General

New cxs v1.38

Changes:

  • Improvements to –decode ([D]) option
  • Added [D] option to UI
  • Fixed typo in UI
  • More detailed message for when –filemax reached in a directory
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.37

Changes:

  • Fixed bug in –options [D] when running under a non-root account
  • Modified –script [script] execution to prevent stray output from [script] when –quiet used
  • Added retry timeout in WHM UI for checking www.configserver.com for new version information (to avoid repeated hangs when unreachable)
  • Included additional instructions in install.txt to install additional unofficial ClamAV databases from Sanesecurity
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.36

Changes:

  • Significant Improvements to –decode ([D]) option
  • Added verbose switch to example cPanel Account Suspend perl script
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.35

Changes:

  • Optimised fingerprint definitions database
  • Removed fingerprint definitions database false-positive

New cxs v1.34

Changes:

  • Fixed licensing issue with v1.33

New cxs v1.33

Changes:

  • Updated example cPanel Account Suspend perl script to be verbose
  • cxs startup speedups
  • Add support to –script to pass the username when using –user [user]
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.10

Changes:

  • Always report UID:GID of a DIRWATCH file incase the user account owning a reported file no longer exists
  • Report error gracefully on CIDR->add failures and continue
  • Added “query (cache)” check to BIND flooding regex
  • Fix issue with killing Advanced Port blocks using the pipe separator
  • Update warning messages to include xt_owner with ipt_owner
  • Replace URL in Server Check for instructions on disabling IPv6
  • Fixed a bug in LF_CPANEL_ALERT ip address tracking
  • Added new option LF_CPANEL_ALERT_USERS to be used with LF_CPANEL_ALERT to alert for a specified list of WHM/cPanel account logins. See csf.conf for more information
  • Added new feature: Port Knocking. See csf.conf and readme.txt for more information on the PORTKNOCKING, PORTKNOCKING_LOG and PORTKNOCKING_ALERT options
  • Added new UI option: Quick Ignore, for IP addresses

New cxs v1.32

Changes:

  • Include an example cPanel Account Suspend perl script for use with –script /etc/cxs/cpanelsuspend.pl
  • Exploit fingerprint definitions database additions

New cxs v1.31

Changes:

  • Always exit if ftp/cgi user is listed in a specified ignore file
  • Disable pure-uploadscript if /etc/cxs/ftpddisable exists (in addition to /etc/ftpddisable)
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.09

Changes:

  • Added Server Check report check that klogd is running if using syslogd or that klog module is loaded if running rsyslogd
  • Added Server Check report, checks for apache settings: TraceEnable, ServerSignature, ServerTokens and FileETag on cPanel servers
  • Fixed ip6tables IPV6_SPI check warning for older kernels
  • Added instruction to open outgoing TCP6 and UDP6 ports when using an older kernel for ip6tables
  • IPv6 Final (no longer Beta)
  • Added new option LT_SKIPPERMBLOCK. If LF_PERMBLOCK is enabled but you do not want this to apply to LT_POP3D/LT_IMAPD, then enable this option
  • Added new option PT_USER_ACTION. If a PT_* event is triggered, then PT_USER_ACTION will be run in a child process and passed the PID(s) of the process(es)