General

New csf v3.42

Changes:

  • Corrected information for LF_TRIGGER_PERM in the generic csf.conf to be the same as the cPanel csf.conf
  • If LF_SELECT is enabled make sure all cPanel ports are blocked on cpanel login failure. This was only doing ports 2082,2083 and will now block 2082,2083,2086,2087,2095,2096

New csf v3.41

Changes:

  • Added new mechanism to allow custom regular expression matching with individual settings for lfd login failure detection. See /etc/csf/regex.custom.pm for details
  • Modified all timestamps in lfd reports to also include the standard timezone offset (i.e. from GMT)
  • Added new setting CC_LOOKUPS to control the new Country Code lookups (enabled by default)
  • DROP_IP_LOGGING automatically disabled if PS_INTERVAL is enabled
  • PS_INTERVAL enabled by default on new installations
  • Doubled the number of lines before log file flooding detection will be triggered

New csf v3.40

Changes:

  • Added queuealert.txt to the WHM UI dropdown list for editing
  • Clarified in csf.conf that setting LF_QUEUE_ALERT to 0 disables the check
  • Added Country Code lookups for IP addresses. Any reported IP addresses will include the international CC where available. It should be noted that with international ISPs this may not be wholly accurate. Where possible the CC will be translated into the associated country name

New csf v3.39

Changes:

  • Added new option IGNORE_ALLOW which, if enabled, lfd will ignore IP addresses listed in the csf.allow file and not block them
  • Added new option LF_QUEUE_ALERT, which will send an email alert using queuealert.txt if the exim queue length exceeds the value it is set to. The check is repeated every LF_QUEUE_INTERVAL seconds. If the ConfigServer MailScanner configuration is being used, both the MailScanner pending and exim delivery queues will be checked. This is a cPanel only option
  • Added new option CT_PORTS to Connection Tracking so that you can

New csf v3.38

Changes:

  • Additional SSHD regex added to regex.pm
  • Improved the WHM UI reporting of the csf status: disabled, running, testing mode
  • Added Enable/Start buttons to WHM UI next to the csf status if disabled/stopped
  • Updated Server Report checks for csf status
  • Changed the destination of the ConfigServer Services link at the bottom of the WHM UI to go to the csf web page

New csf v3.37

Changes:

  • Fixed an issue currently in cPanel EDGE that affects the use of the cPanel SafeFile module in WHM scripts

New csf v3.36

Changes:

  • Increased the IP lookup timeout for reported IP’s from 5 to 10 seconds
  • Improved lfd internal timing system for event triggers
  • Added new feature – Account Tracking. The new AT_* options configure an alert system for account modifications which will send an email if there are new accounts added, existing accounts deleted plus password uid gid login dir and login shell changes. Each of these changes can be enabled or disabled. You can also enable tracking for superuser accounts only. That latter is the default setting. This feature uses the email template accounttracking.txt
  • Added reason text to temporary IP bans
  • Added Server Report check for ini_set in PHP disable_functions
  • Added ossec to list of processes to disable as it will conflict and duplicate csf functionality
  • Changed Server Check scoring text to instead show a coloured table indicating score

cPanel – Perl on VPS Servers

It appears that many VPS servers overnight have installed the OS vendor version of perl, e.g. v5.8.5. This has meant that most of the perl modules that cPanel itself along with csf, MailScanner and other perl scripts use are missing. This in turn means that many perl based scripts (e.g. MailScanner, csf, cPanel itself) will have stopped functioning.To resolve this issue, either run:/scripts/checkperlmodulesOr, better, upgrade back to perl v5.8.8 using the distribution on the cPanel site:http://layer1.cpanel.net/You might also get away with simply going to /usr/bin/ and copying the perl v5.8.8 binary over the live perl binary.Whichever method you use, with MailScanner at least, you’ll have to update MailScanner either from our install script, or by selecting the Force MailScanner Update button for MailScanner in the WHM UI.It would then probably be a good idea to run:/scripts/upcp -forceHow this happened is odd as /etc/yum.conf on cPanel includes perl* in the ignore list.

New csf v3.35

Changes:

  • Changes to WHM UI script for cPanel v11
  • Removed cPanel v10 backported WHM UI settings, i.e. v10 no longer supported
  • Added # of temp blocks to WHM UI “Temporary IP Bans” on main page
  • Modified Server Report check for register_globals in cPanel’s php.ini to use the new cPanel WHM setting
  • Added Server Report check for passwords in WHM email setting
  • Added Server Report check for WHM root/reseller login to users cPanel
  • Modified Server Report nobody cron check to only fail on non-zero cron file
  • Modified Server Report check for Fedora now that Fedora 7 is EOL (2008-06-13)
  • Added new option DYNDNS_IGNORE to ignore DYNDNS entries when lfd blocking

New csf v3.34

Changes:

  • Modified regex matching to allow for trailing spaces in log lines
  • Modified PT_LOAD routine to prevent multiple triggers resulting in more than one alert being email sent
  • Removed the need for NETSTAT from lfd to reduce overheads and improve performance allowing CT_INTERVAL to be set lower. Now uses /proc/net/[protocol]