New csf v11.07

Changes:

  • Added missing WAITLOCK to iptables when processing advanced port filters in csf and lfd and checking csf status in UI
  • Added WAITLOCK, if enabled, to iptables-restore commands during FASTSTART
  • Server Check Report – removed ini_set check as so many scripts use ini_set nowadays. Updated text on various checks
  • Updated the postfix SMTP AUTH regex
  • Added new SSHD “maximum authentication attempts exceeded” regex
  • Set basic PATH before running csfpre.sh/csfpost.sh to avoid binary location issues
  • csf now runs csfpre.sh/csfpost.sh directly without forcing it through /bin/sh. If present, csf chmods the script 0700 and checks for a shebang. If the shebang is missing #!/bin/bash is added to the top. The script is then run
  • Added seventh parameter to regex.custom.pm to allow Cloudflare blocking if a CUSTOM regex is triggered (see latest regex.custom.pm in distro)
  • Rearranged UI tabs and shortened tab names. Moved quick actions to the top of the “csf” tab pane
  • Added “AUTH command used when not advertised” to the LF_EXIMSYNTAX regex check
  • Added new csf CLI cluster option: -ci, –cignore ip [comment] This will add the IP to each remote /etc/csf/csf.ignore member and then restart lfd. This has also been added to the UI
  • Fixed cluster grep output in UI
  • Modified MESSENGERV2 to support combined certificates+keys in cPanel v68+
  • Added triggered setting and, if applicable, temporary TTL to the “Blocked:” status in block alert emails
  • Added “wildcard” option to “Search System Logs” UI to use ZGREP to search the specified log with a wildcard suffix
  • ZGREP option added to csf.conf which must point to the zgrep binary
  • Added git binaries to csf.pignore on cPanel servers for upcoming v72/74 features

New csf v11.06

Changes:

  • Modified Integrated UI to use new cxs UI perl modules
  • Added custom redirect line for webmin UI when STYLE_CUSTOM enabled
  • Ensure ip6tables nat table is flushed if present whether MESSENGER is enabled or not

New csf v11.05

Changes:

  • Added new configuration option PT_SSHDKILL. This option will terminate the SSH processes created when blocking an IP
  • Added a “Fix Common Problems” section to the csf UI for various common configuration issues
  • Ensure application ports are always defined in lfd

New csf v11.04

Changes:

  • Added new configuration option LF_APACHE_ERRPORT. This option is used to determine if the Apache error_log format contains the client port after the client IP. By default it is set to autodetect

New csf v11.02

Changes:

  • Integrated UI fix for CloudFlare page
  • Removed non-participated deny options for cxs reputation service
  • Changed PT_SSHDHUNG to use a regex for process cmdline detection
  • Fixed issue with IPv6 client detection in Apache logs

New csf v11.01

Changes:

  • Corrections to readme.txt
  • In UI, display long output into fixed height divs with scrollbars and font size changer
  • Modified Server Check to not display the mod_cloudflare warning if CF_ENABLE enabled
  • Modified Server Check to display a single warning for each PHP check listing affected versions instead of multiple warnings
  • Additional exim check added to Server Check
  • Improvements to ajax output in UI

New csf v11.00

Changes:

  • New Feature: CloudFlare Firewall integration. This feature provides blocking and unblocking functionality with the CloudFlare Firewall from within lfd, together with new CLI commands for direct access. See documentation for CF_ENABLE in csf.conf, information in readme.txt as well as the csf man page
  • Added UI elements for CloudFlare Firewall integration
  • New CLI command –trace [ip]. This replaces the –w, –watch CLI command to Log SYN packets for an IP across iptables chains by using the iptables TRACE module
  • New Feature: Check the size of the ModSecurity IP D/B. This option will send an alert if the ModSecurity IP persistent storage grows excessively large. This is enabled on cPanel by default. See csf.conf for more information
  • New Feature: Allow use of comma separated list of ports in Advanced Allow/Deny Filters
  • WATCH_MODE in csf.conf and –w, –watch CLI commands removed in favour of the new –trace [add/remove] [ip] CLI command
  • Restrict the scope of Perl shebang replacement when installing on cPanel servers
  • Modifications and fixes for the example MESSENGERV2 templates
  • Ensure /proc/sys/net/netfilter/nf_conntrack_helper is enabled at startup to allow connection tracking to continue working on newer kernels
  • Stop needlessly setting <head> and <body> elements in Ajax returns
  • Various corrections and updates to readme.txt
  • Tweaks to the Mobile View UI button arrangement and spacing