Page 1 of 1

Atomic Secured Linux™ 4.0.6 (Autumn) now availab

Posted: Wed Oct 01, 2014 1:32 pm
by scott
Release Notes:

Atomicorp Threat Intelligence System (BETA):

The Atomicorp Threat Intelligence (TI) engine is a real-time blacklist of shared intelligence sourced from the ASL community. Initially launched as a WAF module the TI engine can be enabled in ASL Web under Settings->ASL Configuration->Web Application Firewall->Atomicorp Threat Intelligence System.

As the TI continues to develop, we will be adding threat analysis tools to visualize the attack patterns of malicous activity, TI Lookups on IP addresses, and the ability to report additional analysis on attackers.

Firewall Changes:

IPSet support is now implemented in the ASL Firewall. IPSet features:

* Extremely large firewall policies, into the billions of entries

* Major reduction in memory usage

* Load times for huge rulesets are considerably faster (seconds vs minutes)

* Polices are swapped rather than reload, this eliminates any outage caused by clearing a list in pure iptables managed environments

The Ipset firewall implementation requires the ASL kernel, non-ASL environments will fall back on the slower legacy iptables firewall management. ASL kernel users using a locked module policy (ALLOW_kmod_loading=no) will require a reboot to activate the ipset system. Until the system has been rebooted the legacy iptables method will be used.

Viewing firewall policies will require the “ipset list” command to see the contents of each ipset used. The existing iptables method will show the reference to the ipset, but not its contents. Example:

-A ASL-GEO-BLACKLIST -m set --match-set ASL-GEO-BLACKLIST src -j ASL-GEO-BLACKLIST-LOG

to view an ipset:

ipset list <listname>

Firewall whitelists and ACL's are now loaded ahead of any blacklist, or active response policy.

Plesk Changes:

Plesk 12 instituted a new configuration layout in the psa-proftpd packages. This new layout moves proftpd configuration files under /etc/proftpd.d. This same method has been adopted by ASL for older versions of plesk, and retires the previous ASL configuration files and replaces them as follows:

/etc/proftp-tls.conf -> /etc/proftpd.d/50-plesk.conf

/etc/proftp-asl.conf -> /etc/proftpd.d/50-clamav.conf

Cpanel Changes:

Apache 2.4 on cpanel is now supported by ASL. However for performance reasons we do recommend cpanel users continue using Apache 2.2.

Updated Packages:

psa-proftpd 1.3.5-7



Changelog

- Add Threat Intelligence Engine
- Add ipset support to the ASL Firewall
- Add Apache 2.4 support for cpanel
- Update, ASL Web, Adds confirmation to geoblocking from report windows;
- Update, ASL Web, Updates to reporting engine
- Update, ASL Web, adds fallback to tld trigger; cleaned up mysql during web validate
- Update, AUM, Add all blacklists to update event
- Update, AUM, Add Timestamp checking to download event for files
- Update, Core, Add TSA dir for dynamic data tracking to tortixd
- Update, Firewall, Added in logic to prevent 127/localhost from ever being shunned to the active-response table
- Update, Firewall, Changed active-response asl-firewall init script to use its own chain
- Update, Firewall, Updates to Firewall Intrusion Protection System
- Update, Firewall, Move whitelist to load before other firewall elements
- Update, Firewall, IP's on the whitelist will always be excluded from the blacklist rules
- Update, Firewall, Move service acl's ahead of blacklists
- Update, Firewall, Move blacklist to load ahead of RBL lists
- Update, Firewall, Added in logic to check for firewall comment support and to not use comments on systems that dont have the module loaded
- Update, Firewall, Added in legacy ip tracking modules to asl-kernel startup script for really really old kernels
- Update, FIM, Ignore /usr/src by default
- Update, hids_check, add option to enable/disable tcpwrappers active response
- Update, installer, Add logging to uninstaller
- Update, mod_evasive, Add more MSN/Bing ranges to mod_Evasive
- Update, mysql_check, Add detection for wait_timeout, skip-networking, skip-name-resolve
- Update, psa_check, add support for new proftpd.d/ structure.
- Update, psa_check, use the new plesk 12 API to manage ssl settings. Move TLS files under /etc/proftpd.d/ structure. Retire the proftpd-tls.conf file and the fixed includes used in proftpd.conf
- Update, T-WAF, Add ACL support
- Update, waf_check, add vulnerability checks for disabled rules by domain and globally
- Feature Request #115, malware blacklist using ipset
- Feature Request #900, add mod_qos support
- Feature Request #1208, ASL Web: Add in firewall whitelisting
- Feature Request #1532, use swap in ipsets to eliminate outage window caused by loading new rule sets
- Feature Request #1570, Add in "this may make several minutes" warning to "Checking versions ... "
- Feature Request #1589, Flush all firewall rules on uninstall of ASL
- Bugfix #1594, fixes force mode when enabling a rule
- Bugfix #1600, lint whitelist entries in asl-firewall
- Bugfix #XXX, ASL Web, corrects check against archive tables when searching the last week
- Bugfix #XXX, ASL Web, fixes bug in geo lookup in report windows
- Bugfix #XXX, ASL Web, corrects handling of garbage results when fetching scan/aum log updates
- Bugfix #XXX, ASL Web, fix parent tags in asl-web for non string types
- Bugfix #XXX, Core, handling for 0 byte rules file
- Bugfix #XXX, hids_check, fix ossec-execd check is still made if ACTIVE_RESPONSE is disabled
- Bugfix #XXX, psa_check, Minor fix to exclude plesk 9 configs from plesk 12 and up
- Bugfix #XXX, rblcheck, fix email reporting for rbl check subsystem
- Bugfix #XXX, T-WAF, remove t-waf configs if waf is disabled

To Upgrade:

1) Read the release notes:
https://www.atomicorp.com/wiki/index.ph ... _4.0_Notes

2) aum -uf

3) asl -s -f