We are proud to announce the latest release for our flagship Atomic Secured Linux product, the latest in unified threat management systems.  Atomic Secured Linux(tm) is an out-of-the-box Unified Security Suite for Linux(tm) systems designed to protect your servers against both known and unknown threats. It is distributed through a subscription yum channel ensuring that ASL is always kept up to date. Unlike other security solultions, ASL works by combining security at all layers, from the Kernel all the way up to the application layer to provide the most complete protection available for Linux servers and helps to ensure that your system is compliant with commercial and government security standards. ASL includes the most hardened kernel on the market, automated system hardening techniques, userspace and host Intrusion Prevention Systems (IPS), malware/rootkit detection and elimination, blacklisting technologies and web application firewalling to protect multiuser and web application hosting environments like no other solution. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems and custom applications.

This is the official release for Atomic Secured Linux (ASL), version 2.2. Changelog: * ASL Web, the standalone web gui. A dynamic, resizable open interface to manage security policy and event information. * Kernel 2.6.29.6, with support for vmware's VMI interface, ext4 and btrfs file systems, and much much more * OSSEC upgraded to 2.1 * ASL Core has been completely re-written in C for faster and more flexible capabilities * Added vulnerability checks for simple FTP passwords * Added new dynamic purge events for stale blocklist entries * Added vulnerability checks for excessive whitelists * Whitelisting now handles bitmask based whitelisting across all services

* Added checks for SSL/TLS usage in qmail
* Added expose_php checks for Plesk daemons
* Command line arguments now support multiple entries (--blacklist 1.2.3.4 4.5.6.7 7.8.9.10)
* Extended firewall module checking in the asl-mod init script
* Added ability to disable SSH Banner checks (for lemonbit)
* Added ability to set Apache "graceful" restarts (for enom)
* PHP checks for safe_mode have been lowered from "high" to "moderate"
* PHP checks for escapeshellcmd have been dropped to "low"
* Added configuration checks for the Plesk 9 /etc/xinet.d/ excludes in rkhunter
* Added vulnerability check for psa-atmail
* Added vulnerability check for psa-proftpd
* Added SSL settings detection between Plesk 8.x and 9.x
* RKHUNTER_SSH_ROOT_LOGIN now defaults to SSH_ROOTLOGINS variable by default
* Added detection for Horde and Squirrelmail during PHP functions check in the configuration phase. This will automatically allow the required PHP functions (popen, etc).
* Added migration routine for plesk environments from the old asl-web-gui to the new asl-web
* update to KERNELS file to support the new 2.6.29.6 kernels
* Updated configuration_setup to detect & start mysql if its not running
* Update on ossec_database_setup to warn on blank passwords
* Added routine to kill stale ossec-dbd processes in ossec_check
* Removed restrictions on the max length of a message field in the Events Display
* New turtle graphics, now with Lensflare!
* Optional: An upgraded psa-proftp for Plesk users to 1.3.2a, which includes SFTP, RBL (real-time black lists), and ClamAV support

Bugfixes

Bugfixes:
- Bugfix on remove-blacklist
- Bugfix #XXX, fix for vulnerability scanner to show details if there
was only 1 entry
- Bugfix #XXX, fix for ossec excessive whitelists check to show correct
vuln level based on total # of whitelists
- Bugfix #XXX, correctly install the asl-button for plesk environments
- Bugfix #XXX, on ossec_database_setup
- Bugfix #XXX, on asl-mod (adds more modules)
- Bugfix #XXX, on white/black/geoblock/blocking .js files
- Bugfix #XXX, ssh_check, added missing message for GSSAPICleanup test
- Bugfix #XXX, rkhunter_check, added missing message for SSH protocol 1
test
- Bugfix #XXX, multi-arguement/value events
- Bugfix #XXX, in vulnerability stub data for ET_EXEC
- Bugfix #XXX, ssh_check banner test (bareword found issue)
- Bugfix #XXX, Added a condition to detect /var/asl/tmp/VERSION on new
installs
- Bugfix #XXX, --whitelist typo on the asl-shun command
- Bugfix #XXX, ssh_check, Added more logic around allowed root logins,
this will skip the fixed check now and just report it as
allowed/vulnerable if it is fact allowed.
- Bugfix #xxx, mod_security, cleaned up path checking on SecTmpDir
- Bugfix #xxx, php_check, Changed execute flag string to be more clear
on exentions check
- Bugfix #xxx, php_check, disable_functions check will now create the
line if it doesnt exist rather than rewrite it
- Bugfix #XXX, for pending updates check
- Bugfix #XXX, for denyhosts bitmask whitelist
- Bugfix to detect spamassassin before checking its permissions
- Bugfix for ossec_check and web.conf, deprecated dhtml.conf files
- Bugfix for mod_security_check to correctly parse Dir directives
- Bugfix for mod_security_check SecAuditLogStorageDir
- Bugfix, mod_security_check now supports both "on/off" and "yes/no"
values
- Bugfix, mod_security_check copies rulegroups over correctly now
- Bugfix, mod_security_check copies over tertiary configs now
(spam.conf, sql.txt, etc)
- Bugfix, mod_security_check, when the whitelist is enabled, it is now
flagged as a vulnerability
- Bugfix, php_check updated to support yes/no, and on/off conditions
- Bugfix #XXX, corrected condition where ssh vulnerability checks were
not being reported for SSH password authentication being enabled.
- Bugfix #XXX, added a wrapper to lint the config file for the
CONFIGURED flag



Upgrading to 2.2:

1) Ensure that you allow mysql connections from localhost, and that
skip-networking is not set in /etc/my.cnf

2) yum upgrade

3) asl -s -f

4) Log in to the web interface on port 30000 with your web browser with
the credentials:
username: admin
password: setup




To Install on a clean system:
1) wget -q -O - http://www.atomicorp.com/installers/asl |sh

2) Log in to the web interface on port 30000 with your web browser with
the credentials:
username: admin
password: setup