ConfigServer Services Blog

New MailScanner Front-End v4.43

Changes:

  • Fixed location of msfe.div in WHM UI
  • Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low
  • Changed backtick calls to use Open3

New cxs v3.02

Changes:

  • Security – Added UI Restricted Mode which is enabled by default. This disables features in the UI that could allow abritrary commands to be run as root and system files to be overwritten. To enable unrestricted access to the UI remove /etc/cxs/cxs.restricted
  • Added UI option to completely disable the UI by creating the file /etc/cxs/cxs.disableui

New cxs v3.01

Changes:

  • Implement slurp routine for configuration files to cater for incorrect linefeeds
  • Improvements to forced quarantine feature within –xtra [file] and updated instructions provided in cxs.xtra.example
  • Security – Quarantine improvements
  • Exploit fingerprint definitions database additions

New cmm v1.22

Changes:

  • Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low
  • Changed backtick calls to use Open3

 

New cmq v1.16

Changes:

  • Fixed selected queue run based on sender/recipient. Also fixed BCC field email release

 

New cmq v1.15

Changes:

  • Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so risk is low

 

New csf v6.22

Changes:

  • Security Fix – Sanitised user data input to prevent running unauthorised commands via the UI. A user would require root access to exploit this, so vulnerability is probably low. Thanks to Steven at Rack911.com for reporting this issue
  • Added Password ENV variable check to Server Check on cPanel servers
  • Update cPanel ACL Driver installations to change force cache update using “touch” instead of removing the cache
  • Modified TOR URL in /etc/csf/csf.blocklists to use:
    http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1

 

New csf v6.21

Changes:

  • Modified auto-update logic to only create the /etc/cron.d/csf_update file if it does not already exist
  • Fix permissions on csf man file and directory
  • Modified webmin module paths to be relative rather than absolute so that webmin via mod_proxy works correctly
  • Fixed “in” direction –tempallow/–tempdeny leaking into [comment]
  • Added nginx regex for ModSecurity rule detection. Remember to set MODSEC_LOG correctly for the location of the nginx error log
  • Fixed file permission/ownership problem on DirectAdmin servers for the /plugins directory

New cxs v3.00

Changes:

  • Implemented hfile ignoring for ratelimiting in cxs Watch
  • Implemented ignore caching in cxs Watch for ratelimited files
  • HTTP::Tiny upgraded to v0.033
  • Exploit fingerprint definitions database additions

New csf v6.20

Changes:

  • Introduced a new directory structure to get closer to the Linux
    Filesystem Hierarchy Standard (FHS):

    /etc/csf/           - (mostly) configuration files
/var/lib/csf/       - temporary data files
/usr/local/csf/bin/ - scripts
/usr/local/csf/lib/ - perl modules and static data
/usr/local/csf/tpl/ - email alert templates

    Existing data and templates files are migrated into the new structure automatically. Some files and directories are symlinked to /etc/csf/ for backwards compatibility and ease of use. See the following for individual file locations in the new configuration:
    http://blog.configserver.com/?p=7

  • CC_LOOKUPS rDNS reporting improvements
  • HTTP::Tiny upgraded to v0.033
  • Removed Security Token check from Server Check Report now that it is implicitly set in v11.18.0+
  • Switched the location of the csf.pl and lfd.pl binaries with their symlinks
  • Code tidy for servercheck.pm, csfui.pl
  • Allow comments to be appended to csf –tempdeny and csf –tempallow in the same way as csf –deny and csf –allow. Also made the options more flexible in usage of optional elements
  • Added Comments field to UI for Quick Allow, Quick Deny, and Temporary Allow/Deny
  • Added csf(1) man page and changed csf –help to use a text version of the new man page
  • Fixed unnecessary open of csf.fignore