General

New cxs v1.28

Changes:

  • If ftp is disabled in cPanel do not start pure-uploadscript
  • New –options [E]. This option will match scripts that send out email using sendmail, exim or via SMTP. This option requires that –options [m] is also specified
  • Improvement to –decode [file] variable detection
  • Improvements to various eval() regex matches
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.07

Changes:

  • Fixed bug introduced in v5.04 that omitted two outgoing DNS lookup rules that could affect servers where iptables connection tracking isn’t working correctly

New csf v5.06

Changes:

  • Increased PT_USERMEM default to 200 from 100 for new installations
  • Fixed bug introduced in 5.04 when checking the GLOBAL_ALLOW list for report generation in lfd which caused lfd to fail in Net::CIDR::Lite

New csf v5.05

Changes:

  • Updated the Server Check report IPv6 text
  • Fixed ip6tables command execution in iptables firewall during startup

New

New csf v5.04

Changes:

  • Added BETA IPv6 support. See csf.conf for more information on the new settings: IPV6 IP6TABLES IPV6_ICMP_STRICT IPV6_SPI TCP6_IN TCP6_OUT UDP6_IN UDP6_OUT
  • New CLI option csf –status6 (csf -l6) added to list ip6tables rules
  • Changed temporary DENY and ACCEPT working file formats to use a different record separator to cater for future IPv6 support
  • Advanced Allow/Deny Filters now use | as the separator character to cope with IPv6 addresses. Legacy support remains for the old : separator for IPv4 addresses, though these should also now use | as the field separator
  • In Server Check report, don’t issue IPv6 warning if only ::1/128 is bound to a NIC (i.e. loopback)
  • Upgraded Net::CIDR::Lite to v0.21
  • Upgraded from IP::Countries to Geography::Countries

New cxs v1.27

Changes:

  • Fixed issue introduced in v1.26 that prevented ignoring of hdir and hfile options in an ignore file

New cxs v1.26

Changes:

  • Skip processing a home directory of / whe using –all
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New

csf on Ubuntu 10.04 LTS

We have tested and confirmed functionality of csf on the latest Ubuntu 10.04 LTS.

New csf v5.03

Changes:

  • Added new option LF_DISTATTACK_UNIQ so that you can specify how many unique IP addresses are required to trigger LF_DISTATTACK
  • Added new options LF_DISTFTP, LF_DISTFTP_UNIQ and LF_DISTFTP_PERM. This option will keep track of successful FTP logins. If the number of successful logins to an individual account is at least LF_DISTFTP in LF_INTERVAL from at least LF_DISTFTP_UNIQ IP addresses, then all of the IP addresses will be blocked. This option can help mitigate the common FTP account compromise attacks that use a distributed network of zombies to deface websites
  • Changed DA default configuration of FTPD_LOG to “/var/log/secure”

New csf v5.02

Changes:

  • Added new options X_ARF, X_ARF_FROM and X_ARF_TO which allows sending X_ARF reports (see http://www.x-arf.org/specification.html). See csf.conf for more information
  • Added new options SMTP_ALLOWUSER and SMTP_ALLOWGROUP so that users and groups that can bypass SMTP_BLOCK can be easily added. These default to the original values previously hard-coded
  • Modified SMTP_ALLOWLOCAL to use the loopback device (lo) instead of 127.0.0.1 to cater for multiple loopback devices and allows connection to locally configured IPs as well
  • Modified lfd code to ignore any 127.0.0.0/8 address not just 127.0.0.1
  • Added new option CLUSTER_LOCALADDR to send out cluster requests on an IP other than the default IP
  • Added lfd check to enforce 0600 permissions on /etc/csf/