Our Milton release includes many new and exciting features, including EL7 support (Centos, Redhat), Atomic Rev Limiter, Lua based Web Application Firewalls, mod_security 2.9, and extensions to real-time anti-malware detection.
Atomic Rev Limiter
Atomic Rev Limiter is a resource management system that allows fine grained control of CPU, Memory, and Disk I/O for individual users, groups and processes.
* Limit CPU share by the user, group or process
* Limit the max amount of memory available to a user, group, or process
* Track CPU utilization of a user, or process over time
* Limit Disk I/O share, read bps, write bps, by the user, group or process
* Works with all Redhat/Centos 6 and ASL kernels
* Web based management component in ASL
The initial beta is available for EL6 systems running the ASL Kernel, or the default kernel from redhat or centos. Our next release will add support for EL7. Let us know what you think!
Rev Limiter can be configured in ASL Web under: Settings->Cgroups Configuration
Redhat Enterprise Linux / Centos 7 Support
* Integration with systemd is complete
* Mariadb is supported a the default database. Backwards compatibility with Mysql
* ASL Kernel is forthcoming, planned for release in Q3 2015
Lua Web Application Firewall
Beta support for lua based WAF rules is now in place. The initial ruleset replaces the existing Search Engine whitelisting rule system with a much faster and effective Lua based mechanism. The Lua Web Application Firewall can be enabled in ASL Web under:
Settings->ASL Configuration->WAF->Search Engine Detection System (LUA)
Note: This will automatically replace the legacy search engine whitelist.
The Lua Web Application Firewall is only available on EL6 and above.
- EL7 support
- mod_security 2.9 support
- Add Atomic Rev Limiter (alpha)
- Add support to enable/disable real-time malware access prevention. Modes allow detect-only, or enforcement. Requires clamd 0.98.5-22
- Add WAF support for Lua based rules (beta)
- Added in new firewall configuration settings for RDATE, NTP and DNS restrictions
- Added in new firewall dynamic hostname whitelisting support (beta)
- Feature Request #1331, ssh_check, add check for small ssh keys
- Feature Request #1526, Firewall, do not log drop events on non-ssl pop/imap
- Feature Request #1655, Configuration, Disabe 4151 on virtuozzo systems
- Feature Request #1679, WAF, add lua based search engine auto-whitelisting support
- Feature Request #1697, Configuration, add "kvm", "vmware" and others to list of virtualization types
- Bugfix #1645, waf_check, resolve rules sets console output duplication
- Bugfix #1686, mysql_check, resolve symbolic-links = 0 duplication
- Bugfix #1715, Core, fixes zero byte issue with rbc
- Bugfix #XXXX, ASL Web, fixes creation of firewall log rules from asl web
- Bugfix #XXXX, firewall, remove duplicate active response loaders
- Bugfix #XXXX, firewall, fixes cidr in whitelist module
1) aum -u
2) asl -s -f
Atomicorp announcements, new release notifications and other company and product news.