csf

Changes:

• Updated DSHIELD blocklist to use https
• Updated Server Check PHP EOL information
• Improved DA session checking
• Improved DA Server Check report
• Modified cpanel.comodo.allow and cpanel.comodo.ignore with an additional IP address
• MESSENGERv3 now out of BETA testing
• Added UDP ports 80 and 443 to UDP_IN/UDP6_IN for new installations to support QUIC/HTTP3
• Modified DA regex for Roundcube v1.4+
• Modified DIRECTADMIN_LOG_R to point to /var/www/html/roundcube/logs/errors.log for Roundcube v1.4+ by default on new installs and change for old installs if not already set
• Added a new DA regex for phpMyAdmin
• Modified iframe resizer on DA, thank you to Martynas @ DirectAdmin
• Updated Integrated User Interface documentation to point to the latest Apache docs
• Added newly generated self-signed keys for lfd UI
• Updated Server Report descriptions for cPanel
• Updated Server Report for systemd processes
• Added back cPanel update check to the Server Report now that it has been reinstated by cPanel
• Removed outdated Server Report checks

Changes:

• Added new BETA TESTING option: MESSENGERV3. This provides the MESSENGER service utilising the local webserver. It currently supports Apache v2.4+ and Litespeed/Openlitespeed. As the first iteration this likely contains bugs and may not be suitable for production environments. See csf.conf and readme.txt for more information
• Changed Country Code Lookup source to ipdeny.com
• Added CC_ALLOW_SMTPAUTH to all configurations for the benefit of servers other than cPanel running Exim
• Modify CC_ALLOW_FILTER to allow RELATED, ESTABLISHED connections through so that outgoing connection replies from remote sites not in CC_ALLOW_FILTER are accepted
• Added a note in csf.conf regarding MESSENGER_CHILDREN, that consideration needs to be made for local images displayed on the page. The default has also been increased to 20 for new installations Modifications to MESSENGER server to speed up connection response time and improve stability
• Modifications to LFD UI and CLUSTER server to improve stability
• Added SUDO login alerts: LF_SUDO_EMAIL_ALERT. This will send an email alert using the sudoalert.txt template whenever there is a failed or successful SUDO connection. SUDO_LOG must be set to the correct log file. LF_SUDO_EMAIL_ALERT is disabled by default
• Added new entry in csf.pignore on cPanel servers for v86+:
  exe:/usr/libexec/dovecot/imap-hibernate
• Added Server Check for EOL PHP v7.1
• Removed cPanel update checks from the Server Report now that the options are no longer available in cPanel v86+
• NOTICE: We are deprecating support for Virtuozzo/OpenVZ servers. Future releases will not take into consideration those platforms which have become onerous to support. The software application may continue to work but support and functionality is no longer guaranteed

Changes:

• Changed mailman listings in csf.pignore on cPanel servers to cater for changes in python versions in RHEL v6/7 and 8
• Fixed issue with CC_ALLOW_FILTER when not using IPSET but using SAFECHAINUPDATE would cause the new chain to be created in the wrong place by lfd when the zone is retrieved/updated
• Fixed issue when using CC_ALLOW_FILTER with IPSET enabled not adding the final DROP rule in lfd
• Further modifications to support RHEL/CentOS v8
• Fixed issues with MESSENGER and CLUSTER server listeners terminating prematurely

Changes:

• Added alternative database for Country Code Lists and Settings. These do not currently require logins/keys and in some cases are better optimised. A new setting CC_SRC allows switching between sources. For new installations these new sources are used. Existing installations are configured to continue to use the MaxMind databases. See the “Country Code Lists and Settings” section in /etc/csf/csf.conf for detailed information
• Added binary locations for CURL and WGET which will be tried if data retrieval fails when using the LWP perl module, e.g. on outdated OS’s
• Added new option for URLGET setting “3”. This allow the use of either CURL or WGET instead of the perl modules

Changes:

• Modified CyberPanel installation to support move to python3

Changes:

• Fixed interdependence issue between Country Code lookups and Country Code filters in lfd introduced in v13.09
• Improved MM_LICENSE_KEY error messages

Changes:

• Removed hard-coded date from MaxMind ASN url

Changes:

• Due to MaxMind changing their free download policy to require signup and a license key, a new option MUST be configured to continue to use Country Code lookups (CC_LOOKUPS). The option MM_LICENSE_KEY must be set to the key obtained from the MaxMind site. See:

  https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/

  https://www.maxmind.com/en/geolite2/signup

  Note: Existing installations will continue to use downloaded d/b’s from before the MaxMind change, though may be cleared after CC_INTERVAL

• Changed CC_LOOKUPS option 4 from freegeoip.net to db-ip.com as the former no longer exists
• Fixed System Stats graphs not displaying on CyberPanel
• Updated csf control panel reporting in version display

Changes:

• Added official CyberPanel integration and CyberPanel panel specific configuration (only tested on CentOS v7)
• More changes to support RHEL/CentOS v8

Changes:

• Added format requirements for ASN entries in CC_* settings
• Removed SSHDSPAM exploit check as it’s no longer critically relevant
• Modifications to support RHEL/CentOS v8
• Modified systemd service to cater for RHEL/CentOS v7.7 pidfile symlink check changes
• Fixes and improvements to UI Ajax code
• Removed legacy bandmin code for cPanel servers and LF_CPANEL_BANDMIN setting
• Modified default InterWorx csf.conf to set SMTP_ALLOWGROUP appropriately for SMTP_BLOCK