General

New csf v6.32

Changes:

  • Applied UI changes to inbuilt cse and Reseller UI’s
  • Improvements to Virtuozzo/OpenVZ system detection where /proc/vz/veinfo does not exist
  • Added System Check on cPanel servers for disable-security-tokens
  • If /etc/csuibuttondisable exists then the UI buttons will revert for those that cannot cope with the themed ones

 

New cxs v3.08

Changes:

 

  • Implemented new cxswatch log tail code
  • UI display changes
  • Exploit fingerprint definitions database additions

 

New csf v6.31

Changes:

  • Fixed “Deny Server IPs” option in UI
  • Additional SSHD regex
  • Enable account tracking for LF_CPANEL login failures to allow for LF_DISTATTACK detection
  • Ignore Server Check for register_globals for PHP v5.4+
  • Added new option UI_SSL_VERSION, to allow the setting of the SSL protocol version that the UI server allows
  • Added window Detach option to UI search system logs
  • UI display changes
  • Fixed files permissions issue affecting System Graphs and lfd Graphs in DA

 

New csf v6.30

Changes:

  • Prevent HTML rendering of watch and search system log file output

 

New csf v6.29

Changes:

  • Removed CLUSTER_PORT from sanity checking
  • Modified changelog to state that HTACCESS_LOG needs to be correct for nginx LF_HTACCESS regexes
  • Added new UI option to watch (tail) system log files listed in /etc/csf/csf.syslogs
  • Added new UI option to search (grep) system log files listed in /etc/csf/csf.syslogs
  • Improvements to “View iptables Log” output in UI
  • Enable “SSL_honor_cipher_order” for UI IO::Socket::SSL sessions

 

New csf v6.28

Changes:

  • Fixed sanity check for UID_INTERVAL

New csf v6.27

Changes:

  • Modified Apache regexes for Apache v2.4+
  • Fixed UI configurable lines display for lfd.log
  • Fixed length display text for CLUSTER_KEY in csf.conf
  • Ignore suspendedpage.cgi triggers for LF_SYMLINK on cPanel servers
  • Updated sanity checks and ranges for csf.conf settings
  • Added RESTRICT_UI to Server Check recommended options
  • Modified Virtuozzo/OpenVZ FTP port check to verify kernel version before issuing PASV port warning
  • Added new setting PS_DIVERSITY. To specify how many different ports qualifies as a Port Scan you can increase this value. The risk in doing so will mean that persistent attempts to attack a specific closed port will not be detected and blocked. The setting defaults to the original setting of 1
  • Added 3 LF_HTACCESS regexes for nginx. Remember to set MODSEC_LOG correctly for the location of the nginx error log

New cxs v3.07

Changes:

  • Allow (limited) scans via UI in restricted mode
  • Added Change Time (–ctime [hours]) option to UI
  • If –quarantine has been disabled, ensure all reports contain a warning message with explanation

 

New cxs v3.06

Changes:

  • Fixed bug with broken –cgi option (cxscgi.sh) from v3.05
  • Fixed UI configurable lines display for cxswatch.log
  • Remove immutable and append-only flags from files when moving files to quarantine or deleting
  • Fixed supplied test/test.php for newer PHP versions

New cxs v3.05

Changes:

  • Added /etc, /sys and /proc to directories requiring –force to be used when scanning
  • Added additional checks that any specified quarantine directory is valid
  • Added new option –ctime [hours]. If you run regular full system scans then you can use –ctime [hours] to only scan files changed in the intervening hours. This can speed up scan times dramatically
  • Apply hfile:, hdir: and hsym: ignores to FTP upload scanning
  • Exploit fingerprint definitions database additions