csf

Changes:

• New feature: WHM UI mod_security v1 display last X entries in the audit_log
• New feature: WHM UI mod_security v1 edit files or directories in /usr/local/apache/conf/ that are prefixed with modsec or mod_sec
• Tweaked the pre-configured Firewall Security Level settings

Changes:

• Fix to to support current EDGE in csf WHM UI

Changes:

• Tightened the mod_security v1 regex after the changes in v2.52

Changes:

• Separated the log file regex’s into regex.pm for those feeling brave to tailor them for non-cPanel servers
• Unified installer for cPanel and non-cPanel installations – so that only install.sh needs to be run (checks for the existence of /usr/local/cpanel/version If you install on a server intending to use cPanel before cPanel is installed, run the install.cpanel.sh script instead
• Added mod_security v2 regex when running Apache2 to lfd
• Added [iptext] tag for connectiontracking.txt to list all the connections of an offending IP. Add this manually for existing installations

This is a major landmark for us in the development of csf and lfd which provides installation of the firewall and daemon onto non-cPanel generic Linux distributions:

• Major Enhancement: csf+lfd can now be installed and used on a generic Linux OS without cPanel using install.generic.sh – see readme.txt for more information
• PF INVDROP entries made bi-directional if PF logging enabled (reduces the number of INVDROP LOG rules by half)
• Fixed Process Tracking throttle control to correctly use PT_INTERVAL

Changes:

• Removed option ALLOW_RES_PORTS from new installs, setting is ignored
• Check for LF at the end of form data for files edited through the WHM UI and append one if omitted
• Following the changes in 2.48 the LOGDROP chain doesn’t distinguish between incoming and outgoing blocks. So, LOGDROP has now been split into LOGDROPIN and LOGDROPOUT

Changes:

• Fixed issue if ETH_DEVICE was set and from changes in 2.48

Changes:

• csf will now specify ! lo as the main ethernet device unless otherwise defined in ETH_DEVICE. This will mean that the firewall is applied to all ethernet devices on the server unless otherwise specified in the configuration

Changes:

• Modified DYNDNS code to set listed domains IP addresses to be ignored as if they were listed in csf.ignore
• If adding an IP address to csf.allow that is already in csf.deny, the IP address will now be removed from csf.deny first and the DROP removed from iptables. It will then be added to csf.allow as normal