Difference between revisions of "ASL"

From Atomicorp Wiki
Jump to: navigation, search
m (Mod_Security: Enabling/Disabling Rules)
m (Release Notes)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== '''How can I get a copy of ASL?''' ==
+
= Introduction =
  
Please visit the [https://www.atomicorp.com/products/asl.html Atomic Secured Linux product page].
+
Atomic Secured Linux(tm), or "ASL" for short, is a Unified Security Suite addon for Linux(tm) systems designed to protect servers against zero day threats.   Unlike other expensive security "solutions" that pretend to achieve security through signature-based detection, known-vulnerability patching and other reactive methods, Atomic Secured Linux(tm) provides real proactive security. The only solution that protects both your applications and operating system, Atomic Secured Linux is essential for public-facing servers and shared-hosting environments.
  
== '''Can I try it out first?''' ==
+
And Atomic Secured Linux (ASL) is uniquely designed for beginners and experts alike.  You just install ASL onto your existing system and it does the work for you, plus you can try it for free!
  
Absolutely!  Just sign up for a [https://www.atomicorp.com/amember/signup.php?price_group=-1&product_id=17&hide_paysys=free no risk and no obligation free 30 day trial here].
+
ASL works by proactively immunizing the system against whole classes of vulnerabilities, and combines security at all layers, from the firewall, to your applications and services, and all the way down to the kernel to provide the most complete multi-spectrum protection solution available for Linux servers today. It helps to ensure that your system is secure and also compliant with commercial and government security standards. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as cloud and web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems, custom applications and more.
  
== '''Where is the ASL FAQ?''' ==
+
== '''Features in ASL''' ==
  
[[ASL FAQ]] - Atomic Secured Linux Frequently Asked Questions (FAQ)
+
* Web Application Firewall with Realtime Atomicorp/Gotroot.com rules
  
== '''Features in ASL''' ==
+
* Highspeed Stateful firewall
 +
 
 +
* Attack Chain Disruption to prevent zero day attacks
  
* Host Based Intrusion Detection for event monitoring, file system integrity checking, and rootkit detection
+
* Network based Intrusion Prevention System
  
* Web Based Security Information Manager and Unified Threat Manager
+
* Host Based Intrusion Prevention for event monitoring, file system integrity checking, and rootkit protection
  
* Web Application Firewall with Realtime Gotroot.com rules
+
* Web Based Security Information Manager and Unified Threat Manager
  
 
* Vulnerability scanner and vulnerability repair and elimination system
 
* Vulnerability scanner and vulnerability repair and elimination system
Line 23: Line 25:
 
* Realtime Malware Protection
 
* Realtime Malware Protection
  
* Hardened secure kernel to protect against rootkits, includes commercial support for grsecurity and PaX
+
* Hardened secure kernel to protect against rootkits
  
* Self Healing system for system and application errors
+
* Self Healing system for system, database and application errors
  
 
* Self Learning Least Privilege Role Based Access Control System
 
* Self Learning Least Privilege Role Based Access Control System
  
 
* System Hardening tools
 
* System Hardening tools
 
* Firewall enhancements and manager
 
  
 
* Stand Alone secure web GUI
 
* Stand Alone secure web GUI
  
* Malware uploader scanner (Web and FTP)
+
* Malware uploader scanner
  
* Brute force attack detection (FTP, SSH, Web, SMTP, POP, IMAP and more!)
+
* Brute force attack detection (Control Panels, FTP, SSH, Web applications, SMTP, POP, IMAP and more!)
  
* Just In Time Patching system:  Automatic security rules to protect unpatched systems
+
* Just In Time Patching system:  Automatic security rules to protect unpatched systems, and unpatched web applications.
  
 
* Rootkit detection and prevention, including kernel level rootkits
 
* Rootkit detection and prevention, including kernel level rootkits
Line 63: Line 63:
 
* Special ClamAV rules
 
* Special ClamAV rules
  
== '''Installing ASL''' ==
+
= Downloading ASL =
  
[http://www.atomicorp.com/wiki/index.php/ASL_installation Installation Page]
+
== '''How can I get a copy of ASL?''' ==
  
 +
Please visit the [https://atomicorp.com/features/ Atomic Secured Linux product page].
  
== '''Quickstart Command Line Documentation''' ==
+
== '''Can I try it out first?''' ==
  
1) Help
+
Absolutely! Just sign up for a [https://atomicorp.com/amember/signup/index/c/oMzRCoqd no risk and no obligation free 10 day trial here].
   
+
Usage: asl [options]
+
<pre>
+
  -bl  --blacklist <value>                Add <ip> to Blacklist.
+
  -c  --config                            Configure ASL settings.
+
  -ck  --check                            Show list of updates.
+
  -dr  --disable-rule <value>              Disable modsec rule by signature ID.
+
      --vhost <value>                    Enable/Disable modsec rule by vhost
+
modifier.
+
  -dbl --domain-blacklist <value>          Add <domain> to spam blacklist.
+
  -er  --enable-rule <value>              Re-enable modsec rule by signature
+
ID.
+
  -f  --fix                              Fix and Repair mode.
+
  -l  --list                              List ASL modules.
+
  -m  --module <value>                    Run a specific module.
+
  -mbl --malware-blacklist <value>          Add <domain> to malware blacklist.
+
  -nc  --nocolor                          Disable Color.
+
  -pc  --permissions-check                Check/Fix permissions on ASL
+
dirs/files.
+
      --reload-firewall                  Reload Firewall rules.
+
      --remove-blacklist <value>          Remove <ip> from Blacklist.
+
      --remove-domain-blacklist <value>  Remove <domain> from spam Blacklist.
+
      --remove-malware-blacklist <value>  Remove <domain> from malware
+
Blacklist.
+
      --remove-whitelist <value>          Remove <ip> from Whitelist.
+
  -rfp --report-false-positive <value>    Report false positive on <path>.
+
  -r  --return                            Prompt to continue.
+
  -s  --scan                              Scan mode.
+
      --show-alert <value>                Show alert using <path>.
+
  -t  --terse                            Terse mode used for reporting
+
  -ub  --unblock <value>                  Unblock <ip> from active response
+
system.
+
  -u  --update                            Update rules and signatures.
+
  -uf  --force-update                      Force update of rules and signatures.
+
  -v  --version                          Show version.
+
  -wl  --whitelist <value>                Add <ip> to whitelist.
+
      --validate_gui                      Validate subscription
+
</pre>
+
  
2) Update the rules and signatures databases
+
== '''Where is the ASL FAQ?''' ==
  
asl -u
+
[[ASL FAQ]] - Atomic Secured Linux Frequently Asked Questions (FAQ)
  
2) Run a vulnerability scan
 
  
asl -s
+
= '''Installing ASL''' =
  
3) Run a vulnerability scan, and fix vulnerabilities
+
[http://www.atomicorp.com/wiki/index.php/ASL_installation Installation Page]
  
asl -s -f
 
  
 
== Configuration ==
 
== Configuration ==
  
ASL can be configured through the ASL GUI.  Please see the [[ASL configuration]] page for documentation.
+
ASL can be configured through the ASL GUI.  Please see the [[ASL Configuration]] page for documentation.
  
 
== '''Reporting False Positives''' ==
 
== '''Reporting False Positives''' ==
  
 
See the [[Reporting False Positives]] page for details.
 
See the [[Reporting False Positives]] page for details.
 
== Application Inventory ==
 
 
The application inventory module is designed to identify applications installed on the system by analysing it's source code. It can be a very CPU intense operation and is configured by default to run once per day. ASL supports configuring the Application Inventory to run either Daily, Weekly, or with the following setting in /etc/asl/config
 
 
APPINV_CRON="daily"
 
 
Valid settings for this field are:
 
 
"daily"
 
 
"weekly"
 
 
"off"
 
 
Changing this setting in /etc/asl/config does *NOT* require a policy update with "asl -s -f".
 
  
 
== ASL Web GUI Password Reset ==
 
== ASL Web GUI Password Reset ==
Line 150: Line 95:
 
To reset your password, run this command:
 
To reset your password, run this command:
  
/var/asl/bin/asl-web-passwd your_user_name  
+
/var/asl/bin/asl-web-passwd your_user_name
 
+
 
+
== ASL inside a VPS ==
+
 
+
All of the features of ASL work inside a VPS.  VPS technologies, such as Virtuzzo or OpenVZ abstract a single kernel running on the host system and share it with all the VPS'.  Therefore, a VPS does not have a kernel of its own, it uses the host systems kernel.  If you are using a VPS on a server that is not running ASL you will see several important kernel vulnerabilities reported in your system.  These vulnerabilities are real, and they can not be fixed from inside a VPS.
+
 
+
The ASL kernel, when used with VPS technologies, can only be installed on the host machine, this is because the VPS' themselves do not have their own kernel.  This is not to be confused with Virtual Machine technologies such as VMWare, KVM, Xen and others.  Those virtual machines do have their own kernel, and therefore the ASL kernel can be installed inside those virtual machines.  '''VPS', however, do not have their own kernel, they share the single host machines kernel.'''  To eliminate these vulnerabilities in a VPS the host server must be running ASL as well.
+
 
+
VPS's will also see "hidden processes" reported by ASL.  This is also expected as the rootkit detection capabilities of ASL are seeing hidden processes from other VPS' running on the system.  Therefore VPS customers that do not wish to get these alerts will need to turn off rootkit checks inside their VPS's.  To do this modify this file:
+
 
+
just modify this file:
+
 
+
/var/ossec/etc/ossec.conf
+
 
+
Search for this:
+
 
+
  <rootcheck>
+
 
+
you should see something like this:
+
 
+
  <rootcheck>
+
  <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+
  <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+
  </rootcheck>
+
 
+
Check that to this:
+
 
+
  <rootcheck>
+
  <disabled>yes</disabled>
+
  </rootcheck>
+
 
+
You will also want to disable the hidden process checks in the VPS that are performed by rkhunter:
+
 
+
You want to edit this file:
+
 
+
/etc/rkhunter.conf
+
 
+
Look for this line:
+
 
+
  ENABLE_TESTS="all"
+
 
+
Change it to:
+
 
+
  #ENABLE_TESTS="all"
+
 
+
Then look for this line:
+
 
+
  #DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
+
 
+
And change it to:
+
 
+
  DISABLE_TESTS="hidden_procs os_specific"
+
 
+
'''Do not disable these checks on the host server.'''
+
  
If you are not on a VPS, then reports of hidden process means you do in fact have hidden processes. That means you are running some root level process that is hiding a process, or your system was compromised at some point in the past, and ASL has detected that a rootkit is installed.
+
Note: This utility is only valid post-installation.

Latest revision as of 09:32, 10 September 2020

Contents

[edit] Introduction

Atomic Secured Linux(tm), or "ASL" for short, is a Unified Security Suite addon for Linux(tm) systems designed to protect servers against zero day threats. Unlike other expensive security "solutions" that pretend to achieve security through signature-based detection, known-vulnerability patching and other reactive methods, Atomic Secured Linux(tm) provides real proactive security. The only solution that protects both your applications and operating system, Atomic Secured Linux is essential for public-facing servers and shared-hosting environments.

And Atomic Secured Linux (ASL) is uniquely designed for beginners and experts alike. You just install ASL onto your existing system and it does the work for you, plus you can try it for free!

ASL works by proactively immunizing the system against whole classes of vulnerabilities, and combines security at all layers, from the firewall, to your applications and services, and all the way down to the kernel to provide the most complete multi-spectrum protection solution available for Linux servers today. It helps to ensure that your system is secure and also compliant with commercial and government security standards. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as cloud and web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems, custom applications and more.

[edit] Features in ASL

  • Web Application Firewall with Realtime Atomicorp/Gotroot.com rules
  • Highspeed Stateful firewall
  • Attack Chain Disruption to prevent zero day attacks
  • Network based Intrusion Prevention System
  • Host Based Intrusion Prevention for event monitoring, file system integrity checking, and rootkit protection
  • Web Based Security Information Manager and Unified Threat Manager
  • Vulnerability scanner and vulnerability repair and elimination system
  • Realtime Malware Protection
  • Hardened secure kernel to protect against rootkits
  • Self Healing system for system, database and application errors
  • Self Learning Least Privilege Role Based Access Control System
  • System Hardening tools
  • Stand Alone secure web GUI
  • Malware uploader scanner
  • Brute force attack detection (Control Panels, FTP, SSH, Web applications, SMTP, POP, IMAP and more!)
  • Just In Time Patching system: Automatic security rules to protect unpatched systems, and unpatched web applications.
  • Rootkit detection and prevention, including kernel level rootkits
  • Process monitoring watchdog, to ensure critical and security services are always running
  • Web Application inventory module
  • Systems configuration validation (SSH, PHP and more)
  • General security hardening (unnecessary services, etc)
  • PHP configuration, checks and fixes dangerous settings
  • Apache configuration checks and fixes
  • DOS protection system
  • Rule updater for Mod_security, GRsecurity, HIDS, Self Healing and the Application Inventory system
  • Custom code for system hardening
  • Special ClamAV rules

[edit] Downloading ASL

[edit] How can I get a copy of ASL?

Please visit the Atomic Secured Linux product page.

[edit] Can I try it out first?

Absolutely! Just sign up for a no risk and no obligation free 10 day trial here.

[edit] Where is the ASL FAQ?

ASL FAQ - Atomic Secured Linux Frequently Asked Questions (FAQ)


[edit] Installing ASL

Installation Page


[edit] Configuration

ASL can be configured through the ASL GUI. Please see the ASL Configuration page for documentation.

[edit] Reporting False Positives

See the Reporting False Positives page for details.

[edit] ASL Web GUI Password Reset

To reset your password, run this command:

/var/asl/bin/asl-web-passwd your_user_name

Note: This utility is only valid post-installation.

Personal tools