ConfigServer Services Blog

New csf v4.34

Changes:

  • Added code to Process Tracking to translate non-printable characters to especially help detect and report deleted executable file processes
  • WARNING: Removed hard-coded exceptions for spamd, cpanellogd, cpdavd and awstats.pl from lfd.pl. If you want to ignore such processes for Process Tracking, you will need to add appropriate ignore rules to csf.pignore for them

New csf v4.33

Changes:

  • Disable ST_LOOKUP by default on new installations
  • Modified lfd stats performance when ST_LOOKUP is enabled and added a warning for this setting to csf.conf for when DROP_IP_LOGGING is enabled

New csf v4.32

Changes:

  • Modified the su tracking regex to better trap RHE/CentOS v5 su login attempts
  • Added a Server Check for “FTP Logins with Root Password”
  • Added new WHM UI option to display Last X iptables Log Lines. Note that the report will only display log lines since this update. The new statistics will be expanded in future developments. Added new ST_* options to the cPanel csf.conf to control the recording of stats
  • Removed fwlogwatch from distro and will use self-produced reports

New RootKit Hunter v1.3.4

Rootkit Hunter announces release 1.3.4The change log lists 4 additions, 8 changes and 9 bugfixes.Naming a few:- Added IntoXonia-NG rootkit check.- Added Phalanx2 rootkit check.- Added support for TCB shadow files.- The ‘–propupd’ option can now take an optional file, directory or package name after it.- Revised file properties inode check.- Tests against the SSH configuration file now accept the key/value pair.- Improved the O/S name detection.- The Linux ‘os_specific’ test has now been split into two separate tests.- Improved ALLOWPROCDELFILE configuration option.- Improved hidden files and directories check.- The DBDIR directory can now be read-only, after installation.- Improved debug file option.- The system startup file and directory tests have now been merged.

New csf v4.31

Changes:

  • Added warning for those that enable PT_USERKILL in csf.conf – i.e. It is not a good idea to use that option
  • Modified PT_USERKILL to not kill (deleted) processes (these should be restarted manually after investigation) as per the documentation

New csf v4.30

Changes:

  • If you add the text “do not delete” to the comments of an entry in csf.deny then DENY_IP_LIMIT will ignore those entries and not remove them. Updated csf.deny information text for new installations
  • Made the (deleted) process text even more explicit for those that are not reading csf.conf or the FAQ for their explanation
  • Updated DSHIELD information URL in csf.conf
  • Added new feature – csf.rignore is an ignore file that lists domains and partial domains that lfd should ignore. Read /etc/csf/csf.rignore for more information. Note that .cpanel.net is always added on cPanel csf installations
  • Option GOOGLEBOT removed. This feature is now performed using csf.rignore. If GOOGLEBOT was previously enabled it will be added to csf.rignore

New csf v4.29

Changes:

  • Added Slackware support (tested on v12.2.0)
  • Added Fedora v10 support
  • Added new option GOOGLEBOT – Prevent *.googlebot.com from being blocked by lfd. See csf.conf for more information
  • Modified .cpanel.net check to use the same host lookup procedure as GOOGLEBOT to prevent domain spoofing
  • Added csf version from/to to output from csf –update when upgrading