ConfigServer Services Blog

Changes:

• Added ipv6 IP detection for proftpd login failures
• Removed ossec and webmin from the Server Check services section

Changes:

• Modified the Country Code allow/deny feature to use iplocationtools.com now that ipdeny.com has gone offline

Changes:

• Modified OS version check to prevent Fedora v10 obsolete false-positive in Server Check
• Modified the exim SMTP AUTH regex to use the latest cPanel/exim format
• Added failure notification for DYNDNS entry lookups in lfd if they fail to resolve or timeout

Changes:

• Modified Firewall Security Level UI to set PS_LIMIT within range
• Fixed problem processing template for SU_ALERT
• Empty csf.dshield on upgrade to work around problem where DSHIELD blocked themselves in their own BLOCK list

Changes:

• Removed SMTP_BLOCK warning on VPS servers where ipt_owner doesn’t work if SMTP_BLOCK isn’t actually enabled
• Added new CLI option (csf -uf) which forces an update of csf+lfd
• Added new CLI option (csf -df) which removes and unblocks all entries in /etc/csf.deny (excluding those marked “do not delete”)
• Added new UI option to that removes and unblocks all entries in csf.deny (excluding those marked “do not delete”) and all temporary IP bans
• Added csf file names to the csf UI options

Changes:

• New feature – Added new CLI option: csf –mail (or csf -m) which can take an email address as an argument. It will display the Server Check in HTML or send the output to the email address if present
• Added option to UI Server Check to schedule csf to generate the report and email the results to the address specied at the interval specified
• Removed MySQL check from cPanel DNSOnly Server Check
• Updated the perl v5.8.8 Server Check comment
• Fixed sanity check for RT_*_BLOCK
• Fixed copy of install.txt for generic installs and upgrades
• Modified UI for Deny Servers IPs > Change to indicate that csf needs restarting, not lfd
• Added built-in replacement function for the Messenger Service message files for [HOSTNAME] which will be replaced by the servers FQDN hostname. Updated the sample Messenger index templates
• Updated the uninstall scripts to remove the cronjob and logrotate files
• Added colour highlights to the Quick Allow and Quick Deny UI boxes

Changes:

• Fixed problem with SU_ALERT alert report in v4.61
• Modified the Server Check for cPanel update settings to check for daily updates more accurately
• Added Server Check for cPanel tree
• Upgraded IP::Country
• New feature – Added sanity check to configuration values in csf, UI Server Check and UI Firewall Configuration. In the UI Firewall Configuration: lines highlighted in red fall outside the recommended range; lines highlighted in pale green differ from the default on installation
• Added cPanel Security Check to check that at least one configured nameserver is on a different server
• Added proftpd checks to csf (for VPS servers) and in Server Check
• Added DirectAdmin Checks to UI Server Check for: SSL login to DA; proftpd cipher; nameserver on a different server; PHP version and configuration checks; Apache version; dovecot cipher
• Removed resolv.conf localhost check

Changes:

• Modified lfd iptables command error handling to log errors and continue instead of terminating when in TESTING mode
• Removed loading of iptables modules from csftest.pl to avoid modprobe problems with some OS kernels
• Added Connection Tracking check for pre-existing block to cater for linux connection status timeouts
• Moved LF_CSF check to the start of the lfd processing interval
• New option LF_ALERT_FROM. If set, the value of this option will override the From: field in all of the lfd alert templates. This change also uses the From: field in the template (or this option if set) as the value for the SENDMAIL -f option
• Modified POP/IMAP Server Checks for the chosen mail server only on cPanel servers
• Modified FTP Server Checks for the chosen ftp server only on cPanel servers
• Added SMTP Tweak to Server Check on cPanel servers and removed block on csf starting if enabled

Changes:

• Modified cipher checks to strip out quotes
• Modified Apache cipher message to remoind that you have to rebuild the Apache configuration and restart for changes to be effective