csf

Changes:

• Modified Slurp.pm to use O_RDONLY instead of O_RDWR

Changes:

• Fixed issue with Restricted UI items sanity checks failing

Changes:

• Removed duplicate “Search System Logs” button from the UI

Changes:

• Added new BETA options LF_IPSET, IPSET. Use ipset for CC_* and csf.blocklist bulk list matching. See csf.conf for more info
• Added new UI option to view ports on the server that have a running process behind them listening for external connections
• Added new CLI option (csf -p, csf –ports) to view ports on the server that have a running process behind them listening for external connections
• Added new CLI option (csf –graphs) to Generate System Statistics html pages and images for a given graph type into a given directory. See ST_SYSTEM for requirements
• If using DYNDNS and the FQDN has multiple A records then all IP addresses will now be allowed
• IPv6 support added to DYNDNS. Requires the Perl module Socket6 from cpan.org to be installed
• On DA servers, if LF_DIRECTADMIN is enabled, DIRECTADMIN_LOG_* will be scanned for login failures to Roundcube, SquirrelMail and phpMyAdmin if installed and logging enabled via CustomBuild v2+. Failures will contribute to the LF_DIRECTADMIN trigger level for that IP
• On DA servers, FTPD_LOG now defaults to /var/log/messages on new installs
• Added exe:/usr/libexec/dovecot/anvil to csf.pignore for new installs on DA
• Added to UI count of entries in /etc/csf/csf.allow
• Added blocklist.de to csf.blocklists for new installs, latest file copied to /etc/csf/csf.blocklists.new on existing installs
• Started moving common functions to separate modules within csf
• HTTP::Tiny upgraded to v0.050
• Fixed csf stop/start routines on reboot for servers using systemd
• Modified integrated UI to display die errors to browser
• Modified X_ARF report to use a self-published schema: http://download.configserver.com/abuse_login-attack_0.2.json
• Modified X_ARF to lowercase the Source-Type field
• Modified X_ARF template to use the v0.2 “X-XARF: PLAIN” header field
• Updated restricted UI items
• Geo::IP upgraded to v1.45
• Crypt::CBC upgraded to v2.33

Changes:

• Updated installer to fix generic installs on some Redhat/CentOS setups
• Fixed issue with temporary allow/deny not applying individual port rules for outgoing connections

Changes:

• Updated scripts to use download.configserver.com

Changes:

• Fixed issue with temporary allow/deny when issued through the UI

Changes:

• Reverted PACKET_FILTER rule changes
• OPEN added as an option to PS_PORTS so that TCP_IN and UDP_IN ports will be ignored by Port Scan Tracking by default, but can be added if desired

Changes:

• DROP_PF_LOGGING disabled by default on new installs as enabling by default will just cause confusion

Changes:

• Removed debugging code from Port Scan Tracking