ConfigServer Services Blog

ConfigServer scripts on cPanel v11.56

cPanel are upgrading the embedded version of perl on cPanel v11.56 (v56) from perl v5.14 to v5.22, which is a good thing. However, any daemons running under the cPanel embedded version of perl must be restarted after cPanel upgrades otherwise they will start to fail with obscure messages.

To avoid this, you should ensure that any such daemon processes are restarted soon after the upgrade to cPanel v11.56. In the case of ConfigServer products, this means: lfd, cxs and MailScanner.

Fortunately, if you are running csf/lfd on your server then lfd automatically does this for you (for lfd, cxs and MailScanner) whenever upcp runs and upgrades the cPanel version, so you should not need to do anything.

However, if you do have problems or you do not run csf/lfd but do use MailScanner or cxs, then you will need to restart those services manually once your installation of cPanel upgrades to this new release.

New csf v8.12

Changes:

  • Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options
  • Fixed GLOBAL_ALLOW and GLOBAL_DENY when LF_IPSET is enabled
  • Fixed GLOBAL_DYNDNS when LF_IPSET and LF_IPV6 are enabled
  • IPSET binary location set to /sbin/ipset for Debian/Ubuntu new installs
  • Additional regex included for vsftp login failures

New csf v8.11

Changes:

  • Fixed issue on non-RedHat OS installations that failed due to problems whitelisting the installers IP address

New csf v8.10

Changes:

  • Fixed issues with new non-RedHat OS installations by reasserting perl module check to the start of the installation process but removing included modules from checks
  • Ports 2079 and 2080 added to TCP_IN for new cPanel installs to allow CalDAV/CardDAV access

New csf v8.09

Changes:

  • Check /sys/module/ipt_recent/parameters/ip_pkt_list_tot or /sys/module/xt_recent/parameters/ip_pkt_list_tot if defined to allow higher settings for PORTFLOOD than the default of 20 if configured
  • Added LimitNOFILE to lfd.service on servers using systemd to allow for large numbers of open files
  • Cater for full stops (.) in ethernet device names
  • Moved Perl module checks until after csf installation has completed so that all included modules exist in /usr/local/csf/lib/

New cxs v6.01

Changes:

  • Added unsupported option –YSKIPUNCLAM. See POD for more information
  • Exploit fingerprint definitions database additions

New csf v8.08

Changes:

  • Fixed csf.sips modification via UI on Redhat/CentOS v7.1
  • Raised csf.blocklist names from 9 to 25 characters long. This cannot be greater due to limits on ipset names on some OS’s and the use of prepended names for new ipset list swapping
  • Added output from netstat for PT_LOAD to loadalert.txt for new installs. For existing installs, latest file copied to /usr/local/csf/tpl/loadalert.txt.new