General

New cxs v2.06

Changes:

  • Fixed bug in application type detection introduced in v2.04 which restricted script specific regex detection from working correctly
  • Exploit fingerprint definitions database additions

New csf v5.21

Changes:

  • Added port 500 to DROP_NOLOG for new installations
  • Corrected the LF_APACHE_404 lfd log line output
  • Added startup failure on invalid PORTFLOOD settings
  • Make csf.pignore item selector case-insensitive (e.g. exe: and EXE: )
  • All user: item selector examples removed from the default csf.pignore for all new installations (e.g. user:mailman). csf.pignore examples for some common processes can be found here:http://forum.configserver.com/viewtopic.php?f=6&t=2059
  • Updated DA and GENERIC default csf.pignore files for new installations
  • csf UI Firewall Configuration virtual pagination improvements
  • Updated Sanity checks for settings in csf.conf
  • Modified Sanity checks for settings in csf.conf to always show the recommended range in the UI
  • Set LF_GLOBAL to 0 instead of an empty string by default on new installations
  • Added new option LF_LOOKUPS to toggle rDNS IP address lookups

New cxs v2.04

Changes:

  • Added Quarantine UI option to block FTP IP addresses in csf
  • Fixed Quarantine UI display problems
  • Added option –tscripts [list] which is a comma separated list of scripts that –options [T] will detect if you want to restrict which types are checked
  • Exploit fingerprint definitions database additions

New csf v5.20

  • Updated installation scripts to distinguish between IPv4 and IPv6 port report
  • Modified Virtuozzo VPS numiptent check to distinguish between host and client servers
  • Added exe:/usr/sbin/ntpd to csf.pignore on new installations
  • Don’t perform the runlevel check on Debian/Ubuntu servers as it isn’t indicative of a potential security issue as with other Linux distros
  • Added new option PT_DELETED_ACTION which if defined with an executable script will run if PT_DELETED is triggered passing the process PID, executable and account. An example script is provided in: /etc/csf/pt_deleted_action.pl
  • If CC_LOOKUPS enable for the MaxMind City Database then also display the Region, where available
  • Added csf UI Firewall Configuration virtual pagination
  • Rearranged csf.conf for csf UI Firewall Configuration virtual pagination
  • Re-instated sanity check highlights in csf UI Firewall Configuration
  • Improved Server Check recursion checking in included configuration files
  • Added new options LF_APACHE_404 and LF_APACHE_404_PERM. This option will keep track of the number of “File does not exist” errors in HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL seconds then the IP address will be blocked. See csf.conf for more information

New cxs v2.03

Changes:

  • Improvements to –decode [file] – don’t process ignore file
  • Speedups for –options [D]
  • Speedups for cxs Watch daemon startup
  • Fixes to cxs Watch daemon when processing new and –Wadd [file] directories where –ignore [file] and –filemax [num] were not applied
  • Improvements to hdir, hfile and hsym processing for –ignore [file]
  • Adjustments to –Wloglevel [num]
  • Improvements to FTP IP detection

New cxs v2.02

Changes:

  • Fixed bugs in –decode [file] output report and improved content of the report
  • Exploit fingerprint definitions database additions

New cxs v2.01

Changes:

  • Modified –decode [file] and –options [D] to drop privileges to the “nobody” user while running the interactive php interpreter and on the ownership of the decoded file while processing it

New cxs v2.00

Changes:

  • Added new scanning option: cxs Watch. This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods. This new feature requires:

New cxs v1.57

Changes:

  • Fixed html problem viewing Quarantine via the UI in FF4

New cxs v1.56

Changes:

  • Reinstated the Scan Report header for the –all option lost in v1.55
  • Added new option –www to only scan within the public_html/ directory when using –allusers or –user [user]
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions