cPanel

Changes:

• Set scripts (.pl,.cgi,.php,.sh,.py) in /etc/csf/ to chmod 700
• Simplified PACKET_FILTER rules for dropping INVALID connection tracking states. This feature now only applies a single rule for incoming INVALID packets
• DROP_PF_LOGGING enabled by default on new installs
• INVALID added as an option to PS_PORTS so that PACKET_FILTER logs will be ignored by Port Scan Tracking by default, but can be added if desired
• Modified ST_ENABLE locking
• Regex updates to cater for Plesk 12 – thanks to Marcel Evenson
• Fixed issue with temporary allow/deny comment not being parsed correctly when port * specified

Changes:

• Modified lfd to silently drop ST_ENABLE lock queue entries unless DEBUG is enabled
• Modified ST_ENABLE logging to append to data file and only truncate when needed

Changes:

• Added locking to ST_ENABLE and ST_SYSTEM to prevent child process queues

Changes:

• Fix SMTPAUTH_RESTRICT where IPv6 addresses need to be quoted for exim

Changes:

• Added new option LF_DIST_ACTION. If LF_DISTFTP or LF_DISTSMTP is triggered, then if LF_DIST_ACTION is a path to a script, it will run the script and pass arguments to it. See csf.conf for more info
• Added limit check on VPS servers when using FASTSTART to ensure there are sufficient numiptents available for all of the iptables rules in that block
• Modified SMTPAUTH_RESTRICT to add ::1 as a standalone IP to /etc/exim.smtpauth
• Fixed LF_BIND – BIND_LOG was not being added to the log list to watch
• On DirectAdmin servers, added new feature LF_DIRECTADMIN. This option scans DIRECTADMIN_LOG for failed logins and blocks accordingly
• Fixed typo in csf.conf