Difference between revisions of "Atomic Secured Linux"
m (→ASL 3.0 Release Notes) |
m (→ASL 3.0 Release Notes) |
||
Line 60: | Line 60: | ||
=== ASL 3.0 Release Notes === | === ASL 3.0 Release Notes === | ||
− | + | # Make sure that you clean your browsers cache when logging into 3.0 if you have been using 2.2. This will clear out any old cached AJAX elements from the 2.2 GUI. You only need to do this once. | |
− | + | # The Authentication system in ASL Web has changed. Your ASL Username & Password is now the default login. This can be changed from the User manager interface, or from the command line using: /var/asl/bin/asl-web-setup or /var/asl/bin/asl-web-passwd <username> | |
− | + | # ASL 3.0 added five new high risk PHP functions: | |
** pfsockopen | ** pfsockopen | ||
** fsockopen | ** fsockopen |
Revision as of 16:43, 1 August 2011
Contents |
About ASL
Atomic Secured Linux(tm) is an easy to use out-of-the-box Unified Security Suite add-on for Linux(tm) systems designed to protect your servers against both known and unknown zero day threats. Unlike other security solutions, ASL is designed for beginners and experts alike. You just install ASL and it does the work for you.
ASL works by combining security at all layers, from the Kernel all the way up to the application layer to provide the most complete protection available for Linux servers and helps to ensure that your system is compliant with commercial and government security standards. ASL includes the most hardened kernel on the market, automated system hardening techniques, userspace and host Intrusion Prevention Systems (IPS), malware/rootkit detection and elimination, blacklisting technologies, an autolearning Role Based Access Control System and web application firewalling to protect multiuser and web application hosting environments like no other solution. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in today's complex systems and applications, such as web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems and custom applications.
The design of ASL approaches securing the server and its applications, by combining different layers of security technologies and application layer firewalls to filter out malicious content before it reaches your system and its applications. Our hardened kernel further enhances the overall security model by enforcing anti-rootkit, file, network and process level security policies on the system.
The ASL approach also includes our "Just In Time Patching" system, which allows you to address security threats posed by applications where either it is not possible to fix the application due to lack of source code, availability of resources, or the number of applications that make repairing all vulnerabilities economically infeasible. You can known that your systems are protected, even when you can't patch them.
You can read more about ASL on the ASL product page.
Purchasing
To purchase a license for ASL, please visit the Atomic Secured Linux product page.
Installation
Upgrading ASL
ASL Features
See the ASL Features article.
Adding more Licenses
To add more licenses simply log into your ASL License Manager account. You can also reset your ASL License Manager password on this page.
To reset a Support Portal password please send an e-mail to support@atomicorp.com with your request.
Documentation
ASL Documentation
Release Schedule
Frequently Asked Questions
Troubleshooting
Get support
ASL 3.0 Notes
ASL 3.0 Release Notes
- Make sure that you clean your browsers cache when logging into 3.0 if you have been using 2.2. This will clear out any old cached AJAX elements from the 2.2 GUI. You only need to do this once.
- The Authentication system in ASL Web has changed. Your ASL Username & Password is now the default login. This can be changed from the User manager interface, or from the command line using: /var/asl/bin/asl-web-setup or /var/asl/bin/asl-web-passwd <username>
- ASL 3.0 added five new high risk PHP functions:
- pfsockopen
- fsockopen
- curl_exec
- curl_multi_exec
- ftp_exec
These are disabled in ASL by default, if you configure ASL to harden PHP. If you have a web application that uses these functions, please ensure that you re-enable them.
For example, to re-enable fpsockopen and fsockopen, just change these settings in ASL:
ALLOW_pfsockopen and ALLOW_fsockopen
to "yes"
- /etc/asl/disabled_signatures has been replaced by /etc/asl/rules. Disabled rules are not imported from 2.2 to 3.0 configurations, they will need to be re-added through ASL Web's Rule Manager, or from the command line using:
/var/asl/bin/asl -dr <rule id>
- Centos and Redhat 4 do not include an up to date SSL certificate file, which will result in bogus errors such as these:
asl -u Checking for updates.. ASL version is current: 3.0 [OK] APPINV rules are current: 201008021738 [OK] Update failed for some reason, retrying with full debug information... --17:25:04-- https://username:*password*@www.atomicorp.com/channels/asl-2.0/rules//clamav-201107191237.tar.gz => `/var/asl/updates/clamav-201107191237.tar.gz' Resolving www.atomicorp.com... 74.208.155.133 Connecting to www.atomicorp.com|74.208.155.133|:443... connected. ERROR: Certificate verification error for www.atomicorp.com: self signed certificate in certificate chain To connect to www.atomicorp.com insecurely, use `--no-check-certificate'. Unable to establish SSL connection. exiting...
The certificate used is not self signed, however older Centos and Redhat distributions do not include up to date certificate authority information. One solution is to use a newer certificate authority file from Red Hat and Centos versions 5 and 6. We have included the certificate file from Centos 5 at the URL below:
https://www.atomicorp.com/installers/cert.pem
On RHEL and Centos 4 systems, the default certificate authority file is stored in:
/usr/share/ssl/cert.pem
Simply download the cert.pem file from the URL above, and overwrite the file at /usr/share/ssl/cert.pem. We highly recommend you download this file over SSL and not in the clear.
ASL 3.0 Known Issues
- There is a known bug in 3.0 that can occur if you have the malware protection rules turned off, and the malware output rules turned on (which are new and on by default in 3.0).
There are two solutions:
Option 1) Disable the MODSEC_99_MALWARE_OUTPUT rules, set them to "no". (Least secure method)
Option 2) Enable the malware protection rules, change MODSEC_10_ANTIMALWARE to "yes". (Most secure method)
We will be putting out a point release shortly to resolve this so you can enable the malware output protection rules with the malware rules disabled. For now, you have to either enable both, or disable both.
ASL 2.2 Release Notes
New Web GUI to manage everything, plus everything in 1.0 and tons of new features and security:
- Vulnerability scanner
- Hardening tools to secure your system
- Stack overflow protection from the PaX project, that addresses exploits in services on the system, such as apache, bind, secure shell, mysql, postgres, etc.
- Virtual Patching of web applications, which makes its possible to use software which have vulnerabilities when a patch is not available or it is not possible to install one
- Web Application Firewall through mod_security, and the industry leading rules created by Atomicorp at gotroot.com, optimized for Plesk Server Administrator environments.
- Realtime malware scanning of web, email and local filesystems
- Domain based control of antispam and antimalware features (for control panels like Plesk)
- Automatic process monitoring, alerting and actions, such as restarting critical processes that have died, have hung or are consuming too many resources
- An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration, from the Grsecurity project.
- Trusted Path Execution, which only allows untrusted users such as apache to execute commands owned by root, thus simply preventing a whole class of exploit techniques used by attackers, or internet worms
- Users are restricted to only view their processes
- Denial of Service protection through mod_evasive
- Realtime attack shunning and blocking, and policy based unshunning after user defined period of time
ASL Kernel (grsecurity, firewall additions like match, and stealth), mod_security and, mod_evasive for input validation, and DoS protection, userspace HIDS with ossec, application inventory module, compliance and vulnerability scanner, and PSA integration.
ASL 1.0 Release Notes
Atomic Secured Linux(tm) version 1.0 is a linux security solution, distributed through a subscription yum channel. It works by combining both Kernel hardening techniques, as well as userspace Intrusion Prevention Systems (IPS) to your web application hosting environment. ASL is specifically targeted at addressing the threats posed by vulnerabilities in applications, such as CRM's, forums, shopping carts, or other custom applications.
The design of ASL approaches securing the server, and its applications, by using an application layer firewall to filter out malicious content, before it reaches the application. The hardened kernel subsystems further enhance the overall security model by enforcing file and process level security policies on the system.
The advantages of the ASL approach to security, is that it addresses the security threats posed by web based applications where either it is not possible to fix the application due to lack of source code, or availability of resources, or the number of applications make repairing all vulnerabilities economically unfeasible.
It offers among many other features:
- Stack overflow protection from the PaX project, that addresses exploits in services on the system, such as apache, bind, or secure shell
- An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration, from the Grsecurity project.
- Trusted Path Execution, which only allows untrusted users such as apache to execute commands owned by root, thus simply preventing a whole class of exploit techniques used by attackers, or internet worms
- Users are restricted to only view their processes
- Application layer firewalling through mod_security, and the industry leading rules created by Atomicorp at gotroot.com, optimized for Plesk Server Administrator environments.
- Denial of Service protection through mod_evasive