Chirpy

Chirpy

  • Joined: 25th June 2013
  • Articles: 1507

New cmm v1.08

Changes: Dramatically reduced memory overhead of listing mail directories by only reading the first 200 lines of any email. Also speeds up directory listing greatly Display only the first 1000 lines of any email to reduce memory overhead and speed…

New csf v3.15

Changes: Auto-whitelist all DNS traffic to/from IPs in Modified csf.conf text for new installations to account for auto-configuration of ETH_DEV which has been the case for some time:# By default, csf will auto-configure iptables to filter all traffic except…

New csf v3.14

Changes: Added new format for cPanel (v11.18.3) login failures to regex.pm Added exe:/usr/libexec/gam_server to the default list of ignored binaries Fixed problem with SCRIPT_ALERT not picking up alternative /home directories from wwwacct.conf

New csf v3.13

Changes: Added new option DENY_TEMP_IP_LIMIT which limits the number of IP bans held in the temporary IP ban list to prevent iptables flooding. If the limit is reached, the oldest bans will be removed/allowed by lfd on the next unblock…

New csf v3.12

Changes: Added SMTP AUTH failure regex for Kerio MailServers Fixed an issue where a permanent Port Scanning alert would report as a temporary block, eventhough a permanent block was performed Added regex for failed SSH key authentication logins (thanks to…

New RootKit Hunter v1.3.2

The Rootkit Hunter project team announces release 1.3.2.The changelog lists 3 additions, 6 changes and 14 bugfixes. Naming a few:- Socklog and rsyslog daemons support.- IRIX/IRIX64 support.- Application version check errors mostly ignored.- Unset ALLOW_SSH_ROOT_USER and ALLOW_SSH_PROT_V1.- Application check whitelisting.-…

New csf v3.11

Changes: Use /proc for Process Tracking instead of ps output incase of exploited system binaries and to better determine resource usage of each process

RedHat v5 Kernel Release

Looks like there is very important kernel upgrade that you should perform if you’re running RHEv5 (and presumably CentOSv5 when it’s released) which allows non-priv root escalation: