News
ASL 3.2.13 Maintenance update (Drizzle) PDF Print E-mail
Tuesday, 30 April 2013 10:10


Release Notes
This release is targeted entirely at performance improvements in ASL Web. As an interim change to the new interface, the event ID's links are temporarily being disabled in the ASL Blocklist. This feature will return in a future release with the new tracking system. In the interim, you can still search by IP directly through the event viewer to identify the events associated with a block.

Our last release, Rocky, was dedicated to the squirrel that ate through Jim's (ASL Web Lead) microwave.

Changelog

  • ASL Web, performance improvements on blocklist
  • ASL Web, performance improvements on validation


To Upgrade

1) Read the release notes:

https://www.atomicorp.com/wiki/index.ph ... ease_Notes

2) aum -u

3) (recommended) Do not let squirrels chew through your microwave.

Add new comment
 
ASL 3.2.12 Maintenance update (Rocky) PDF Print E-mail
Tuesday, 23 April 2013 09:14

Release Notes

Tortixd in this release changes its default logging path from /var/log/httpd to /var/log/tortixd to separate logging from the standard httpd daemon. For all environments except for cpanel, this is a transparent change. Cpanel users are recommended to update their security policies immediately after upgrading to this release with: asl -s -f. Otherwise this will run automatically 1 hour after the ASL update is completed. Failure to run this immediately afterwords could result in a brief outage of Active responses from WAF events.

 

Our last release, 1812 was dedicated to John Crichton's favourite DRD "1812" on the hit Jim Henson TV series, Farscape.

 

Changelog

  • Update asl-firewall, use internal sqlite database for active-response tracking
  • Update ASL Web, support socket level access to internal sqlite active-response database
  • Update Requires to tortixd 2.2.24
  • Update to cpanel template to create /var/log/httpd symlink from build template and waf_check
  • Update asl-kernel, add tcp_diag to default load (rkhunter dependency)
  • Update asl_db_rotate to use smaller mysql packets
  • Bugfix #XXX, change LASSO fw to use FW_LASSO_LOG
  • Bugfix #XXX, asl-firewall, improve TOR ruleset checking on clear events

 

To Update:

1) Read the release notes:

https://www.atomicorp.com/wiki/index.php/Atomic_Secured_Linux#ASL_3.2_Release_Notes

 

2) aum -u

 

3) (recommended for cpanel only. Otherwise this will run automatically in the next hour): asl -s -f

Add new comment
 
ASL 3.2.11 Maintenance update (1812) PDF Print E-mail
Tuesday, 16 April 2013 10:03
Atomicorp is proud to announce the release of version 3.2.11 of Atomic Secured Linux, a complete end point security product for Linux based servers.
Release Notes
This release contains a new RBL (Real Time Blacklist) monitoring feature called rblcheck. This is a nightly event that will send a report if your host, or any other hosts configured on the watchlist are detected on more than 300 different RBLs.

By default rblcheck will test for the hostname defined in /etc/asl/config. In order to monitor additional hostnames, or IP addresses add entries to /etc/asl/rbl-monitor

General notes on this feature:
1) RBL checks are based on DNS lookups, the faster the DNS server the faster the resolution. A local DNS server will be most likely the fastest configuration
2) IP address will be more accurate than hostnames, however some RBL's work with the context of hostnames over IP's. Its a good idea to test both.
3) This will currently send a single message per host defined in /etc/asl/rbl-monitor, only if an rbl entry for the scanned host is detected.

Our last release, Saffron was dedicated to Christina Hendricks character "Yo-Saff-Bridge" from Firefly. Her latest con was to become a full partner at sterling cooper draper pryce.

Changelog
  • - Update ASL Web, safari styling fix
  • - Update asl-firewall, change behavior of asl_flush to ignore when the chain or table is not defined.
  • - Feature Request #122, add rbl monitoring function for hostnames & IP's (/etc/asl/rbl-monitor)
  • - Feature Request #929, Adds detection for audit_log for the t-waf in /var/log/tortixd
  • - Bugfix #1052, When adding a new T-WAF for a local service is added before ASL-firewall-input, but after blacklists, portscan, etc rules. Additionally change behavior of t-waf add / delete event to reload the whole firewall policy.
  • - Bugfix #XXX, changed rules-only setting to not include kernel updates.
  • - Bugfix #XXX, for tor-blacklist, CHAIN2 was not defined
  • - Bugfix #XXX, improve version checking for mysql regex

To Update
1) Read the release notes:
https://www.atomicorp.com/wiki/index.ph ... ease_Notes

2) /var/asl/bin/aum -u

3) We could not come up with anything clever for step 3. We need better writers.
Add new comment
 
ASL 3.2.10 Maintenance update (Saffron) PDF Print E-mail
Monday, 08 April 2013 12:42
Release Notes
Changes in this release include adding GeoIP support to HIDS reporting using the free MaxMind GeoIP country database. Alerts will now include basic location information on attack sources. GeoIP data stored in /usr/share/GeoIP/GeoIP.dat will automatically be used in HIDS reporting.

Our last release was dedicated to Xerxes, Peter Griffins side car falcon. They really should have their own TV Show.

Changelog
  • Update, asl-module, Add inet_diag (rkunter->unhide requirement) to boot
  • Update, asl-firewall, New advanced portscan detection system added, including grab, syn scan, stealth and multi port slow port scan detection
  • Update, asl-firewall, Updates to state tracking settings
  • Update to source-build apache-hook for directadmin, moves routines in from installer
  • Update, asl_cli_c, use method GET when POST is empty
  • Update, asl-firewall, additional logging options added for firewall
  • Update, asl-firewall, Enhancements to UID/GID logging on outbound connections
  • Feature Request #980, HIDS, add GeoIP support
  • Bugfix #XXX, AUM, move kernel update check outside of ASL core updates check
  • Bugfix #XXX, fix for firewall ACL system cant handle names in the same group, and multiple acl files in /etc/asl/firewall/
  • Bugfix #1132, add protocol dimension (tcp, or udp)to service checks telnet/rsh/rlogin
  • Bugfix #1128, run ACL test on /var/asl/tmp/

To Update
1) Read the release notes:
https://www.atomicorp.com/wiki/index.ph ... ease_Notes

2) /var/asl/bin/aum -u

3) (Optional) Vote for Pedro.
Add new comment
 
ASL 3.2.9 Maintenance update (Xerxes) PDF Print E-mail
Tuesday, 19 March 2013 00:00

Release Notes
This is a minor update to the firewall subsystem. There is an additional override added to SSH checks, and a new vulnerability test to detect environments with non-functional POSIX acl support.

Our last release (Polar Bear) was dedicated to John William Young, who played the character Tinker in the 1989 Patrick Swayze hit "Roadhouse". He had a polar bear fall on him.

Changelog
- Update, firewall, Updates to invalid packet tracking
- Update, firewall, add UID and GID tracking on outbound MTA connections
- Feature Request #1117, ssh_check, allow root / password authentication override for ADMIN_USERS
- Feature Request #1118, general_check, add vulnerability check for POSIX ACL support

To Update
1) Read the release notes:
https://www.atomicorp.com/wiki/index.ph ... ease_Notes

2) /var/asl/bin/aum -u

3) (Optional) Do not have a polar bear fall on you.

Add new comment
 
More Articles...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 13