cPanel

New csf v4.14

Changes:

  • Implemented the use of cPanel routine Cpanel::Rlimit to remove process resource limit restrictions as the cPanel memory limitation setting was causing the Server Check to abort with memory allocations problems through WHM on some servers
  • Modified port checking for 23 and 53 in Server Check to no longer use the fuser binary and use the port mappings directly from /proc
  • Modified lfd and Server Check to check for IPv6 bound processes as the IPv4 and IPv6 connections are stored in a different file to IPv4 only bound processes

New cmq v1.10

Changes:

  • Updated cmq to use the latest cPanel v11 perl modules

New cmm v1.10

Changes:

  • Updated cmm to use the latest cPanel v11 perl modules

New cse v1.7

Changes:

  • Updated cse to use the latest cPanel v11 perl modules
  • Fixed spurious export errors in the Virtual Console reported in the cPanel error log

New MailScanner Script v2.69

Changes:

  • Documentation updated
  • Changed chkservd restart from using the init script to using /scripts/restartsrv_chkservd

New csf v4.09

Changes:

  • Modification to cPanel version to restart chkservd using /scripts/restartsrv_chkservd instead of the init script as the latter is removed in the latest EDGE release that puts chkservd under the control of tailwatchd (/scripts/restartsrv_chkservd is a stub for restarting tailwatchd in the latest EDGE instead of a direct restart script in older cPanel versions). chkservd is restarted when csf is installed/uninstalled/upgraded/disabled/enabled

New csf v4.06

Our apologies for the slew of updates due to the major changes in v4. Hopefully things will settle down again now ;)Changes:

  • Moved the GALLOW, GDENY, SPAMHAUS, DSHIELD and DYNDNS rules to the LOCALxxPUT chains so that the entries can be correctly listed with ACCEPT’s at the top and DENY’s at the bottom of the chain
  • Repositioned the cPanel Bandmin acctboth rule entry in the INPUT and OUTPUT chains so that bandwidth accounting is kept accurate
  • Fixed a problem processing advanced port filters in GLOBAL_ALLOW and GLOBAL_DENY

New csf v4.04

Changes:

  • Fixed problem with rule placement for ETH_DEVICE_SKIP
  • Ensure all ALLOW requests are inserted before DENY requests after csf has been restarted
  • Ensure that fwlogwatch stats creation uses IPTABLES_LOG file
  • Only perform operations on the nat table if MESSENGER service is enabled
  • lfd Process Tracking will now ignore MESSENGER_USER messenger services
  • Added new option PT_ALL_USERS so that all Linux accounts on a cPanel server are checked in Process Tracking, not just cPanel users. This option is disabled by default on cPanel servers. Enabling this option may require adding exceptions to csf.pignore
  • Additional exceptions added to csf.pignore for cPanel servers for the new PT_ALL_USERS option
  • PT_SKIP_HTTP now disabled by default for new installations
  • Added PT_ALL_USERS and PT_SKIP_HTTP checks to the WHM Server Check