csf

Changes:

• Added cPanel SaaS servers to cpanel.allow
• Added a fix for RHEL v8 processes that were reporting excessive null or whitespace characters at the end of /prod/[pid]/cmdline. This is turn meant that such processes (e.g. spamd on cPanel servers) subverted some entries in csf.pignore
• Updated systemd entries in csf.logignore for RHEL v8+
• Updated dovecot log regexes to support the changed format in v2.3.15+
• Modify LookUpIP to hopefully account for data inconsistencies from Maxmind

Changes:

• Added entries in csf.pignore for new cPanel installations:
  exe:/usr/sbin/mariadbd
  exe:/usr/sbin/atd
  exe:/usr/lib/systemd/systemd-timesyncd
  exe:/usr/lib/systemd/systemd-networkd
  exe:/usr/sbin/rsyslogd
• Updated configuration files to support cPanel on Ubuntu
• In Server Check don’t check for Fork Bomb protection on cPanel servers running CloudLinux

Changes:

• Fixed error message regarding location/permissions to the iptables binary in correctly referencing ip6tables
• Added PASV port range hole for VZ servers on cPanel for new installs
• Fixed MESSENGERV3 Apache tree search where ServerRoot is not configured so that csf defaults to /etc/apache2/ so that relative Includes are still defined correctly
• Modified LF_BIND regex to deal with new log field

Changes:

• Improvements to CC IP lookup binary search
• Modified index.recaptcha.php and index.php to use square instead of deprecated curly brackets on array index for PHP v7.4+
• Modified Server Check regex matching on include in dovecot config files in RHEL v8+
• Added workaround for iOS issue with bootstrap modals
• Added EOL messages to Server Check report
• Modified dovecot.conf parsing on cPanel for include_try in Server Check
• Modified Apache 404 regex to check for either “info” or “error”
• Added two new CLI options: –temprma [ip], –temprmd [ip]. This allows distinction between allow and deny that does not exist for –temprm [ip]
• Updated UI to offer either –temprma [ip] or –temprmd [ip] instead of –temprm [ip]
• Added PHP v7.2 EOL notice to Server Report

Changes:

• Added missing images/ subdir to webmin and interworx installers
• Added new option LF_TEMP_EMAIL_ALERT. This allows the disabling of temp IP block emails. It is enabled by default (send temp email alerts as before)

Changes:

• Added missing images/ subdir to DA installer

Changes:

• If DOCKER is enabled and the iptables nat table exists, csf now creates a DOCKER chain in the nat table for IPv4
• cPanel additions to csf.pignore on new and existing installs
• Disable reputation service on error
• Added new options MESSENGERV3PERMS and MESSENGERV3GROUP for the creation of the MESSENGER_USER public_html directory. See csf.conf for information, defaults set for each install control panel type where possible
• Added exe:/sbin/rngd to csf.pignore for new installations

Changes:

• Modified dovecot pop3d/imapd log line parsing to repeat single lines reporting multiple login failure attempts
• Additional entries in csf.pignore for new installs on CyberPanel v2
• cPanel additions to csf.pignore on new and existing installs
• Convert embedded IPv4 addresses in /proc/net/tcp6 back to IPv4

Changes:

• Added two new options: CC_MESSENGER_ALLOW, CC_MESSENGER_DENY. These options can control which Country Code IP blocks are redirected to the MESSENGER service, if it is enabled
• Fixed some typos in csf.conf
• Added DirectAdmin diagnostics to the admin UI for session security checks, together with a method to skip the checks if desired