New csf v8.12

Changes:

  • Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options
  • Fixed GLOBAL_ALLOW and GLOBAL_DENY when LF_IPSET is enabled
  • Fixed GLOBAL_DYNDNS when LF_IPSET and LF_IPV6 are enabled
  • IPSET binary location set to /sbin/ipset for Debian/Ubuntu new installs
  • Additional regex included for vsftp login failures

New csf v8.10

Changes:

  • Fixed issues with new non-RedHat OS installations by reasserting perl module check to the start of the installation process but removing included modules from checks
  • Ports 2079 and 2080 added to TCP_IN for new cPanel installs to allow CalDAV/CardDAV access

New csf v8.09

Changes:

  • Check /sys/module/ipt_recent/parameters/ip_pkt_list_tot or /sys/module/xt_recent/parameters/ip_pkt_list_tot if defined to allow higher settings for PORTFLOOD than the default of 20 if configured
  • Added LimitNOFILE to lfd.service on servers using systemd to allow for large numbers of open files
  • Cater for full stops (.) in ethernet device names
  • Moved Perl module checks until after csf installation has completed so that all included modules exist in /usr/local/csf/lib/

New csf v8.08

Changes:

  • Fixed csf.sips modification via UI on Redhat/CentOS v7.1
  • Raised csf.blocklist names from 9 to 25 characters long. This cannot be greater due to limits on ipset names on some OS’s and the use of prepended names for new ipset list swapping
  • Added output from netstat for PT_LOAD to loadalert.txt for new installs. For existing installs, latest file copied to /usr/local/csf/tpl/loadalert.txt.new

New cxs v6.00

Changes:

  • Added new major feature for cxs Watch: –Wmonitor [file] This option allows you to monitor and report on changes to a list of resources in [file]. See cxs POD for more information
  • Added option –Wmonignore [file] to use instead of –ignore [file] for use with –Wmonitor [file]
  • Added IO::Select as a required perl module (a core perl module so should always be present)
  • Improvements to php file detection
  • Improvements to deobfuscation routines
  • Fixed bug in display of atime for some quarantined files
  • Fix BCC header replacement field in email reports
  • Exploit fingerprint definitions database additions

New csf v8.07

Changes:

  • Ensure spaces are stripped from values in /etc/cpanel/ea4/paths.conf on cPanel servers
  • Fixed issue with csf –add [ip] not always removing [ip] if present from csf.deny
  • Modified the LF_QOS regex to cater for additional log formats