|3.0 Reports & other updates|
|Written by Scott Shinn|
|Tuesday, 26 April 2011 14:05|
We're getting close to the release candidate series so its time to give the hip-shot list of new things since the last abbreviated update:
1) More updates for DirectAdmin and Cpanel environments, specifically for their custom Apache implementations. This should keep settings in parity across rebuilds.
2) The reporting module is now active, we started with some basic reports and will expand these in future updates. Currently we have a breakdown by the total attacks per day, top attackers, top login failure IPs, and some long term attacker reports. These proved to be really enlightening, and opened up the possibility for some deeper long term (aka "Low and Slow") attacker responses. A screenshot is available <a href=http://www.atomicrocketturtle.com/asl3-report.png>here</a>.
3) The HIDS module has now moved over to a more apache like conf.d structure for rules & decoders. This makes it easier for you to maintain your own custom rules & decoders outside of either ASL or package updates.
4) Repeat Offender system, currently this works on a multiplier with 3 levels. Each time an attacker comes back the period they are blocked is increased by the multiplier.
5) By popular request, you can now force an update with "asl -uf".
6) The rule manager backend now supports per-agent changes, this is more of a feature for ASL Enterprise. It would allow you to set active respons, level, email, etc on a per-agent basis.
7) False Negative reporting, highly useful if you need to let us know about a mis-categorized attack.
8) You can now access the details about a blocked event directly from the blocklist interface.
9) More cleanup to the Rule Manager and File check interfaces. You can now place notify's on a per directory or per file basis to alert to a specific user when that file changes.
And lots lots more that I cant remember right now. As always if you want to take a peek at ASL 3.0 you can upgrade with:
yum --enablerepo=asl-2.0-testing upgrade asl asl-web