csf

New csf v5.18

Changes:

  • Remove RT_POPRELAY_* from csf.conf on DA servers as it does not apply
  • Improved Server Check for cPanel Update configuration check
  • Modifed csf restart to not start bandmin during the stop phase
  • Modified LF_DIRWATCH to remove dependency on File::Type
  • Modified LF_DIRWATCH for speedups and removed the need for a file size limit
  • Debian v6 support confirmed
  • Added /etc/bind/named.conf.options to the list of named.conf files to check for recursion settings (for Debian)

New csf v5.17

Changes:

  • Updated Server Check for cPanel Update configuration check to cater for the new format
  • Disable LFD service in DA on uninstall of csf using SED instead of REPLACE

New csf v5.16

Changes:

  • Fixed missing perm.png from DA install
  • Fixed Temporary IP Entries table headers in UI
  • If DENY_IP_LIMIT is reached, remove excess IPs from iptables as well as csf.deny (previously only removed from csf.deny)
  • csf on cPanel servers automatically re-enables the cPanel Bandwith chains after iptables is configured. If bandmin is not functioning, or you don’t use the bandmin stats you can disable this new option LF_CPANEL_BANDMIN (enabled by default on cPanel servers)

New csf v5.15

Changes:

  • Check for multiple Ports settings for sshd in /etc/ssh/sshd/_config when the LF_SELECT option is enabled
  • Updated SMTPAUTH regex to detect more login authentication methods
  • Updated AUTHRELAY regex to detect more login authentication methods
  • Added option to UI to permanently block temporarily blocked IP’s

New csf v5.14

Changes:

  • Updated RELAY regex to detect the dovecot/courier login authentication methods on cPanel servers
  • Updated Server Check Report to reflect cPanel/WHM changes in v11.28, including additional checks and updating reference text
  • Added checks to LF_DIRWATCH_FILE to ensure watched resources exist on startup and while running a check. Those that do not exist are ignored and logged in lfd.log

New csf v5.13

Changes:

  • Added obsolete OS checkes for Fedora v11 and v12, plus RedHat/CentOS v2 and v3 in Server Check
  • Fixed broken reference URL’s in Server Check for cPanel servers
  • Modified statistics to not display pie chart if no data is available
  • Sort LF_DIRWATCHFILE output by time to improve the reported results
  • Added new setting for AT_ALERT to only trigger on modification to the root account (i.e. not all superuser accounts)
  • Tested successfully for support on Fedora v14 and Ubuntu v10.10

New csf v5.12

Changes:

  • Added some lfd blocking statistics which can be viewed via the UI. Requires gd graphics library and the GD::Graph perl module with all dependent modules
  • Added 8th argument to BLOCK_REPORT for the setting that triggered the block
  • Added setting that triggered a block to lfd log lines

New csf v5.11

Changes:

  • Removed erroneous Port Knocking messages in lfd.log when PORTKNOCKING_ALERT not enabled
  • Added ‘exe:/usr/bin/postgres’ to the cPanel csf.pignore for new installations
  • Added retry timeout in WHM UI for checking www.configserver.com for new version information (to avoid repeated hangs when unreachable)
  • Fixed LF_PERMBLOCK issue that flushed all temporary IP blocks, not just the IP being permanently blocked
  • Added check to PHP Server Check that php -i output is complete

New csf v5.00

Changes:

  • lfd Clustering, final release. This new set of options (CLUSTER*) in csf.conf allows the configuration of an lfd cluster environment where a group of servers can share blocks and, via the CLI, configuration option changes, allows and removes. See the readme.txt file for more information and details, setup and security implications
  • Added new option LF_DISTATTACK. Distributed Account Attack detection. This option will keep track of login failures from distributed IPs to a specific application account. If the number of failures matches the trigger value, ALL of the IP addresses involved in the attack will be blocked. This option is currently disabled by default – see csf.conf for more information
  • Added new option PT_USERKILL_ALERT if you want to disable email alerts for PT_USERKILL triggers. This option is enabled by default, i.e. alerts are sent
  • Added new options LF_QUICKSTART in csf.conf and CLI options -q, –startq, -sf, –startf to allow deferral of csf startup to lfd instead of waiting for the CLI to perform the work. See the CLI help and csf.conf for more information
  • Added UI option for “Firewall Quick Restart” which uses csf -q, “Firewall Restart” uses csf -sf
  • lfd now restarts csf (if stopped and LF_CSF enabled) within the main process to enhance the integrity of the firewall
  • Multiple login failure regex detection improvements
  • Fixed typos in permblock.txt

New csf v4.99

Changes:

  • Improved csf locking to enhance the integrity of the firewall
  • Log lfd csf deny failures
  • New SSHD regex added
  • Improved the dovecot regex’s
  • New Beta option: lfd Clustering. This new set of options (CLUSTER*) in csf.conf allows the configuration of an lfd cluster environment where a group of servers can share blocks and, via the CLI, configuration option changes, allows and removes. See the readme.txt file for more information and details, setup and security implications