Changelog
- Added the first version of the ASL Stats package, a command line statistics generator for external applications
- Added debug output to rule validation routines
- Added whitelist suppor to mod_evasive
- Added paging t the Rule Manager
- Updated Blacklist ruleset to load before INPUT
- Updated psa_check to allow clamav to be disabled in psa-proftpd
- Updated configuration to retain settings from the last time it was run.
- Updated rule update events to force a reload of the dashboard
- Feature Request #317 , add remote database support to database-setup
- Bugfix #460 , correctly detect when safe_mode is enabled even if it is disabled in config
- Bugfix #635, delete update file if it already exists on a -uf force upgrade event
- Bugfix #XXX, ASL Web Rule Manager, fixed a conditionwhere the rule manager would not update the policy
- Bugfix #XXX, ASL Web Blocklist retrevial fix

To Upgrade:
yum upgrade asl asl-web

We are proud to announce the release of version 3.0 of our flagship Atomic Secured Linux product!  ASL is the latest in unified threat management.  Atomic Secured Linux(tm) is an out-of-the-box Unified Security Suite for Linux(tm) systems designed to protect your servers against both known and unknown threats. ASL is always kept up to date through its built in update management system. Unlike other security solutions, ASL works by combining security at all layers, from the Kernel all the way up to the application layer to provide the most complete protection available for Linux servers.   ASL helps to ensure that your system is compliant with commercial and government security standards. ASL includes the most secure kernel on the market, automated system lockdown and hardening engine, userspace and host Intrusion Prevention Systems (IPS), malware/rootkit detection and elimination, blacklisting technologies, firewall and web application firewalling to protect multiuser and web application hosting environments like no other solution. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems and custom applications.

New ASL Dashboard consolidates Attack & Event summary, Module Status, Load monitor and RSS feed.

New operating systems supported:

• Cloudlinux 5

• Scientific Linux 5 & 6

• CentOS 6

• Red Hat Enterprise Linux 6

• Xen virtualization (as a guest OS)

New control panels supported:

• CPanel

• Directadmin

• Interworx

New online documentation system:

• All ASL Web, rule ID's are now linked to their documentation page.

• This will allow you to click on the event ID to find out more about what this event is, what causes this event to occur, and what actions, if any, you may need to take. For example, if the Web Application Firewall event 340162 is triggered, you can click on “340162” in the GUI and you will be able to read more about that type of attack, how to tune your system if its a false positive and so much more!

Firewall Rule Management System:

• An advanced rule management system that will import your existing rules into a powerful web based interface

• Use with, or without third party firewalls. All your firewalling needs can now be addressed from ASL.

• Works with existing firewalls, no need to replace what you already using

HIDS (Host Based Intrusion Detection) Rule Manager:

• Modify the Active Response policy globally or per rule

• Change Severity Level per rule

• Activate/Deactivate Logging per rule

• Enable/Disable Email alerts per rule

WAF (Web Application Firewall) Rule Manager:

• Rules can be enabled/disabled globally or by virtual domain.

• Rules can be set to different severity levels,

• Rules can have their base response policy elements modified to include shunning, email alerts, and logging.

Intelligent Repeat Offender blocking:

ASL will intelligently modify block times based on the recurrence of attacks from a particular source. This will allow your system to treat “one time” offenders differently from repeat attackers, properly blocking real malicious users from launches new attacks.

New File Integrity management system:

• Web based GUI Interface that allows for list or tree view sorting.

• "Notify" lists, this allows notifications to be sent to different email addresses for change alerts to different files.

• "Watch" configuration, allows for the definition of what files or directories the system will monitor for changes. Configuration options allow for real-time monitoring, user/group ownership changes, permissions, checksum, and diff reporting. Diff reporting will include the changes made to the file in the body of the alert message for ascii files.

• "Ignore" lists, allows for files or directories to be explicitly ignored from monitoring.

Event Manager enhancements:

• Lists source of events, for multi agent configurations

• Allows for searching for any string in the data field

• Ties directly into the rule manager

• Supports False Positve & False Negative reporting

New Report Generation System:

• Failed logins in the last 24 hours, 72 hours, and 30 days

• Top Stats; Events by Level, Alerts in the last 24 hours, and Top alerts in the full history

• Top Web Attackers in the last 24 hours, and the total number of attacks in the last 7 days

ASL Web User Manager:

• Role Based Access control for ASL Web Users

• Audits logins by ASL Web users

• Role Manager allows for setting what components an ASL Web user can have access to. Including View Only and Modify options

New kernel policy manager:

• Trusted Path Execution

• Enable/Disable Privileged IO

• Audit Mount, Chdir, Ptrace, and Text relocation events

• Control Chroot permissions on chmod, chroot, fchdir, capabilities, mknod, mount, sysctl, nice and findtask

• Audit exec() events inside a chroot

• Audit exec() activity by userid

• Control "Server" class users, users in this group can only act as servers (IE: no outbound connections allowed)

• Control "Client" class users, users in this grop can only access as clients (IE: cannot create services for inbound connections)

• Control "Socket" class users, users in this group can act as neither clients nor servers.

New attack detection and prevention features:

• New Web “slow” DOS protection added

• New brute force detection and protection system added

New Application Inventory system thats faster and quicker.

Release Notes:

https://www.atomicorp.com/wiki/index.php/Atomic_Secured_Linux#ASL_3.0_Release_Notes

If you don't have ASL, get the latest version of ASL by visiting the Atomicorp website, and Secure Your Server Now!

http://www.atomicorp.com

Changelog:
* src/ntp_11.c (ntp_1x_send_dependencies): Revert last commit as it removed a used variable.
* src/ntp_11.c: remove unused variable to fix compilation wih GCC 4.6.
* Close some leaks. Based on patch from Michael Wiegand. Backport from trunk r11050.
* src/oval_plugins.c (start_element, text, oval_plugin_add): Always free memory that is allocated by glib functions. Take into account that the nvti_set_* functions duplicate the given memory. (ovaldi_launch): Add leak todos.
* Deal with GCC 4.6 warnings. Thanks to Stephan Kleine for original patch. Backport from trunk r11034.
* src/attack.c (attack_network): Remove stray variables.
* src/nasl_plugins.c (nasl_thread): Check nice return.
* src/openvassd.c (scanner_thread): Check nice return.
* src/oval_plugins.c (oval_plugin_add): Set NVT description correctly in overlength case.
* src/preferences.c (preferences_drop_privileges): Remove variable previously used for trace message.
* src/shared_socket.c (openvassd_shared_socket_register): Check internal_recv return.
* src/sighand.c (let_em_die): Remove return variable, as the waitpid may fail in legitimate cases.
* tools/openvas-nvt-sync.in: Put the mktemp template last, otherwise Ubuntu 9.10 gives an error. (do_sync): Correct typo.
* src/ntp_11.c (ntp_1x_send_dependencies): fixed memory leak reported by Valgrind.
* src/pluginload.c (collect_nvts): fixed memory leak reported by Valgrind.

To Upgrade:
yum upgrade openvas-scanner