New csf v10.20

Changes:

  • Prevent lfd logrotate from erroring if log files missing
  • Modified Apache ModSecurity regex to cater for changes in logging format on cPanel servers with ModSecurity v2.9.2
  • Modified Apache cxs regex to cater for changes in logging format on cPanel servers with
  • ModSecurity v2.9.2
  • Ensure destination files are owned by root during installation

New csf v10.19

Changes:

  • MESSENGERV2: Take a copy of the live certs and keys and use these in csf.messenger.conf to work around changing filenames for keys and certs when they are regenerated which causes httpd to fail. This is done each time lfd restarts
  • Added CLI option csf –mregen: MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration. This will also gracefully restart httpd

New csf v10.17

Changes:

  • Prevent Cluster and UI daemons from terminating the main process if they themselves terminate
  • Modify Cluster and UI daemons to restart if they are stopped or fail
  • Modify Cluster and UI daemons to be more verbose about reasons for stopping
  • Fixed typos in readme.txt and csf.conf
  • Added MESSENGER child logging to /var/log/lfd_messenger.log, also for MESSENGERV2 via a new index.recaptcha.php
  • Modified logrotate configuration to include /var/log/lfd_messenger.log

New csf v10.15

Changes:

  • New EXPERIMENTAL feature on cPanel servers: MESSENGERV2. This uses the Apache http daemon to provide the web service for MESSENGER HTML and HTTPS
  • Added new option LF_APACHE_401 that works in a similar way to LF_APACHE_404 and LF_APACHE_403
  • Added new option RECAPTCHA_ALERT. This will send an email when a recaptcha unblock request is attempted by lfd. This option is enabled by default
  • Stability improvements to UI, MESSENGER and CLUSTER daemon processes
  • Added memory usage information to lfd log when using MESSENGER_HTTPS
  • Add limiter to enforce MESSENGER_CHILDREN when connections are waiting for a child process
  • Modify MESSENGER HTML examples for new installs to use inline images to improve page load speed and reduce lfd overheads
  • Modified network interface detection to allow dash (-) in name
  • URL updates in Server Check
  • Increased the default value for MESSENGER_RATE to 100/s (from 30/m) and MESSENGER_BURST to 150 (from 5) for all installations to alleviate slow MESSENGER response times
  • Set the SELinux security context for systemd and executable files
  • Ensure firewalld is masked on systemd servers

New csf v10.14

Changes:

  • Made configuration checks on iptables more fault tolerant to avoid unnecessary failures while loading
  • Removed openbl.org from csf.blocklists for new and existing installs
  • More generic binaries added to csf.pignore