store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Dec 21, 2014 1:15 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 22 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: ASL 3.0.20
Unread postPosted: Mon Feb 27, 2012 4:21 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7964
Location: earth
This update brings a new capability to ASL which we are initially piloting for Plesk environments. It is a separate independent Web Application Firewall(WAF) for other web based services. In the context of plesk this both blocks attacks against the Plesk control panel, and adds in upload scanning to the Plesk file manager. The functionality of this module can be used on any web service, from control panel software like Plesk, Cpanel, Interworx, to web front ends on applications like Vmware and Oracle , or alternate web servers like Nginx, and litespeed. We will continue to expand this functionality on other control panels over the next few releases, and we encourage everyone to let us know via support, or in the forums about other web environments that you are interested in supporting.

Changelog

- Add Plesk WAF module for 8.6 thru 10.x
- Add vulnerability check for Plesk CVE-2011-4734
- Update to default audit log retention policy, lowered from 30 to 14 days
- Update to RBL configuration, this will now warn the user about performance considerations
- Update ASL Web to include debug messages if the mysql db has become corrupted
- Feature Request #XXX, add support for multiple users of posteasyapache
- Feature Request #XXX, Add support for CPANEL_DISABLE_POSTEASYAPACHE, this disables modification of posteasyapache
- Bugfix #XXX, rkhunter has been disabled test
- Bugfix #XXX, asl.repo will be generated if it does not exist
- BugFix #741, Add detection for ossec-hids-server


To Upgrade:

1) yum upgrade asl asl-web

2) (Plesk only) Set up the Plesk WAF

/var/asl/bin/plesk-waf-setup


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Mon Feb 27, 2012 5:10 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 780
Location: Sweden
Remeber to run as su, not with sudo!


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Mon Feb 27, 2012 5:15 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Aug 05, 2008 5:01 pm
Posts: 111
Something failed:

Code:
Total download size: 632 k
Downloading Packages:
asl-mod_security-2.6.3-1.2.el5.art.x86_64.rpm            | 632 kB     00:01     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : asl-mod_security                                         1/1

Installed:
  asl-mod_security.x86_64 0:2.6.3-1.2.el5.art                                   

Complete!
Enabling WAF settings in tortixd...

Plesk 9 detected...

Activing Redirect rules...

Reloading services...
Stopping tortixd:                                          [  OK  ]
Starting tortixd: (98)Address already in use: make_sock: could not bind to address [::]:30000
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:30000
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]
Restarting SWsoft control panels server... stale pidfile. Duplicate config variable in conditional 0 global: compress.filetype
2012-02-27 15:10:54: (configfile.c.838) source: /usr/share/sw-cp-server/applications-conf.sh line: 206 pos: 1 parser failed somehow near here: (EOL)
2012-02-27 15:10:54: (configfile.c.838) source: /etc/sw-cp-server/config line: 13 pos: 1 parser failed somehow near here: (EOL)
                                                           [FAILED]


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Mon Feb 27, 2012 7:35 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
I looked into how the ASL Plesk WAF is configured. I see an iptables rule is used to redirect all external traffic to port 8443 to port 8445 on which tortixd is listening and running a reverse proxy to https://127.0.0.1:8443 (see /var/asl/etc/httpd/conf.d/plesk_waf.conf).

As far as I can see HTTPS access to Plesk (tcp/8443) is secured this way, but HTTP access (tcp/8880) isn't, so unless 8880 is specifically firewalled Plesk is still accessible without being protected by mod_security. I guess this is not too hard to add and otherwise this looks like a great addition to ASL, so thanks for that.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Mon Feb 27, 2012 7:53 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7964
Location: earth
Yeah absolutely, in the interest of time that was tabled til after we got this out.


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Mon Feb 27, 2012 8:49 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Mar 19, 2008 10:22 pm
Posts: 111
I just went through the upgrade process and configured the Plesk WAF. Everything appeared to go smoothly, however, now I can't bring up Plesk in a browser. I seem to be blocked. Any ideas?


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 5:55 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
spaceout wrote:
I just went through the upgrade process and configured the Plesk WAF. Everything appeared to go smoothly, however, now I can't bring up Plesk in a browser. I seem to be blocked. Any ideas?

Same problem, just times out... no errors during install and no access to port 8443. The detected IP address is correct and both /asl_ssl_error_log
and /asl_ssl_access_log are empty. Might it be to do with other iptables rules? I can see no traffic reaching 8443 in iptables (which incidentally is assigned the same destination IP as asl detected during install). Can see port 8445 rule accepts a small number of packets each time PSA:8443 is requested.


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 6:05 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
UPDATE: It is an iptables issue, had specific IP address tied to 8443, adjusted rule, restarted iptables and connected straight away...


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 7:18 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
Cannot access ASL GUI, thought it was iptables again, but no joy.

ps auxwww | grep tortixd shows nothing running.

/etc/init.d/tortixd status
tortixd dead but subsys locked

/etc/init.d/tortixd stop
rm /var/lock/subsys/tortixd
/etc/init.d/tortixd start && /etc/init.d/tortixd status
tortixd dead but subsys locked

Tried stopping tortixd, yum reinstall asl-web same result: tortixd dead but subsys locked. What else to try?

Grrrr!


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 9:02 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2113
Is there a tortix log somewhere? Database connection problem maybe? Is Mysqld running?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 11:53 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
Everything else running fine and not found a single clue in any log relating to tortix :-(


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 12:41 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Mar 19, 2008 10:22 pm
Posts: 111
I'm now seeing an error when I try to restart tortixd...

Code:
# /etc/init.d/tortixd restart
Stopping tortixd:                                          [  OK  ]
Starting tortixd: Syntax error on line 3 of /var/asl/etc/httpd/modsecurity.d/tortix_waf.conf:
ModSecurity: Invalid value for SecRuleEngine: no
                                                           [FAILED]


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 2:01 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
spaceout wrote:
I'm now seeing an error when I try to restart tortixd...

Hey lucky you! You have an error to go on... :wink:

My /var/asl/etc/httpd/modsecurity.d/tortix_waf.conf on line 3 says "SecRuleEngine: on"


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 4:55 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu May 07, 2009 12:46 pm
Posts: 302
That's not the only problem.

de plesk file manger for users won't work any more.
If they wanna edit there files and save it then they got a forbidden page.

Permissions...


Top
 Profile  
 
 Post subject: Re: ASL 3.0.20
Unread postPosted: Tue Feb 28, 2012 5:10 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
That 403 Forbidden might be coming from mod_security which is used by the ASL Plesk WAF. Any related events in the ASL web interface?

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 22 posts ]  Go to page 1, 2  Next

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group