl-2.0] ASL 2.2.9 Release Announcement
Unread postPosted: Mon Jul 12, 2010 5:25 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7861
Location: earth
2.2.9 marks phase 2 of the deprecation of support for denyhosts. As of 2.2.9 denyhosts is no longer a required package for ASL. It has now been relegated to "legacy" status.

Additional changes in this update are primarily focused on improving performance, and reducing file IO overhead.

Additional components updated in this release:
* kernel/kernel-PAE 2.6.32.16
* dazuko for 2.6.32.16

Changelog:
[=] Updated default ossec server template to monitor /opt, /usr/lib, /usr/local/
[=] Added realtime tokens to the ossec configs by default.
[=] Improved lint check for whitelist/blacklist checks to clean out duplicate/invalid entries
[=] Removed denyhosts dependency from package
[-] Bugfix #383, single entry geo-blacklists in ASL Web could not be removed

Legend: [+] New Feature/Capability, [=] Change to existing feature, [-] Bugfix

To Upgrade
yum upgrade asl asl-web


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Wed Jul 14, 2010 6:19 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Quote:
As of 2.2.9 denyhosts is no longer a required package for ASL. It has now been relegated to "legacy" status.


Do you recommend uninstalling denyhosts on servers running ASL? OSSEC takes care of blocking brute force attacks these days?

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Wed Jul 14, 2010 6:28 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7861
Location: earth
Yes, you can remove denyhosts now. It will be completely retired in the next update I think


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Wed Jul 14, 2010 6:40 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Oct 26, 2006 11:56 pm
Posts: 678
Hi Scott,

What is doing the brute force blocks now, is it just asl?


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Thu Jul 15, 2010 5:52 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Jan 17, 2008 5:48 pm
Posts: 124
How about apf?


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Thu Jul 15, 2010 6:05 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
aus-city wrote:
What is doing the brute force blocks now, is it just asl?


It's OSSEC (installed as a dependency by ASL, just like DenyHosts was).

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Thu Jul 15, 2010 6:06 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
mdtiberi wrote:
How about apf?


APF is not part of the ASL suite.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Thu Jul 15, 2010 6:17 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Jan 17, 2008 5:48 pm
Posts: 124
breun wrote:
mdtiberi wrote:
How about apf?


APF is not part of the ASL suite.


I know its not, just wondering if you think it should stay or go.

Thanks


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.9 Release Announcemet
Unread postPosted: Fri Jul 16, 2010 8:19 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Apr 10, 2006 12:55 pm
Posts: 672
Quote:
I know its not, just wondering if you think [apf] should stay or go.

If APF is your primary firewall then you should not remove it unless you're replacing it with another firewall. I've seen no release notices on an ASL firewall so you should keep APF. The only other option (outside a hardware firewall) is to manually configure iptables (which is not easy).

_________________
"Its not a mac. I run linux... I'm actually cool." - scott


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group