Server Software and Configuration Services
Changes:
– Fixed a problem where compressed file depth was not being reset between files causing subsequent compressed files to be skipped from scanning
– Fixed problem where multi-depth compressed files were not being identified by their original filename correctly
– Added compressed file depth to output when matches found
Changes:
– Added PNG and JPEG filetypes for hidden script scanning
– Fixed an issue where cxs was sometimes leaving temporary files in /tmp after compressed file expansion
Changes:
– Removed some of the command locking as it was causing lfd hangs
Changes:
– cxs will now treat .htaccess files as script files and fingerprints have been added for common exploits
– Added more information about existing csf anf cxs integration options (i.e. UI, ModSecurity, pure-ftpd)
– Added information that restores from quarantine must be done through the UI
– Exploit fingerprint definitions database additions
Changes:
– Implemented a locking and retry system to try to mitigate an iptables bug when issuing concurrent iptables commands
Changes:
– Added ModSecurity connection dropping to the LF_MODSEC regex
– Added new option – ETH6_DEVICE. By adding a device to this option, ip6tables can be configured only on the specified device. Otherwise, ETH_DEVICE and then the default setting will be used
– Added new option – LF_SCRIPT_ACTION. On cPanel servers, this can contain the path to a script that is run whenever LF_SCRIPT_ALERT is triggered
– Fixed stats graph average calculation and display if average equals 0
– Split Slow MySQL Queries stats graphs from MySQL Queries
– Improvements to Apache CPU Usage stats graphs
Changes:
– Improvements to cxs Watch daemon ignore/xtra and new update reloading without restart
– Switched to using Sys::Hostname in cxs Watch daemon
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions
Changes:
– On Debian systems, check for my.cnf in /etc/mysql/my.cnf in Server Check
– Add missing/changed images in the DA/Webmin installs. For webmin, the csf webmin module will need to be reinstalled
– Another fix for LF_NETBLOCK to skip IPv6 addresses
– Fixed csf –tempallow where -d [direction] was performing inout when in requested
– Fixed UI option “Edit the Log Scanner file (csf.logfiles)” which was incorrectly overwriting csf.dyndns instead of writing to csf.logfiles
– Changed ETH_DEVICE_SKIP device check from a failure to a warning
– Skip checks for register_globals and suhosin if running PHP v5.4.* in Server Check report
ClamAV 0.97.6 includes minor bug fixes and detection improvements:
https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog
Changes:
– Switched to using Sys::Hostname to determine hostname as CloudLinux restricts access to /proc/sys/kernel/hostname for some reason