Difference between revisions of "ASL"

From Atomicorp Wiki
Jump to: navigation, search
m (Release Notes)
 
(57 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Using ASL 2.0
+
= Introduction =
  
'''Quickstart Documentation'''
+
Atomic Secured Linux(tm), or "ASL" for short, is a Unified Security Suite addon for Linux(tm) systems designed to protect servers against zero day threats.  Unlike other expensive security "solutions" that pretend to achieve security through signature-based detection, known-vulnerability patching and other reactive methods, Atomic Secured Linux(tm) provides real proactive security. The only solution that protects both your applications and operating system, Atomic Secured Linux is essential for public-facing servers and shared-hosting environments.
  
1) Update the signature database
+
And Atomic Secured Linux (ASL) is uniquely designed for beginners and experts alike. You just install ASL onto your existing system and it does the work for you, plus you can try it for free!
  asl -u
+
  
2) Run a report
+
ASL works by proactively immunizing the system against whole classes of vulnerabilities, and combines security at all layers, from the firewall, to your applications and services, and all the way down to the kernel to provide the most complete multi-spectrum protection solution available for Linux servers today.  It helps to ensure that your system is secure and also compliant with commercial and government security standards. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as cloud and web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems, custom applications and more.
asl -r
+
  
3) Read the App Inventory DB
+
== '''Features in ASL''' ==
less /var/asl/data/webapp.db
+
  
 +
* Web Application Firewall with Realtime Atomicorp/Gotroot.com rules
  
'''Configuration'''
+
* Highspeed Stateful firewall
  
Currently the web interface is incomplete. ASL can be configured through /etc/asl/config, the following is a list of each setting and what it does:
+
* Attack Chain Disruption to prevent zero day attacks
+
# Authentication information
+
CONFIGURED=yes
+
USERNAME="USERNAME"
+
PASSWORD="PASSWORD"
+
UPDATEPATH="www.atomicorp.com/channels/asl-bleeding/rules/"
+
ASLHOME="/var/asl"
+
  
# ASL general config
+
* Network based Intrusion Prevention System
NOTIFY=yes
+
EMAIL="scott@atomicrocketturtle.com"
+
ADMIN_USERS="SOMEUSER"
+
# list of hosts separated by whitespace
+
IP_WHITELIST="127.0.0.1 10.10.10.10 10.10.10.11 10.10.10.12"   
+
# webserver, custom
+
SYSTEM_TYPE="webserver"
+
  
# Kernel config
+
* Host Based Intrusion Prevention for event monitoring, file system integrity checking, and rootkit protection
# Disable module_loading after the system has booted
+
VSERVER=no
+
ALLOW_kmod_loading=no
+
  
# PSMOD config
+
* Web Based Security Information Manager and Unified Threat Manager
PSMON_ENABLED=yes
+
PSMON_EMAIL="$EMAIL"
+
PSMON_FROM="psmon@$HOSTNAME"
+
  
# OSSEC config
+
* Vulnerability scanner and vulnerability repair and elimination system
OSSEC_ENABLED=yes
+
OSSEC_MODE="server"        # options are client, server, local
+
OSSEC_EMAIL="$EMAIL"
+
OSSEC_SMTP_SERVER="ac3.atomicorp.com"
+
OSSEC_FROM="ossec@$HOSTNAME"
+
OSSEC_SHUN_ENABLE_TIMEOUT=yes
+
OSSEC_SHUN_TIME="600"
+
  
# MODSECURITY config
+
* Realtime Malware Protection
MODSEC_ENABLED=yes
+
MODSEC_SERVERSIG="Apache"
+
MODSEC_UPLOADDIR="/var/asl/data/suspicious"
+
MODSEC_KEEPFILES="RelevantOnly"
+
MODSEC_LOG404=no # not used yet
+
MODSEC_LOGTYPE="Serial"
+
MODSEC_LOGFILE="modsec_audit.log"
+
MODSEC_LOGELEMENT="ABIFHZ"
+
MODSEC_REQMEMLIMIT="131072"
+
MODSEC_DEBUGLOG=yes    # not used yet (on by default)
+
MODSEC_DATADIR="/var/asl/data/msa"
+
MODSEC_TMPDIR="/tmp"
+
  
MODSEC_RULES_POLICY=on    # havent enabled settings below this yet
+
* Hardened secure kernel to protect against rootkits
MODSEC_RULES_ROBOTS=on
+
MODSEC_RULES_GENERIC=on
+
MODSEC_RULES_TROJAN=on
+
MODSEC_RULES_OUTBOUND=off
+
MODSEC_RULES_MARKETING=off
+
MODSEC_RULES_LOCAL=on
+
  
 +
* Self Healing system for system, database and application errors
  
 +
* Self Learning Least Privilege Role Based Access Control System
  
 +
* System Hardening tools
  
# PHP Functions
+
* Stand Alone secure web GUI
PHP_CHECKS=yes
+
PHP_SAFE_MODE=yes
+
ALLOW_dl=no
+
ALLOW_exec=no
+
ALLOW_leak=no
+
ALLOW_passthru=no
+
ALLOW_pfsockopen=no
+
ALLOW_phpinfo=yes
+
ALLOW_popen=no
+
ALLOW_posix_kill=no
+
ALLOW_posix_mkfifo=no
+
ALLOW_posix_setpgid=no
+
ALLOW_posix_setsid=no
+
ALLOW_posix_setuid=no
+
ALLOW_proc_close=no
+
ALLOW_proc_get_status=no
+
ALLOW_proc_nice=no
+
ALLOW_proc_open=no
+
ALLOW_proc_open=no
+
ALLOW_proc_terminate=no
+
ALLOW_shell_exec=no
+
ALLOW_show_source=no
+
ALLOW_system=no
+
  
# Denyhosts settings
+
* Malware uploader scanner
# uses EMAIL for notifications
+
DENYHOSTS_ENABLED=yes
+
DENYHOSTS_EMAIL="$EMAIL"
+
DENYHOSTS_FROM="denyhosts@$HOSTNAME"
+
DENYHOSTS_SYSLOG=yes
+
DENYHOSTS_SHUN_TIME="4w"
+
  
# SSH
+
* Brute force attack detection (Control Panels, FTP, SSH, Web applications, SMTP, POP, IMAP and more!)
ALLOW_ssh_proto1=no
+
ALLOW_root_logins=no
+
DISABLE_strict_mode=no
+
DISABLE_ignore_rhosts=no
+
DISABLE_pubkey_authentication=no
+
ALLOW_password_authentication=no
+
DISABLE_privilege_separation=no
+
  
  # Rkhunter settings
+
* Just In Time Patching system: Automatic security rules to protect unpatched systems, and unpatched web applications.
  RKHUNTER_ENABLED=yes
+
 
  RKHUNTER_EMAIL=$EMAIL
+
* Rootkit detection and prevention, including kernel level rootkits
 +
 
 +
* Process monitoring watchdog, to ensure critical and security services are always running
 +
 
 +
* Web Application inventory module
 +
 
 +
* Systems configuration validation (SSH, PHP and more)
 +
 
 +
* General security hardening (unnecessary services, etc)
 +
 
 +
* PHP configuration, checks and fixes dangerous settings
 +
 
 +
* Apache configuration checks and fixes
 +
 
 +
* DOS protection system
 +
 
 +
* Rule updater for Mod_security, GRsecurity, HIDS, Self Healing and the Application Inventory system
 +
 
 +
* Custom code for system hardening
 +
 
 +
* Special ClamAV rules
 +
 
 +
= Downloading ASL =
 +
 
 +
== '''How can I get a copy of ASL?''' ==
 +
 
 +
Please visit the [https://atomicorp.com/features/ Atomic Secured Linux product page].
 +
 
 +
== '''Can I try it out first?''' ==
 +
 
 +
Absolutely! Just sign up for a [https://atomicorp.com/amember/signup/index/c/oMzRCoqd no risk and no obligation free 10 day trial here].
 +
 
 +
== '''Where is the ASL FAQ?''' ==
 +
 
 +
[[ASL FAQ]] - Atomic Secured Linux Frequently Asked Questions (FAQ)
 +
 
 +
 
 +
= '''Installing ASL''' =
 +
 
 +
[http://www.atomicorp.com/wiki/index.php/ASL_installation Installation Page]
 +
 
 +
 
 +
== Configuration ==
 +
 
 +
ASL can be configured through the ASL GUI. Please see the [[ASL Configuration]] page for documentation.
 +
 
 +
== '''Reporting False Positives''' ==
 +
 
 +
See the [[Reporting False Positives]] page for details.
 +
 
 +
== ASL Web GUI Password Reset ==
 +
 
 +
To reset your password, run this command:
 +
 
 +
/var/asl/bin/asl-web-passwd your_user_name
 +
 
 +
Note: This utility is only valid post-installation.

Latest revision as of 09:32, 10 September 2020

Contents

[edit] Introduction

Atomic Secured Linux(tm), or "ASL" for short, is a Unified Security Suite addon for Linux(tm) systems designed to protect servers against zero day threats. Unlike other expensive security "solutions" that pretend to achieve security through signature-based detection, known-vulnerability patching and other reactive methods, Atomic Secured Linux(tm) provides real proactive security. The only solution that protects both your applications and operating system, Atomic Secured Linux is essential for public-facing servers and shared-hosting environments.

And Atomic Secured Linux (ASL) is uniquely designed for beginners and experts alike. You just install ASL onto your existing system and it does the work for you, plus you can try it for free!

ASL works by proactively immunizing the system against whole classes of vulnerabilities, and combines security at all layers, from the firewall, to your applications and services, and all the way down to the kernel to provide the most complete multi-spectrum protection solution available for Linux servers today. It helps to ensure that your system is secure and also compliant with commercial and government security standards. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as cloud and web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems, custom applications and more.

[edit] Features in ASL

  • Web Application Firewall with Realtime Atomicorp/Gotroot.com rules
  • Highspeed Stateful firewall
  • Attack Chain Disruption to prevent zero day attacks
  • Network based Intrusion Prevention System
  • Host Based Intrusion Prevention for event monitoring, file system integrity checking, and rootkit protection
  • Web Based Security Information Manager and Unified Threat Manager
  • Vulnerability scanner and vulnerability repair and elimination system
  • Realtime Malware Protection
  • Hardened secure kernel to protect against rootkits
  • Self Healing system for system, database and application errors
  • Self Learning Least Privilege Role Based Access Control System
  • System Hardening tools
  • Stand Alone secure web GUI
  • Malware uploader scanner
  • Brute force attack detection (Control Panels, FTP, SSH, Web applications, SMTP, POP, IMAP and more!)
  • Just In Time Patching system: Automatic security rules to protect unpatched systems, and unpatched web applications.
  • Rootkit detection and prevention, including kernel level rootkits
  • Process monitoring watchdog, to ensure critical and security services are always running
  • Web Application inventory module
  • Systems configuration validation (SSH, PHP and more)
  • General security hardening (unnecessary services, etc)
  • PHP configuration, checks and fixes dangerous settings
  • Apache configuration checks and fixes
  • DOS protection system
  • Rule updater for Mod_security, GRsecurity, HIDS, Self Healing and the Application Inventory system
  • Custom code for system hardening
  • Special ClamAV rules

[edit] Downloading ASL

[edit] How can I get a copy of ASL?

Please visit the Atomic Secured Linux product page.

[edit] Can I try it out first?

Absolutely! Just sign up for a no risk and no obligation free 10 day trial here.

[edit] Where is the ASL FAQ?

ASL FAQ - Atomic Secured Linux Frequently Asked Questions (FAQ)


[edit] Installing ASL

Installation Page


[edit] Configuration

ASL can be configured through the ASL GUI. Please see the ASL Configuration page for documentation.

[edit] Reporting False Positives

See the Reporting False Positives page for details.

[edit] ASL Web GUI Password Reset

To reset your password, run this command:

/var/asl/bin/asl-web-passwd your_user_name

Note: This utility is only valid post-installation.

Personal tools