by Support (2014-04-14):
- Add support for Mod_Security 2.8.0
- Update Firewall, Change of default config so that whitelisted hosts also bypass the firewall
- Update Firewall, detect if comment module isnt loaded for blocklist, and fixed bug in blacklist that wasnt disabling comments for blacklist on systems that dont support it
- Update Firewall, Added in filesystem kernel modules, in case users create filesystem types that were not added on boot
- Update ASL Web, shifts some filtering to cli from php getting iptables
- Update Firewall, Whitelist 127.0.0.1/8 by default
- Feature Request #697, php_checks, add additional php functions: eval, ini_alter, ini_set, symlink, ink, ftok, posix_access openlog syslog re adlink apache_child_terminate apache_setenv define_syslog_variables escapeshellarghighlight_file ini_get_all posix_ge tpwuid posix_uname
- Feature Request #1346, ssh_check, Set PermitEmptyPasswords to no
- Feature Request #1363, general_check, Add apache, nobody, www-data, and other users to /etc/cron.deny
- Feature Request #1523, hids_check, Add in a pruning system for the OSSEC diff events (HIDS_CLEAN_DIFF)
- Feature Request #1550, firewall, Add logging to per port ACLs. Add "LOG=yes" to the acl file and this will enable logging
- Feature Request #1552, waf_check, Add user defined domain blocking
- Feature Request #1553, Core, speed up performance of asl -dr
- Bugfix #1498, aum, fixed KERNEL_CHANNEL= not disabling tortix-kernel.repo when set to disabled
- Bugfix #1499, kernel_check, Consistent thread enforcement was mistakenly labeled as Deter Bruteforce
- Bugfix #1501, firewall, WHITELIST rules are now correctly load right after RELATED,ESTABLISHED
- Bugfix #1524, database-setup, change from localhost to 127.0.0.1 to handle conditions where the system is configured with skip-name-res
- Bugfix #1527, AUM, DTC creation issues resolved
- Bugfix #1536, ASL Web, displays message when no vulnerabilities are detected
- Bugfix #1541, kernel_check, Force load of Asl-kernel modules before running Asl -s -f for the first time
- Bugfix #1549, hids_check, exclude 127.* from whiteist checks
- Bugfix #1555, t-waf, add lint code to verify an IP address or Port number are valid
- Bugfix #1557, waf_check, apache 2.4 needs files to exist if invoked wit Include. This will just create the basic files that are
- Bugfix #1559, waf_check, remove old audit/data/ log entries w/ new user type structure (CLEAN_ALERT)
- Bugfix #XXX, Firewall, fix on plesk 3306 port rules
- Bugfix #XXX, Firewall, fix issue with iptables and "Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned" errors
- Bugfix #XXX, ASL Web, fixes country links in ASL Web
- Bugfix #XXX, ASL Web, 'view all activity by ip' links in ASL Web
- Bugfix #XXX, hids_check, fixes sequencing issue in AUM causing update events to overwrite rule modifications with defaults
- Bugfix #XXX, integrity checks, fixes handling for all options set to no in file integrity watch rules
- Bugfix #XXX, Core, Corrects yum proxy writing
- Bugfix #XXX, ASL Web, fixes ASL Web user management
- Bugfix #XXX, Firewall, fixes shuns lost from iptables on asl-firewall restart
- Bugfix #XXX, ASL Web, Fixes list buttons in event detail and tld reports
- Bugfix #XXX, ASL Web, fixes issue with state when adding/editing firewall rules
- Bugfix #XXX, ASL Web, fixes clamav scanning from web
- Bugfix #XXX, psa_check, remove duplicate Scoreboard entries from proftpd.conf
|