This is the release announcement for ASL 2.2.2, which introduces a number of bugfixes, and enhancements. This is a multi-package release, consistent of multiple components. A full yum upgrade is advised.
- Feature Request #285, Added vulnerability check for php function pcntl_exec()
- Feature Request #XXX, added vulnerability check for Plesk XSS vulnerability
- Feature Request #XXX, added db rotate event for storing alert events in mysql
- Feature #XXX, ossec_database_setup.sh is now safe to run multiple times. It will reset passwords to the default in /etc/asl/config
- Feature #XXX, add SSL checks for courier imap
- Changed support link in GUI to https://www.atomicorp.com/portal
- Added more debug routines for update events.
- Bugfix #XXX, Corrected js errors in IE, corrected tag mismatch in /etc/asl-config.xml
- Bugfix #XXX, to set the mod_security debug log to on / off. The default is to disable the debug log unless we're actually debugging. This is also a performance change.
- Bugfix #XXX, mod_security check will automatically populate the config file with the configuration token if it does not otherwise exist.
- Bugfix #XXX, added vulnerability details for the Plesk @Mail exploit
- Bugfix #XXX, fixed incorrect mod_security vulnerability detail references
- BugFix #XXX, corrected the filename for mod_security_serversignature
- Bugfix #XXX, Added missing data for Case #1537, vulnerability info for SA33842
- Bugfix #XXX, Fix to identify fc11
- Bugfix #XXX, corrects XSS issue in ASL Web with False Positive feedback
- forced LANG=C for password generation events
- Bugfix #XXX, Case #1258, fix for adding rules for non-localhost database cases
- Bugfix #XXX, corrected issue with single alert log entry display
- Bugfix #XXX, adding in more redundancy for other ASL-Web configuration scenarios. This adds in a basic alpha/numeric check.
- Bugfix #XXX, asl-web-setup will now check for the asl_user table, and will inform the user to run asl -c and/or ossec_database_setup.sh
- Bugfix #XXX, asl -u 'full debug' mode wasnt working
- Bugfix #XXX, Added kernel_randshlib to vulnerability report
wget -q -O - http://www.atomicorp.com/installers/asl