Server Software and Configuration Services
New csf v6.07
Changes:
– Fixed issue with processing /proc/PID/stat for process information
Changes:
– Fixed issue with processing /proc/PID/stat for process information
Changes:
– Improvements to –decode ([D])
– Repurposed –options [u] to specifically highlight scripts only within directories deemed suspicious, rather than general directories such as /image/ or /upload(s)/. This should make the option more useful and help avoid false-positives
– Exploit fingerprint definitions database additions
Changes:
– Prevent csf/lfd from failing to run if a non-critical configuration file does not exist
– In webmin, force table stylesheet to override webmin css. Requires webmin module reinstall on existing installations
Changes:
– Improvements to minimal perl module detection on new installs
– Bugfix for default lfd.pl perl shebang
Changes:
– Implement slurp routine for configuration files to cater for incorrect linefeeds
– Ignore leading and trailing spaces from lines in configuration files
– Fixed Include statements in csf.ignore not implemented in lfd
– Additional debug logging for RT_*_LIMIT added
– Replaced call to Time::HiRes::sleep with standard sleep
– Additional dovecot entries in csf.pignore for new installations
Changes:
– Include gzdecode() detection for PHP scripts
– Switched from using LWP to HTTP::Tiny to reduce memory footprint and reliance on the LWP perl module. The HTTP::Tiny module is included in the distribution, so no further action is necessary
– Modified cxs watch daemon to use POSIX::setsid()
– Modified cxs quarantine routine to reduce memory footprint
– Modified loading of Pod::Usage only if necessary to reduce memory footprint
– Modified cxs watch to not fail startup if new watch resource disappears before completion
– Exploit fingerprint definitions database additions
Changes:
– Switched from using LWP to HTTP::Tiny to reduce memory footprint and reliance on the LWP perl module. The HTTP::Tiny module is included in the distribution, so no further action is necessary
– Modified lfd perl module loading to be conditional where possible to reduce lfd memory footprint
– Modify initial file processing to reduce lfd memory footprint
– Modify PS_PORTS processing to reduce lfd memory footprint
– Moved init of Geo::IP::PurePerl into iplookup subroutine
– Removed “DEFERRED” login failure checking from CPANEL_LOG regex due to false-positives
– Modify LF_DIRWATCH_DISABLE so that only files are added to suspicious.tar and removed. Suspicious directories will no longer be removed
– Removed File::Path – no longer required
Changes:
– Modify MESSENGER HTML header to return code 403 instead of 200
– Modify UI daemon to fallback to IPv4 if IPV6 setting is not enabled
– Added new options LF_SYMLINK and LF_SYMLINK_PERM. This feature enables detection of repeated Apache symlink race condition triggers from the Apache patch provided by:
http://www.mail-archive.com/dev@httpd.apache.org/msg55666.html
This patch has also been included by cPanel via the easyapache option:
“Symlink Race Condition Protection”
Changes:
– Modify clean.incoming.cron to tidy /var/spool/MailScanner/incoming/SpamAssassin-Temp
– Fix bug in virus scanner update wrappers that fail to tidy temp files
Changes:
– Improvements to the main decoder regex
– Reverted to using temporary files during PHP file decoding due to a major bug in PHP v5.4.* which produces “Ran out of opcode space!” in interactive mode
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions