ConfigServer Services Blog

New csf v7.50

Changes:

  • Added new BETA options LF_IPSET, IPSET. Use ipset for CC_* and csf.blocklist bulk list matching. See csf.conf for more info
  • Added new UI option to view ports on the server that have a running process behind them listening for external connections
  • Added new CLI option (csf -p, csf –ports) to view ports on the server that have a running process behind them listening for external connections
  • Added new CLI option (csf –graphs) to Generate System Statistics html pages and images for a given graph type into a given directory. See ST_SYSTEM for requirements
  • If using DYNDNS and the FQDN has multiple A records then all IP addresses will now be allowed
  • IPv6 support added to DYNDNS. Requires the Perl module Socket6 from cpan.org to be installed
  • On DA servers, if LF_DIRECTADMIN is enabled, DIRECTADMIN_LOG_* will be scanned for login failures to Roundcube, SquirrelMail and phpMyAdmin if installed and logging enabled via CustomBuild v2+. Failures will contribute to the LF_DIRECTADMIN trigger level for that IP
  • On DA servers, FTPD_LOG now defaults to /var/log/messages on new installs
  • Added exe:/usr/libexec/dovecot/anvil to csf.pignore for new installs on DA
  • Added to UI count of entries in /etc/csf/csf.allow
  • Added blocklist.de to csf.blocklists for new installs, latest file copied to /etc/csf/csf.blocklists.new on existing installs
  • Started moving common functions to separate modules within csf
  • HTTP::Tiny upgraded to v0.050
  • Fixed csf stop/start routines on reboot for servers using systemd
  • Modified integrated UI to display die errors to browser
  • Modified X_ARF report to use a self-published schema: http://download.configserver.com/abuse_login-attack_0.2.json
  • Modified X_ARF to lowercase the Source-Type field
  • Modified X_ARF template to use the v0.2 “X-XARF: PLAIN” header field
  • Updated restricted UI items
  • Geo::IP upgraded to v1.45
  • Crypt::CBC upgraded to v2.33

New cxs v5.05

Changes:

  • Updated installer to fix generic installs on some Redhat/CentOS setups
  • Fixed issue with fingerprint database and a corrupt regex
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v7.15

Changes:

  • Updated installer to fix generic installs on some Redhat/CentOS setups
  • Fixed issue with temporary allow/deny not applying individual port rules for outgoing connections

 

New cxs v5.04

Changes:

  • Improvements to .htaccess fingerprint P0216 -> P0767
  • Modify installer to always perform an update on installation to ensure the latest definitions are always available
  • cxswatch will now scan a directories permissions if any of its attributes are changed and –options [w] and/or –options [W] is enabled
  • Updated scripts to use download.configserver.com
  • Exploit fingerprint definitions database additions

 

Problems downloading from new site?

If you are having any problems downloading from our new download site, which also hosts the latest text version numbers and changelogs, then be sure to allow access to the current IP address for download.configserver.com (currently: 85.10.199.177) through your firewall.