csf

This version has been withdrawn. Please upgrade to v4.80

Changes:

• Modified DA installation to overcome permissions problems on some systems preventing the UI from working

Changes:

• Expanded dovecot regex matching
• Fixed the generic installation to install regex.custom.pm

Changes:

• Added check for FrontPage extensions to Server Check as they should be considered a security risk as they were EOL in 2006
• Added support for the impending cPanel v11.25 Security Tokens feature

Changes:

• Added a [block] section to the Login Failure alert.txt template. This new report template will be copied to /etc/csf/alert.txt.new on existing installations, rename it to alert.txt to use it
• Modified existing lfd alerts to use currently used tags instead of appending block information to the IP address (alert.txt modified as above)
• Added new options trigger for RT_LOCALHOSTRELAY_* to csf.conf for email sent via a local IP addresses, separating the trigger from RT_LOCALRELAY_* which is now only for /usr/sbin/sendmail. See csf.conf for more information
• Added Relay Tracking to Direct Admin running exim. See RT_* and SMTPRELAY_LOG in csf.conf for more information
• Added csf.mignore to allow ignoring of specified usernames or local IP addresses from RT_LOCALRELAY_ALERT
• Modified csf UI to use a single dropdown for all lfd ignore files
• Added proftpd regex matching for “UseReverseDNS on” in proftpd config

Changes:

• Removed FUSER from csf.conf as it is no longer used
• Added UNZIP to csf.conf which is required for Country Code to CIDR functions
• Modified the Country Code allow/deny/allow_filter feature to generate CC CIDRs from the Maxmind GeoLite Country database instead of using iplocationtools.com. Note: GeoLite is much more accurate that the previous zones used. This also means that there are usually more CIDRs for each CC which adds to the burden of using this feature

Changes:

• Added checks before Net::CIDR:Lite calls to ensure inputs are CIDR’s to prevent module failures
• New feature – LF_CPANEL_ALERT. Send an email alert if anyone accesses WHM via root. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted)

Changes:

• Modified mail sending code to use a common procedure that copes better with differing combinations and variations of From:, To:, LF_ALERT_TO and LF_ALERT_FROM settings for lfd alerts

Changes:

• Code speedups in csf –grep
• Added csf.allow and GLOBAL_ALLOW lookups during lfd blocking and note added to alert if ip match found
• Modified Server Check for Fedora v9 EOL now that Fedora v11 has been released
• Modified iptables output from csf.pl to exclude the Fedora v11 intrapositioned negation messages
• Fixed typo in integrity.txt alert template for new installations
• Modified the email header for csf –mail
• Fix Relay Tracking from 127.0.0.1 to always report as a LOCALRELAY
• Modified lfd output filehandle names to avoid read/write conflicts
• Added Advanced Allow/Deny Filters for csf.dyndns. See readme.txt for an example
• Added new option CC_ALLOW_FILTER as an alternative to CC_ALLOW where only listed Country Codes are allowed, however normal port and packet filter rules are still applied to those connections. All other connections are dropped

Changes:

• Modified UI access to csf.sips to display checkboxes instead of direct editing, for ease of use
• Fixed problem where RELAYHOSTS setting wasn’t always being honoured
• Modified mod_security configuration editor to handle HTML elements
• Rewritten RT_*_ALERT regex and counting code to better deal with a variety of exim log output formats
• Added recipient count to RT_*_ALERT to include emails sent to multiple recipients. This option requires that the exim log_selector setting in the exim configuration includes the option: +received_recipients So, the recommended log_selector setting is now: