ISPConfig available for testing

Dieses Thema im Forum "Entwicklerforum" wurde erstellt von Till, 26. Aug. 2014.

  1. Till

    Till Administrator

    Today I would like to introduce a pre relaese of the upcoming version to a broader audience.

    What's new in ISPConfig

    This release introduces some interesting new security features and fixes several bugs in the remote API.

    Intrusion Detection System

    The ISPConfig interface now contains a IDS System to protect it against unknown threats and
    vulnerabilitys. The IDS System consists of a scan engine for POST, GET, COOKIE and SESSION
    variables based on PHPIDS and a SQL query scanner to detect SQL injection attacks.

    The IDS system does not replace any of the input and variable checks that are implemented in ISPConfig,
    the IDS adds a more generic check for all incoming variables in ISPConfig to build a second defence line.

    For now, the IDS system is configured to add warnings in the ISPConfig System log only and not to block attacks.
    If you like to block attacks in this version, set ids_block_level to a value between 5 and 20 in the
    security_settings.ini file. The checks are quite strict and we will probably have to whitelist some addditional
    variables to avoid false positive warnings to customers. Therefor I would like to ask you to help us to copmplete
    the whitelist.

    How whitelisting works:

    The IDS writes all alerts in whitelst file format to the file /usr/local/ispconfig/interface/temp/ids.log
    and the full warning message to the ispconfig system log in the interface. If you find that a alert is
    a false positive, then please post the alert message and line from ids.log here in the forum so we can check
    that and add it to the official whitelist.

    You can find a detailed description on the IDS settings in the security README file in the
    /usr/local/ispconfig/security/ folder.

    Note: This pre release reports itsellf still as, so dont be worried if you dont see a
    new version number.

    Detailed Changelog

    =]ISPConfig::ISPConfig 3: Tasklist


    Update instructions

    cd /tmp
    rm -rf /tmp/ispconfig3_install
    tar xvfz ISPConfig-3.0.5-rc2.tar.gz
    cd ispconfig3_install/install
    php -q update.php

Diese Seite empfehlen