Today I would like to introduce a pre relaese of the upcoming 3.0.5.4p4 version to a broader audience.
What's new in ISPConfig 3.0.5.4p4
This release introduces some interesting new security features and fixes several bugs in the remote API.
Intrusion Detection System
The ISPConfig interface now contains a IDS System to protect it against unknown threats and
vulnerabilitys. The IDS System consists of a scan engine for POST, GET, COOKIE and SESSION
variables based on PHPIDS and a SQL query scanner to detect SQL injection attacks.
The IDS system does not replace any of the input and variable checks that are implemented in ISPConfig,
the IDS adds a more generic check for all incoming variables in ISPConfig to build a second defence line.
For now, the IDS system is configured to add warnings in the ISPConfig System log only and not to block attacks.
If you like to block attacks in this version, set ids_block_level to a value between 5 and 20 in the
security_settings.ini file. The checks are quite strict and we will probably have to whitelist some addditional
variables to avoid false positive warnings to customers. Therefor I would like to ask you to help us to copmplete
the whitelist.
How whitelisting works:
The IDS writes all alerts in whitelst file format to the file /usr/local/ispconfig/interface/temp/ids.log
and the full warning message to the ispconfig system log in the interface. If you find that a alert is
a false positive, then please post the alert message and line from ids.log here in the forum so we can check
that and add it to the official whitelist.
You can find a detailed description on the IDS settings in the security README file in the
/usr/local/ispconfig/security/ folder.
Note: This pre release reports itsellf still as 3.0.5.4p3, so dont be worried if you dont see a
new version number.
Detailed Changelog
=]ISPConfig::ISPConfig 3: Tasklist
Download
http://www.ispconfig.org/downloads/ISPConfig-3.0.5.4p4-beta1.tar.gz
Update instructions
What's new in ISPConfig 3.0.5.4p4
This release introduces some interesting new security features and fixes several bugs in the remote API.
Intrusion Detection System
The ISPConfig interface now contains a IDS System to protect it against unknown threats and
vulnerabilitys. The IDS System consists of a scan engine for POST, GET, COOKIE and SESSION
variables based on PHPIDS and a SQL query scanner to detect SQL injection attacks.
The IDS system does not replace any of the input and variable checks that are implemented in ISPConfig,
the IDS adds a more generic check for all incoming variables in ISPConfig to build a second defence line.
For now, the IDS system is configured to add warnings in the ISPConfig System log only and not to block attacks.
If you like to block attacks in this version, set ids_block_level to a value between 5 and 20 in the
security_settings.ini file. The checks are quite strict and we will probably have to whitelist some addditional
variables to avoid false positive warnings to customers. Therefor I would like to ask you to help us to copmplete
the whitelist.
How whitelisting works:
The IDS writes all alerts in whitelst file format to the file /usr/local/ispconfig/interface/temp/ids.log
and the full warning message to the ispconfig system log in the interface. If you find that a alert is
a false positive, then please post the alert message and line from ids.log here in the forum so we can check
that and add it to the official whitelist.
You can find a detailed description on the IDS settings in the security README file in the
/usr/local/ispconfig/security/ folder.
Note: This pre release reports itsellf still as 3.0.5.4p3, so dont be worried if you dont see a
new version number.
Detailed Changelog
=]ISPConfig::ISPConfig 3: Tasklist
Download
http://www.ispconfig.org/downloads/ISPConfig-3.0.5.4p4-beta1.tar.gz
Update instructions
Code:
cd /tmp
rm -rf /tmp/ispconfig3_install
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.5.4p4-beta1.tar.gz
tar xvfz ISPConfig-3.0.5-rc2.tar.gz
cd ispconfig3_install/install
php -q update.php