csf

Changes:

• Added error output from IO::Socket::INET for CLUSTER_* commands from csf if present
• UI HTML fixes and form design elements added
• Improved error report for invalid csf.conf lines
• Removed Server Check tmp mountpoint checks

Changes:

• Parameterise calls to system and Open3 where possible
• HTTP::Tiny upgraded to v0.039
• Modifications to csftest.pl
• Removed the UI “Pre-configured settings for Low, Medium or High” as they are outdated and meaningless. Users should go through the csf configuration and setup the firewall for their individual server needs
• Translate ampersand for HTML output
• Modified csf.blocklist for new installations to use the SSL URL for the TOR exit list now that they have forced redirection from the non-SSL URL, with a note to change URLGET to use LWP
• Modified csf.blocklist for new installations to specify an alternative TOR exit node list

Changes:

• Fixed issue that produced false-positive failures for IP address actions through UI when checking for a valid IP address
• Modified lfd to support the use of either “password” or “pass” in /root/.my.cnf for ST_MYSQL
• Updated CLUSTER information in readme.txt

Changes:

• Removed VPS PASV check from Server Check in UI
• Added new option URLGET – This option can be used to select either HTTP::Tiny or LWP::UserAgent to retrieve URL data. HTTP::Tiny is faster than LWP::UserAgent and is included in the csf distribution. LWP::UserAgent may have to be installed manually, but it can better support https:// URL’s. HTTP::Tiny is selected by default
• Removed extraneous bracket in UI output when reporting errors in user supplied data
• Added new options LF_EXIMSYNTAX, LF_EXIMSYNTAX_PERM – These will block IP addresses producing repeated exim syntax errors, typically seen from: spammers, hackers and broken MUAs and MTAs. This option is enabled by default
• HTTP::Tiny upgraded to v0.036

Changes:

• Security fix with included cse when using inbuilt User Interface: prevent XSS due to malicious directory/file names

Changes:

• Load DYNDNS and GLOBAL_DYNDNS from last known values when restarting csf instead of waiting for lfd to load the initial rules
• Improved performance of file slurping
• Cluster documentation correction in readme.txt
• UI button style modifications
• Added specific check for Spamhaus drop lists so that retrieval is never attempted beofer 2 hours elapses between attempts whether those retrieval attempts are successful or not
• Improvements to SSHD regexes
• Modified mod_security logging to include the last triggered rule id if present

Changes:

• Modified LF_PERMBLOCK to perform IP lookup on blocked IP
• Perform modprobe when using FASTSTART on server boot to ensure iptables modules are loaded
• Modified migration detection for particularly old csf installations
• Check that TAIL and GREP exist and are executable in UI

Changes:

• Applied UI changes to inbuilt cse and Reseller UI’s
• Improvements to Virtuozzo/OpenVZ system detection where /proc/vz/veinfo does not exist
• Added System Check on cPanel servers for disable-security-tokens
• If /etc/csuibuttondisable exists then the UI buttons will revert for those that cannot cope with the themed ones

Changes:

• Fixed “Deny Server IPs” option in UI
• Additional SSHD regex
• Enable account tracking for LF_CPANEL login failures to allow for LF_DISTATTACK detection
• Ignore Server Check for register_globals for PHP v5.4+
• Added new option UI_SSL_VERSION, to allow the setting of the SSL protocol version that the UI server allows
• Added window Detach option to UI search system logs
• UI display changes
• Fixed files permissions issue affecting System Graphs and lfd Graphs in DA

Changes:

• Prevent HTML rendering of watch and search system log file output