csf

Changes:

• Fixed issue in 10.15 which was causing the Cluster daemon to exit unexpectedly

Changes:

• New EXPERIMENTAL feature on cPanel servers: MESSENGERV2. This uses the Apache http daemon to provide the web service for MESSENGER HTML and HTTPS
• Added new option LF_APACHE_401 that works in a similar way to LF_APACHE_404 and LF_APACHE_403
• Added new option RECAPTCHA_ALERT. This will send an email when a recaptcha unblock request is attempted by lfd. This option is enabled by default
• Stability improvements to UI, MESSENGER and CLUSTER daemon processes
• Added memory usage information to lfd log when using MESSENGER_HTTPS
• Add limiter to enforce MESSENGER_CHILDREN when connections are waiting for a child process
• Modify MESSENGER HTML examples for new installs to use inline images to improve page load speed and reduce lfd overheads
• Modified network interface detection to allow dash (-) in name
• URL updates in Server Check
• Increased the default value for MESSENGER_RATE to 100/s (from 30/m) and MESSENGER_BURST to 150 (from 5) for all installations to alleviate slow MESSENGER response times
• Set the SELinux security context for systemd and executable files
• Ensure firewalld is masked on systemd servers

Changes:

• Made configuration checks on iptables more fault tolerant to avoid unnecessary failures while loading
• Removed openbl.org from csf.blocklists for new and existing installs
• More generic binaries added to csf.pignore

Changes:

• Fixed looping/timeout of integrated UI children when Chrome client is used

Changes:

• Configured UI to fully integrate with cPanel templates without using iframes
• Configured UI to display full cPanel breadcrumbs
• Configured UI to support cPanel v66 WHM UI changes

Changes:

• Modified username regex for csf.syslogusers
• Fixed issue with /var/lib/csf/lfd.stats excessive growth

Changes:

• Modified HTML to cater for major change in cPanel v66

Changes:

• Added new option DROP_OUT which is set to “REJECT” by default. This option sets the default target for blocked outgoing ports. See csf.conf for more information
• Added improved detection of xtables lock and recommend enabling WAITLOCK on error
• Improved csf down detection when xtables lock in effect and WAITLOCK is not enabled
• Added support for listing ASNs in CC_IGNORE

Changes:

• Added cpanel.allow and cpanel.ignore Include files for the cPanel authentication servers. These are included on new installations and added to existing files on cPanel installations
• If running cPanel 1:1 NAT, use the contents of /var/cpanel/cpnat to whitelist/ignore the external IP addresses

Changes:

• Fixed bug when using RECAPTCHA_NAT where the listed IP’s were not correctly processed
• Server Check now follows includes in dovecot.conf
• Server Check now reports RHEL/CentOS/CloudLinux v5.* as EOL