Server Software and Configuration Services
Changes: – Modified csf error routine to store failing error in csf.error and display an instructional message – Check for libkeyutils-1.2.so.2 in LF_EXPLOIT option SSHDSPAM – Modified the Server Report proxysubdomains check on cPanel servers – Added new options CC_DENY_PORTS,…
Changes: – Modified mailwatch to cater for new binary locations in cPanel v11.36+ – Reinstall Razor2::Client::Agent if running cPanel v11.36+ and not installed in the new perl /opt location – Removed long defunct “Update SpamAssasin Rule Descriptions” link from mailwatch
Changes: – Due to issues that some are experiencing with the switch from the state to the conntrack module a new settings has been added USE_CONNTRACK which is disabled by default except on servers running kernel 3.7+ where on new…
Changes: – Add an exception for the useless Virtuozzo kernels iptables implementation so that csf uses the deprecated state module instead of conntrack
Changes: – Only add the /128 IPv6 bound address per NIC instead of the whole /64 to the local IPv6 addresses – Modify SSHD and SU regexes to allow for empty hostname field in log file – Added new option…
There's a quickly spreading root compromise that everyone should check for that latches onto the sshd daemon. See the following threads for details on detecting the compromise: At the very least check for the existense of libkeyutils.so.1.9 As…
Changes: – Modified mailbox actions to use dropped process priveleges to user instead of using “su” to avoid issues on systems using CageFS
Changes: – Fixed issue with single quotes appearing in CC lookup names leading to lfd IP blocks to fail
Changes: – Additional entries in csf.pignore for the cPanel installation to cater for v11.36 processes on new installations – Added workaround for cPanel check in Server Report for changes in v11.36 – Additional entries in csf.logignore on new installations…