csf

Changes:

• csf will now specify ! lo as the main ethernet device unless otherwise defined in ETH_DEVICE. This will mean that the firewall is applied to all ethernet devices on the server unless otherwise specified in the configuration

Changes:

• Modified DYNDNS code to set listed domains IP addresses to be ignored as if they were listed in csf.ignore
• If adding an IP address to csf.allow that is already in csf.deny, the IP address will now be removed from csf.deny first and the DROP removed from iptables. It will then be added to csf.allow as normal

Bug fix:

• Fixed syntax issue with the csf.deny application feature added in v2.15 that prevents csf adding the IP to csf.deny

Some new features and bugfixes:

• Added a list of the applications that lfd blocks a login failure for into csf.deny, e.g. (ftpd,mod_security)
• Extended LF_DIRWATCH with a new option LF_DIRWATCH_FILE. This feature will watch for changes in directories and files listed in csf.dirwatch using an md5sum for the ls output. If the md5sum changes between checks an email alert is sent using watchalert.txt
• Modified pid file locking for the lfd process to ensure duplicate processes won’t run
• Completely reworked the child reaper code to prevent SIG_CHLD kernel errors. Removed DISABLE_SIG_CHLD_IGNORE from csf.conf for new installs
• Added new option to csf.fignore that allows you to ignore files owned by a specific user by adding an entry in the format user:bob
• Fixed bug in LF_DSHIELD timer code
• Wrapped LF_DSHIELD and LF_SPAMHAUS in a 10 second timeout to fetch their respective data
• New Feature – GLOBAL_ALLOW and GLOBAL_DENY options allow you to specify a URL where csf can grab a centralised copy of an IP allow and/or deny block list of your own. They are both retrieved after a LF_GLOBAL interval in seconds by lfd
• Added WHM UI changes for LF_DIRWATCH_FILE

Some additions:

• Added cPanel version check to Security Check
• Added suspicious symlink checking to LF_DIRWATCH
• Added a Display All Comments to Security Check
• Added hyperlinks to WHM URLs in Security Check comments
• Fixed the Apache Limits comments of the Security Check
• Added shell limit checks to Security Check
• Added Background Process Killer to Security Check

Changes:

• Typo corrections in output text
• Removed dependencies on external modules for the Server Check report

New feature:

• Changed app name to ConfigServer Security & Firewall
• New Feature – Added Server Security Check report to WHM UI

Changes:

• Fixed log file error if DShield or Spamhaus block list retrieval fails
• Added perl regex matching in csf.fignore (see updated readme.txt)

This should stabalise the LF_DIRWATCH feature now:

• Fixed a looping issue with the temporary Connection Tracking block code
• Added a 10 second timeout for the LF_DIRWATCH child to prevent looping

Some bugfixes and changes to LF_DIRWATCH:

• In LF_DIRWATCH, allow wildcard matching at the end of a file name in csf.fignore, such that /tmp/clamav* will ignore any files starting with /tmp/clamav, e.g. /tmp/clamav-1234
• Added a throttle to LF_DIRWATCH – if more than 10 emails are being emailed in one pass, LF_DIRWATCH will create the file /etc/csf/csf.dwdisable and then disable itself. To get it watching again, either restart lfd or delete that file
• Fixed a bug where LF_DIRWATCH always reported the same file when different files had been detected in a pass