Server Software and Configuration Services
Changes:
– Moved suspicious script location detection to its own option within: –options [u], –doptions [u], –voptions [u] and –qoptions [u] The option is included in the default setting for –options [options]. If you specify a list in any of these options and want to include this in them, then you need to add [u] to the list of options
– Separate dangerous quarantine options in the UI
Changes:
– New feature: cxs watch daemon Symlink attack detection. This option will try and detect a symlink attack against the server. If –Wsymlinkmax [num] symlinks are created with one directory within –Wsymlinksec [secs] seconds then –Wsymlink [script] will be run. An example is provided for this script in /etc/cxs/symlinkdisable.example.pl
– Enable –Wsymlink /etc/cxs/symlinkdisable.example.pl on new installs in /etc/cxs/cxswatch.sh for email notifications
– Detect as suspicious, scripts found within /images/ and /upload(s)/ directories
– Fixed –Wadd [file] not working correctly in cxs watch
– Fixed –www not being adhered to for new users while cxs watch running
– Modified –www location on DA servers to the domains/ subdirectory of users account for cxs watch daemon and single user scans
– Improvements to file ownership detection in cxs watch. If a file is owned by “nobody” cxs will compare user home directories in /etc/passwd to the file location to try and determine a unique owner
– Fixed UI saving default “smtp” setting incorrectly (again)
Changes:
– Fixed issue with crontab line for TESTING option not being detected and removed when TESTING mode is disabled
We have released a new method to force an update of all of our main scripts (on cPanel servers only):
cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:
curl -s configserver.com/free/csupdate | perl
You should take care to read through the output to ensure that all the upgrades have worked as expected.
Changes:
– Updated to use the new cPanel 11.36+ integrated perl binary if exists
– Fixed UI saving default “smtp” setting incorrectly
– Modified –www location on DA servers to the domains/ subdirectory of users account as public_html/ is ignored as it is a symlink
Changes:
– Added missing DD setting in DA and generic installations for ST_DISKW
– Modified IPv6 port settings to reflect IPv4 port settings for new installs in csf.conf
– If a deleted executable process is detected and reported then do not further report children of the parent (or the parent itself if a child triggered the report) if the parent is also a deleted executable process
– Parent PID added to PT_DELETED_ACTION parameters
– In the Server Report allow for spaces before Apache directives
– Updated instructions for modifying log_selector for exim configurations in readme.txt and Server Report
– Modify DD calculation for ST_DISKW for disks that report in GB/s
– Updated to use the new cPanel 11.36+ integrated perl binary if exists
Changes:
– Added new advanced PHP decoder
– Impovements to detection of PHP script file type
– Added new functionality to –xtra [file] to force quarantine of a file with a matching regex if using –quarantine[dir]. See documentation or the latest /etc/cxs/cxs.xtra.example for information
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions
Changes:
– Fixed a false-positive with the main .htaccess regex
– Fixed UI not correctly saving –MD5 to cxs.defaults if set
– Fixed issue with temp file cleanup not reinitialising between scans
Changes in v2.80:
– Add scan type to Quarantine output for each entry
– Added timezone offset to cxs –mail emails
– Improvements to the main decoder regex
– Improvements to advanced PHP decoders to –decode ([D])
– Exploit fingerprint definitions database additions
Changes in v2.79:
– Improved settings initialisation when scanning multiple files
– Added xtra supplied md5sum values to the report to help with match identification
– Removed the instructions for installing unofficial ClamAV databases as we don't support them
Changes:
– Improvements to various advanced PHP decoders
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions