store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Fri Apr 18, 2014 4:43 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: [asl-2.0] ASL 2.2.2 Release Announcement
Unread postPosted: Wed Jan 06, 2010 11:05 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
This is the release announcement for ASL 2.2.2, which introduces a number of bugfixes, and enhancements. This is a multi-package release, consistent of multiple components. A full yum upgrade is advised.

Changelog:
- Feature Request #285, Added vulnerability check for php function pcntl_exec()
- Feature Request #XXX, added vulnerability check for Plesk XSS vulnerability
- Feature Request #XXX, added db rotate event for storing alert events in mysql
- Feature #XXX, ossec_database_setup.sh is now safe to run multiple times. It will reset passwords to the default in /etc/asl/config
- Feature #XXX, add SSL checks for courier imap
- Changed support link in GUI to https://www.atomicorp.com/portal (was http://support.prometheus-group.com)
- Added more debug routines for update events.
- Bugfix #XXX, Corrected js errors in IE, corrected tag mismatch in /etc/asl-config.xml
- Bugfix #XXX, to set the mod_security debug log to on / off. The default is to disable the debug log unless we're actually debugging. This is also a performance change.
- Bugfix #XXX, mod_security check will automatically populate the config file with the configuration token if it does not otherwise exist.
- Bugfix #XXX, added vulnerability details for the Plesk @Mail exploit
- Bugfix #XXX, fixed incorrect mod_security vulnerability detail references
- BugFix #XXX, corrected the filename for mod_security_serversignature
- Bugfix #XXX, Added missing data for Case #1537, vulnerability info for SA33842
- Bugfix #XXX, Fix to identify fc11
- Bugfix #XXX, corrects XSS issue in ASL Web with False Positive feedback
- forced LANG=C for password generation events
- Bugfix #XXX, Case #1258, fix for adding rules for non-localhost database cases
- Bugfix #XXX, corrected issue with single alert log entry display
- Bugfix #XXX, adding in more redundancy for other ASL-Web configuration scenarios. This adds in a basic alpha/numeric check.
- Bugfix #XXX, asl-web-setup will now check for the asl_user table, and will inform the user to run asl -c and/or ossec_database_setup.sh
- Bugfix #XXX, asl -u 'full debug' mode wasnt working
- Bugfix #XXX, Added kernel_randshlib to vulnerability report

To Upgrade:
yum upgrade

To Install:
wget -q -O - http://www.atomicorp.com/installers/asl |sh


Top
 Profile  
 
 Post subject: Re: [asl-2.0] ASL 2.2.2 Release Announcement
Unread postPosted: Thu Jan 07, 2010 1:10 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jan 15, 2008 3:57 am
Posts: 478
Location: Netherlands
Thx for the good work! seems to run perfectly :)

_________________
best regards,

http://hosting.ber-art.nl
Professional Secure Linux Plesk Hosting


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group