ConfigServer Services Blog

Changes:

• Updated csf.conf to clarify that LF_PERMBLOCK_COUNT and LF_NETBLOCK_COUNT with act if more than the number of hits are detected, not on the exact number set
• Modified csf WHM UI to use csf -u to upgrade csf when a new version is available
• Added new script /etc/csf/csftest.pl which will test the servers iptables modules for functionality. The tests are for the required iptables modules and the optional modules for the SMTP_BLOCK, PORTFLOOD and MESSENGER features. This adds a useful diagnostic tool for kernel/iptables problems and to check whether the features above will function
• Added csf WHM UI option to run csftest.pl
• Updated the csf install.txt to run csftest.pl before running up csf

Changes:

• Improved detection of working ipt_owner iptables module on VPS servers such that if ipt_owner does not work SMTP_BLOCK and UID/GID blocks will be automatically disabled and csf will continue to start

Changes:

• Default setting for ICMP_OUT_RATE set to 0 – this is the recommended setting for cPanel servers which use ping times to determine fastest mirrors for various update functions
• Modified PT_LOAD_ACTION code to stop duplicate load emails from being send by lfd
• Moved ETH_DEVICE_SKIP to the top of the INPUT/OUTPUT chains
• Allow enabling of SMTP_BLOCK and use of UID/GID advanced port filter rules on VPS Servers for as ipt_owner is now apparently supported on the latest kernels. However, if the latest kernel isn’t being used or the VPS host hasn’t included the ipt_owner iptables module for the client VPS, then csf will fail with an error

Changes:

• Modified Process Tracking to allow regex exceptions in csf.pignore for deleted executable processes

Changes:

• Modified regex.pm detection of iptables kernel log lines to cater for alternative formatting
• Restored the substitution of the NULL separator with spaces for the /proc/PID/cmdline in Process Tracking

Changes:

• Added code to Process Tracking to translate non-printable characters to especially help detect and report deleted executable file processes
• WARNING: Removed hard-coded exceptions for spamd, cpanellogd, cpdavd and awstats.pl from lfd.pl. If you want to ignore such processes for Process Tracking, you will need to add appropriate ignore rules to csf.pignore for them

Changes:

• Disable ST_LOOKUP by default on new installations
• Modified lfd stats performance when ST_LOOKUP is enabled and added a warning for this setting to csf.conf for when DROP_IP_LOGGING is enabled

Changes:

• Modified the su tracking regex to better trap RHE/CentOS v5 su login attempts
• Added a Server Check for “FTP Logins with Root Password”
• Added new WHM UI option to display Last X iptables Log Lines. Note that the report will only display log lines since this update. The new statistics will be expanded in future developments. Added new ST_* options to the cPanel csf.conf to control the recording of stats
• Removed fwlogwatch from distro and will use self-produced reports