ConfigServer Services Blog

New csf v4.18

Changes:

  • Modified temporary IP address storage to use a tied file to preserve temporary bans if lfd is writing during shutdown

New csf v4.17

Changes:

  • Replaced the use of backticks in csf, lfd and the WHM UI with calls to IPC::Open3
  • Various lfd and csf code improvements and tidy up
  • Ensure lfd parent dies cleanly on error
  • Debug information improved and timer modified to use Time::HiRes for more accuracy

New csf v4.16

Changes:

  • Removed port 953 from the TCP and UDP allow lists for new csf installations as it’s not necessary to whitelist as bind listens on the localhost device for such control connections by default
  • Added exe:/usr/sbin/nsd, exe:/usr/libexec/dovecot/pop3-login, exe:/usr/libexec/dovecot/imap-login to new and old cPanel installations csf.pignore to cater for cPanel support for both nsd and dovecot (currently in EDGE)
  • Only use Cpanel::Rlimit if it’s available in WHM UI

New csf v4.15

Changes:

  • Fixed a problem in v4.* where use of GALLOW and ALLOWDYN was allowing connections from blocked IP addresses in csf.deny or temporary blocks. The GALLOW, GDENY and ALLOWDYN chains have been split into GALLOWIN, GALLOWOUT, GDENYIN, GDENYOUT, ALLOWDYNIN and ALLOWDYNOUT to correct this. Many thanks to Brian for his help in tracking this issue down.

New csf v4.14

Changes:

  • Implemented the use of cPanel routine Cpanel::Rlimit to remove process resource limit restrictions as the cPanel memory limitation setting was causing the Server Check to abort with memory allocations problems through WHM on some servers
  • Modified port checking for 23 and 53 in Server Check to no longer use the fuser binary and use the port mappings directly from /proc
  • Modified lfd and Server Check to check for IPv6 bound processes as the IPv4 and IPv6 connections are stored in a different file to IPv4 only bound processes

New csf v4.13

Changes:

  • Updated various comments in csf.conf
  • Fixed call to csfpost.sh from csf

New csf v4.12

Changes:

  • Modified lfd Login Failure tracking to use a per IP address rolling LF_INTERVAL window rather than a static one for all tracked IPs. This makes login failure counting more accurate and blocking more responsive
  • Added new feature – Block Reporting. lfd can run an external script when it performs and IP address block following for example a login failure. BLOCK_REPORT is to the full path of the external script. See readme.txt for format details
  • If csf is installed or upgraded via an SSH session the connecting IP address will now be automatically added to csf.allow (note: it is not added to csf.ignore so lfd may still block it). This IP can be removed after testing if desired
  • Modified the lfd.log format to the standard: :: lfd[]: If you parse lfd.log you will need to update your scripts!
  • Added DEBUG option – for internal use only

New csf v4.11

Changes:

  • Fixed addition of exe:/usr/libexec/hald-addon-keyboard to csf.pignore for existing installations
  • Modified the calculation for the position of LOCALOUTPUT in the OUTPUT chain
  • Added /etc/cron.d/lfdcron.sh to restart lfd daily
  • Added exe:/usr/libexec/dovecot/imap and exe:/usr/libexec/dovecot/pop3 and exe:/usr/sbin/mysqld_safe to csf.pignore
  • Modified SCRIPT_ALERT regex to cope with exim log format changes in FC8+
  • As per RFC5322, adding port 587 to the default TCP_IN list of ports for new installations (i.e. it is now recommended for SMTP servers to offer port 587 access for MUA to MTA traffic rather than port 25 which is for MTA to MTA traffic)
  • Added informational text to Process Tracking email report if a process is running an executable that has been deleted
  • Added csf version to the daemon startup log line in lfd.log