|
Release Notes:
This release includes the latest iteration of the Tortix Web Application Firewall (or T-WAF for short). The T-WAF is the next generation of the initial external WAF piloted with the plesk WAF module. It allows for dynamically redirecting local HTTP/HTTPS based traffic directly through the T-WAF module using firewall redirect rules. This is titled as a "local redirect", additionally the T-WAF supports "plesk" mode which replaces the original plesk-waf-setup application. Lastly, the T-WAF supports "remote" which allows the ASL server to act as a reverse proxy for downstream web servers.
As of this release the T-WAF module is considered a beta project and is not enabled by default. Users interested in beta-testing the T-WAF can activate it with:
yum install asl-waf-module
The T-WAF will be licensed separately in a future release.
The 3.0.23 update also includes a beta feature allowing management of the default WAF response policy. Previously web attacks were handled as block inline, this update allows for the "redirect" response to a user defined URL. This URL can be used to pass information on the nature of the blocked attack including rule id, src ip, and internal event id.
Changelog:
- Add Tortix WAF (T-WAF)
- Retire plesk-waf-setup (replaced by T-WAF)
- Update, Add UNSUPPORTED to version info when distribution cannot be identified
- Update, support for status to the asl-firewall init script
- Update, ASL Web Corrects corrupt serialized data error
- Update to asl_db_rotate, TODO what is token here for archive on/off?
- Update, Changed default behavior of database setup to yes when selecting database installs
- Update, create a common asl firewall rule clearing function, used by the global asl-firewall init script
- Update, ASL Web, categories are now sorted alphabetically
- Update, Add check for /etc/asl/waf-config on permissions check
- Update, Ignore /usr/local/psa/var/cgitory by default in integrity checks
- Feature Request #425, add support for the Spamhaus lasso blacklist
- Feature Request #442, add blacklit support for TOR exit nodes. Adds new config token, FW_TOR
- Feature Request #785, add support for the Dshield blacklist of top attacking networks.
- Feature Request #792, add syn-flood protection. New config token: FW_SYN_COOKIES
- Feature request #814, HIDS limit email notifications to alrts greater than level X
- Feature Request #820, WAF deny & redirect management subsystem. Adds the config tokens WAF_DEFAULT_ACTION, and WAF_REDIRECT_URL
- Feature Request #XXX, add port tracking field for "embedded" waf type
- Feature Request #XXX, automated update times are now randomized to between +1-15 minutes
- Bugfix #XXX, change from reload to graceful restarts with tortixd. This should fix blank asl -u windows in ASL Web
- Bugfix #XXX, installer will now store network info to / instead of /tmp.
- Bugfix #XXX, Fix for remote database support
- Bugfix #XXX, Fix for continue y/n prompt in database setup
- Bugfix #XXX, Remove a mod_security binary if its already there before installing a new one. This corrects a really wierd condition when it already exists on source/anarchy installs.
To upgrade:
/var/asl/bin/asl -u
or
yum upgrade asl asl-web
|
|
|
Release notes:
The ASL clock module may not report the correct time due to the timezone not being specified in the php.ini. That is something we're working on automating in a future release. Also a frequently requested "warnings only" modifier has been added to asl from the command line. This is useful if you were looking to use it for a daily email report.
The internal update subsystem has been expanded to handle more internal component updates to include the ASL kernel, and waf module provided the UPDATE_TYPE setting is set to allow those updates.
Changelog:
- Add clock to ASL Web
- Add new update display fields to WAF updates, Rootkit Protection, and Shell protection
- Add in the -warn flag to only show warnings / failures in scan and/or fix mode
- Update to configuration verification engine, FIXED is only reported if a setting is the secure state. Otherwise the true vulnerablity level is displayed.
- Update to integrity checks, /etc/webmin is now ignored by default
- Feature Request #XXX, hids_check will now maintain the localtime file in chroot in accordance with /etc/localtime
- Feature request #532, add support for SecRequestBodyNoFilesLimit and SecRequestBodyInMemoryLimit
- Feature Request #709, add checks for suexec logs
- Feature Request #768, add support to rkhunter check to modify /etc/sysconfig/rkhunter
- Bugfix #XXX, php_check can now make insecure settings.
- Bugfix #XXX, update to asl_db_rotate to handle rotating larger database sizes (1+ million rows)
- Bugfix #XXX, tortixd rule reloading is moved out from the ASL Web interface, and into a queue system. This prevents the thread from dying in an interactive session.
- Bugfix #289, correct SMTP_AUTH plesk password checks to map to valid mailboxes. Correct output of plesk FTP check to show pass word column in order
- Bugfix #496, detect /var/log/snort/alert
- Bugfix #735, hids/waf checks for whitelists under 255 would always report 255 or greater
To Upgrade:
/var/asl/bin/asl -u
or
yum upgrade asl asl-web
|
|
Release Notes:
RHEL and CentOS 4 are not supported in this release.
In addition this release is a major update to the tortixd managment back end, moving from the previous EL5 based httpd and php 5.2 branch, to Apache 2.2.22 and PHP 5.4. This is in preparation to migrating toe management components to Apache 2.4 once PHP support is complete.
This update also contains major updates to the Updater module. Including the ability to update WAF components on source install environments, like cpanel and a major update to automatically initiating Self-Healing rules and components without requiring additional actions (fix mode).
Support Package Updates:
- - tortixd has been updated to 2.2.22
- Base php is now updated from version 5.2.17 to 5.4.0
- asl-php-eaccelerator has been obsoleted
- asl-mod_security has been replaced by tortix-waf
- psa-proftpd has PAM updates for el6
Changelog:
- - Add Vulnerability check for out of date WAF
- - Add top 10 attacked domain(24h/72h/1 week) report to ASL Web
- - Add EOL check for EL4 Platforms (CentOS, RHEL)
- - Update to ASL Web, will create the HIDS databse if it is not detected
- - Update to Rule Manager, WAF rules now cover HIDS rule 60121
- - Update to ASL Web, apassword fields are now masked
- - Update to database-setup, will report a failed codition on loading the HIDS db
- - Update to rule manager, ossec.conf is restored if it is removed
- - Update to update module, self healing rules are automatically added after an update. asl -s -f is no longer required
- - Update to update module, detail view for HIDS and WAF update event to list rule subgroups being updated
- - Update to update module, source environment will now check for and update WAF modules
- - Update to ASL Web, warnings are now displayed when changing PTRACE_HARDEN for plesk environments
- - Update to update module, tortixd waf is now reloaded on a rule update
- - Update to plesk-waf-setup to manage ACL's on directories using the audit dir
- - Update to plesk-waf-setup, IP can now be passed in from the command line
- - Update to database-setup to support the resetting the database the command line
- - Feature Request #XXX, add support for multiple users of posteasyapache
- - Bugfix #XXX, template correction for accesslog formating on plesk 9
- - Bugfix #XXX, for people with bad profiles and /sbin is not in their path.
- - Bugfix #XXX, deprecate EXECVE_LIMITING in ASL. Upstream merged this into vanilla
To Upgrade:
yum upgrade asl asl-web
|
|
This update brings a new capability to ASL which we are initially piloting for Plesk environments. It is a separate independent Web Application Firewall(WAF) for other web based services. In the context of plesk this both blocks attacks against the Plesk control panel, and adds in upload scanning to the Plesk file manager. The functionality of this module can be used on any web service, from control panel software like Plesk, Cpanel, Interworx, to web front ends on applications like Vmware and Oracle , or alternate web servers like Nginx, and litespeed. We will continue to expand this functionality on other control panels over the next few releases, and we encourage everyone to let us know via support, or in the forums about other web environments that you are interested in supporting.
Changelog
- Add Plesk WAF module for 8.6 thru 10.x
- Add vulnerability check for Plesk CVE-2011-4734
- Update to default audit log retention policy, lowered from 30 to 14 days
- Update to RBL configuration, this will now warn the user about performance considerations
- Update ASL Web to include debug messages if the mysql db has become corrupted
- Feature Request #XXX, add support for multiple users of posteasyapache
- Feature Request #XXX, Add support for CPANEL_DISABLE_POSTEASYAPACHE, this disables modification of posteasyapache
- Bugfix #XXX, rkhunter has been disabled test
- Bugfix #XXX, asl.repo will be generated if it does not exist
- BugFix #741, Add detection for ossec-hids-server
To Upgrade:
1) yum upgrade asl asl-web
2) (Plesk only) Set up the Plesk WAF
/var/asl/bin/plesk-waf-setup
|
|
This update is the first phase of an effort to establish a dedicated update module. The intent is to use this to bring a common update method across the suite of "Tortix" products.
Chagelog
- Add support for Oracle Linux 6
- Update to ASL Web, Moved false pos/neg alert messages to html and made urls in message texts linked
- Update to hids_check, update function has been externalized in preperation for a dedicated update module
- Feature Request #XXX, regenerate asl.repo if it has been removed
- Bugfix #XXX - Update to cpanel-easyapache to support direct install
- Bugfix #728 - change skip-networking exit event to a force enable, and restart mysqld event
To Upgrade:
yum upgrade asl asl-web
|
|
|
|
|
<< Start < Prev 1 2 3 4 5 6 7 Next > End >>
|
|
Page 1 of 7 |
