Server Software and Configuration Services
New cxs v4.10
Changes:
- Check file size against –sizemax [size] when using –wttw to ensure ignored files are not being submitted incorrectly
- Exploit fingerprint definitions database additions
General
New csf v6.40
Changes:
- Fix for LF_INTEGRITY which was non-functional after changes in v6.38
New cxs v4.09
Changes:
- UI Fixes and updates
- Fixed issue with default perl binary on non-cPanel servers
- Use raw UI plugin on DA servers when generating cxs commands/scans to overcome buffering issues
- Exploit fingerprint definitions database additions
New cxs v4.08
Changes:
- Removed redundant v3 quarantine code
- Removed displaying “i” during scan if file ignored as it is not particularly helpful
- Updates to Piwik and ownCloud version detection
- Form design elements added
- Change to –sizemax [bytes] behaviour. In the past a file > [bytes] in size was ignored, now the file will be scanned but only the initial [bytes] of the file will be scanned
- Added decoding of octal as well as hex encoded characters for PHP scripts
- Exploit fingerprint definitions database additions
New csf v6.39
Changes:
- Added error output from IO::Socket::INET for CLUSTER_* commands from csf if present
- UI HTML fixes and form design elements added
- Improved error report for invalid csf.conf lines
- Removed Server Check tmp mountpoint checks
WARNING: Do not upgrade to CentOS v6 kernel 2.6.32-431.1.2.el6.x86_64
WARNING: Do not upgrade to CentOS v6 kernel 2.6.32-431.1.2.el6.x86_64
It can render your server unbootable:
http://bugs.centos.org/view.php?id=6831
I had to rescue several servers within a few minutes this morning. You need to reboot from the previously installed kernel via the console and modify your boot loader not to use this new kernel and wait for a replacement from CentOS. Nasty.
New csf v6.38
Changes:
- Parameterise calls to system and Open3 where possible
- HTTP::Tiny upgraded to v0.039
- Modifications to csftest.pl
- Removed the UI “Pre-configured settings for Low, Medium or High” as they are outdated and meaningless. Users should go through the csf configuration and setup the firewall for their individual server needs
- Translate ampersand for HTML output
- Modified csf.blocklist for new installations to use the SSL URL for the TOR exit list now that they have forced redirection from the non-SSL URL, with a note to change URLGET to use LWP
- Modified csf.blocklist for new installations to specify an alternative TOR exit node list
New cxs v4.07
Changes:
- Display “i” during scan if file ignored due to sizemax [bytes] being exceeded
- HTTP::Tiny upgraded to v0.039
- Translate ampersand for HTML output
- Fixed cxs UI not adding files to the ignore file after using the Ignore link
- Additional checks for ignore, xtra and new detections updates for cxs watch daemon to reload the relevant files if necessary
- Exploit fingerprint definitions database additions
New cxs v4.06
Changes:
- Parameterise all calls to system() and Open3()
- Only list viewable files in UI “Other Files” option
- Fixed issue with ignoring user: and puser: with web scanning
- Added new –ignore [file] option ip: – ignore IP address for web and ftp uploads. This may or may not have any impact on performance with ftp uploads as the IP address will need to be established from the message log for each file
- Removed DNS lookup on FTP IP addresses to improve performance
- Exploit fingerprint definitions database additions
New cxs v4.05
Changes:
- Fixed POD display in UI