csf

Changes:

• Fixed issue that produced false-positive failures for IP address actions through UI when checking for a valid IP address
• Modified lfd to support the use of either “password” or “pass” in /root/.my.cnf for ST_MYSQL
• Updated CLUSTER information in readme.txt

Changes:

• Removed VPS PASV check from Server Check in UI
• Added new option URLGET – This option can be used to select either HTTP::Tiny or LWP::UserAgent to retrieve URL data. HTTP::Tiny is faster than LWP::UserAgent and is included in the csf distribution. LWP::UserAgent may have to be installed manually, but it can better support https:// URL’s. HTTP::Tiny is selected by default
• Removed extraneous bracket in UI output when reporting errors in user supplied data
• Added new options LF_EXIMSYNTAX, LF_EXIMSYNTAX_PERM – These will block IP addresses producing repeated exim syntax errors, typically seen from: spammers, hackers and broken MUAs and MTAs. This option is enabled by default
• HTTP::Tiny upgraded to v0.036

Changes:

• Security fix with included cse when using inbuilt User Interface: prevent XSS due to malicious directory/file names

Changes:

• Load DYNDNS and GLOBAL_DYNDNS from last known values when restarting csf instead of waiting for lfd to load the initial rules
• Improved performance of file slurping
• Cluster documentation correction in readme.txt
• UI button style modifications
• Added specific check for Spamhaus drop lists so that retrieval is never attempted beofer 2 hours elapses between attempts whether those retrieval attempts are successful or not
• Improvements to SSHD regexes
• Modified mod_security logging to include the last triggered rule id if present

Changes:

• Modified LF_PERMBLOCK to perform IP lookup on blocked IP
• Perform modprobe when using FASTSTART on server boot to ensure iptables modules are loaded
• Modified migration detection for particularly old csf installations
• Check that TAIL and GREP exist and are executable in UI

Changes:

• Applied UI changes to inbuilt cse and Reseller UI’s
• Improvements to Virtuozzo/OpenVZ system detection where /proc/vz/veinfo does not exist
• Added System Check on cPanel servers for disable-security-tokens
• If /etc/csuibuttondisable exists then the UI buttons will revert for those that cannot cope with the themed ones

Changes:

• Fixed “Deny Server IPs” option in UI
• Additional SSHD regex
• Enable account tracking for LF_CPANEL login failures to allow for LF_DISTATTACK detection
• Ignore Server Check for register_globals for PHP v5.4+
• Added new option UI_SSL_VERSION, to allow the setting of the SSL protocol version that the UI server allows
• Added window Detach option to UI search system logs
• UI display changes
• Fixed files permissions issue affecting System Graphs and lfd Graphs in DA

Changes:

• Prevent HTML rendering of watch and search system log file output

Changes:

• Removed CLUSTER_PORT from sanity checking
• Modified changelog to state that HTACCESS_LOG needs to be correct for nginx LF_HTACCESS regexes
• Added new UI option to watch (tail) system log files listed in /etc/csf/csf.syslogs
• Added new UI option to search (grep) system log files listed in /etc/csf/csf.syslogs
• Improvements to “View iptables Log” output in UI
• Enable “SSL_honor_cipher_order” for UI IO::Socket::SSL sessions

Changes:

• Fixed sanity check for UID_INTERVAL