ConfigServer Services Blog

Changes:

• Reversed csf.tempip changes to avoid a possible locking issue in csf.pl, lfd.pl changes retained

Changes:

• Fixed 12 month statistics pie chart rendering
• Increased default value and sanity range for PT_USERMEM
• Modified SMTP_BLOCK to use iptables multiport
• Added new feature: SMTP_REDIRECT. This redirects non-authorised outbound SMTP connections to the local SMTP server
• Ensure LF_PERMBLOCK IP’s are removed from csf.tempip when rotating csf.deny after reaching DENY_IP_LIMIT
• Remove stale csf.tempip entries on lfd startup
• Added IPv6 support to RT_LOCALHOSTRELAY tracking
• Update binary locations for new installations on DirectAdmin Debian
• Improved fix for detection of ip6tables nat chains
• Added UI Firewall Configuration On/Off buttons
• Added UI Firewall Configuration dropdowns for some value ranges
• Updated UI restricted list
• Updated sanity checks
• Various UI updates and modifications
• Added a warning when using mod_cloudflare to Server Check Report

Due to the changes by exim caused by CVE-2016-1531, exim no longer reports the script location that it was initiated from. This now means that LF_SCRIPT_* will no longer function.

EDIT: We have just be informed by cPanel that they have developed a workaround that will be released imminently for EXIM that should restore the functionality. Yay!

Changes:

• Removed UI integration from CentOS Web Panel as recent permission changes break the implementation. The csf installer will restore the original functionality

If you see this error on uprading csf (if you installed v8.14 before 8.15 replaced that release):

# csf -u
Can't locate object method "ssl_opts" via package "LWP::UserAgent" at /usr/local/csf/lib/ConfigServer/URLGet.pm line 142.

You can fix the code and then upgrade using:

# sed -i "s/\$ua->ssl_opts/#\$ua->ssl_opts/" /usr/local/csf/lib/ConfigServer/URLGet.pm
# csf -u

Changes:

• Added new configuration option IP to point to the IP binary. This will be used in preference to IFCONFIG, the latter is no longer required when the IP binary is correctly configured and executable
• Added full UI integration into CentOS Web Panel (CWP). To disable integration:
  Rename: /usr/local/cwpsrv/htdocs/resources/admin/modules/csf.orig.php
  to:     /usr/local/cwpsrv/htdocs/resources/admin/modules/csf.php
  create: /etc/csf/cwp.disable
• Updated Postfix SMTP AUTH regex (thanks to Marcele)
• Added support for /etc/csf/csf.blocklists in ZIP format. The zip file MUST only contain a single text file of a single IP/CIDR per line
• Added Stop Forum Spam (ZIP) example to csf.blocklists
• Added IPV6 support to csf.sips
• Fixed detection of ip6tables nat
• Removed development code for ispconfig from distribution as this should NOT be used. It has never been implemented nor released as a supported solution and is likely to be insecure. Upgrading will remove any installations of this development code

Changes:

• Added /usr/local/cpanel/3rdparty/php/54/sbin/php-fpm to csf.pignore for  cPanel installs
• Clarify cluster CLI commands that refer to remote server actions
• Added number of failures to the RBL check Subject field
• Modified Port Scan checks for more kernel log line formats in regex.pm