Server Software and Configuration Services
New csf v5.51
Changes:
– Updated Donation buttons
csf
New csf v5.50
Changes:
– Removed check for Melange on cPanel servers from Server Check Report
– Improvements to the cPanel exim SMTP AUTH login failure regex after changes in cPanel v11.32
– Added exe:/usr/local/cpanel/3rdparty/sbin/mydns to csf.pignore for new installs on cPanel servers
– Additional cmd/pcmd suggestions added to csf.pignore for new installs on cPanel servers (not enabled)
New csf v5.49
Changes:
– Remove atd from Service Check in Server Check Report
– Ensure all DNS traffic between non-local IP addresses in /etc/resolv.conf is allowed through the firewall when DNS_STRICT_NS is not enabled
– Added exim to example script pt_deleted_action.pl
– Added /var/log/cxswatch.log to csf.logfiles for new installations
– Added new option LF_ALERT_SMTP which allows lfd to be configured to send alert emails via SMTP instead of through the SENDMAIL binary. LF_ALERT_SMTP needs to be set to the name or IP address of the SMTP server to use this feature
– Added new option CC_DROP_CIDR. Set this option to a valid CIDR to ignore CIDR blocks smaller than this value when implementing CC_DENY/CC_ALLOW/CC_ALLOW_FILTER. This can help reduce the number of CC entries and may improve iptables throughput
– Improved installation procedure for checking required perl modules
New cxs v2.52
Changes:
– cxs Watch will now fail to start or will terminate on VPS servers if /proc/sys/fs/inotify/max_user_watches is set too low
– Added error reporting if clamd fails to respond, but stop reporting clamd errors if too many consecutive errors occur
– Updated POD regarding the new csf option: LF_CXS
New csf v5.48
Changes:
– New option LF_QOS added which matches hits against the mod_qos Apache module
– New option LF_CXS added which matches hits against the mod_security Apache module rule for cxs if implemented
New csf v5.47
Changes:
– Improvements to non-core perl module loading
– Improvements to PT_LOAD Apache Status retrieval and messages
– Regex modifications to cater for Dovecot v2.1+
– On cPanel servers, block additional ports that exim uses in the WHM > Service Manager for RT_*_BLOCK
New csf v5.46
Changes:
– Modified upgrade warning for integrated UI to not use the DA warning text
– Validate local IP addresses
– Only check local IPv6 addresses if IPV6 is enabled in config
– Separate IPv4 from IPv6 ignore CIDRs due to Net::CIDR::Lite restrictions
– Improvements to ignore files IP address validation
– Add server check for PHP v5.2.* to the obsolete/security risk list
– Add server check for RedHat/CentOS v4.* and Fedora < v15 to the obsolete/security risk list
- Removed server checks for RLimitMEM/RLimitCPU
New csf v5.45
Changes:
– Only log Log Scanner in lfd.log if DEBUG set to 2 to allow empty reports if monitoring lfd.log
– Added new option LF_BOGON_SKIP. If you don't want BOGON rules applied to specific NICs, then list them in a comma separated list
– Added new option LF_CONSOLE_EMAIL_ALERT which will send an email if there is a root login to the server console. This is enabled by default
New csf v5.44
Changes:
- New feature – Log Scanner. This feature will send out an email summary of the log lines of each log listed in /etc/csf/csf.logfiles. All lines will be reported unless they match a regular expression in /etc/csf/csf.logignore
- Set LWP::UserAgent agent to “csf/[version]” instead of the default
New csf v5.43
Changes:
- csf and lfd modified to better handle !lo interface for compatibility with newer iptables versions
- Removed use of Sys::Hostname::Long
- Added new options LF_APACHE_403 and LF_APACHE_403_PERM. This option will keep track of the number of “client denied by server configuration” errors in HTACCESS_LOG. If the number of hits is more than LF_APACHE_403 in LF_INTERVAL seconds then the IP address will be blocked. See csf.conf for more information