ConfigServer Services Blog

New csf v4.39

Changes:

  • Updated csf.conf to clarify that LF_PERMBLOCK_COUNT and LF_NETBLOCK_COUNT with act if more than the number of hits are detected, not on the exact number set
  • Modified csf WHM UI to use csf -u to upgrade csf when a new version is available
  • Added new script /etc/csf/csftest.pl which will test the servers iptables modules for functionality. The tests are for the required iptables modules and the optional modules for the SMTP_BLOCK, PORTFLOOD and MESSENGER features. This adds a useful diagnostic tool for kernel/iptables problems and to check whether the features above will function
  • Added csf WHM UI option to run csftest.pl
  • Updated the csf install.txt to run csftest.pl before running up csf

New csf v4.38

Changes:

  • Improved detection of working ipt_owner iptables module on VPS servers such that if ipt_owner does not work SMTP_BLOCK and UID/GID blocks will be automatically disabled and csf will continue to start

New csf v4.37

Changes:

  • Default setting for ICMP_OUT_RATE set to 0 – this is the recommended setting for cPanel servers which use ping times to determine fastest mirrors for various update functions
  • Modified PT_LOAD_ACTION code to stop duplicate load emails from being send by lfd
  • Moved ETH_DEVICE_SKIP to the top of the INPUT/OUTPUT chains
  • Allow enabling of SMTP_BLOCK and use of UID/GID advanced port filter rules on VPS Servers for as ipt_owner is now apparently supported on the latest kernels. However, if the latest kernel isn’t being used or the VPS host hasn’t included the ipt_owner iptables module for the client VPS, then csf will fail with an error

New csf v4.36

Changes:

  • Modified Process Tracking to allow regex exceptions in csf.pignore for deleted executable processes

New csf v4.35

Changes:

  • Modified regex.pm detection of iptables kernel log lines to cater for alternative formatting
  • Restored the substitution of the NULL separator with spaces for the /proc/PID/cmdline in Process Tracking

New csf v4.34

Changes:

  • Added code to Process Tracking to translate non-printable characters to especially help detect and report deleted executable file processes
  • WARNING: Removed hard-coded exceptions for spamd, cpanellogd, cpdavd and awstats.pl from lfd.pl. If you want to ignore such processes for Process Tracking, you will need to add appropriate ignore rules to csf.pignore for them

New csf v4.33

Changes:

  • Disable ST_LOOKUP by default on new installations
  • Modified lfd stats performance when ST_LOOKUP is enabled and added a warning for this setting to csf.conf for when DROP_IP_LOGGING is enabled

New csf v4.32

Changes:

  • Modified the su tracking regex to better trap RHE/CentOS v5 su login attempts
  • Added a Server Check for “FTP Logins with Root Password”
  • Added new WHM UI option to display Last X iptables Log Lines. Note that the report will only display log lines since this update. The new statistics will be expanded in future developments. Added new ST_* options to the cPanel csf.conf to control the recording of stats
  • Removed fwlogwatch from distro and will use self-produced reports

New RootKit Hunter v1.3.4

Rootkit Hunter announces release 1.3.4The change log lists 4 additions, 8 changes and 9 bugfixes.Naming a few:- Added IntoXonia-NG rootkit check.- Added Phalanx2 rootkit check.- Added support for TCB shadow files.- The ‘–propupd’ option can now take an optional file, directory or package name after it.- Revised file properties inode check.- Tests against the SSH configuration file now accept the key/value pair.- Improved the O/S name detection.- The Linux ‘os_specific’ test has now been split into two separate tests.- Improved ALLOWPROCDELFILE configuration option.- Improved hidden files and directories check.- The DBDIR directory can now be read-only, after installation.- Improved debug file option.- The system startup file and directory tests have now been merged.