cPanel

Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
– Added support for cPanel v11.38.1+ Custom ACL driver. This creates an ACL (software-ConfigServer-csf) which must be used to grant resellers access via “WHM > Edit Reseller Nameservers and Privileges > Third Party Services > ConfigServer Security & Firewall (Reseller UI)” when running cPanel v11.38.1+
– Added Server Check for AppConfig restrictions for cPanel v11.38.1+
– Switched from using Geo::IP::PurePerl to Geo::IP perl module
– Added MaxMind GeoIP Anonymous Proxies to csf.blocklists. This will be appended, disabled, to existing csf.blocklists files
– Added new setting CSFDATADIR. This is the location of the csf and lfd temporary data. By default it is set to the current value of /etc/csf with the intention of moving this data to /var/lib/csf in the future in a move towards the Linux Filesystem Hierarchy Standard (FHS)
– Moved the default location for ST_DISKW_DD to /var/lib/dd_test for new installations

NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the csf WHM plugin will change from /cgi/addon_csf.cgi to /cgi/configserver/csf.cgi. This will only happen with csf v6.14+ and cPanel v11.38.1+. Older version of csf will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications

Changes:
– Added iptables UID logging for dropped outgoing packets
– New feature – DROP_OUT_LOGGING. Enables iptables logging of dropped outgoing connections. Where available, these logs will also include the UID connecting out which can help track abuse. Note: Only outgoing SYN packets for TCP connections are logged. The option is not enabled by default, but we recommend that it is enabled
– Option DROP_ONLYRES now only applies to incoming port connections
– New feature – User ID Tracking. This feature tracks UID blocks logged by iptables to syslog. If a UID generates a port block that is logged more than UID_LIMIT times within UID_INTERVAL seconds, an alert will be sent. Requires DROP_OUT_LOGGING to be enabled
– Modified Port Scan Tracking regexes to ensure only incoming connections are tracked
– Added Server Check for dhclient running
– Added Server Check on cPanel servers for antirelayd
– Added Server Check on for a swap file (don't bother on Virtuozo)
– Added Server Check for xinetd, qpidd, portreserve and rpcbind in Services Check since most people won't use them

Changes:
– Modified csf UI to detect Webmin install and symlink script and images directory so as to no longer require Webmin module update on a new csf version
– Tidied up csf UI html
– Fixed System Statistics graph display when using Webmin
– Modified Server Security check to only perform GENERIC test when using Webmin to prevent hanging processes
– Added CLI options –car, –carm. This removes an allowed IP in a Cluster and removes it from /etc/csf.allow
– Added new options LF_WEBMIN, LF_WEBMIN_PERM. This feature adds login failure detection for Webmin in WEBMIN_LOG
– Added new option LF_WEBMIN_EMAIL_ALERT. This feature sends an email if a successful login to Webmin is detected in WEBMIN_LOG
– Modified LF_SCRIPT_ALERT text in csf.conf for cPanel servers
– Modified proftpd regex to cope with non-standard format and to remove trailing colons from account name
– Modified LF_SCRIPT_ALERT regex to cater for paths containing spaces
– Improvements to LF_SCRIPT_ALERT memory usage and possible script detection
– Added alternative LF_SCRIPT_ALERT regex for specific 1H.com exim logging ACL