csf

Changes:

• Removed CLUSTER_PORT from sanity checking
• Modified changelog to state that HTACCESS_LOG needs to be correct for nginx LF_HTACCESS regexes
• Added new UI option to watch (tail) system log files listed in /etc/csf/csf.syslogs
• Added new UI option to search (grep) system log files listed in /etc/csf/csf.syslogs
• Improvements to “View iptables Log” output in UI
• Enable “SSL_honor_cipher_order” for UI IO::Socket::SSL sessions

Changes:

• Fixed sanity check for UID_INTERVAL

Changes:

• Modified Apache regexes for Apache v2.4+
• Fixed UI configurable lines display for lfd.log
• Fixed length display text for CLUSTER_KEY in csf.conf
• Ignore suspendedpage.cgi triggers for LF_SYMLINK on cPanel servers
• Updated sanity checks and ranges for csf.conf settings
• Added RESTRICT_UI to Server Check recommended options
• Modified Virtuozzo/OpenVZ FTP port check to verify kernel version before issuing PASV port warning
• Added new setting PS_DIVERSITY. To specify how many different ports qualifies as a Port Scan you can increase this value. The risk in doing so will mean that persistent attempts to attack a specific closed port will not be detected and blocked. The setting defaults to the original setting of 1
• Added 3 LF_HTACCESS regexes for nginx. Remember to set MODSEC_LOG correctly for the location of the nginx error log

Changes:

• Fixed UI issue with some settings sent via the Cluster Config option
• Modified CONNLIMIT_LOGGING rule insertion point
• Added new feature: Outgoing UDP Flood Protection. This option limits outbound UDP packet floods. These typically originate from exploit scripts uploaded through vulnerable web scripts. The feature is controlled by: UDPFLOOD, UDPFLOOD_LIMIT, UDPFLOOD_BURST, UDPFLOOD_LOGGING, UDPFLOOD_ALLOWUSER
• Update the TOR URL in existing /etc/csf/csf.blocklists file if still set to the old URL

Changes:

• Fixed UI “Temporary IP entries > Flush all temporary IP entries”
• Fixed UI_USER and UI_PASS being emptied on saving the firewall configuration through the UI
• Fixed CLUSTER_KEY not displaying when RESTRICT_UI is disabled

Changes:

• Security – Removed items from Cluster Config UI option if RESTRICT_UI enabled

Changes:

• Security – added new option RESTRICT_UI. This options restricts the ability to modify settings within csf.conf from the csf UI. Should the parent control panel be compromised, these restricted options could be used to further compromise the server. This option is enabled by default on all installations
• Added entries to csf.pignore on new installations on cPanel servers for Dovecot v2.2 (cPanel v11.40+)
• Fixed UI Template validation error message

Changes:

• Security Fix – Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so vulnerability is probably low. Thanks to Steven at Rack911.com for reporting this issue
• Added Password ENV variable check to Server Check on cPanel servers
• Update cPanel ACL Driver installations to change force cache update using “touch” instead of removing the cache
• Modified TOR URL in /etc/csf/csf.blocklists to use:
  http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1

Changes:

• Modified auto-update logic to only create the /etc/cron.d/csf_update file if it does not already exist
• Fix permissions on csf man file and directory
• Modified webmin module paths to be relative rather than absolute so that webmin via mod_proxy works correctly
• Fixed “in” direction –tempallow/–tempdeny leaking into [comment]
• Added nginx regex for ModSecurity rule detection. Remember to set MODSEC_LOG correctly for the location of the nginx error log
• Fixed file permission/ownership problem on DirectAdmin servers for the /plugins directory

Changes:

• Introduced a new directory structure to get closer to the Linux
  Filesystem Hierarchy Standard (FHS):

  /etc/csf/           - (mostly) configuration files
  /var/lib/csf/       - temporary data files
  /usr/local/csf/bin/ - scripts
  /usr/local/csf/lib/ - perl modules and static data
  /usr/local/csf/tpl/ - email alert templates

  Existing data and templates files are migrated into the new structure automatically. Some files and directories are symlinked to /etc/csf/ for backwards compatibility and ease of use. See the following for individual file locations in the new configuration:
  http://blog.configserver.com/?p=7

• CC_LOOKUPS rDNS reporting improvements
• HTTP::Tiny upgraded to v0.033
• Removed Security Token check from Server Check Report now that it is implicitly set in v11.18.0+
• Switched the location of the csf.pl and lfd.pl binaries with their symlinks
• Code tidy for servercheck.pm, csfui.pl
• Allow comments to be appended to csf –tempdeny and csf –tempallow in the same way as csf –deny and csf –allow. Also made the options more flexible in usage of optional elements
• Added Comments field to UI for Quick Allow, Quick Deny, and Temporary Allow/Deny
• Added csf(1) man page and changed csf –help to use a text version of the new man page
• Fixed unnecessary open of csf.fignore