General

Changes:

– Modified upgrade warning for integrated UI to not use the DA warning text
– Validate local IP addresses
– Only check local IPv6 addresses if IPV6 is enabled in config
– Separate IPv4 from IPv6 ignore CIDRs due to Net::CIDR::Lite restrictions
– Improvements to ignore files IP address validation
– Add server check for PHP v5.2.* to the obsolete/security risk list
– Add server check for RedHat/CentOS v4.* and Fedora < v15 to the obsolete/security risk list - Removed server checks for RLimitMEM/RLimitCPU

Changes:

– Only log Log Scanner in lfd.log if DEBUG set to 2 to allow empty reports if monitoring lfd.log
– Added new option LF_BOGON_SKIP. If you don't want BOGON rules applied to specific NICs, then list them in a comma separated list
– Added new option LF_CONSOLE_EMAIL_ALERT which will send an email if there is a root login to the server console. This is enabled by default

Changes:

• New feature – Log Scanner. This feature will send out an email summary of the log lines of each log listed in /etc/csf/csf.logfiles. All lines will be reported unless they match a regular expression in /etc/csf/csf.logignore
• Set LWP::UserAgent agent to “csf/[version]” instead of the default

Changes:

• csf and lfd modified to better handle !lo interface for compatibility with newer iptables versions
• Removed use of Sys::Hostname::Long
• Added new options LF_APACHE_403 and LF_APACHE_403_PERM. This option will keep track of the number of “client denied by server configuration” errors in HTACCESS_LOG. If the number of hits is more than LF_APACHE_403 in LF_INTERVAL seconds then the IP address will be blocked. See csf.conf for more information

SECURITY FIX. Anyone running csf on a DirectAdmin server should upgrade to this release immediately:Changes:

• Add check for successful open of admin.list on DA servers to avoid a segfault, which could lead to a buffer overflow

This is in response to http://www.exploit-db.com/exploits/18225/This issue is apparent on DirectAdmin servers only where this C wrapper is used.