csf

Changes:

• Added new option PT_SSHDHUNG. Terminate hung SSHD sessions. When under an SSHD login attack, SSHD processes are often left hung after their connecting IP addresses have  been blocked. This option will terminate such processes. See csf.conf for more info
• Added new binaries to csf.pignore on existing cPanel installations to cater for v11.50 and CentOS v7
• LF_CONSOLE_EMAIL_ALERT and LF_WEBMIN_EMAIL_ALERT now default to 1 for new installations
• Updated Server Check ipv6 detection
• Updated sanity checks

Changes:

• Added warning on cPanel servers for GreyListing
• Fixed issue with RedHat/CentOS/CloudLinux v7 where local IPs were not being successfully detected from IFCONFIG

Changes:

• Removed PayPal Donation buttons due to recent abuse

Changes:

• Modified LF_CSF on cPanel servers to detect a change in the cPanel version and then trigger a restart of ConfigServer scripts (added cxs pure-uploadscript restart)

Changes:

• Added Debian v8 and Ubuntu v15 support
• HTTP::Tiny upgraded to v0.054

Changes:

• Added a workaround for Plesk sendmail wrapper SIGCHLD problem

Changes:

• Fixed UI status form tags
• Added new option LF_SPI. This option configures csf iptables as a Stateful Packet Inspection (SPI) firewall – the default. If the server has a broken stateful connection tracking kernel then this setting can be set to 0 to configure csf iptables to be a Static firewall, though some funtionality and security will be inevitably lost
• Added common systemd logs to csf.logignore for new installs
• Modify LF_IPSET in csf to print failure messages instead of aborting on error
• On servers using systemd if firewalld found to be active, csf and lfd will not start until is is stopped and disabled as csf cannot be used with firewalld
• Added option SYSTEMCTL to csf.conf as the location of the systemctl binary for use with servers using systemd

Changes:

• Fixed csf.blocklist for new installs which incorrectly had OPENBL enabled by default

Changes:

• UI HTML updates and fixes
• Modified openbl.org URLs in csf.blocklist to use https – this will likely need URLGET set to 2 (LWP)

Changes:

• Modified Server Check to highlight PHP v5.3.* as EOL and therefore a security risk
• Port 587 added to TCP_OUT/TCP6_OUT on all new installations (previously only on cPanel)
• Added new CLI option to csf, -i –iplookup will lookup IP address geographical information using CC_LOOKUPS setting in /etc/csf/csf.conf
• Manually allowed/denied permanent/temporary IPs through the csf CLI now include the CC information if no comment is used
• Renamed csf and lfd cron jobs in /etc/cron.d/ to cater for non-LSB compliant Linux cron managers
• Modified Server Check report to cater for servers running systemd
• More Server Check fixes for out of date checks
• Added 2 new alert settings for FTP and SMTP distributed attacks: LF_DISTFTP_ALERT and LF_DISTSMTP_ALERT