ConfigServer Services Blog

New csf v4.01 *BETA*

This update is ONLY to the v4 BETA release of csf.Changes:

  • Allow the Messenger Service to be used on VPS servers. However, if the ipt_REDIRECT module is missing csf will fail to start correctly and abort
  • HTML Messenger service server now only reads a limited line length instead of unlimited input to prevent overflows

Download available here and requires manual installation:http://www.configserver.com/free/csfv4beta.tgz

New csf v4.00 *BETA*

This is a BETA release of csf v4.00 which introduces a major new feature and a reworking of the iptables chains and rules. While extensive testing has been done, it is eminently possible that this release may contain bugs. Please do not use this release if you’re not prepared to help troubleshoot the new features and are not familiar with the Linux root shell.For this beta release ONLY, users can log helpdesk tickets ONLY if they find problems with the new features. If this is not adhered to the tickets will simply be closed.Changes:

  • New feature – Messenger Service. This feature allows the display of a message to a blocked connecting IP address to inform the user that they are blocked in the firewall. This can help when users get themselves blocked, e.g. due to multiple login failures. The service is provided by two daemons running on ports providing either an HTML or TEXT message. See csf.conf and readme.txt for more information (not available on VPS platforms and others missing the ipt_REDIRECT kernel module)
  • Moved INPUT and OUTPUT chain rules for blocks and allows to their own respective chains LOCALINPUT and LOCALOUTPUT. This means that no IP blocks will be listed in the INPUT or OUTPUT chains, but in the new ones
  • Re-organised all of the INPUT and OUTPUT chain rules to give precedence to the LOCALINPUT rules before invoking other chains and port ALLOW rules
  • Moved the SYNFLOOD protection chain rule to be the first chain rule after the LOCALINPUT chain rule
  • Moved the lo device rules to the always be at the top of the INPUT and OUTPUT chains
  • Modified the syslog regex matches to only match on local entries to cope with centralised syslog configurations

Download available here and requires manual installation:http://www.configserver.com/free/csfv4beta.tgz

New MailScanner Script v2.68

Changes:

  • Brought MailScanner In Only exim init script inline with the latest from cPanel with the use of tailwatchd
  • New Mailscanner v4.71.10:http://www.mailscanner.info/ChangeLog

New csf v3.43

Changes:

  • Improved application IP block checking
  • Restored the option LF_SCRIPT_PERM with additional checks for directories within the cPanel homedirs and for symlinks. Warning added to csf.conf for this option
  • Added random query-source port setting for BIND to the Server Report

New csf v3.42

Changes:

  • Corrected information for LF_TRIGGER_PERM in the generic csf.conf to be the same as the cPanel csf.conf
  • If LF_SELECT is enabled make sure all cPanel ports are blocked on cpanel login failure. This was only doing ports 2082,2083 and will now block 2082,2083,2086,2087,2095,2096

New csf v3.41

Changes:

  • Added new mechanism to allow custom regular expression matching with individual settings for lfd login failure detection. See /etc/csf/regex.custom.pm for details
  • Modified all timestamps in lfd reports to also include the standard timezone offset (i.e. from GMT)
  • Added new setting CC_LOOKUPS to control the new Country Code lookups (enabled by default)
  • DROP_IP_LOGGING automatically disabled if PS_INTERVAL is enabled
  • PS_INTERVAL enabled by default on new installations
  • Doubled the number of lines before log file flooding detection will be triggered

New csf v3.40

Changes:

  • Added queuealert.txt to the WHM UI dropdown list for editing
  • Clarified in csf.conf that setting LF_QUEUE_ALERT to 0 disables the check
  • Added Country Code lookups for IP addresses. Any reported IP addresses will include the international CC where available. It should be noted that with international ISPs this may not be wholly accurate. Where possible the CC will be translated into the associated country name

clamd problems after upgrading to ClamAV v0.93.2 for some

If you’re seeing the following when trying to restart clamd after upgrading to the latest version of ClamAV:

# service clamd restart Starting clamd: LibClamAV Error: cli_dbgets: Preliminary end of data LibClamAV Error: cli_dbgets: Preliminary end of data LibClamAV Error: cli_dbgets: Preliminary end of data LibClamAV Error: Empty database file LibClamAV Error: Can’t load daily.db: Malformed database LibClamAV Error: cli_tgzload: Invalid size in header LibClamAV Error: Can’t load /usr/local/share/clamav/daily.cld: Malformed database ERROR: Malformed database

The it appears ClamAV have borked your freshclam database. To fix:

rm -Rfv /usr/local/share/clamav/*freshclamservice clamd restart