csf

New csf v5.49

Changes:
– Remove atd from Service Check in Server Check Report
– Ensure all DNS traffic between non-local IP addresses in /etc/resolv.conf is allowed through the firewall when DNS_STRICT_NS is not enabled
– Added exim to example script pt_deleted_action.pl
– Added /var/log/cxswatch.log to csf.logfiles for new installations
– Added new option LF_ALERT_SMTP which allows lfd to be configured to send alert emails via SMTP instead of through the SENDMAIL binary. LF_ALERT_SMTP needs to be set to the name or IP address of the SMTP server to use this feature
– Added new option CC_DROP_CIDR. Set this option to a valid CIDR to ignore CIDR blocks smaller than this value when implementing CC_DENY/CC_ALLOW/CC_ALLOW_FILTER. This can help reduce the number of CC entries and may improve iptables throughput
– Improved installation procedure for checking required perl modules

New cxs v2.52

Changes:
– cxs Watch will now fail to start or will terminate on VPS servers if /proc/sys/fs/inotify/max_user_watches is set too low
– Added error reporting if clamd fails to respond, but stop reporting clamd errors if too many consecutive errors occur
– Updated POD regarding the new csf option: LF_CXS

New csf v5.48

Changes:
– New option LF_QOS added which matches hits against the mod_qos Apache module
– New option LF_CXS added which matches hits against the mod_security Apache module rule for cxs if implemented

New csf v5.47

Changes:
– Improvements to non-core perl module loading
– Improvements to PT_LOAD Apache Status retrieval and messages
– Regex modifications to cater for Dovecot v2.1+
– On cPanel servers, block additional ports that exim uses in the WHM > Service Manager for RT_*_BLOCK

New csf v5.46

Changes:

– Modified upgrade warning for integrated UI to not use the DA warning text
– Validate local IP addresses
– Only check local IPv6 addresses if IPV6 is enabled in config
– Separate IPv4 from IPv6 ignore CIDRs due to Net::CIDR::Lite restrictions
– Improvements to ignore files IP address validation
– Add server check for PHP v5.2.* to the obsolete/security risk list
– Add server check for RedHat/CentOS v4.* and Fedora < v15 to the obsolete/security risk list - Removed server checks for RLimitMEM/RLimitCPU

New csf v5.45

Changes:

– Only log Log Scanner in lfd.log if DEBUG set to 2 to allow empty reports if monitoring lfd.log
– Added new option LF_BOGON_SKIP. If you don't want BOGON rules applied to specific NICs, then list them in a comma separated list
– Added new option LF_CONSOLE_EMAIL_ALERT which will send an email if there is a root login to the server console. This is enabled by default

New csf v5.44

Changes:

  • New feature – Log Scanner. This feature will send out an email summary of the log lines of each log listed in /etc/csf/csf.logfiles. All lines will be reported unless they match a regular expression in /etc/csf/csf.logignore
  • Set LWP::UserAgent agent to “csf/[version]” instead of the default

New csf v5.43

Changes:

  • csf and lfd modified to better handle !lo interface for compatibility with newer iptables versions
  • Removed use of Sys::Hostname::Long
  • Added new options LF_APACHE_403 and LF_APACHE_403_PERM. This option will keep track of the number of “client denied by server configuration” errors in HTACCESS_LOG. If the number of hits is more than LF_APACHE_403 in LF_INTERVAL seconds then the IP address will be blocked. See csf.conf for more information

New csf v5.42 (security fix)

SECURITY FIX. Anyone running csf on a DirectAdmin server should upgrade to this release immediately:Changes:

  • Add check for successful open of admin.list on DA servers to avoid a segfault, which could lead to a buffer overflow

This is in response to http://www.exploit-db.com/exploits/18225/This issue is apparent on DirectAdmin servers only where this C wrapper is used.

New csf v5.41

Changes:

  • Added text description of allow/deny made by cPanel Resellers via UI in csf.allow and csf.deny
  • If cPanel UI Resellers email alerts are enabled, a csf grep will be performed before an IP adress is unblocked and the output included in the alert email, together with the results of the UNBLOCK
  • If cPanel UI Resellers email alerts are enabled, the results of an ALLOW or DENY will be included in the alert email
  • Added logging of cPanel UI Reseller actions ALLOW/DENY/UNBLOCK to /var/log/lfd.log
  • Update to urlget to not fail on empty file if successfully retrieved
  • Take Integrated UI out of BETA as no reported issues
  • Take csf.redirect out of BETA as no reported issues