cPanel

New cxs v5.00

Changes:

  • New feature –[no]bayes taken out of BETA and is the basis of v5
  • Added –[no]bayes to the UI
  • New master bayes corpus generated
  • Added warning in UI for –[no]fallback option regarding potential performance impact
  • Exploit fingerprint definitions database additions

New cxs v4.28

Changes:

  • Fixed cxs Watch loading the bayes database whether –bayes was in use or not

 

New cxs v4.27

Changes:

  • Modified cxs Watch so that watches are updated/created if the alternative configuration file reload method is used
  • Exploit fingerprint definitions database additions
  • BETA: Added a local bayes corpus so that learning and forgetting can be implemented locally
  • BETA: Added new option –blearn [X|C] so that new files can be added to the local corpus as either an exploit (X) or as a clean file (C)
  • BETA: Added new option –bforget [X|C] so that new files can be removed from the local corpus as either an exploit (X) or as a clean file (C). Only files previously learned should be forgotten
  • BETA: Modified cxs Watch to reload the master bayes corpus on change
  • BETA: Modified cxs Watch to reload the local bayes corpus, if one exists, on change
  • BETA: When cxs is upgraded and the master bayes corpus exists, the latest master corpus will be automatically downloaded
  • BETA: New master bayes corpus generated
  • BETA: Raised bayes low/medium/high thresholds

 

New cxs v4.26

Changes:

  • A situation where Fingerprint P0452 persists was missed and is now removed

 

Security: Chkrootkit Exploit and Fix

An exploitable security bug has been found in chkrootkit:

http://www.securityfocus.com/bid/67813

Chkrootkit has released v0.50 to fix this issue and make improvements:

http://www.chkrootkit.org/

This is our preferred procedure for compiling and creating a script to run chkrootkit:

cd /root
rm -Rfv chkrootkit-0.*
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xzf chkrootkit.tar.gz
cd chkrootkit-0.50
make sense
chmod +x chkrootkit
cd ..
echo '
cd /root/chkrootkit-0.50
./chkrootkit -q
' > /root/chkrootkit.sh
chmod +x chkrootkit.sh
chown -R root:root chkrootkit*
rm -fv chkrootkit.tar.gz

Crontab then runs /root/chkrootkit.sh on a regular basis.

New cxs v4.25

Changes:

  • Fingerprint P0452 removed as it appears some legitimate scripts are using the same obfuscation technique commonly used in exploits
  • BETA: Bayes corpus size decreased by a further 28% but with increased accuracy
  • Exploit fingerprint definitions database additions

 

New cxs v4.24

Changes:

  • BETA: Bayes corpus format improved – if you are using this feature, download the new corpus using “cxs –bget”
  • BETA: Bayes corpus memory footprint decreased by a further 20%
  • BETA: Bayes corpus loading speed improvements

 

New cxs v4.23

Changes:

  • Improvements to the main decoder regex
  • Improvements to decoder string extraction
  • Fixed formatting of –qlocal documentation
  • BETA: New Bayes corpus generated – if you are using thie feature, download the new corpus using “cxs –bget”
  • BETA: Bayes corpus size decreased by 25% but with increased accuracy
  • Exploit fingerprint definitions database additions

New cxs v4.22

Changes:

  • Added option –qlocal which provides quarantine support when using mod_ruid2 by storing quarantined files within a users account. See documentation for more information and caveats
  • BETA: Bayes learning improvements (speed, memory)
  • BETA: Bayes reporting improvements (speed, memory)
  • BETA: New Bayes corpus generated – if you are using thie feature, download the new corpus using “cxs –bget”
  • Improvements to PHP decoded script scanning efficiency