Main Menu

Home
About
Contact
Downloads
Forums
Gallery
News
Projects
Subscription
Tutorials
Wiki

Donate to A.R.T.

Advertisement

powered_by.png, 1 kB

Archive Changelog


Home arrow News arrow Security arrow ASL 0.9.5
ASL 0.9.5 Print E-mail
Written by scott   
Tuesday, 19 June 2007
A progress report on ASL 2.0 so far. The test release of the web interface is about 75% complete. Screenshots are available here:
Dashboard
Viewing an Event This is of a spammer looking for an open proxy
Basic configuration interface

Before I go any further, I just want to thank all the testers out there that have been contributing with the pre-release. ASL is an extremely complex system, and we couldn't have gotten this far without their help.

Read more for the rest of the changes in 0.9.5
In case you were wondering, once this is complete, I'm going to change the release version to "2.0"...

%changelog
* Sun Jun 17 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.9.5-1
- Update routines for modsecurity and ossec rules

* Sat Jun 16 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.9.4-4
- updated config routine for ossec client mode support
- dropped ossec-hids-server requirement
- New Config Setting: OSSEC_SERVER
- Rewrote SSH config settings
- Major updates to support logging, improved logic in ssh module
- Added simple reporting module

* Thu Jun 14 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.9.3-1
- Added xt_tcpudp check to asl-mod init script
- create modsecurity audit logging dir
- New Config Setting: MODSEC_AUDITDIR
- Removed Config Setting: MODSEC_LOG404
- Modified Config Settings: MODSEC_LOGFILE, MODSEC_DEBUGLOG, MODSEC_RESPONSEBODYLIMIT
- Added support for Concurrent logging in mod_security
- PHP checks now default to warn-only
- Added config patch utility, and created a %post event to run it
- Added OSSEC check to monitor mod_security audit logs
- Disabled webapp inventory from asl by default, created/added this to a cron.daily event
- Cleaned up configuration routine, added a 1 time run of webapp inventory when this is executed.

* Thu May 31 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.9.2-1
- quadrupled default modsec bodylimit (2.6m)
- bugfix in configuration_settings.sh, should correctly disable php checks
- updated init script to ensure firewall modules are loaded (xtables, owner, stealth, etc)
- php_checks are either warn-only or fix mode
- Improved disable_function regex

* Thu May 31 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.9.1-1
- Bugfix on php module, this should handle Zend better

* Wed May 30 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.9-1
- Bugfix on php module, that was wiping out safe_mode
- Improvement on php module to detect Zend Manager extensions
- Fix on ASL version detection for updates

* Tue May 29 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.8-1
- Bugfixes on php routines
- Modified ssh module to disable root logins only if admin uses are defined
- Disabled web app inventory (for now)
- moved mod_sec module up to run right after the general web module

* Mon May 28 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.7-1
- added basic configuration interface
- bugfixes on php extension checks

* Thu Apr 5 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.5-1
- webapp-inventory didnt create a database (fixed)
- general_checks was detecting services because it looked for /etc/rc3.d/* this fired on the K services as well as S (fixed)
- ossec_checks, smtp_server was broken (missing > in regex). (fixed)
- php_checks bug, pointing to wrong config file (fixed)

* Wed Apr 4 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.4-4
- modsecurity module
- added data/msa and data/suspicious dirs
- built modsec 2.1.0, added Requires
- mod_security ruleset level configuration
- created data/templates directory to store mod_security generation template
- created basic installer script http://atomicorp.com/installers/install-asl.sh
- fixed issues with php detection

* Tue Apr 3 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.3
- added in stops between modules, and -s (skip) flag
- made a generic config

* Mon Apr 2 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 > - 0.2
- 0.2, major redesign. Added in app inventory module

* Thu Mar 1 2007 Scott R. Shinn <
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 >
- first cut

Comments

Only registered users can write comments.
Please login or register.

Powered by AkoComment 2.0.3!

 
Next >
[ Back ]
© 2008 atomicrocketturtle.com :: digital turtlist
Joomla! is Free Software released under the GNU/GPL License.
sheta@atomicrocketturtle.com
Fight Spam! Click Here!