Server Software and Configuration Services
Changes:
– Fixed a problem where compressed file depth was not being reset between files causing subsequent compressed files to be skipped from scanning
– Fixed problem where multi-depth compressed files were not being identified by their original filename correctly
– Added compressed file depth to output when matches found
Changes:
– Added PNG and JPEG filetypes for hidden script scanning
– Fixed an issue where cxs was sometimes leaving temporary files in /tmp after compressed file expansion
Changes:
– Removed some of the command locking as it was causing lfd hangs
Changes:
– cxs will now treat .htaccess files as script files and fingerprints have been added for common exploits
– Added more information about existing csf anf cxs integration options (i.e. UI, ModSecurity, pure-ftpd)
– Added information that restores from quarantine must be done through the UI
– Exploit fingerprint definitions database additions
Changes:
– Implemented a locking and retry system to try to mitigate an iptables bug when issuing concurrent iptables commands
Changes:
– Added ModSecurity connection dropping to the LF_MODSEC regex
– Added new option – ETH6_DEVICE. By adding a device to this option, ip6tables can be configured only on the specified device. Otherwise, ETH_DEVICE and then the default setting will be used
– Added new option – LF_SCRIPT_ACTION. On cPanel servers, this can contain the path to a script that is run whenever LF_SCRIPT_ALERT is triggered
– Fixed stats graph average calculation and display if average equals 0
– Split Slow MySQL Queries stats graphs from MySQL Queries
– Improvements to Apache CPU Usage stats graphs
Changes:
– Improvements to cxs Watch daemon ignore/xtra and new update reloading without restart
– Switched to using Sys::Hostname in cxs Watch daemon
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions
Changes:
– On Debian systems, check for my.cnf in /etc/mysql/my.cnf in Server Check
– Add missing/changed images in the DA/Webmin installs. For webmin, the csf webmin module will need to be reinstalled
– Another fix for LF_NETBLOCK to skip IPv6 addresses
– Fixed csf –tempallow where -d [direction] was performing inout when in requested
– Fixed UI option “Edit the Log Scanner file (csf.logfiles)” which was incorrectly overwriting csf.dyndns instead of writing to csf.logfiles
– Changed ETH_DEVICE_SKIP device check from a failure to a warning
– Skip checks for register_globals and suhosin if running PHP v5.4.* in Server Check report
Changes:
– Switched to using Sys::Hostname to determine hostname as CloudLinux restricts access to /proc/sys/kernel/hostname for some reason
Changes:
– Modified POD and UI to show full rather than abbreviated commands
– Added new option –template [file]. When using –mail [email] a standard email format is used. To customise this format an email template file can be used instead. You can now use this to email the Linux owner of the affected script under certain circumstances. See the cxs Documentation for more information
– Added new advanced PHP decoder for –decode ([D])
– Improvements to advanced PHP decoders to –decode ([D])
– Fixed PHP decoder issue that could restrict decoder depth under certain circumstances
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions