ConfigServer Services Blog

New cxs v4.02

Changes:

  • Fixed issue with creation of new quarantine directory for new installs
  • Improved quarantine directory detection for conversion on upgrade to v4

(see changelog for v4 for main changes for this release tree)

New cxs v4.01

Changes:

  • Introducing a new Quarantine system. This new version creates a more secure method of quarantining suspicious files in cxs. It removes the need for a directory with 1777 permissions. It also makes the layout and maintenance of the quarantine directory much simpler
  • Automatically rename old quarantine directory to [dir].(timestamp) and create new quarantine structure. An email is sent to root with a reminder to remove the old directory
  • Any pre v4 old quarantine directory can still be viewed and restored from through the UI if required, though this functionality (for old quarantine directories) will be removed in the future
  • New option –qcreate. This option is used to create a new quarantine directory structure. It will rename any pre-existing directory to [name].(timestamp)
  • New option –qclean [days]. This option is used to clean a quarantine directory specificed with –quarantine [dir], retaining the last [days] worth of files
  • New option –qrestore [file]. This option is used to restore a quarantine file via the CLI to the original file location (v4 quarantined files only)
  • New option –qview [file]. This option is used to view a quarantined file via the CLI
  • Modified cxs UI to cater for new quarantine layout and provide some additional information on quarantined files
  • Added new file /etc/cxs/cxsdaily.sh as an example file to symlink from /etc/cron.daily/ to perform daily tasks and added to RECOMMENDATIONS in the docs
  • Modified cxs Watch scanning to automatically scan newly created directories for exploits to help overcome an issue where files are created before a new directory is watched
  • Support for running cxs through suhosin has been removed
  • Fixed issue with –defapache [user]
  • Modified recommendations on file ownership and permissions when using –logfile [file]
  • HTTP::Tiny upgraded to v0.037
  • POD documentation tidy
  • Exploit fingerprint definitions database additions

New cxs v3.27

Changes:

  • NOTE: Support for using suhosin is deprecated and will be removed in the near future – use ModSecurity instead. If you are unable to use ModSecurity, you will have to rely on either cxs Watch or manual scans
  • New option added: –defapache [user]. This is the default account under which apache runs. This will be set to “apache” by default except on cPanel servers where it is set to “nobody” by default
  • Make cxs watch restart reason more verbose
  • Improved file type detection for files within archives
  • Improvements to the main decoder regex
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

 

New csf v6.37

Changes:

  • Fixed issue that produced false-positive failures for IP address actions through UI when checking for a valid IP address
  • Modified lfd to support the use of either “password” or “pass” in /root/.my.cnf for ST_MYSQL
  • Updated CLUSTER information in readme.txt

 

New cxs v3.26

Changes:

  • Fixed issue with cxs process termination due to scanning timeouts
  • Prevent regex hangs due to some exploit tactics
  • Fixed quarantine UI not restoring file permissions correctly

 

Atomic Secured Linux Delayed ModSecurity Rules

In their infinite wisdom, ASL have decided to no longer provide their delayed ModSecurity rules as from today with no warning whatsoever. They were a very useful resource to those that did not wish to pay for the supported live rules, but they are now gone.

The update script that we provided with our services packages will now no longer function. You can either continue using the rules that are installed, but if you require updated rules in the future, you will need to pay ASL for them.

New cxs v3.25

Changes:

  • Extended fingerprint checks for alternative linefeeds in scripts
  • Fixed functionality of the included test.cgi upload test script
  • Enforce stricter permissions on /var/log/cxswatch.log
  • Disable option to upgrade cxs in DA UI and instruct to use CLI
  • Added use of –force to –upgrade to redo upgrade to latest version if required
  • Additional checks to terminate php child process if timeout occurs
  • Exploit fingerprint definitions database additions