This is the official release for Atomic Secured Linux (ASL), version 2.2. Changelog: * ASL Web, the standalone web gui. A dynamic, resizable open interface to manage security policy and event information. * Kernel 2.6.29.6, with support for vmware's VMI interface, ext4 and btrfs file systems, and much much more * OSSEC upgraded to 2.1 * ASL Core has been completely re-written in C for faster and more flexible capabilities * Added vulnerability checks for simple FTP passwords * Added new dynamic purge events for stale blocklist entries * Added vulnerability checks for excessive whitelists * Whitelisting now handles bitmask based whitelisting across all services

 * Added checks for SSL/TLS usage in qmail
* Added expose_php checks for Plesk daemons
* Command line arguments now support multiple entries (--blacklist 1.2.3.4 4.5.6.7 7.8.9.10)
* Extended firewall module checking in the asl-mod init script
* Added ability to disable SSH Banner checks (for lemonbit)
* Added ability to set Apache "graceful" restarts (for enom)
* PHP checks for safe_mode have been lowered from "high" to "moderate"
* PHP checks for escapeshellcmd have been dropped to "low"
* Added configuration checks for the Plesk 9 /etc/xinet.d/ excludes in rkhunter
* Added vulnerability check for psa-atmail
* Added vulnerability check for psa-proftpd
* Added SSL settings detection between Plesk 8.x and 9.x
* RKHUNTER_SSH_ROOT_LOGIN now defaults to SSH_ROOTLOGINS variable by default
* Added detection for Horde and Squirrelmail during PHP functions check in the configuration phase. This will automatically allow the required PHP functions (popen, etc).
* Added migration routine for plesk environments from the old asl-web-gui to the new asl-web
* update to KERNELS file to support the new 2.6.29.6 kernels
* Updated configuration_setup to detect & start mysql if its not running
* Update on ossec_database_setup to warn on blank passwords
* Added routine to kill stale ossec-dbd processes in ossec_check
* Removed restrictions on the max length of a message field in the Events Display
* New turtle graphics, now with Lensflare!
* Optional: An upgraded psa-proftp for Plesk users to 1.3.2a, which includes SFTP, RBL (real-time black lists), and ClamAV support

Bugfixes

 Bugfixes:
- Bugfix on remove-blacklist
- Bugfix #XXX, fix for vulnerability scanner to show details if there
was only 1 entry
- Bugfix #XXX, fix for ossec excessive whitelists check to show correct
vuln level based on total # of whitelists
- Bugfix #XXX, correctly install the asl-button for plesk environments
- Bugfix #XXX, on ossec_database_setup
- Bugfix #XXX, on asl-mod (adds more modules)
- Bugfix #XXX, on white/black/geoblock/blocking .js files
- Bugfix #XXX, ssh_check, added missing message for GSSAPICleanup test
- Bugfix #XXX, rkhunter_check, added missing message for SSH protocol 1
test
- Bugfix #XXX, multi-arguement/value events
- Bugfix #XXX, in vulnerability stub data for ET_EXEC
- Bugfix #XXX, ssh_check banner test (bareword found issue)
- Bugfix #XXX, Added a condition to detect /var/asl/tmp/VERSION on new
installs
- Bugfix #XXX, --whitelist typo on the asl-shun command
- Bugfix #XXX, ssh_check, Added more logic around allowed root logins,
this will skip the fixed check now and just report it as
allowed/vulnerable if it is fact allowed.
- Bugfix #xxx, mod_security, cleaned up path checking on SecTmpDir
- Bugfix #xxx, php_check, Changed execute flag string to be more clear
on exentions check
- Bugfix #xxx, php_check, disable_functions check will now create the
line if it doesnt exist rather than rewrite it
- Bugfix #XXX, for pending updates check
- Bugfix #XXX, for denyhosts bitmask whitelist
- Bugfix to detect spamassassin before checking its permissions
- Bugfix for ossec_check and web.conf, deprecated dhtml.conf files
- Bugfix for mod_security_check to correctly parse Dir directives
- Bugfix for mod_security_check SecAuditLogStorageDir
- Bugfix, mod_security_check now supports both "on/off" and "yes/no"
values
- Bugfix, mod_security_check copies rulegroups over correctly now
- Bugfix, mod_security_check copies over tertiary configs now
(spam.conf, sql.txt, etc)
- Bugfix, mod_security_check, when the whitelist is enabled, it is now
flagged as a vulnerability
- Bugfix, php_check updated to support yes/no, and on/off conditions
- Bugfix #XXX, corrected condition where ssh vulnerability checks were
not being reported for SSH password authentication being enabled.
- Bugfix #XXX, added a wrapper to lint the config file for the
CONFIGURED flag



Upgrading to 2.2:

1) Ensure that you allow mysql connections from localhost, and that
skip-networking is not set in /etc/my.cnf

2) yum upgrade

3) asl -s -f

4) Log in to the web interface on port 30000 with your web browser with
the credentials:
username: admin
password: setup




To Install on a clean system:
1) wget -q -O - http://www.atomicorp.com/installers/asl |sh

2) Log in to the web interface on port 30000 with your web browser with
the credentials:
username: admin
password: setup

This is a release announcement for ASL 2.2 Beta 3, which should be the last beta release before the final GA for 2.2. I hope! Please test, abuse, and continue getting back to us with your bug reports. This includes builds for all platforms,  entOS/RHEL 4, CentOS/RHEL 5, and Fedora 4-10 on i386 and x86_64.

Changelog:
- Added default layout to gui
- Bugfix for missing graphics error
- Set default size for events view, resizing for bulletins window, and new interface buttons for event view
- Added alternating background colors to rows in bulletin, module and signature windows
- Corrected log display in event detail window
- Made event detail window slightly less ugly
- Moved ASL Web configs to the asl-web rpm
- Corrected log display in event detail window
- Made event detail window slightly less ugly
- Changed file integrity window:
    removed file name search
    added result limiter (50,100,250 results or all within last 1/3/7 days)
    default display is most recent 50 results
- Changed event log window:
    removed time filter fields
    added result limiter (50,100,250 results)
    added filters by event type (blocked or info)
    addes signature id field
    reversed sorting to date descending
- Improved performance of window fade in/out
- Fixed js error from empty blacklist
- Fixed interface module display for non-admin UI user
- Added Layout window to interface module
    Allows admin to set initial visibility and position of windows, and
control access to windows
    Menu visibility for a window may be set to on, off or admin only
    X/Y positions may be set to an integer or 'auto', which will leave
the window in its normal cascaded position
    Visibility and menu presence may not be altered for detail windows,
but they may be set to open in a fixed position
- Bugfix, ssh_check banner test (bareword found issue)
- Bugfix, Added a condition to detect /var/asl/tmp/VERSION on new
installs
- Added additional Dependencies to ASL Web
- Added zero entry checks to inventory and events windows
- Bugfixes on configuration_setup and ossec_database_setup.


For new installs:
wget -q -O - http://www.atomicorp.com/installers/asl-beta |sh


For upgrades from ASL 2.0:
yum --enablerepo=asl-2.0-testing upgrade asl
yum --enablerepo=asl-2.0-testing install asl-web

This is to announce the official release of ASL 2.0.7, and the long awaited Plesk 9 support. There have been no changes made to the package since the previous release candidate, so there isn't much to say here other than to stamp Plesk 9"supported". Enjoy!

  Release Notes:
* Due to Plesk architecture changes, the ASL 2.6.27.x kernels are *required* for Plesk 9 support. If you cannot use the ASL 2.6.27.x kernels for some reason, you can also use the default kernel provided by your OS vendor.