csf

New csf v5.42 (security fix)

SECURITY FIX. Anyone running csf on a DirectAdmin server should upgrade to this release immediately:Changes:

  • Add check for successful open of admin.list on DA servers to avoid a segfault, which could lead to a buffer overflow

This is in response to http://www.exploit-db.com/exploits/18225/This issue is apparent on DirectAdmin servers only where this C wrapper is used.

New csf v5.41

Changes:

  • Added text description of allow/deny made by cPanel Resellers via UI in csf.allow and csf.deny
  • If cPanel UI Resellers email alerts are enabled, a csf grep will be performed before an IP adress is unblocked and the output included in the alert email, together with the results of the UNBLOCK
  • If cPanel UI Resellers email alerts are enabled, the results of an ALLOW or DENY will be included in the alert email
  • Added logging of cPanel UI Reseller actions ALLOW/DENY/UNBLOCK to /var/log/lfd.log
  • Update to urlget to not fail on empty file if successfully retrieved
  • Take Integrated UI out of BETA as no reported issues
  • Take csf.redirect out of BETA as no reported issues

New csf v5.40

Changes:

  • Added new feature – csf UI Reseller functions for cPanel. See /etc/csf/csf.resellers and WHM UI
  • Improvements to cse Integrated UI
  • Modified redundant cPanel function calls in UI
  • Removed ModSecurity functionality in UI
  • Modified WHM UI “Remove Deny” to be “Quick Unblock” that now removes a specified IP address entries from csf.deny and/or temporary blocks

New csf v5.39

v5.39 Changes:

  • Fixed detection of the nat tables on some Virtuozzo VPS servers

v5.38 Changes:

  • Modification to the Integrated UI to allow access to cxs if it is installed via UI_CXS
  • Include an updated cse with csf for use with the Integrated UI via UI_CSE
  • Added option UI_CIPHER to allow the SSL cipher suite to be set manually for the Integrated UI
  • Added HTTP request internal memory limits to the Integrated UI

New csf v5.38

Changes:

  • Modification to the Integrated UI to allow access to cxs if it is installed via UI_CXS
  • Include an updated cse with csf for use with the Integrated UI via UI_CSE
  • Added option UI_CIPHER to allow the SSL cipher suite to be set manually for the Integrated UI
  • Added HTTP request internal memory limits to the Integrated UI

New csf v5.37

Changes:

  • Added new BETA feature – User Interface. This feature provides a HTML UI to csf and lfd, without requiring a control panel or web server. The UI runs as a sub process to the lfd daemon. See csf.conf and readme.txt for information and requirements
  • Fixed issue with RT_* regex routine ignoring 127.0.0.1
  • Fixed detection of DNSONLY cPanel installs
  • Added Security Check on cPanel server checks for disabled “Proxy subdomains” and “Proxy subdomain creation”
  • Added new option LF_CPANEL_ALERT_ACTION. If a LF_CPANEL_ALERT event is triggered, then if LF_CPANEL_ALERT_ACTION contains the path to a script, it will run the script and passed the ip and username and the DNS IP lookup result as 3 arguments

New csf v5.36

Changes:

  • Fix for the lfd child lock mechanism effectiveness

New csf v5.35

Changes:

  • Added new BETA feature – Port/IP address Redirection. This feature uses the file /etc/csf/csf.redirect to redirect connections from/to IP/port combinations to alternative IP/ports. See readme.txt for more information
  • Updated syslog daemon checking in Server Report
  • Set PT_DELETED to 0 by default on new installations
  • Improvements to csf startup locking within lfd
  • Improvements to error trapping between csf and lfd
  • Check minimum values for interval settings and set to recommended values if too low during lfd startup to improve stability
  • Added lfd child locks to improve stability due too server or network resource issues or too low an interval setting
  • Updated Sanity Checks for settings
  • lfd will now not start if TESTING is enabled
  • Do not require write permissions to /etc/crontab when no changes required for TESTING mode enable/disable
  • Prevent parricide by lfd children unless required
  • Added nat table check in csf
  • Fixed bug in csf –grep not matching the nat table

New csf v5.34

Changes:

  • Improvement to dovecot account name sanitisation checks in lfd
  • Modified cronjobs for new installs to be compatible with anacron
  • Added new option CLUSTER_BLOCK which is enabled by default. This allows you to disable automatic sharing of lfd blocks around a csf cluster, e.g. if you only wish to use the CLUSTER option to share settings and manual blocks and allows
  • Added new option RT_ACTION. If an RT_* event is triggered, then if RT_ACTION contains the path to a script, it will be run in a child process and be passed a list of items (see csf.conf – for cPanel and DA only)
  • Fix to DYNDNS Advanced Allow/Deny Filters using pipe separator
  • Set permissions to 700 on *.sh, *.pl and *.php in /etc/csf/ instead of a blanket 600 of non-csf scripts