csf

Changes:

• Ignore csf.rignore for LT_POP3D and LT_IMAPD
• Removed unnecessary csf.locks during some GLOBAL list updates
• Updated Copyright notice
• Modified the block message for LF_MODSEC and LF_SUHOSIN to be more appropriate ( i.e. not “login failures” )
• Added new block options for BIND denied requests: LF_BIND, LF_BIND_PERM, BIND_LOG. This works in the same way as the other similar blocks, e.g. LF_SUHOSIN. It will block IP addresses that have had BIND (named) requests denied more than LF_BIND times in LF_INTERVAL seconds. Currently named client denied log lines for “update” and “zone transfer” trigger the option
• Modified GLOBAL_ routines to continue if retrieval for one fails instead of immediately exiting
• Added IPv6 check to Server Check
• Display DNS lookup results for IP addresses if CC_LOOKUPS is enabled on single line comments (lfd.log, csf.deny, etc)
• Added new options LF_PERMBLOCK_ALERT and LF_NETBLOCK_ALERT so that the respective email alerts can be disabled
• Updated IP::Country

Changes:

• Added Dovecot regex checking for LT_POP3D and LT_IMAPD
• Modified Server Check for Fedora v10 EOL now that Fedora v12 has been released
• Improved Dovecot IMAP and POP3D login failure regex
• Ignore RELAYHOSTS setting for LT_POP3D and LT_IMAPD
• Fixed TLSCipherSuite Server Check for proftpd
• Added SSHD regex for “Did not receive identification string from IP” failures

Confirmed that csf works as expected on Fedora 12 and Ubuntu 9.10

Changes:

• Further improvements to ICMP rule filters
• Added backup mod_security log viewer for non-cPanel servers

Changes:

• Mod_security log viewer removed from csf in favour of cmc
• Improved ICMP rule filtering. This could help some hosts that experience connection issues with csf
• Added ICMP regex checking to Port Scan Tracking. Add ICMP to PS_PORTS to include this, i.e. to Port Scan for all ports use:PS_PORTS = “0:65535,ICMP”This is now the default on new installations

Changes:

• Added multiple checks to the Server Check for new cPanel v11.25 security settings
• Tidied up and rearranged the main UI
• Removed redundant UI options
• Added total perm bans to UI

Changes:

• Removed the need for UI lfd cron restart jobs on Direct Admin

Changes:

• Fixed case sensitivity issue introduced in v4.80 with port specific lfd deny lines being ignored

Changes:

• Modified WHM login regex to only trap successful root page displays for LF_CPANEL_ALERT
• Apache status for PT_LOAD now checks http://127.0.0.1/server-status on GENERIC/DA servers. You need to ensure that the server-status page has access from 127.0.0.1 in the apache server-status Location container
• Extended SU log file regex for Debian servers
• Sanitise UI file edit HTML output
• Improvements to the removal of alternative firewalls script
• Added new options GLOBAL_DYNDNS, GLOBAL_DYNDNS_INTERVAL and GLOBAL_DYNDNS_IGNORE which provide for retrieval of a global DYNDNS list via URL
• Improved firewall log lines detection for PS_INTERVAL and ST_ENABLE, especially on Debian
• Improved detection of already blocked IP addresses