General

Changes:

• Fixed issue with csf.conf not being loaded for the Server Check Report
• Removed erroneous chkconfig check from Server Check Report
• Disabled various checks in Server Check Report for non-cPanel servers
• Modified Debian/Ubuntu init entry creation and removal procedure
• Modified Server Check to search for multiple named.conf locations

Changes:

• Bug fix to Exploit Check code
• Fixed problem with iptables logs not being collated if PS_INTERVAL is disabled but ST_ENABLE is enabled
• Fixed potential problem with SMTPRELAY_LOG not being scanned when RT_RELAY_ALERT, RT_AUTHRELAY_ALERT or RT_POPRELAY_ALERT enabled

Changes:

• Upgraded the csf Webmin UI module to the new csf UI and added installation/upgrade instructions to the install.txt for Webmin
• Fixed image locations and javascript in DA and webmin UI
• Updated the uninstall scripts and the uninstall section of install.txt

Changes:

• Reverted lfd signalling on cPanel servers to allow UI restarts of lfd
• Added warning in DA UI to upgrade csf from the root shell due to restrictions in DirectAdmin

NOTE: DA users should upgrade csf to this version from the root shell using “csf -u” and not use the Upgrade button in the UI

Changes:

• Fixed csf –upgrade (csf -u) for DA installations

Changes:

• Added restrictions information regarding the PORTFLOOD setting and ipt_recent to readme.txt (i.e. hit count max is 20)
• Modular development of csf UI
• Added DirectAdmin UI and installation support for csf/lfd
• Added Statistics options (ST_ENABLE, etc) to generic csf installation
• Added SMTP options (SMTP_BLOCK, etc) to generic csf installation
• Removed pre-configured firewall settings through UI for redevelopment as it has become out-dated
• Modify csf UI to signal lfd to start/restart/enable only. A one minute cron job will actually perform the signalled function. The CLI is unaffected and performs the command immediately. This is introduced to overcome fork issues from within an Apache session

Changes:

• Added information about runing external iptables commands using csfpre.sh and/or csfpost.sh to readme.txt
• Added new CLI option csf –addrm (csf -ar) to remove an IP address from csf.allow and delete the associated iptables rules
• Removed the need for the MONOLITHIC_KERNEL option and made modprobe perform silently on csf startup. Added the relevant information regarding some Monolithic kernels and the need for a PASV port range hole to readme.txt
• Added timeout to csf modprobe to avoid startup hanging on buggy kernels

Changes:

• Added workaround for php –info bug in Server Report when checking PHP configuration settings
• Modified LF_INTEGRITY to regenerate the md5sum comparison file immediately after a match is found instead of waitng for the next cycle
• Fixed LF_INTEGRITY aborting if the temporary md5sum file is empty

Changes:

• Updated csf.conf to clarify that LF_PERMBLOCK_COUNT and LF_NETBLOCK_COUNT with act if more than the number of hits are detected, not on the exact number set
• Modified csf WHM UI to use csf -u to upgrade csf when a new version is available
• Added new script /etc/csf/csftest.pl which will test the servers iptables modules for functionality. The tests are for the required iptables modules and the optional modules for the SMTP_BLOCK, PORTFLOOD and MESSENGER features. This adds a useful diagnostic tool for kernel/iptables problems and to check whether the features above will function
• Added csf WHM UI option to run csftest.pl
• Updated the csf install.txt to run csftest.pl before running up csf