store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Thu Apr 17, 2014 10:59 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: (Draft) ASL 3.0 Changelog
Unread postPosted: Fri Jun 24, 2011 2:23 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
This is the first Draft for the ASL 3.0 Release candidate which we should be releasing shortly. I'm sure I missed things in this!

Changelog:
ASL 3.0.0-0.rc1 Release Candidate #1

+ support for Cloudlinux 5
+ support for Scientific Linux 5 & 6
+ support for Red Hat Enterprise Linux 6
+ support for Xen virtualization (as a guest OS)
+ support for directadmin environments
+ support for cpanel environments

+ Firewall Rule Management system, this is an advanced interface for the first phase of firewall rule management.
+ HIDS (Host Based Intrusion Detection) Rule Manager:
* List rules by ID, or Category
* Modify the Active Response policy globally or per rule
* Change Severity Level per rule
* Activate/Deactivate Logging per rule
* Enable/Disable Email alerts per rule

+ WAF (Web Application Firewall) Rule Management, rules can now be
enabled/disabled globally or by virtual domain. Additionally rules can now be
set at different severity levels, and have their base response policy elements
modified to include shunning, email alerts, and logging.

+ Repeat Offendor blocking, block times will now increase based on a user
defined setting (Default x2 of block time) each time they return.

+ File Integity management system:
* Interface allows for list or tree view sorting.
* "Notify" lists, this allows notifications to be sent to different email addresses for change alerts to different files.
* "Watch" configuration, allows for the definition of what files or
directories the system will monitor for changes. Configuration options
allow for real-time monitoring, user/group ownership changes,
permissions, checksum, and diff reporting. Diff reporting will include
the changes made to the file in the body of the alert message for
ascii files.
* "Ignore" lists, allows for files or directories to be explicitly
ignored from monitoring.

+ Event Manager:
* lists agent source for events
* Allows for searching for any string in the data field
* Ties directly into the rule manager
* Supports False Positve & False Negative reporting

+ Reports, this is the first phase of the report manager, it currently
includes reports for:
* Failed logins in the last 24 hours, 72 hours, and 30 days
* Top Stats; Events by Level, Alerts in the last 24 hours, and Top
alerts in the full history
* Top Web Attackers in the last 24 hours, and the total number of
attacks in the last 7 days

+ ASL Web User Manager:
* Role Based Access control for ASL Web Users
* Audits logins by ASL Web users
* Role Manager allows for setting what components an ASL Web user can
have access to. Including View Only and Modify options

+ Added kernel policy settings for:
* Trusted Path Execution
* Enable/Disable Privileged IO
* Audit Mount, Chdir, Ptrace, and Text relocation events
* Control Chroot permissions on chmod, chroot, fchdir, capabilities,
mknod, mount, sysctl, nice and findtask
* Audit exec() events inside a chroot
* Audit exec() activity by userid
* Control "Server" class users, users in this group can only act as
servers (IE: no outbound connections allowed)
* Control "Client" class users, users in this grop can only access as
clients (IE: cannot create services for inbound connections)
* Control "Socket" class users, users in this group can act as neither
clients nor servers.

+ Added asl-kernel init script to manage kernel settings
+ Blocklist now associates a block with the Alert that triggered the block.
+ New ASL Dashboard consolidates Attack & Event summary, Module Status, Load monitor and RSS feed.
+ Add False Negative and False Positive reporting to HIDS events
+ Feature Request #415, Add support for SSL settings in Plesk 9.0
+ Feature Request #455, add vhost option when enabling rules
+ Feature request #499, use of localhost is converted to 127.0.0.1 for conditions where /etc/hosts is mangeled.
+ Feature Request #512, Add support for disabling ftp_exec, curl_exec, and curl_multi_exec PHP functions
+ Feature Request #XXX, add the --force-update / -uf flag to force a rule update from the comand line
+ Feature Request #XXX, HIDS updates will be forced if the complete decoder list is not detected.


= ASL Web, asl-web-setup has been retired, by default the ASL Username &
Password will be the login to ASL Web.
= ASL Web, rule ID's are now linked to documentation
= All http connections that include the ASL username & password have been
converted to https.
= HIDS now uses a directory based rule management structure similiar to the apache conf.d design.
= Updated psa_check to look for Vulnerability SA42052 in psa-proftpd
= Added Vulnerability data for http://secunia.com/advisories/42052/
= Proftpd clamav support checks much improved
= waf module now supports SecReadStateLimit, and setting the SecEngine to "DetectionOnly"
= waf_module now generates the default waf config file: /etc/httpd/modsecurity.d/tortix_waf.conf
= waf_module now associates specific rules to the minimum version of
mod_security required to support them. Environments that do not meet these
requirements defined in the rule will not have the ruleset applied in an
update.
= waf_module, rule updates will now roll back to the last known working copy
if an update fails configtest
= Vulnerability report now sorts risks by importance.
= /etc/asl/disabled_signatures and /etc/asl/disabled_vhost_signatures have
been deprecated. They are now replaced by /etc/asl/rules
= Performance improvements to the Application Inventory system.
= ASL database setup event now supports blank password fields.
= php_checks, add detection for PHP 5.3
= psa_checks, add the ability to disable the Plesk crontabmng (PSA_DISABLE_CRONTAB)
= databae-setup will now detect skip-networking conditions that would break
the HIDS connector
= Added an abbreviated CLI false positive reportig flag: -rfp
= Added EOL check for fedora 12
= All apache restart events default to "graceful"
= Rules are now purged from /etc/httpd/modsecurity.d/ on an update if they are
named *asl*conf



- Bugfix #314, /etc/alternatives/mta-sendmail will now be linked to /etc/alternatives/mta if it does not exist
- Bugfix #385, App inventory can now handle directories with spaces
- Bugfix #405, removed duplicate instances of ASL_WEB_CONFIGURED
- Bugfix #406, remove all references to denyhosts
- Bugfix #453, OSSEC_SHUN_ENABLE_TIMEOUT is set to NO ossec will now restart properly
- Bugfix #457- enabling a rule leaves no longer leaves blank lines and empty statements
- Bugfix #539, #577: Update /dev to support RTC on newer kernels
- Bugfix #XXX, this will properly evaluate an asl.lock file as numeric. If detected as non-numeric, it will assume it is stale and remove the lock.
- Bugfix #XXX, for adding client keys in "agent" mode.
- Bugfix #XXX, add graceful to the APACHE_RESTART options
- Bugfix #XXX, Retired kernel check, set firstboot to disable itself if something fails. This prevents reboot loops.


Top
 Profile  
 
 Post subject: Re: (Draft) ASL 3.0 Changelog
Unread postPosted: Fri Jun 24, 2011 2:50 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Mar 28, 2009 6:58 pm
Posts: 839
Location: Germany
My compliment. I just can say "WOW!"
It's amazing and a pleasure to see how fast you enhance ASL.
I'm looking forward for the stable version and will try to test the RC in my virtual testserver if I find enough time.

Thanks a lot.


Top
 Profile  
 
 Post subject: Re: (Draft) ASL 3.0 Changelog
Unread postPosted: Fri Jun 24, 2011 3:23 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
I feel like we've been working on this a lot longer than we really have :P Looking back the 3.0 branch was started on October 1 2010, and the first new code was checked in on the 7th. Was that really only 9 months?

A minor update, all we're working on now is obsessing over how a minor section of the dashboard should look.


Top
 Profile  
 
 Post subject: Re: (Draft) ASL 3.0 Changelog
Unread postPosted: Fri Jun 24, 2011 4:59 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Quote:
= ASL Web, asl-web-setup has been retired, by default the ASL Username & Password will be the login to ASL Web.


Will it still be possible to add additional (non-admin) accounts? If not, we'd really miss that feature.

Quote:
= All http connections that include the ASL username & password have been converted to https.


Cool. Are you also losing the world readable bit on the files that contain the ASL username & password (/etc/asl/config and /etc/yum.repos.d/asl.repo) so local users can't read these credentials?

Quote:
= Added EOL check for fedora 12


Fedora 13 reached EOL today: http://lists.fedoraproject.org/pipermai ... 02976.html

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: (Draft) ASL 3.0 Changelog
Unread postPosted: Fri Jun 24, 2011 5:59 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
Quote:
Will it still be possible to add additional (non-admin) accounts? If not, we'd really miss that feature.


Yes, the role based access control system allows you to define the rights per user down to individual modules. It also logs when they access the interface

Quote:
Cool. Are you also losing the world readable bit on the files that contain the ASL username & password (/etc/asl/config and /etc/yum.repos.d/asl.repo) so local users can't read these credentials?


Yes it does that now

Quote:
Fedora 13 reached EOL today: http://lists.fedoraproject.org/pipermai ... 02976.html


Yes to that as well


Top
 Profile  
 
 Post subject: Re: (Draft) ASL 3.0 Changelog
Unread postPosted: Mon Jul 18, 2011 5:01 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 635
Quote:
psa_checks, add the ability to disable the Plesk crontabmng (PSA_DISABLE_CRONTAB)

Can you expand on what this means?

Quote:
php_checks, add detection for PHP 5.3

Does that mean ASL will finally stop complaining about safe mode being there, even though its turned off?

Quote:
ASL Firewall

Will this be a replacement for APF?
Will it still support mod_evasive bans like it currently does with APF?

Quote:
support for Cloudlinux 5

When you say support for CL - what does that really mean? We've been using CL for a long time now and despite it "not being supported" it still works fine.


Top
 Profile  
 
 Post subject: Re: (Draft) ASL 3.0 Changelog
Unread postPosted: Mon Jul 18, 2011 5:24 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
Quote:
psa_checks, add the ability to disable the Plesk crontabmng (PSA_DISABLE_CRONTAB)


This turns on/off the ability to manage the crontab through plesk.

Quote:
Does that mean ASL will finally stop complaining about safe mode being there, even though its turned off?

Whats new here is that it allows us to build security profiles around versions of php, so when function calls don't exist in a version the check would only apply where it does exist.

Quote:
Will this be a replacement for APF?


Its neutral toward replacing firewall front ends like apf, the goal was to create a library that could read and parse firewall rules so you can organize and manage them. Sure it can replace apf, and can also work alongside it. We didn't want to make something that forced you to redo all your rules.


Quote:
support for Cloudlinux 5


Mainly that its now something supported officially, since pretty much any clone of EL5 is going to be compatible with ASL. LVE is not in our kernels yet because openvz isnt there (LVE requires openvz). We're heading that way though.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group