General

Changes:

• Improved detection of working ipt_owner iptables module on VPS servers such that if ipt_owner does not work SMTP_BLOCK and UID/GID blocks will be automatically disabled and csf will continue to start

Changes:

• Default setting for ICMP_OUT_RATE set to 0 – this is the recommended setting for cPanel servers which use ping times to determine fastest mirrors for various update functions
• Modified PT_LOAD_ACTION code to stop duplicate load emails from being send by lfd
• Moved ETH_DEVICE_SKIP to the top of the INPUT/OUTPUT chains
• Allow enabling of SMTP_BLOCK and use of UID/GID advanced port filter rules on VPS Servers for as ipt_owner is now apparently supported on the latest kernels. However, if the latest kernel isn’t being used or the VPS host hasn’t included the ipt_owner iptables module for the client VPS, then csf will fail with an error

Changes:

• Modified Process Tracking to allow regex exceptions in csf.pignore for deleted executable processes

Changes:

• Modified regex.pm detection of iptables kernel log lines to cater for alternative formatting
• Restored the substitution of the NULL separator with spaces for the /proc/PID/cmdline in Process Tracking

Changes:

• Added code to Process Tracking to translate non-printable characters to especially help detect and report deleted executable file processes
• WARNING: Removed hard-coded exceptions for spamd, cpanellogd, cpdavd and awstats.pl from lfd.pl. If you want to ignore such processes for Process Tracking, you will need to add appropriate ignore rules to csf.pignore for them

Changes:

• Disable ST_LOOKUP by default on new installations
• Modified lfd stats performance when ST_LOOKUP is enabled and added a warning for this setting to csf.conf for when DROP_IP_LOGGING is enabled

Changes:

• Modified the su tracking regex to better trap RHE/CentOS v5 su login attempts
• Added a Server Check for “FTP Logins with Root Password”
• Added new WHM UI option to display Last X iptables Log Lines. Note that the report will only display log lines since this update. The new statistics will be expanded in future developments. Added new ST_* options to the cPanel csf.conf to control the recording of stats
• Removed fwlogwatch from distro and will use self-produced reports

Changes:

• Added warning for those that enable PT_USERKILL in csf.conf – i.e. It is not a good idea to use that option
• Modified PT_USERKILL to not kill (deleted) processes (these should be restarted manually after investigation) as per the documentation