General

New cxs v5.05

Changes:

  • Updated installer to fix generic installs on some Redhat/CentOS setups
  • Fixed issue with fingerprint database and a corrupt regex
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v7.15

Changes:

  • Updated installer to fix generic installs on some Redhat/CentOS setups
  • Fixed issue with temporary allow/deny not applying individual port rules for outgoing connections

 

New cxs v5.04

Changes:

  • Improvements to .htaccess fingerprint P0216 -> P0767
  • Modify installer to always perform an update on installation to ensure the latest definitions are always available
  • cxswatch will now scan a directories permissions if any of its attributes are changed and –options [w] and/or –options [W] is enabled
  • Updated scripts to use download.configserver.com
  • Exploit fingerprint definitions database additions

 

Problems downloading from new site?

If you are having any problems downloading from our new download site, which also hosts the latest text version numbers and changelogs, then be sure to allow access to the current IP address for download.configserver.com (currently: 85.10.199.177) through your firewall.

New csf v7.14

Changes:

  • Updated scripts to use download.configserver.com

New csf v7.13

Changes:

  • Fixed issue with temporary allow/deny when issued through the UI

New csf v7.12

Changes:

  • Reverted PACKET_FILTER rule changes
  • OPEN added as an option to PS_PORTS so that TCP_IN and UDP_IN ports will be ignored by Port Scan Tracking by default, but can be added if desired

 

New csf v7.11

Changes:

  • DROP_PF_LOGGING disabled by default on new installs as enabling by default will just cause confusion

 

New csf v7.10

Changes:

  • Removed debugging code from Port Scan Tracking

 

New csf v7.09

Changes:

  • Set scripts (.pl,.cgi,.php,.sh,.py) in /etc/csf/ to chmod 700
  • Simplified PACKET_FILTER rules for dropping INVALID connection tracking states. This feature now only applies a single rule for incoming INVALID packets
  • DROP_PF_LOGGING enabled by default on new installs
  • INVALID added as an option to PS_PORTS so that PACKET_FILTER logs will be ignored by Port Scan Tracking by default, but can be added if desired
  • Modified ST_ENABLE locking
  • Regex updates to cater for Plesk 12 – thanks to Marcel Evenson
  • Fixed issue with temporary allow/deny comment not being parsed correctly when port * specified