General

New cxs v1.30

Changes:

  • Added new option –script [script] which runs an external script whenever a match is detected against a file. See documentation for more information
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.29

Changes:

  • Significant improvements to –decode [file]
  • Increased LWP timeout to cater for servers with slow connections to the license server
  • Added total Viruses and Fingerprint Matches to the –mail Subject
  • Added total Fingerprint Matches to the –summary
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

rsyslog v3+ and kernel logging

If you are running the version 3+ of rsyslog then you may not be logging iptables kernel logs.This will prevent investigation of iptables block issues and the csf Port Scan Tracking feature.You need to check /etc/rsyslog.conf and ensure that the following line appears near the top of the configuration file:$ModLoad imklogIf you have added that line, then you must then restart rsyslogd:service rsyslog restart

New csf v5.08

Changes:

  • New option CLUSTER_MASTER which is the IP of the master node in a cluster allowed to send CLUSTER_CONFIG changes. This must be set in order to use CLUSTER_CONFIG options
  • Added new Cluster CLI option –cfile (-cf) for sending a file to cluster members. The file will only be uploaded to the /etc/csf/ directory
  • Added new Cluster CLI option –crestart (-crs) to initiate a restart of csf and lfd on all cluster members
  • Removed CLI option -ccr, –cconfigr [name] [value] in favour of the new –crs, –crestart option
  • Modified regular expressions to cater for RFC3339 date format in log files. For example, RFC3339 date format used by default in rsyslog on CentOS v5.5

New cxs v1.28

Changes:

  • If ftp is disabled in cPanel do not start pure-uploadscript
  • New –options [E]. This option will match scripts that send out email using sendmail, exim or via SMTP. This option requires that –options [m] is also specified
  • Improvement to –decode [file] variable detection
  • Improvements to various eval() regex matches
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.07

Changes:

  • Fixed bug introduced in v5.04 that omitted two outgoing DNS lookup rules that could affect servers where iptables connection tracking isn’t working correctly

New csf v5.06

Changes:

  • Increased PT_USERMEM default to 200 from 100 for new installations
  • Fixed bug introduced in 5.04 when checking the GLOBAL_ALLOW list for report generation in lfd which caused lfd to fail in Net::CIDR::Lite

New csf v5.05

Changes:

  • Updated the Server Check report IPv6 text
  • Fixed ip6tables command execution in iptables firewall during startup

New

New csf v5.04

Changes:

  • Added BETA IPv6 support. See csf.conf for more information on the new settings: IPV6 IP6TABLES IPV6_ICMP_STRICT IPV6_SPI TCP6_IN TCP6_OUT UDP6_IN UDP6_OUT
  • New CLI option csf –status6 (csf -l6) added to list ip6tables rules
  • Changed temporary DENY and ACCEPT working file formats to use a different record separator to cater for future IPv6 support
  • Advanced Allow/Deny Filters now use | as the separator character to cope with IPv6 addresses. Legacy support remains for the old : separator for IPv4 addresses, though these should also now use | as the field separator
  • In Server Check report, don’t issue IPv6 warning if only ::1/128 is bound to a NIC (i.e. loopback)
  • Upgraded Net::CIDR::Lite to v0.21
  • Upgraded from IP::Countries to Geography::Countries

New cxs v1.27

Changes:

  • Fixed issue introduced in v1.26 that prevented ignoring of hdir and hfile options in an ignore file