csf

New csf v4.59

Changes:

  • Added proftpd regex for Plesk server log file format
  • Modifed the Server Check cipher checks for pure-ftpd and Apache to use openssl to ensure SSLv2 is disabled
  • Added cPanel Server Check checks for dovecot, courier-imap IMAP and POP3D SSL cipher list
  • New option SAFECHAINUPDATE added. If enabled, all dynamic update chains (GALLOW, GDENY, SPAMHAUS, DSHIELD, BOGON, CC_ALLOW, CC_DENY, ALLOWDYN) will create a new chain when updating, and insert it into the relevant LOCALINPUT/LOCALOUTPUT chain, then flush and delete the old dynamic chain and rename the new chain. See csf.conf for more information. This option is disabled by default, but we do recommend that it is enabled on non-VPS servers with restrictive numiptent values
  • Added SAFECHAINUPDATE to the firewall Server Check (except for Virtuozzo VPS servers)
  • Modified Server Check on cPanel to make the PHP v4 warning clear and to warn where PHP v5 and v4 have both been compiled (PHP v4 is obsolete and should not be used at all anymore)
  • Added WHM checks for skipparentcheck and cpsrvd-domainlookup to Security Check
  • New option LF_ALERT_TO. If set, the value of this option will override the To: field in all of the lfd alert templates

New csf v4.58

Changes:

  • Modified exim cipher check in Server Check to use openssl to test the expanded configured cipher suites to ensure SSLv2 is disabled

New csf v4.57

Changes:

  • Improved exim configuration option detection in Server Check
  • Added Exim Configuration checks to DirectAdmin Server Check
  • Modified csftest.pl to perform a modprobe on all used iptables modules before testing
  • Added PASV port hole warning on VPS servers to the output of csf on start and to the cPanel (if using pure-ftpd) Server Check
  • Added lfd to the DirectAdmin Service Monitor
  • Added back a revised Firewall Security Level option to UI

New csf v4.56

I have confirmed csf compatibility with Debian v5.0Changes:

  • Added TCP_OUT port 2222 for the DA default configuration for new installations
  • Added ICMP protocol to Advanced Allow/Deny Filters. See readme.txt for more information and examples
  • Updated readme.txt to reflect the Control Panel UI availability for cPanel, DirectAdmin and Webmin
  • Modified mod_security configuration file check to the TLD only of /usr/local/apache/conf/ and only files ending in .conf

New csf v4.55

Changes:

  • Fixed issue with csf.conf not being loaded for the Server Check Report
  • Removed erroneous chkconfig check from Server Check Report
  • Disabled various checks in Server Check Report for non-cPanel servers
  • Modified Debian/Ubuntu init entry creation and removal procedure
  • Modified Server Check to search for multiple named.conf locations

New csf v4.54

Changes:

  • Bug fix to Exploit Check code
  • Fixed problem with iptables logs not being collated if PS_INTERVAL is disabled but ST_ENABLE is enabled
  • Fixed potential problem with SMTPRELAY_LOG not being scanned when RT_RELAY_ALERT, RT_AUTHRELAY_ALERT or RT_POPRELAY_ALERT enabled

New csf v4.53

Changes:

  • Upgraded the csf Webmin UI module to the new csf UI and added installation/upgrade instructions to the install.txt for Webmin
  • Fixed image locations and javascript in DA and webmin UI
  • Updated the uninstall scripts and the uninstall section of install.txt

New csf v4.52

Changes:

  • Reverted lfd signalling on cPanel servers to allow UI restarts of lfd
  • Added warning in DA UI to upgrade csf from the root shell due to restrictions in DirectAdmin

NOTE: DA users should upgrade csf to this version from the root shell using “csf -u” and not use the Upgrade button in the UI

New csf v4.51

Changes:

  • Fixed csf –upgrade (csf -u) for DA installations

New csf v4.50

Changes:

  • Added restrictions information regarding the PORTFLOOD setting and ipt_recent to readme.txt (i.e. hit count max is 20)
  • Modular development of csf UI
  • Added DirectAdmin UI and installation support for csf/lfd
  • Added Statistics options (ST_ENABLE, etc) to generic csf installation
  • Added SMTP options (SMTP_BLOCK, etc) to generic csf installation
  • Removed pre-configured firewall settings through UI for redevelopment as it has become out-dated
  • Modify csf UI to signal lfd to start/restart/enable only. A one minute cron job will actually perform the signalled function. The CLI is unaffected and performs the command immediately. This is introduced to overcome fork issues from within an Apache session