store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Fri Oct 31, 2014 12:18 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 40 posts ]  Go to page Previous  1, 2, 3
Author Message
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Sun Nov 06, 2011 12:47 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Quote:
@Mike: havent thought about the delay you and faris mentioned, but I think a delay is not good.


So DNS is isnt an option then, delays are just par for the course with DNS. So any AWL for search engines couldnt be developed or determined in real time if the company doesnt publish its source IPs. google wont publish its source IPs, so any list for google would be a moving target developed externally and only as accurate as its sources (which would be delayed too).

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Mon Nov 07, 2011 6:20 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Mar 28, 2009 6:58 pm
Posts: 865
Location: Germany
ok, that makes sense. Maybe instead of trying this another approach might be useful.
Something like a special search bot report sorted by different aspects (action, reason, source, etc.) to react on?


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Thu Jan 26, 2012 4:44 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
#1, #2 &#3 are all the same for me
Atomicorp Candidate #20: Add LVE to kernel

If we can get all the benifits of cloud linux while still using your kernel for all the extra security, that would be a big win for us.

#3.5 would be the ability to manage the rules (like turning off active response) from the CLI so we dont have to use the GUI just for one task and use the CLI for everything else.

For example, if I wanted to still have a rule (like the spam ones) blocked, but not shun then, I can run asl --disable-active-response
300038 or something like that, similar to the way you can disable a rule ( --disable-rule )

#4 would be that windows version that was in beta about a decade ago :)


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Thu Jan 26, 2012 5:01 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Quote:
#4 would be that windows version that was in beta about a decade ago


Oh windows is such a nightmare of missing capabilities. No chroot, little appreciate for least priv, etc. So we've had to do a LOT of work to make ASL just as secure on that platform. We dont want to ship a product thats not up to our high standards, and Windows is a challenging environment due to these limitations.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Thu Jan 26, 2012 5:24 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
What about just having the basics at first - ossec, some sort of service manager, a mod_sec plugin for IIS, etc


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Thu Jan 26, 2012 6:50 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Good question, its actually ossec. Ossec when in server mode is REALLY paranoid, a good good good thing (logs are untrusted data) and it uses the capabilities in Linux to do that in lots of sandboxes. Unfortunately those sandboxes dont exist in windows, so to get those capabilities on Windows we have to come up brand spanking new ways to protect Windows. :-(

What we can do is things in client mode on Windows right now. That is the Windows boxes report everything to a Linux box which does all the analysis and makes the decisions. We know people want to be able to run Windows standalone, so thats where all the work is right now.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Fri Mar 23, 2012 5:49 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
I forgot to mention that we started working on the features with the highest votes, which are (in order of votes):

Atomicorp Candidate #4: Redirect blocked users to a web page that explains why they were blocked and provides options based on the policy set by the system owner (examp,e, give them a captcha and allow for spam, admin password and allow XSS rules, report as false positive, etc.) Also for cases where the system owner does not want them to disable the rule, or allow the event, give them information to reach out the system owner to resolve the issue. (the domain and/or system owner would be able to disable/enable this depending on the type of rule triggered)

Atomicorp Candidate #1: ASL RBL - basically a system thats driven by our honeypots and contains all the IPs from attackers, spammers, etc. And advanced version of this would allow everyone to participate by contributing your own attack data to the system. And a really advanced version of this would allow you to create your own RBL based on your data sources.

And if I got the counts wrong, please let me know!

The other big requests were:

Candidate #21: Migration tool (we're looking into this):

A migration manager for importing / exporting ASL settings between 2 servers using an export file would be a nice feature to have as well. It could be very usefull when migrating and existing solution to a new hardware, or for quick setup of similar installations such as when you have many VPS, but probably a VPS template would do the job in this very specific case. I beleive an export settings feature would more lightweight and would offer more possibilities though.

Actomicorp Candidate #3 (in initial design phase right now):

Add in domain delegation capabilities in ASL. For example, spam rules and redaction are delegated to the domain owner. domain owner can only see their events in the ASL GUI, and can disable rules the system owner has delegated to them (the defaults from us would be things like spam rules, XSS, redaction and the like - things that could cause the system itself to be compromised or DOSed wouldnt be delegated by default)

And as folks may have seen with the new Plesk WAF, we have already done Atomicorp Candidate #19. We will be expanding this to cover things like nginx, litespeed, etc. So this will also cover Candidate # 30.

If you would like to weigh in on the feature lists, add something, change your votes, etc. please let us know!

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Fri Mar 23, 2012 5:53 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
LVE
LVE
LVE

:)


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Fri Mar 23, 2012 5:56 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Yep, LVE is in the works. We actually have it, but the CL guys use a different scheduler from what we have, they use one from the openvz guys - and the openvz guys obfuscated the hell out of it in a giant monolithic patch thats around 700MB (most of which has nothing to do with openvz). Hurray!

So, its not just getting LVE in there, but the same LVE that CL uses.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Vote for new features in ASL 3.1 and beyond
Unread postPosted: Fri May 18, 2012 2:43 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Nginx and Litespeed are now supported in ASL. Please see the respective configuration guides at these URLs:

Nginx setup guide

Litespeed setup guide

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 40 posts ]  Go to page Previous  1, 2, 3

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: prupert and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group