ASL v6 now available for beta testing

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
User avatar
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4136
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

ASL v6 now available for beta testing

Unread post by mikeshinn »

We've really listened to your feedback and requests for v6, and were happy to announce that v6 of ASL in now ready for beta testing (soon to be called Atomic Protector).

Keep in mind this is a beta, so you should expect bugs.

Major Changes:

* Completely redesigned GUI and architecture for faster performance, smaller footprint and no dependencies on the local OS (for example, it no longer uses mysql)
* Single Sign On integration with most SSO platforms (Google, Office365, Active Directory), anything that supports OpenID
* Vulnerability Scanning (for example reports CVEs for all missing OS patches)
* Exportable PDF reports
* Compliance Scanning (scans system for PCI-DSS, CIS and other compliance standards)
* System Overview panel and improved system monitoring. Shows: disk space used for mounted filesystems on system, physical memory and swap memory. In addition it shows current system load with the base, peak and average.
* Security Configuration Assessment (SCA) scanner that quantifies vulnerabilities on the system. Uses yaml files configured within the module to map results to Security Frameworks such as PCI and CIS benchmarks. Scans can be run in intervals or on demand.
* Improved Events Searching: Able to search by security frameworks by entering in the security framework in the text search field.
* Unlimited saved and exported search results.
* New central management system for multiple systems. (This is still in development, modsecurity configs are not managed centrally yet, but other elements are, for example clamav)

Upgrade Directions


1) This requires an existing ASL v5 license

2) Downgrade from v6 beta to v5 is not currently supported

Step 1)

Back up your system before upgrading to v6, this is a beta after all.

Step 2)

Run this command as the root user:

wget -q -O - ... |bash

The upgrader does not require any user interaction.

Step 3)

The GUI is now on port 30001

Please report any issues to, and thank you for being a beta tester!

Change Log

**Atomic Protector 6.0.11**

**What's New**

- AP Web #50 - user registration facelift
- AP Web #91 - adds external link to detailed official docs to install agents on Add Agent modal
- AP Web #115 - adds scrolling/paging to the scan history sections
- AP Web #159 - CVE drilldown, adds newline after each agent name to show as a vertical instead of horizontal list
- AP Web #164 - adds legends field to login failures dashboard
- AP Web #172 - adds loading indicators for large datasets on vulnerability/compliance dashboards
- AP Web #206 - add sort support for vulnerability and compliance dashboards
- AP Web #207 - adds copy to clipboard button in event view


- AP #695 - correctly links/repairs /etc/asl/ association with /var/awp/etc
- AP #713 - changelog rendering handles missing sections
- AP #715 - Apache mod_* recognition on cpanel systems
- AP #718 - AUTO_LOGOUT less than or equal to 0 handling
- AP #719 - fixes a potential resync loop on errors in source alert json parsing
- AP Web #46 - corrects condition where syslog receiver settings could not be deleted/updated
- AP Web #80 - renames File Integrity to File Integrity (hub) for clarification
- AP Web #92 - renames agent 000 as Hub in agent management tree
- AP Web #127 - corrects condition where the shell installer could not be found on an agent add
- AP Web #156 - fixes NaN in agent compliance score calculation
- AP Web #157 - fix for navigation from add agent does not support any condition other than back to management
- AP Web #201 - adds null checks to report displays/falls back to text
- AP Web #202 - Corrects condition for sending false positive reports over the zendesk API
- AP Web #209 - adds tooltip instructions to false positive/negative reports for air-gapped environments

# **Atomic Protector 6.0.10 Hub**

**Release Notes**

**What's New**

- AP #474 - Adds support to silence events from specific IP's in the the rule manager
- AP #708 - added new module, /var/awp/bin/awp_firewall as a standalone fw manager
- AP Web #15 - Adds export options to access/deny list views
- Adds batch import to access / deny list in CSV, JSON, and IP-per-line plain text


- AP #617 - Adds support for filename and nothing in custom AR expect field
- AP #683 - Corrects remote syslog output settings modification
- AP #707 - Inaccurate Packet/Byte Count in Firewall Chain listing
- AP #708 - Corrects firewall settings across system restart
- AP #709 - firewall interface selection causes rule append failure
- AP Web #193 - Disable adding rules to immutable chains
- AP Web #194 - Off by one append in firewall rule manipulation
- AP Web #195 - corrects condition where firewall rules couldnt be edited if they were last in the chain
- AP Web #196 - Make AC- firewall rules immutable (disable flush/reset)
- AP Web #198 - Adds indication that the rule id field is optional in remote output settings
- AP Web #199 - Corrects recent events displayed in WAF & HIDS rules management
- AP Web #200 - Event search form changes
- AP Web #203 - Corrects level sorting in events dashboard.
- AP Web #205 - Corrects condition where updating rules runs indefinitely.
- AP Web #208 - Corrects false positive reporting to use the configured EMAIL_SUPPORT setting.

# **Atomic Protector 6.0.9 Hub**

**Release Notes**

**What's New**


- AP Web #203 - Event Dashboard Not Sorting Properly
- AWP #698 - AWP registration form does not redirect to dashboard after submission

# **Atomic Protector 6.0.8 Hub**

**Release Notes**

**What's New**
- Additional footprint reductions and performance improvements.
- Export accesslist / denylist (or search) as JSON or CSV.


- AP #444 - Indexes created on new installations
- AP #617 - Adds support for 'filename' and empty expect for custom active responses
- AP #661 - AUM lint HIDS rules on update condition
- AP #667 - Clamav checks do not set freshclam.conf fields DatabaseOwner, Logsyslog
- AP #683 - Fixes remote output settings interactions
- AP #690 - Changelog renders when fields are missing
- AP #692 - Fixes awpd startup error awpd: AWPD startup error: awpd:startup:error:path setup failed: files_link error: link /var/awp/etc/accesslist /etc/asl/whitelist: invalid cross-device link
- AP #710 - corrects ERROR TypeError: Cannot read property 'values' of undefined
- AP Web #15 - as-you-type ip search filter for blocklist / accesslist
- AP Web #196 - managed firewall chains can no longer be flushed or removed
- AP Web #198 - Clarified optional rule ID for remote syslog output
- AP Web #199 - Fixes WAF / HIDS event display
- AP Web #200 - Event search form adjustments

# **Atomic Protector 6.0.7 Hub**

**Release Notes**
This update enhances the UI experience by adding browser back/forward navigation. In addition, Offline/Airgapped environment support has been updated with improved repo management settings

**What's New**
- AP Web #87 - browser back button correctly restores last UI view


- AP #441 - reposition ossec agent rules in iptables
- AP #494 - corrects OSSEC_ACTIVE_RESPONSE handling
- AP #668 - alters config change handling in aum -u
- AP #674 - corrects log ownership
- AP #675 - corrects slow shutdown of awpwebd
- AP #678 - corrects disabled repos in air gapped environments
- AP #681 - corrects ips delivered in long format
- AP #683 - corrects ossec not updated on remote output changes
- AP Web #181 - dark mode adjustments to File Integrity viewer
- AP Web #176 - dark mode adjustments to Help -> AP Support
- AP Web #66 - alerts user if they are using an unsupported browser
- AP Web #124 - highlight active menu item
- AP Web - Supported browser list / versioning added to documentation

# **Atomic Protector 6.0.6 Hub**

**Release Notes**

Help section has been added to allow for direct queries against the support wiki (, documentation (, and Zendesk support portal (
Changelog for each release is now available under Help

**Whats New**

- Added Help Menu
- Animations option has been added under user profile
- AP #671 - Add Air Gapped mode


- AP #399 - indexing not closed properly on rotation
- AP #409 - prevent C: from being monitored in agent management FIM
- AP #653 - clamonacc 0.103 / clamav-clamonacc not being restarted
- AP #657 - hardlink /etc/asl/whitelist with /var/awp/etc/accesslist
- AP Web #163 - dark mode changes
- AP Web #171 - inconsistent scrollbar behavior
- AP Web #174 - adds notification/keepalive for automatic timeout
- AP Web #175 - dark mode changes

# **Atomic Protector 6.0.5 Hub**

**Release Notes**

**Whats New**
- AP #582 - add more command line options for rule manipulation

- AP Web #161 - Dark Mode Agent Management views still white
- AP Web #168 - Hub Status Darkmode -> System Vulnerabilities "read more" button link not is not properly colored
- AP #496 - corrected and improved functionality of /var/awp/bin/awp-remove-user
- AP #656 - Changelog popup cannot request data
- AP #409 - Removed ability to add entire letter drives to fim watch. Ex: windows "C:/" and linux "/"

# **Atomic Protector 6.0.4 Hub**

**Release Notes**

Performance and reliability improvements.

**Whats New**
- improved agent status determination
- improved source data abnormality handling
- improved threat data aggregation
- AP #582 - added more command line options for rule manipulation
- AP #627 - added ub as an alias for awp's --blocklist-remove command
- AP #557 - false positive reports submitted via UI will now be tagged as false_positve_reports on zendesk
- AP #624 - Added automated changelog updates and display to the UI

- AP #646 - corrected potential panics
- AP #633 - corrected some urls not clickable in rule descriptions
- AP #627 - added ub as an alias for awp's --blocklist-remove command
- AP #647 - added slightly more verbose output when adding IPs to accesslist and denylist via cli
- AP #648 - corrected the potential to add the same IP to both accesslist and denylist
- AP Web #155 - dark mode adjustments
- AP Web #137 - disabling of side navigation while registration form is active

# **Atomic Protector 6.0.3 Hub**

**Release Notes**

The name has changed! Atomic Workload Protection is now known as Atomic Protector

**Whats New**
- Ubuntu 20 support for AUM
- Adds dark mode to the web interface
- Implements logrotation on /var/awp/log

- AP #598 - improved support for air-gapped environments
- AP - corrects an issue with OIDC configuration
- AP Web #45 - improved filtering in events dashboard
- AP Web #150 - fixes condition where local FIM manager couldn't set whodata field

# **Atomic Workload Protection 6.0.2 Hub**

**Release Notes**
This update extends SSL certificate management from the core AWP Management daemon, to also handle SSL certificates on the Authd registration service, and the Agent software repository web server. All SSL certificates on the system are now handled through a single action in the interface.

Additionally this update implements an Add Agent interface in the Agent Manager interface for Linux, OSX, and Windows.

**Whats New**
- AWP #606 - System httpd, and Authd ssl certificate management added to the SSL Manager interface
- AWP #610 - Add Base SELinux policy for awpd
- AWP Web #68 - New agent installation interface added to the GUI
- AWP Web #141 - Add support to revoke support ssh keys

- AWP #333 - Blocklist doesnt appear to be in sync with active response list
- AWP #490 - searchengines scripts missing from modsecurity.d
- AWP #538 - AtomicWP > Awp Web Configuration > "AWP Web Configuration" Section immutable
- AWP #562 - Update mod_security to support new accesslist
- AWP #573 - Rule editor doesnt support same_field
- AWP #560 - OSSEC Logrotation is not working
- AWP #595 - Broken pipe handler added for TAC_Websocket_Hub_client.go:165
- AWP #596 - awpwebd: set http server's error log
- AWP #597 - ac_web: suppress the meaningless tls error
- AWP #599 - AUM only -- Modsecurity not logging to audit log
- AWP #600 - AUM only -- hitting CTRL+C on ELUA prompt send aum into infinite loop with username/password prompt.
- AWP #601 - AUM only -- Multiple AWPHOME variables in config
- AWP #603 - AUM only: Repo files are only updated during configure
- AWP #604 - AUM Only -- Apache scan is looking for /var/asl/etc/httpd
- AWP #605 - certbot removal causes awpd preflight crash
- AWP #612 - corrects panic condition in log watches
- AWP #613 - corrects event hids/waf determination for 60126,60141
- AWP #xxx - corrects vulnerability counts
- AWP Web #48 - UI now gives feedback when actions are taken
- AWP Web #125 - Reporting > System Scans > Scan Now | History time/date stamps not in sync
- AWP Web #132 - Resolved error concerning connecting for support not using http
- AWP Web #134 - No ticket created on Open Support Ticket submission
- AWP Web #139 - UX - "Compliance Failures" drilldown shows at top of screen making it hard to locate
- AWP Web #140 - Error: Uncaught TypeError: Cannot read property 'name' of undefined, Source: when submitting a ticket
- AWP Web #144 - Corrects page layout mixup in AWP Support after ticket submission
- AWP Web #143 - Change Awp Support to AWP Support

# **Atomic Workload Protection 6.0.1 Hub**

**Release Notes**

**Whats New**
- AWP #297 - Add support for SSL configuration and Lets Encrypt
- AWP #322 - Add support for non-json log formats
- AWP #452 - Add interface for remote support ssh key installation, VPN, and support ticket generation
- AWP #542 - Add support for firewall rules on EL8
- AWP #XXX - Added internal scheduler for tasks (e.g., nightly retention)
- AWP #XXX - Added rotation of log files in /var/awp/log
- AWP #597 - No longer unnecessary influx of TLS errors
- AWP #610 - Added basic AWP selinux policy

- AWP #488 - awpd_pdfd shutdown order will no longer block/kill awpd on an update event
- AWP #534 - Incorrect decoders on hub now removed
- AWP #539 - change certbot to a soft dependency, and track this in aum
- AWP #545 - Corrects missing fields for EL8 installations
- AWP #549 - Fix PDF report generation when workload belongs to multiple groups
- AWP #575 - Agents not assigned to the correct group
- AWP #576 - Corrects standalone AUM configure directive
- AWP #578 - Corrects bad entries in local ip list
- AWP #580 - Corrects ownership of Threat Intelligence cdb files
- AWP #581 - Adds update count test to installer
- AWP #586 - Corrects -upgrade aum cli flag
- AWP #587 - Corrects standalone AUM pre-flight
- AWP #588 - Corrects SecComponentSiganture in tortix_waf.conf
- AWP #589 - Corrects aum setup not installing modsec
- AWP #590 - Corrects ownership and permissions on *list files
- AWP #599 - Corrects ownership and permissions on /var/awp/data/audit in AUM
- AWP #600 - Corrects ctrl+c behavior in aum
- AWP #601 - Corrects duplicate AWPHOME being added to config
- AWP #603 - Corrects yum repo updates in AUM
- AWP Web #547 - Correct vulnerability summary displayed

# **Atomic Workload Protection 6.0-14253 Hub**

**Release Notes**

This release expands the Vulnerability dashboard to include Compliance reporting, and pivoting on CVE, patch, and compliance elements

**Whats New**
- AWP Web #101 - Group level reporting for Compliance and Vulnerability scans
- AWP Web #102 - Executive Reports
- AWP Web #563 - Adding watch directory now runs fix mode

- AWP Web #100 - Agent status not reflected properly
- AWP Web #129 - Corrects Reporting > System Scans > Scan Now "view" link does not redirect to latest scan
- AWP #419 - modsecurity on hub does not log to audit_log
- AWP #470 - firewall modules arent generating valid rules for MTA settings
- AWP #515 - awpd using all memory /OOM
- AWP #529 - Rule editor does not support <fts> settings
- AWP #543 - Rule editor cant handle special characters, or multiple <match>/<regex> fields
- AWP #545 - Fields Test scan for apache and tortixd will no longer be empty on el8 installs
- AWP #550 - fix for post scriplet error on new installs for el8
- AWP #552 - Clamav does not implement OnAccessExcludeUID, preventing awp from enabling realtime-scanning locally
- AWP #561 - fix for duplicate CLAMAV_PREVENTONACCESS setting in config that was blocking clamav OnAccessPrevention functionality

# **Atomic Workload Protection 6.0-14085 Hub**

**Release Notes**

Support (BETA) for RHEL/Centos 8 is now available

**Whats New**

- Added support for RHEL/Centos 8
- AWP Web #86: Changes rule manager behavior where all settings defaulted to no. This now defaults to "yes"
- AWP Web #112: Adds Geo-Denylist functionaility to set firewall geoip blocking
- AWP #371: automatically repair the rpm db if it becomes corrupted
- AWP #377: Adds custom email notifications for specific FIM paths
- AWP #445: Adds local support options for user. Support SSH keydownload, Remote VPN connection, and Ticket submission support along with new UI.
- AWP #518: Whitelist relabel to Accesslist, Blacklist relabel to Denylist
- AWP #524: Adds syscollector stanzas to agent.conf
- AWP #536: Vulenerability scan will report it hasnt been run, rather than "no vulnerabilities to display" if it hasnt been run before
- AWP #548: System overview relabeled as Hub overview
- AWP #540: aum will now upgrade mod_security and clamav


- AWP Web #98: fix for condition where PDF reports do not show up in history
- AWP Web #106: Corrects "awp.ui.chart.js line 319" error on vulnerability scanner summary
- AWP Web #111: Corrects Access Control > IP Controls > Geo-Denylist does not show same text in the main window
- AWP Web #116: Fix condition where remove accesslist/denylist was not working once an IP was added
- AWP Web #117: Corrects Error: Uncaught TypeError: Cannot read property 'style' of null, Source: window.firewall.js:499:66 in firewall manager
- AWP Web #118: Access Control > Connections > Active Connections > Program column missing center justification
- AWP Web #120: Entering a rule number, if no rule exists it should return a value of 0 instead of only showing "search results".
- AWP Web #121: Once generate is completed and the "info- finished pdf generation" pops up, this info tag should link to a web based pdf file that opens a new web tab for viewing instead of having to go to the 'history' tab right after completion
- AWP #462: Fixes central Clamav management framework. (Note: Requires ASL v5 on endpoints)
- AWP #516: Adds graceful socket timeout handling for awpwebd
- AWP #526: aum will now clear out deprecated rules on an update
- AWP #535: False positive reporting now contains the full log information of the support ticket
- AWP #537: Fixe malware protection status reporting that required the kernel-asl package in order to update. The kernel-asl dependency is not required for this as of EL7
- AWP #541: Corrects a condition where certain firewall rule options would block outbound local traffic
- AWP #544: FP reports will only open one ticket per report in Zendesk
- AWP #551: When entering incorrect credentials, there is no feedback from the site that the credentials are incorrect.

# **Atomic Workload Protection 6.0 Hub-14014**

**Release Notes**
This release adds a new Vulnerability summary dashboard, and some additional windows-centric login failure reporting.

**Whats New**

- AWP Hub Utils #7: Add failsafe to installer PS to alert use ossec agent is already installed, and this will re-register the agent
- AWP Web #46: Add a column under recent sources provide , source, count and a column for the last time the event generated or event generated by source
- AWP #48: Adds Remote support VPN option (CLI framework)
- AWP #88: Add windows login failure report
- AWP #458: Adds nightly system/vendor patch and Atomicorp automatic updating
- AWP #493: Adds column for Critical vulnerabilities in vulnerability scanner
- AWP #514: Adds support for editing First Time Seen (FTS) anomaly detection HIDS rules

- AWP Web #84: FIM watch rule modifcation/adds stay stuck at 'pending...' unless browser is refreshed and user navigates back to Agent Management > FIM Settings
- AWP Web #105: Corrects: removing an agent returns: Error: Uncaught TypeError: is not a function, Source: window.ossec_agents.js:1022:67
- AWP Web #109: Fix for WAF "Configuration error detected" is not specific under Reporting > Hub Status
- AWP #307: Kernel update condition / tests only apply if kernel-asl is already installed
- AWP #451: Adds a self healing component to rpm db errror
- AWP #513: Fixes segfault condition when adding remote syslog entries

# **Atomic Workload Protection 6.0 Hub**

**Release Notes**

Atomic Secured Linux is now known as Atomic Workload Protection, to better reflect the multi-platform nature of what we do.

AWP now runs as a dedicated daemon (awpd) and a web API (awpwebd)

Paths have changed from /etc/asl/ to /var/awp/etc/

**Whats New**

- Interface has been completely redesigned and updated to golang
- Removed relational database requirement (mysql/mariadb)
- Removed PHP backend
- Big Data search engine can handle 100's of millions of events in a minimal footprint
- Added custom Active Response managment
- Added agent group and subgroup mangement with infinite recursion
- Added RBAC with group and subgroup management with infinite recursion
- Compliance reporting module for OpenSCAP (Redhat/Centos)
- Compliance reporting module for CIS/CSC (Linux/Windows)
- Compliance reporting module for PCI-DSS (Linux/Windows)
- Added vulnerability scanning support for:
- Redhat 6/7/8
- Centos 6/7/8
- Ubuntu 14/16/18
- Debian 8/9/10
- Windows 7-10
- Windows Server 2008-2016
- Centralized agent management and reporting
- Search events by Compliance type (pci_dss, nist_800-53, etc)

- AWP Issue #377 - add ability to set notify rules on FIM paths
- AWP Issue #428 - allow openscap to be enabled/disabled for the hub node
- AWP Issue #438 - HIDS_ARCHIVE_ALL=yes/no would not set logall correctly
- AWP Issue #449 - maild cannot handle environmental variables ($HOSTNAME, etc)
- AWP Issue #457 - awp fixmode would remove /etc/asl, will create link if path does not exist
- AWP Issue #458 - fixed aum to correctly set permissions on /var/ossec/active-responses/bin/
- AWP Issue #466 - move pdf report generation to its own daemon
- AWP Issue #469 - automatically lint and correct agent.conf on web or CLI update events
- AWP Issue #485 - automatically fix rpmdb on a fault
- AWP Web Issue #65 - PDF reports disappear from history
- AWP Web Issue #72 - Added Release version to dashboard navigation bar
User avatar
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4136
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: ASL v6 now available for beta testing

Unread post by mikeshinn »

Please report any bugs directly to
Post Reply