csf

Changes:

• Convert csfui.pl, csfuir.pl and cseui.pl to perl modules and modify the calling UI specific scripts
• Updated cseUI so that is passes perl strict module checks
• Fixed issue with deny removal of some IPv6 addresses
• Ensure /etc/chkservd/lfd is recreated when lfd is enabled via csf -e on cPanel servers
• Added exes to csf.pignore on existing and new cPanel server:
  /usr/libexec/dovecot/lmtp
  /usr/local/cpanel/3rdparty/php/54/bin/php-cgi
  /usr/local/cpanel/3rdparty/php/56/bin/php-cgi
  /usr/local/cpanel/3rdparty/php/56/sbin/php-fpm
• Ensure all file opens are properly flocked
• Switch to using require instead of eval/use to load runtime modules where possible
• Code review – started addressing perl critic suggestions in all scripts and modules
• Moved regex.pm to a seperate perl module
• Moved email sending to a seperate perl module
• Moved lfd logging to a seperate perl module
• Add allow and ignore Include files for the cPanel Free SSL service from Comodo in cPanel v58+. These are included on new installations and added to existing files on cPanel installations
• Fixed spurious Include error in lfd for csf.ignore

Changes:

• Added more dovecot binaries to csf.pignore for new and existing cPanel servers
• Updated lfd-cron to use the csf startup routines to restart lfd on systemd servers correctly, existing cron jobs are also modified
• HTTP::Tiny upgraded to v0.058

Changes:

• Modified Config loading to check for valid ip6tables location before attempting to use it
• Modify Server Report to support checking of cPanel MultiPHP configurations when using EasyApache v4
• Removed PHP check for suhosin from Server Report
• Improved cipher check for pure-ftpd in Server Report
• Added password reset check for subaccounts in Server Report on cPanel servers
• Added cPanelID check in Server Report on cPanel servers

Changes:

• On cPanel servers ensure the lfd service is always correctly appended to chkservd.conf on csf installation

Changes:

• Fix csf –tempdeny from allowing blocking of local IPs
• Fix problem where LF_NETBLOCK was no longer affective after blocking a its first netblock until it timed out from csf.tempip
• Modify UI table spacing

Changes:

• Modified cPanel version check to avoid restart loop if GENERIC set to 1 in csf.conf

Changes:

• Modify Relay Alert email to specify “localhost” rather than “Local Account” when localhost IPv6 address detected as it currently does for IPv4 localhost
• Improvement to lfd restart routine for MailScanner and pure-ftpd when cPanel upgrades on RHEL/CentOS/CloudLinux v7+ servers

Changes:

• Move SMTP_BLOCK rules to a separate chain to avoid conflicts with other control panels deleting required rules

Changes:

• Reversed csf.tempip changes to avoid a possible locking issue in csf.pl, lfd.pl changes retained

Changes:

• Fixed 12 month statistics pie chart rendering
• Increased default value and sanity range for PT_USERMEM
• Modified SMTP_BLOCK to use iptables multiport
• Added new feature: SMTP_REDIRECT. This redirects non-authorised outbound SMTP connections to the local SMTP server
• Ensure LF_PERMBLOCK IP’s are removed from csf.tempip when rotating csf.deny after reaching DENY_IP_LIMIT
• Remove stale csf.tempip entries on lfd startup
• Added IPv6 support to RT_LOCALHOSTRELAY tracking
• Update binary locations for new installations on DirectAdmin Debian
• Improved fix for detection of ip6tables nat chains
• Added UI Firewall Configuration On/Off buttons
• Added UI Firewall Configuration dropdowns for some value ranges
• Updated UI restricted list
• Updated sanity checks
• Various UI updates and modifications
• Added a warning when using mod_cloudflare to Server Check Report