csf

Changes:

• Fixed case sensitivity issue introduced in v4.80 with port specific lfd deny lines being ignored

Changes:

• Modified WHM login regex to only trap successful root page displays for LF_CPANEL_ALERT
• Apache status for PT_LOAD now checks http://127.0.0.1/server-status on GENERIC/DA servers. You need to ensure that the server-status page has access from 127.0.0.1 in the apache server-status Location container
• Extended SU log file regex for Debian servers
• Sanitise UI file edit HTML output
• Improvements to the removal of alternative firewalls script
• Added new options GLOBAL_DYNDNS, GLOBAL_DYNDNS_INTERVAL and GLOBAL_DYNDNS_IGNORE which provide for retrieval of a global DYNDNS list via URL
• Improved firewall log lines detection for PS_INTERVAL and ST_ENABLE, especially on Debian
• Improved detection of already blocked IP addresses

This version has been withdrawn. Please upgrade to v4.80

Changes:

• Modified DA installation to overcome permissions problems on some systems preventing the UI from working

Changes:

• Expanded dovecot regex matching
• Fixed the generic installation to install regex.custom.pm

Changes:

• Added check for FrontPage extensions to Server Check as they should be considered a security risk as they were EOL in 2006
• Added support for the impending cPanel v11.25 Security Tokens feature

Changes:

• Added a [block] section to the Login Failure alert.txt template. This new report template will be copied to /etc/csf/alert.txt.new on existing installations, rename it to alert.txt to use it
• Modified existing lfd alerts to use currently used tags instead of appending block information to the IP address (alert.txt modified as above)
• Added new options trigger for RT_LOCALHOSTRELAY_* to csf.conf for email sent via a local IP addresses, separating the trigger from RT_LOCALRELAY_* which is now only for /usr/sbin/sendmail. See csf.conf for more information
• Added Relay Tracking to Direct Admin running exim. See RT_* and SMTPRELAY_LOG in csf.conf for more information
• Added csf.mignore to allow ignoring of specified usernames or local IP addresses from RT_LOCALRELAY_ALERT
• Modified csf UI to use a single dropdown for all lfd ignore files
• Added proftpd regex matching for “UseReverseDNS on” in proftpd config

Changes:

• Removed FUSER from csf.conf as it is no longer used
• Added UNZIP to csf.conf which is required for Country Code to CIDR functions
• Modified the Country Code allow/deny/allow_filter feature to generate CC CIDRs from the Maxmind GeoLite Country database instead of using iplocationtools.com. Note: GeoLite is much more accurate that the previous zones used. This also means that there are usually more CIDRs for each CC which adds to the burden of using this feature

Changes:

• Added checks before Net::CIDR:Lite calls to ensure inputs are CIDR’s to prevent module failures
• New feature – LF_CPANEL_ALERT. Send an email alert if anyone accesses WHM via root. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted)

Changes:

• Modified mail sending code to use a common procedure that copes better with differing combinations and variations of From:, To:, LF_ALERT_TO and LF_ALERT_FROM settings for lfd alerts