We are proud to announce the release of version 3.0 of Atomic Secured Linux!
For those of you new to ASL, Atomic Secured Linux(tm) is an out-of-the-box Unified Security Suite for Linux(tm) systems designed to protect your servers against both known and unknown threats. ASL is always kept up to date through its internal update management system. Unlike other security solutions, ASL works by combining security at all layers, from the Kernel all the way up to the application layer to provide the most complete protection available for Linux servers and helps to ensure that your system is compliant with commercial and government security standards.
ASL includes built in firewalling, secure kernel, automated system lockdown and hardening engine, userspace and host Intrusion Prevention Systems (IPS), malware/rootkit detection and elimination, vulnerability scanner, blacklisting technologies and the most widely used web application firewall on the market. All designed to protect multiuser, virtualization, cloud and web hosting environments like no other solution. ASL is uniquely effective at addressing multiple emerging threats posed by vulnerabilities in todays complex systems and applications, such as web hosting environments, multiuser systems, CRM's, blogging software, forums, shopping carts, Content Management systems, custom applications and so much more!New Features in 3.0:
New ASL Dashboard consolidates Attack & Event summary, Module Status, Load monitor and RSS feed.
New operating systems supported:
Scientific Linux 5 & 6
Red Hat Enterprise Linux 6
Xen virtualization (as a guest OS)
New control panels supported:
New online documentation system:
All ASL Web, rule ID's are now linked to their documentation page.
This will allow you to click on the event ID to find out more about what this event is, what causes this event to occur, and what actions, if any, you may need to take. For example, if the Web Application Firewall event 340162 is triggered, you can click on “340162” in the GUI and you will be able to read more about that type of attack, how to tune your system if its a false positive and so much more!
Firewall Rule Management System:
An advanced rule management system that will import your existing rules into a powerful web based interface
Use with, or without third party firewalls. All your firewalling needs can now be addressed from ASL.
Works with existing firewalls, no need to replace what you already using
HIDS (Host Based Intrusion Detection) Rule Manager:
Modify the Active Response policy globally or per rule
Change Severity Level per rule
Activate/Deactivate Logging per rule
Enable/Disable Email alerts per rule
WAF (Web Application Firewall) Rule Manager:
Rules can be enabled/disabled globally or by virtual domain.
Rules can be set to different severity levels,
Rules can have their base response policy elements modified to include shunning, email alerts, and logging.
Intelligent Repeat Offender blocking:
ASL will intelligently modify block times based on the recurrence of attacks from a particular source. This will allow your system to treat “one time” offenders differently from repeat attackers, properly blocking real malicious users from launches new attacks.
New File Integrity management system:
Web based GUI Interface that allows for list or tree view sorting.
"Notify" lists, this allows notifications to be sent to different email addresses for change alerts to different files.
"Watch" configuration, allows for the definition of what files or directories the system will monitor for changes. Configuration options allow for real-time monitoring, user/group ownership changes, permissions, checksum, and diff reporting. Diff reporting will include the changes made to the file in the body of the alert message for ascii files.
"Ignore" lists, allows for files or directories to be explicitly ignored from monitoring.
Event Manager enhancements:
Lists source of events, for multi agent configurations
Allows for searching for any string in the data field
Ties directly into the rule manager
Supports False Positve & False Negative reporting
New Report Generation System:
Failed logins in the last 24 hours, 72 hours, and 30 days
Top Stats; Events by Level, Alerts in the last 24 hours, and Top alerts in the full history
Top Web Attackers in the last 24 hours, and the total number of attacks in the last 7 days
ASL Web User Manager:
Role Based Access control for ASL Web Users
Audits logins by ASL Web users
Role Manager allows for setting what components an ASL Web user can have access to. Including View Only and Modify options
New kernel policy manager:
Trusted Path Execution
Enable/Disable Privileged IO
Audit Mount, Chdir, Ptrace, and Text relocation events
Control Chroot permissions on chmod, chroot, fchdir, capabilities, mknod, mount, sysctl, nice and findtask
Audit exec() events inside a chroot
Audit exec() activity by userid
Control "Server" class users, users in this group can only act as servers (IE: no outbound connections allowed)
Control "Client" class users, users in this grop can only access as clients (IE: cannot create services for inbound connections)
Control "Socket" class users, users in this group can act as neither clients nor servers.
New attack detection and prevention features:
New Web “slow” DOS protection added
New brute force detection and protection system added
New Application Inventory system thats faster and quicker.Release Notes:https://www.atomicorp.com/wiki/index.ph ... ease_NotesTo Upgrade:
Follow the process here:https://www.atomicorp.com/wiki/index.php/Upgrading_ASL
If you don't have ASL, get the latest version of ASL and Secure Your Server Now!