cPanel

Forthcoming csf file and directory changes

In the next release (due in the next few days) we will be moving csf towards the Linux Filesystem Hierarchy Standard (FHS), rather than installing everything in /etc/csf/. The following structure will be used:

        /etc/csf/           - (mostly) configuration files
        /var/lib/csf/       - temporary data files
        /usr/local/csf/bin/ - scripts
        /usr/local/csf/lib/ - perl modules and static data
        /usr/local/csf/tpl/ - email alert templates

The functionality  and usage of csf remains the same with the csf CLI running from /usr/sbin/csf as it does now. The main difference will be the storing of temporary data in /var/lib/csf/. All the configuration files (apart from the email alert templates and regex.custom.pm) remain in /etc/csf/.

Existing data and templates files are migrated into the new structure automatically when upgrading to the new version. Some files and directories are symlinked to /etc/csf/ for backwards compatibility and ease of use. Nothing needs to be done at all other than performing a standard upgrade.

This information is being provided more for information than anything else, incase you panic because things appear to have suddenly disappeared from your installation. If you are modifying csf through anything other than the provided CLI or modification of the configuration files, you will have to take into consideration the location of, for example, the temporary data.

Here is a sample listing from those directories:

/etc/csf:
total 504
drw-------  4 root root   4096 Jun 24 16:30 ./
drwx--x--x 77 root root  12288 Jun 24 16:56 ../
lrwxrwxrwx  1 root root     18 Jun 20 12:05 alerts -> /usr/local/csf/tpl/
-rw-------  1 root root 145160 Jun 23 11:04 changelog.txt
-rw-------  1 root root    860 Mar 11 11:56 csf.allow
-rw-------  1 root root   3216 Jun 23 11:04 csf.blocklists
-rw-------  1 root root  78924 Jun 23 11:04 csf.conf
-rw-------  1 root root  78924 Jun 23 11:04 csf.conf.preupdate
-rw-------  1 root root  16761 Jun 24 09:24 csf.deny
-rw-------  1 root root    617 Mar  7 17:13 csf.dirwatch
-rw-------  1 root root    712 Mar  7 17:13 csf.dyndns
-rw-------  1 root root    923 Mar  7 17:12 csf.fignore
-rw-------  1 root root    554 Mar 11 11:56 csf.ignore
-rw-------  1 root root    657 Mar  7 17:12 csf.logfiles
-rw-------  1 root root   1949 May  9 16:07 csf.logignore
-rw-------  1 root root    408 Mar  7 17:13 csf.mignore
-rw-------  1 root root   3137 Mar  7 18:01 csf.pignore
lrwxrwxrwx  1 root root     13 Jun 23 11:04 csf.pl -> /usr/sbin/csf*
-rw-------  1 root root   1142 Mar  7 17:13 csf.redirect
-rw-------  1 root root   1938 Mar  7 17:13 csf.resellers
-rw-------  1 root root   1622 Mar  7 17:13 csf.rignore
-rw-------  1 root root    413 Mar  7 17:13 csf.signore
-rw-------  1 root root    510 Mar  7 17:13 csf.sips
-rw-------  1 root root    368 Mar  7 17:13 csf.suignore
lrwxrwxrwx  1 root root     29 Jun 23 11:04 csftest.pl -> /usr/local/csf/bin/csftest.pl*
-rw-------  1 root root    457 Jun  1 15:31 csf.uidignore
lrwxrwxrwx  1 root root     27 Jun 23 11:04 csfui.pl -> /usr/local/csf/bin/csfui.pl*
lrwxrwxrwx  1 root root     28 Jun 23 11:04 csfwebmin.tgz -> /usr/local/csf/csfwebmin.tgz
-rw-------  1 root root   2609 Jun 23 11:04 install.txt
lrwxrwxrwx  1 root root     13 Jun 23 11:04 lfd.pl -> /usr/sbin/lfd*
-rw-------  1 root root  10174 Jun 23 11:04 license.txt
drw-------  2 root root   4096 Mar  7 17:12 messenger/
lrwxrwxrwx  1 root root     39 Jun 23 11:04 pt_deleted_action.pl -> /usr/local/csf/bin/pt_deleted_action.pl*
-rw-------  1 root root  50354 Jun 23 11:04 readme.txt
lrwxrwxrwx  1 root root     34 Jun 24 16:30 regex.custom.pm -> /usr/local/csf/bin/regex.custom.pm*
lrwxrwxrwx  1 root root     36 Jun 23 11:04 remove_apf_bfd.sh -> /usr/local/csf/bin/remove_apf_bfd.sh*
drw-------  3 root root   4096 Jun 17 16:12 ui/
lrwxrwxrwx  1 root root     31 Jun 23 11:04 uninstall.sh -> /usr/local/csf/bin/uninstall.sh*
-rw-------  1 root root      4 Jun 23 11:04 version.txt
lrwxrwxrwx  1 root root     25 Jun 23 11:04 webmin -> /usr/local/csf/lib/webmin/
/usr/local/csf:
total 36
drw-------  5 root root  4096 Jun 23 11:04 ./
drwxr-xr-x 21 root root  4096 Jun 20 12:05 ../
drw-------  2 root root  4096 Jun 20 12:05 bin/
-rw-------  1 root root 15485 Jun 23 11:04 csfwebmin.tgz
drw-------  7 root root  4096 Jun 22 11:48 lib/
drw-------  2 root root  4096 Jun 20 12:05 tpl/
/usr/local/csf/bin:
total 436
drw------- 2 root root   4096 Jun 20 12:05 ./
drw------- 5 root root   4096 Jun 23 11:04 ../
-rwx------ 1 root root  32992 Jun 23 11:04 cseui.pl*
-rwx------ 1 root root   5877 Jun 23 11:04 csftest.pl*
-rwx------ 1 root root 238031 Jun 23 11:04 csfui.pl*
-rwx------ 1 root root  11817 Jun 23 11:04 csfuir.pl*
-rwx------ 1 root root   4587 Jun 17 16:12 migratedata.pl*
-rwx------ 1 root root   1151 Jun 13 15:47 pt_deleted_action.pl*
-rwx------ 1 root root   2077 Mar  7 17:13 regex.custom.pm*
-rwx------ 1 root root  25367 Jun 23 11:04 regex.pm*
-rwx------ 1 root root    397 Jun 23 11:04 remove_apf_bfd.sh*
-rwx------ 1 root root  75613 Jun 23 11:04 servercheck.pm*
-rwx------ 1 root root   1019 Jun 23 11:04 uninstall.sh*
/usr/local/csf/lib:
total 52
drw------- 7 root root  4096 Jun 22 11:48 ./
drw------- 5 root root  4096 Jun 23 11:04 ../
drw------- 2 root root  4096 Jun 23 11:04 Crypt/
-rw------- 1 root root 14349 Jun 23 11:04 csf.div
-rw------- 1 root root  3745 Jun 23 11:04 csf.help
drw------- 3 root root  4096 Jun 23 11:04 Geo/
drw------- 2 root root  4096 Jun 23 11:04 HTTP/
drw------- 3 root root  4096 Jun 23 11:03 Net/
-rw------- 1 root root  3857 Jun 23 11:04 sanity.txt
drw------- 3 root root  4096 Jun 23 11:04 webmin/
/usr/local/csf/tpl:
total 136
drw------- 2 root root 4096 Jun 20 12:05 ./
drw------- 5 root root 4096 Jun 23 11:04 ../
-rw------- 1 root root  124 Mar  7 17:13 accounttracking.txt
-rw------- 1 root root  181 Mar  7 17:12 alert.txt
-rw------- 1 root root  192 Mar  7 17:13 connectiontracking.txt
-rw------- 1 root root   76 Mar  7 17:12 consolealert.txt
-rw------- 1 root root  136 Mar  7 17:13 cpanelalert.txt
-rw------- 1 root root  129 Mar  7 17:12 exploitalert.txt
-rw------- 1 root root  151 Mar  7 17:12 filealert.txt
-rw------- 1 root root  132 Mar  7 17:13 forkbombalert.txt
-rw------- 1 root root  374 Mar  7 17:12 integrityalert.txt
-rw------- 1 root root 1042 Mar  7 17:13 loadalert.txt
-rw------- 1 root root  103 Mar  7 17:13 logalert.txt
-rw------- 1 root root  101 Mar  7 17:13 logfloodalert.txt
-rw------- 1 root root  191 Mar  7 17:12 netblock.txt
-rw------- 1 root root  209 Mar  7 17:12 permblock.txt
-rw------- 1 root root  129 Mar  7 17:12 portknocking.txt
-rw------- 1 root root  175 Mar  7 17:13 portscan.txt
-rw------- 1 root root  391 Mar  7 17:12 processtracking.txt
-rw------- 1 root root   97 Mar  7 17:12 queuealert.txt
-rw------- 1 root root  196 Mar  7 17:13 relayalert.txt
-rw------- 1 root root  260 Mar  7 17:12 resalert.txt
-rw------- 1 root root  181 Jun 23 11:04 reselleralert.txt
-rw------- 1 root root  200 Mar  7 17:12 scriptalert.txt
-rw------- 1 root root  176 Mar  7 17:12 sshalert.txt
-rw------- 1 root root  159 Mar  7 17:13 sualert.txt
-rw------- 1 root root  194 Mar  7 17:12 syslogalert.txt
-rw------- 1 root root  298 Mar  7 17:13 tracking.txt
-rw------- 1 root root  129 Mar  7 17:12 uialert.txt
-rw------- 1 root root  150 Jun  1 15:31 uidscan.txt
-rw------- 1 root root  192 Mar  7 17:13 usertracking.txt
-rw------- 1 root root  129 Mar  7 17:13 watchalert.txt
-rw------- 1 root root  146 May 25 09:15 webminalert.txt
-rw------- 1 root root 1207 Jun 23 11:04 x-arf.txt
/var/lib/csf:
total 62708
drw-------  8 root root     4096 Jun 24 09:24 ./
drwxr-xr-x 21 root root     4096 Jun 20 12:05 ../
-rw-------  1 root root      317 Jun 24 15:01 csf.block.DSHIELD
-rw-------  1 root root     7910 Jun 24 15:01 csf.block.SPAMDROP
-rw-------  1 root root      276 Jun 24 15:01 csf.block.SPAMEDROP
-rw-------  1 root root        0 Jun 24 16:00 csf.cclookup
-rw-------  1 root root       58 Jun 24 09:39 csf.dnscache
-rw-------  1 root root        0 Mar  7 17:13 csf.lock
-rw-------  1 root root     1095 Jun 24 16:51 csf.logtemp
-rw-------  1 root root        0 Jun 23 11:04 csf.tempallow
-rw-------  1 root root        0 Jun 24 10:39 csf.tempban
-rw-------  1 root root       16 Jun 24 16:58 csf.tempdisk
-rw-------  1 root root    73350 Jun 23 11:04 csf.tempint
-rw-------  1 root root       54 Jun 24 09:39 csf.tempip
-rw-------  1 root root 64000000 Jun 24 16:58 dd_test
drw-------  2 root root     4096 Jun 24 16:00 Geo/
drw-------  2 root root     4096 May 28 09:29 lock/
drw-------  2 root root     4096 Jun 24 00:00 stats/
drw-------  2 root root     4096 Jun 20 12:05 ui/
drw-------  2 root root     4096 Jun 22 11:48 webmin/
drw-------  2 root root     4096 Mar  7 17:13 zone/

New cxs v2.99

Changes:
– Fix –wttw [file] successful submission text

New cxs v2.98

Changes:
– Added check for clamd when using –wttw [file]
– Added check for script files when using –wttw [file]
– HTTP::Tiny upgraded to v0.031
– Removed a false-postitive fingerprint definition
– Exploit fingerprint definitions database additions

New cmq v1.14

Changes:
– Fixed image location code

ConfigServer Script Updates

With the release of updates to all of our cPanel scripts, if you would like a convenient way to upgrade all of your installed ConfigServer scripts on a cPanel server then we have provided a simple script that can do this for you:
This script will update: cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:

curl -s configserver.com/free/csupdate | perl

You should take care to read through the output to ensure that all the upgrades have worked as expected.

New cxs v2.97

Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
– Added new option –comment “text” which can be used to add a short comment to files submitted using –wttw [file]
– Modified –wttw [file] to ensure that it is not already detected as a Virus or Fingerprint (now requires –force to report a false-positive)
– Fixed packed hex advanced decoder regex
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the cxs WHM plugin will change from /cgi/addon_cxs.cgi to /cgi/configserver/cxs.cgi. This will only happen with cxs v2.97+ and cPanel v11.38.1+. Older version of cxs will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications

New csf v6.14

Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
– Added support for cPanel v11.38.1+ Custom ACL driver. This creates an ACL (software-ConfigServer-csf) which must be used to grant resellers access via “WHM > Edit Reseller Nameservers and Privileges > Third Party Services > ConfigServer Security & Firewall (Reseller UI)” when running cPanel v11.38.1+
– Added Server Check for AppConfig restrictions for cPanel v11.38.1+
– Switched from using Geo::IP::PurePerl to Geo::IP perl module
– Added MaxMind GeoIP Anonymous Proxies to csf.blocklists. This will be appended, disabled, to existing csf.blocklists files
– Added new setting CSFDATADIR. This is the location of the csf and lfd temporary data. By default it is set to the current value of /etc/csf with the intention of moving this data to /var/lib/csf in the future in a move towards the Linux Filesystem Hierarchy Standard (FHS)
– Moved the default location for ST_DISKW_DD to /var/lib/dd_test for new installations

NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the csf WHM plugin will change from /cgi/addon_csf.cgi to /cgi/configserver/csf.cgi. This will only happen with csf v6.14+ and cPanel v11.38.1+. Older version of csf will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications

New MailScanner Front-End v4.42

Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration

NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the msfe WHM plugin will change from /cgi/addon_mailscanner.cgi to /cgi/configserver/mailscanner.cgi. This will only happen with msfe v4.41+ and cPanel v11.38.1+. Older version of msfe will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications. The URL to MailWatch will remain the same

New cse v1.10

Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
– Improvements to the Virtual Console output

NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the csf WHM plugin will change from /cgi/addon_cse.cgi to /cgi/configserver/cse.cgi. This will only happen with cse v1.10+ and cPanel v11.38.1+. Older version of cse will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications

New cmq v1.13

Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration

NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the cmq WHM plugin will change from /cgi/addon_cmq.cgi to /cgi/configserver/cmq.cgi. This will only happen with cmq v1.13+ and cPanel v11.38.1+. Older version of cmq will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications