csf

Changes:

• Modified ModSecurity regexes to be more generic

Changes:

• Fix issues with lfd restart via integrated UI and DA UI

Changes:

• Ensure that /usr/lib/systemd/system/ is created on install on systemd servers

Changes:

• Fix sanity check for SMTPAUTH_RESTRICT
• Fixed incorrect reference to cxs in the generic csf installer
• Modified csf.conf to show that LWP::Protocol::https is needed for LWP to retrieve https URLs and added examples of how to install these perl modules
• Implemented native systemd support for startup and shutdown of csf and lfd
• Added recommendation in csf.conf to use IPSET if wanting to set DENY_IP_LIMIT to a high value
• If IPSET is enabled, no sanity warnings are issued for DENY_IP_LIMIT
• Also add SSH port to TCP6_IN on new installations

Changes:

• Display warning and revert to HTTP::Tiny if URLGET is set to use LWP but the perl module is not installed

Changes:

• 7.57   – URLGET now set to “2” to use LWP by default on new installations instead of HTTP::Tiny
• If URLGET set to use LWP, csf will perform upgrades over SSL to https://download.configserver.com
• Added check for URLGET to Server Check
• Added option “3” for CC_LOOKUPS to also include IP ASNs via the MaxMind GeoIPASNum database
• Updated SSH login regexes
• Updated named regex
• Added 30 second timeout for ST_IPTABLES iptables stats writing to prevent a child creation loop
• Modified lfd to restart if more than 200 children are currently active to prevent child creation loops

Changes:

• If LF_SELECT is enabled the port(s) listed in PORTS_* can now be specifed as port;protocol,port;protocol, e.g. “53;udp,53;tcp” to allow for protocol specific port blocks. This port format can also now be used in regex.custom.pm  and csf –td/–ta to allow udp port blocks
• PORTS_bind now defaults to “53;udp,53;tcp” on new installations
• PORTS_directadmin added for DA installs to allow for per port blocks if LF_SELECT is enabled
• Ports 993 and 995 now added to TCP_OUT and TCP6_OUT on new installs
• LF_IPSET taken out of BETA as it is proving stable
• Modified Server Check to skip checking xinetd on Plesk servers
• Modified UI_SSL_VERSION for new installations to use the new IO::Socket::SSL default SSL_version setting of SSLv23:!SSLv3:!SSLv2 so that SSLv3 is disabled
• If systemd is running the installer disables firewalld using systemctl

Changes:

• Added IPv4/IPv6 column to show whether the port in the csf –ports option is listed in *_IN (e.g. TCP_IN)
• Added IPv4/IPv6 column to show the number of ESTABLISHED connections to the port in the csf –ports
• Modified Server Check text from “SMTP Tweak” to “SMTP Restrictions” for cPanel/WHM UI
• Added the following to LF_IPSET for IPv4 IPs and CIDRs: /etc/csf/csf.allow, /etc/csf/csf.deny, GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER. IPv6 IPs, Advanced Allow Filters and temporary blocks use traditional iptables
• Modified ipset information in csf.conf including that only ipset v6+ is supported
• Modified ConfigServer::Slurp to carp instead of croak
• Improvements to Server Check nameserver checking to include IPv6 servers and better determine how many are local nameservers
• Modified csf –graphs to append a trailing slash if missing to directory name