ConfigServer Services Blog

Changes:

• Fixed problem with SU_ALERT alert report in v4.61
• Modified the Server Check for cPanel update settings to check for daily updates more accurately
• Added Server Check for cPanel tree
• Upgraded IP::Country
• New feature – Added sanity check to configuration values in csf, UI Server Check and UI Firewall Configuration. In the UI Firewall Configuration: lines highlighted in red fall outside the recommended range; lines highlighted in pale green differ from the default on installation
• Added cPanel Security Check to check that at least one configured nameserver is on a different server
• Added proftpd checks to csf (for VPS servers) and in Server Check
• Added DirectAdmin Checks to UI Server Check for: SSL login to DA; proftpd cipher; nameserver on a different server; PHP version and configuration checks; Apache version; dovecot cipher
• Removed resolv.conf localhost check

Changes:

• Modified lfd iptables command error handling to log errors and continue instead of terminating when in TESTING mode
• Removed loading of iptables modules from csftest.pl to avoid modprobe problems with some OS kernels
• Added Connection Tracking check for pre-existing block to cater for linux connection status timeouts
• Moved LF_CSF check to the start of the lfd processing interval
• New option LF_ALERT_FROM. If set, the value of this option will override the From: field in all of the lfd alert templates. This change also uses the From: field in the template (or this option if set) as the value for the SENDMAIL -f option
• Modified POP/IMAP Server Checks for the chosen mail server only on cPanel servers
• Modified FTP Server Checks for the chosen ftp server only on cPanel servers
• Added SMTP Tweak to Server Check on cPanel servers and removed block on csf starting if enabled

Changes:

• Modified cipher checks to strip out quotes
• Modified Apache cipher message to remoind that you have to rebuild the Apache configuration and restart for changes to be effective

Changes:

• Added proftpd regex for Plesk server log file format
• Modifed the Server Check cipher checks for pure-ftpd and Apache to use openssl to ensure SSLv2 is disabled
• Added cPanel Server Check checks for dovecot, courier-imap IMAP and POP3D SSL cipher list
• New option SAFECHAINUPDATE added. If enabled, all dynamic update chains (GALLOW, GDENY, SPAMHAUS, DSHIELD, BOGON, CC_ALLOW, CC_DENY, ALLOWDYN) will create a new chain when updating, and insert it into the relevant LOCALINPUT/LOCALOUTPUT chain, then flush and delete the old dynamic chain and rename the new chain. See csf.conf for more information. This option is disabled by default, but we do recommend that it is enabled on non-VPS servers with restrictive numiptent values
• Added SAFECHAINUPDATE to the firewall Server Check (except for Virtuozzo VPS servers)
• Modified Server Check on cPanel to make the PHP v4 warning clear and to warn where PHP v5 and v4 have both been compiled (PHP v4 is obsolete and should not be used at all anymore)
• Added WHM checks for skipparentcheck and cpsrvd-domainlookup to Security Check
• New option LF_ALERT_TO. If set, the value of this option will override the To: field in all of the lfd alert templates

Changes:

• Modified exim cipher check in Server Check to use openssl to test the expanded configured cipher suites to ensure SSLv2 is disabled

Changes:

• Improved exim configuration option detection in Server Check
• Added Exim Configuration checks to DirectAdmin Server Check
• Modified csftest.pl to perform a modprobe on all used iptables modules before testing
• Added PASV port hole warning on VPS servers to the output of csf on start and to the cPanel (if using pure-ftpd) Server Check
• Added lfd to the DirectAdmin Service Monitor
• Added back a revised Firewall Security Level option to UI

I have confirmed csf compatibility with Debian v5.0Changes:

• Added TCP_OUT port 2222 for the DA default configuration for new installations
• Added ICMP protocol to Advanced Allow/Deny Filters. See readme.txt for more information and examples
• Updated readme.txt to reflect the Control Panel UI availability for cPanel, DirectAdmin and Webmin
• Modified mod_security configuration file check to the TLD only of /usr/local/apache/conf/ and only files ending in .conf