ConfigServer Services Blog

New csf v6.41

Changes:

SECURITY WARNING:

  • Unfortunately, syslog and rsyslog allow end-users to log messages to some system logs via the same unix socket that other local services use. This means that any log line shown in these system logs that syslog or rsyslog maintain can be spoofed (they are exactly the same as real log lines).
  • Since some of the features of lfd rely on such log lines, spoofed messages can cause false-positive matches which can lead to confusion at best, or blocking of any innocent IP address or making the server inaccessible at worst.
  • Any option that relies on the log entries in the files listed in /etc/syslog.conf and /etc/rsyslog.conf should therefore be considered vulnerable to exploitation by end-users and scripts run by end-users.
  • There is a new RESTRICT_SYSLOG option that disables all those features that rely on affected logs. This option is NOT enabled by default.
  • See /etc/csf/csf.conf and /etc/csf/readme.txt for more information about this issue and mitigation advice
  • NOTE: This issue affects all scripts that process information from syslog/rsyslog logs, not just lfd. So you should use other such scripts with care
  • Our thanks go to Rack911.com for bringing this issue to our attention

Other changes:

  • UI design updates and fixes
  • Modify Apache regex to support log lines containing thread ID
  • Prevent lfd from blocking CIDRs triggered from log lines

New cxs v4.15

Changes:

  • Memory usage improvements and general speedups
  • Added the ability to use negative –options [-][], i.e. the default list of options is used apart from those listed when prefixed with a minus
  • –[no]fallback now defaults to –nofallback due to performance concerns which should be noted before enabling the option
  • Exploit fingerprint definitions database additions

 

New cxs v4.14

Changes:

  • Force cxs into a detached process if running –upgrade as a CRON job to fix upgrade hanging issue

 

New cxs v4.13

Changes:

  • Significant speedups in regex (up to 300% faster) and FP matching
  • Exploit fingerprint definitions database additions

 

New cxs v4.11

Changes:

  • New feature: –[no]fallback. If clamd produces an error or is unavailable after a scan starts, this option will attempt to use clamscan to scan files until clamd is available again. This option is enabled by default
  • Additional minor updates to the POD documentation
  • Modify cxsdaily.sh to fork jobs to prevent hanging on new installs
  • Added timeout (5 mins) to cxs upgrade routine
  • Improvements to –wttw [file]

 

New cxs v4.10

Changes:

  • Check file size against –sizemax [size] when using –wttw to ensure ignored files are not being submitted incorrectly
  • Exploit fingerprint definitions database additions

 

New cxs v4.09

Changes:

  • UI Fixes and updates
  • Fixed issue with default perl binary on non-cPanel servers
  • Use raw UI plugin on DA servers when generating cxs commands/scans to overcome buffering issues
  • Exploit fingerprint definitions database additions