ConfigServer Services Blog

News csf v2.23

Fixes and features:

  • Modified LF_SCRIPT checking to also look for HOMEDIR and HOMEMATCH from the cPanel configuration
  • Added maildir check to Security Check
  • Fixed a typo in advanced rules – Thank you to Victor from Touch Support for pointing this out
  • Added binary executable check for LF_DIRWATCH files
  • Added core dump check in cron directories to LF_DIRWATCH
  • Added /var/tmp check to LF_DIRWATCH if inode with /tmp does not match
  • Increased LF_DIRWATCH timeout from 10 to 20 seconds – if you still find it timing out, make sure that you have been clearing down your tmp directories

New csf v2.22

Changes:

  • Added CIDR recognition to csf.ignore
  • Rewrite of the iptables command invocation in csf.pl to trap iptables errors and shutdown firewall if any found – should help prevent lockouts

New csf v2.21

Bug fix:

  • Fixed a problem on some installations where the update process emptied out csf.conf. If this has happened, you will need to remove /etc/csf/csf.conf and then rerun the installation procedure and reconfigure the firewall. If you’re already running at least v2.18 you can probably simply restore /etc/csf/csf.conf.preupdate to csf.conf and then upgrade to this release

New csf v2.18

New features and bugs fixed:

  • Fixed an issue with checking the /var/tmp symlink by comparing the inodes of /tmp and the symlink destination of /var/tmp
  • Added checking of /usr/tmp
  • Added checking of SSH PasswordAuthentication
  • Modified update routine to take a copy of csf.conf before upgrading – the backup file is /etc/csf/csf.conf.preupdate
  • Added check in /etc/cron.daily/logrotate for /tmp noexec workaround

New csf v2.16

Bug fix:

  • Fixed syntax issue with the csf.deny application feature added in v2.15 that prevents csf adding the IP to csf.deny

New csf v2.15

Some new features and bugfixes:

  • Added a list of the applications that lfd blocks a login failure for into csf.deny, e.g. (ftpd,mod_security)
  • Extended LF_DIRWATCH with a new option LF_DIRWATCH_FILE. This feature will watch for changes in directories and files listed in csf.dirwatch using an md5sum for the ls output. If the md5sum changes between checks an email alert is sent using watchalert.txt
  • Modified pid file locking for the lfd process to ensure duplicate processes won’t run
  • Completely reworked the child reaper code to prevent SIG_CHLD kernel errors. Removed DISABLE_SIG_CHLD_IGNORE from csf.conf for new installs
  • Added new option to csf.fignore that allows you to ignore files owned by a specific user by adding an entry in the format user:bob
  • Fixed bug in LF_DSHIELD timer code
  • Wrapped LF_DSHIELD and LF_SPAMHAUS in a 10 second timeout to fetch their respective data
  • New Feature – GLOBAL_ALLOW and GLOBAL_DENY options allow you to specify a URL where csf can grab a centralised copy of an IP allow and/or deny block list of your own. They are both retrieved after a LF_GLOBAL interval in seconds by lfd
  • Added WHM UI changes for LF_DIRWATCH_FILE

New csf v2.13

Some additions:

  • Added cPanel version check to Security Check
  • Added suspicious symlink checking to LF_DIRWATCH
  • Added a Display All Comments to Security Check
  • Added hyperlinks to WHM URLs in Security Check comments
  • Fixed the Apache Limits comments of the Security Check
  • Added shell limit checks to Security Check
  • Added Background Process Killer to Security Check

ConfigServer Explorer now free!

We have decided to rename the WHM File Manager/Console script application to ConfigServer Explorer (cse) and release it as a free download from our site:http://www.configserver.com/cp/cse.html

New csf v2.11

Changes:

  • Typo corrections in output text
  • Removed dependencies on external modules for the Server Check report

New csf v2.08

New feature:

  • Changed app name to ConfigServer Security & Firewall
  • New Feature – Added Server Security Check report to WHM UI