csf

Changes:

• Added new CLI option to csf, -g –grep will search the iptables chains for a specified match which is either explicit or part of a CIDR
• Added WHM UI option for csf –grep
• Added new CLI option to csf, -dr –denyrm will remove an IP address from csf.deny and unblock it
• Added WHM UI option for csf –denyrm

Changes:

• Added csf.suignore file where you can list usernames that are ignored during the LF_EXPLOIT SUPERUSER test
• New option PT_LOAD_ACTION added that can contain a script to be run if PT_LOAD triggers an event. See csf.conf for more information
• Added SUPERUSER check to Server Check Report
• Added Suhosin check to Server Check Report

Changes:

• Allow comments after IP addresses in csf.dyndns
• Added new login failure option LF_SUHOSIN which detects alert messages and blocks the attacker IP after the configured number of matches
• Added a new exploit check for non-root superuser accounts
• Added a new configuration option LF_EXPLOIT_CHECK which allows you to configure which tests are performed by LF_EXPLOIT

Changes:

• Modified the Server Report code for checking PHP variables to be more lenient when checking the output from /usr/local/bin/php -i
• Modified lfd calculation of Jiffies to use the POSIX::sysconf function to obtain the clock ticks instead of assuming 100 ticks for Linux
• Fix duplicate LF_INTEGRITY emails

Changes:

• Changed DROP_IP_LOGGING logging advice in csf.conf to NOT use this setting if you use Port Scan Tracking as it will cause redundant blocks
• Added tag [hostname] to all of the alert reports. You will need to add this manually to the report text Subject: line (or anywhere else in the report that you would like it) for existing installations
• Added “A note about FTP over TLS/SSL” to readme.txt

Out apologies for the multiple releases today, but the new options behaved differently from testing in live environments.Changes:

• Fixed problem in Server Check that caused an error in some situations
• Modified netblock caching code to prevent repeated block attempts

Changes:

• Corrected net block logic so that after a net or perm block occurs, subsequent log entries that would incur the same block are ignored

Changes:

• New feature – LF_PERMBLOCK. Permanently blocks IP addresses that have had X temporary blocks in the last Y seconds. Uses email template permblock.txt
• New feature – LF_NETBLOCK. Permanently blocks network classes (A, B or C) if more than X IP addresses in a specified class have been blocked in the last Y seconds. This may help within some DDOS attacks launched from within a specific network class. Uses email template netblock.txt
• Modified MD5SUM comparision code to better reset md5sum checks after a hit
• Only issue Random JS Tookit warning if all the MD5SUM checks fail for the relevant files
• Removed POP flood Protection setting check from Server Report as it’s no longer relevant to courier-imap
• Rewritten the Apache Check code for the Server Report to better detect the current running settings on all Apache and PHP versions
• Don’t check Apache RLimitCPU/RLimitCPU limits on VPS servers as they aren’t relevant (as they apply to the host VPS configuration) for the Server Report

Changes:

• Fixed bug in the generic csf release where the default csf.conf was missing the DROP, CT_STATES and GLOBAL_IGNORE settings – Thanks to Jim for the help in tracking the issue down

Changes:

• Rewritten the update code so that a new csf.conf is creating when upgrading. It now uses the latest csf.conf and transfers the existing settings to the new configuration file. This way all installations are sure to have all new settings and the latest comments. It also makes the release process for new builds much simpler
• Other installation/update improvements
• Updated APF/BFD removal procedure