ConfigServer Services Blog

New cxs v2.57

Changes:
– Fixed problem with quarantine move failing – introduced in v2.56
– Implement ignores for rate limit warnings in cxs Watch daemon
– Allow a value of 0 for –filemax [num] which disables the feature
– Set –filemax [num] to 0 in cxswatch.sh for new installs

New cxs v2.56

Changes:
– Improvements to quarantine move failure message
– Implement ignores in compressed files
– Added a rate limit warning to cxs Watch daemon. If a file is scanned more then (2 * Wsleep) times in (10 * Wsleep) seconds then a warning is logged. This is to help identify frequently scanned files that you might want to ignore (e.g. if they are very frequently updated log files)
– Improved installation procedure for checking required perl modules
– Exploit fingerprint definitions database additions

New csf v5.49

Changes:
– Remove atd from Service Check in Server Check Report
– Ensure all DNS traffic between non-local IP addresses in /etc/resolv.conf is allowed through the firewall when DNS_STRICT_NS is not enabled
– Added exim to example script pt_deleted_action.pl
– Added /var/log/cxswatch.log to csf.logfiles for new installations
– Added new option LF_ALERT_SMTP which allows lfd to be configured to send alert emails via SMTP instead of through the SENDMAIL binary. LF_ALERT_SMTP needs to be set to the name or IP address of the SMTP server to use this feature
– Added new option CC_DROP_CIDR. Set this option to a valid CIDR to ignore CIDR blocks smaller than this value when implementing CC_DENY/CC_ALLOW/CC_ALLOW_FILTER. This can help reduce the number of CC entries and may improve iptables throughput
– Improved installation procedure for checking required perl modules

New cxs v2.55

Changes:
– Changes to htaccessdisable.pl example script
– Increased default value for –filemax [num] in cxswatch.sh for new installs
– If necessary, log license error to cxs Watch daemon log

New cxs v2.54

Changes:
– Added logrotate configuration for cxswatch
– Include an example perl script that will disable directory access with a .htaccess file if a match is found using the –script [script] option: /etc/cxs/htaccessdisable.pl
– Modifications to cxs Watch daemon so that it no longer needs to completely restart when new daily detections are downloaded
– Always log if skipping directories in cxs Watch daemon due to –filemax [num]
– Fixed a problem with a false-positive in the php interpreter timeout
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.53

Changes:
– Timeout added for php interpreter during –decode ([D])
– Do not disable –viruscan if clamd not running in cxs Watch
– Exploit fingerprint definitions database additions