ConfigServer Services Blog

New csf v5.45

Changes:

– Only log Log Scanner in lfd.log if DEBUG set to 2 to allow empty reports if monitoring lfd.log
– Added new option LF_BOGON_SKIP. If you don't want BOGON rules applied to specific NICs, then list them in a comma separated list
– Added new option LF_CONSOLE_EMAIL_ALERT which will send an email if there is a root login to the server console. This is enabled by default

New cxs v2.46

Changes:

  • Added two new advanced PHP decoders for –decode ([D])
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.44

Changes:

  • New feature – Log Scanner. This feature will send out an email summary of the log lines of each log listed in /etc/csf/csf.logfiles. All lines will be reported unless they match a regular expression in /etc/csf/csf.logignore
  • Set LWP::UserAgent agent to “csf/[version]” instead of the default

New cxs v2.45

Changes:

  • Modification to quarantine to ensure unique filenames
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cmq v1.11

Changes:

  • Modified to remove cPanel process limits when run
  • Modified from using backticks to open3
  • Removed use of wget binary

New cmm v1.17

Changes:

  • Fixed version module error in cPanel log
  • cPanel v11.28+ now a requirement

New MailScanner Script v2.83

Changes:

  • Changes “no_message_logs” to “message_logs = false” for exim.conf so that the new cPanel v11.32 exim configuration editor doesn’t complain
  • New Mailscanner v4.84.3:http://www.mailscanner.info/ChangeLog

New cxs v2.44

Changes:

  • Added new –ignore [file] option pscript: – regex of web script to ignore
  • Set –options [P] ftp timeout to 10 seconds
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.43

Changes:

  • csf and lfd modified to better handle !lo interface for compatibility with newer iptables versions
  • Removed use of Sys::Hostname::Long
  • Added new options LF_APACHE_403 and LF_APACHE_403_PERM. This option will keep track of the number of “client denied by server configuration” errors in HTACCESS_LOG. If the number of hits is more than LF_APACHE_403 in LF_INTERVAL seconds then the IP address will be blocked. See csf.conf for more information