General

New csf v7.02

Changes:

  • Make auto.pl scripts more resilient to avoid leaving an incomplete configuration file after upgrades
  • Improved output errors if FASTSTART fails
  • Ensure UNZIP binary exists before attempting to process GeoLite CSV Country database
  • Corrected FASTSTART description in Server Report check
  • Modified auto.pl to not automatically enable IPV6 on Virtuozzo/OpenVZ
  • Report all errors after csf starts in case they were missed in the main output

 

ClamAV 0.98.2 (withdrawn)

ClamAV have rather unceremoniously yanked their last update and deleted their blog posts and changelog for it. We’ve downgraded our installer to the previous version. People should probably downgrade back to 0.98.1 to avoid any issues.

New csf v7.01

Changes:

  • Fixed issue with FASTSTART and DROP_PF_LOGGING

 

New csf v7.00

Changes:

  • New feature SMTPAUTH_RESTRICT – This option will only allow SMTP AUTH to be advertised to the IP addresses listed in /etc/csf/csf.smtpauth on EXIM mail servers. The additional option CC_ALLOW_SMTPAUTH can be used with this option to additionally restrict access to specific countries. See csf.conf and readme.txt for more information
  • New FASTSTART procedures in csf and lfd to centralise functions and add error reporting
  • FASTSTART added to GLOBAL_ALLOW, GLOBAL_DENY, GLOBAL_DYNDNS, csf.deny, csf.allow, Port Settings, PACKET_FILTER, DROP_NOLOG, SMTP Block, DNS
  • Remove duplicate IP addresses from individual blocklists
  • Remove duplicate IP addresses (not CIDRs) across blocklists as they are newly retrieved
  • Ensure /usr/local/bandmin/bandminstart exists and is executable on cPanel servers before using it
  • Removed MySQL version check as it is currently redundant from Server Report
  • Improve Net::CIDR::Lite use integrity to prevent unnecessary lfd failures
  • Ensure GeoIPCountryWhois.csv is removed before processing a new d/b download
  • Add /etc/csf/csf.smtpauth to UI if SMTPAUTH_RESTRICT is enabled
  • Fixed issue with IPv6 generation of SMTP_ALLOWUSER rules

 

New csf v6.48

Changes:

  • Fixed csf –ta/d not accepting comma separated port list
  • Modified csf -t multi-port reporting
  • Modified csf UI to support specifying port list in temporary allow/deny
  • Modified integrated UI call to perform separate calls to IO::Socket::SSL to use the appropriate AF_INET(6) call depending on the setting for IPV6
  • Updates to integrated cse UI CSS
  • Added regular expressions for courier-imap, Qmail SMTP AUTH and Postfix SMTP_AUTH for Plesk servers
  • Removed RBN from csf.blocklist for new installs as it is now obsolete
  • Check for an apply correct permissions on /var/lib/csf and /usr/local/csf in addition to /etc/csf

 

New cxs v4.19

Changes:

  • Additions to main decoder regex
  • Modified option –template [file]. You can now use this to email the end user when performing –allusers and –user [user] scans. See the cxs Documentation for –template [file] for more information
  • Output improvements to –qview [file] and more information provided in the POD
  • Exploit fingerprint definitions database additions

 

New csf v6.47

Changes:

  • Overhaul of Apache regexes to cater for Apache v2.4 formats
  • Fail with an appropriate error if attempting to use an IPv6 address but IPV6 is not enabled
  • Fix to OUTPUT chain final packet failure still logging to LOGDROPOUT when DROP_OUT_LOGGING is disabled
  • Strip leading and trailing spaces from form IP in csf UI
  • DROP_OUT_LOGGING is now enabled by default on new installations
  • ST_ENABLE is now enabled by default on new installations
  • CC_IGNORE rewritten to use CC_LOOKUPS data to ignore countries. This provides a more consistent approach and quicker lookups with reduced memory footprint. CC_LOOKUPS must now be enabled to use CC_IGNORE