Server Software and Configuration Services
New cmc v1.04
Changes:
– Ensure that modsec2.whitelist.conf is always included at the bottom of modsec2.user.conf rather than at the top. This is done whenever the UI is accessed via WHM
cPanel
New cxs v2.86
Changes:
– Improvements to installer on initial fresh cPanel v11.36 installations
– Added a 20 second timeout for running –Wsymlink [script] and switched from using system call to open3
– Added a 20 second timeout for running –script [script] and improve output printing from [script]
– Modified –options [u] to include more suspicious locations
– Exploit fingerprint definitions database additions
WHM/cPanel v11.36
cPanel v11.36 has now entered the CURRENT tree and you will notice that most of your addon perl scripts failing. You can resolve this easily with our addons by reinstalling them. We have provided a simple script that can do this for you that we posted previously. This has to be done regardless as to whether you are running the latest versions:
This script will update: cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:
curl -s configserver.com/free/csupdate | perl
You should take care to read through the output to ensure that all the upgrades have worked as expected.
New cxs v2.85
Changes:
– Moved suspicious script location detection to its own option within: –options [u], –doptions [u], –voptions [u] and –qoptions [u] The option is included in the default setting for –options [options]. If you specify a list in any of these options and want to include this in them, then you need to add [u] to the list of options
– Separate dangerous quarantine options in the UI
New cxs v2.84
Changes:
– New feature: cxs watch daemon Symlink attack detection. This option will try and detect a symlink attack against the server. If –Wsymlinkmax [num] symlinks are created with one directory within –Wsymlinksec [secs] seconds then –Wsymlink [script] will be run. An example is provided for this script in /etc/cxs/symlinkdisable.example.pl
– Enable –Wsymlink /etc/cxs/symlinkdisable.example.pl on new installs in /etc/cxs/cxswatch.sh for email notifications
– Detect as suspicious, scripts found within /images/ and /upload(s)/ directories
– Fixed –Wadd [file] not working correctly in cxs watch
– Fixed –www not being adhered to for new users while cxs watch running
– Modified –www location on DA servers to the domains/ subdirectory of users account for cxs watch daemon and single user scans
– Improvements to file ownership detection in cxs watch. If a file is owned by “nobody” cxs will compare user home directories in /etc/passwd to the file location to try and determine a unique owner
– Fixed UI saving default “smtp” setting incorrectly (again)
New convenient update method for ConfigServer scripts
We have released a new method to force an update of all of our main scripts (on cPanel servers only):
cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:
curl -s configserver.com/free/csupdate | perl
You should take care to read through the output to ensure that all the upgrades have worked as expected.
New MailScanner Front-End v4.38
Changes:
– Updated to use the new cPanel 11.36+ integrated perl binary if exists
New MailScanner Script v2.88
Changes:
– Updated to use the new cPanel 11.36+ integrated perl binary if exists
– Init script changed to use pkill and pgrep instead of pidof
New cxs v2.83
Changes:
– Updated to use the new cPanel 11.36+ integrated perl binary if exists
– Fixed UI saving default “smtp” setting incorrectly
– Modified –www location on DA servers to the domains/ subdirectory of users account as public_html/ is ignored as it is a symlink
New csf v5.72
Changes:
– Added missing DD setting in DA and generic installations for ST_DISKW
– Modified IPv6 port settings to reflect IPv4 port settings for new installs in csf.conf
– If a deleted executable process is detected and reported then do not further report children of the parent (or the parent itself if a child triggered the report) if the parent is also a deleted executable process
– Parent PID added to PT_DELETED_ACTION parameters
– In the Server Report allow for spaces before Apache directives
– Updated instructions for modifying log_selector for exim configurations in readme.txt and Server Report
– Modify DD calculation for ST_DISKW for disks that report in GB/s
– Updated to use the new cPanel 11.36+ integrated perl binary if exists