Server Software and Configuration Services
New csf v6.12
Changes:
– Added iptables UID logging for dropped outgoing packets
– New feature – DROP_OUT_LOGGING. Enables iptables logging of dropped outgoing connections. Where available, these logs will also include the UID connecting out which can help track abuse. Note: Only outgoing SYN packets for TCP connections are logged. The option is not enabled by default, but we recommend that it is enabled
– Option DROP_ONLYRES now only applies to incoming port connections
– New feature – User ID Tracking. This feature tracks UID blocks logged by iptables to syslog. If a UID generates a port block that is logged more than UID_LIMIT times within UID_INTERVAL seconds, an alert will be sent. Requires DROP_OUT_LOGGING to be enabled
– Modified Port Scan Tracking regexes to ensure only incoming connections are tracked
– Added Server Check for dhclient running
– Added Server Check on cPanel servers for antirelayd
– Added Server Check on for a swap file (don't bother on Virtuozo)
– Added Server Check for xinetd, qpidd, portreserve and rpcbind in Services Check since most people won't use them