ConfigServer Services Blog

New cmm v1.08

Changes:

  • Dramatically reduced memory overhead of listing mail directories by only reading the first 200 lines of any email. Also speeds up directory listing greatly
  • Display only the first 1000 lines of any email to reduce memory overhead and speed up display
  • Added new upgrade mechanism
  • Removed use of the cat binary
  • Added “Select by Search” JS code, thanks to rafaelfpviana on the forum for the code

Upgrade through WHM or by following the installation instructions again.

New csf v3.15

Changes:

  • Auto-whitelist all DNS traffic to/from IPs in /etc/resolv.conf
  • Modified csf.conf text for new installations to account for auto-configuration of ETH_DEV which has been the case for some time:# By default, csf will auto-configure iptables to filter all traffic except on# the local (lo: ) device. If you only want iptables rules applied to a specific# NIC, then list it here (e.g. eth1, or eth+ )ETH_DEVICE = “”# If you don’t want iptables rules applied to specific NICs, then list them in# a comma separated list (e.g “eth1,eth2” )ETH_DEVICE_SKIP = “”

New csf v3.14

Changes:

  • Added new format for cPanel (v11.18.3) login failures to regex.pm
  • Added exe:/usr/libexec/gam_server to the default list of ignored binaries
  • Fixed problem with SCRIPT_ALERT not picking up alternative /home directories from wwwacct.conf

New csf v3.13

Changes:

  • Added new option DENY_TEMP_IP_LIMIT which limits the number of IP bans held in the temporary IP ban list to prevent iptables flooding. If the limit is reached, the oldest bans will be removed/allowed by lfd on the next unblock cycle regardless of remaining TTL for the entry
  • Added LF_FLUSH for the flush interval of reported usernames, files and pids so that persistent problems continue to be reported. Default is set to the previously hard-coded value of 3600 seconds
  • Fixed uw-imap ipop3d regex
  • Added check for TESTING mode when using csf -a or csf -d to only add to the respective csf.allow or csf.deny files and not insert into iptables to prevent errors if iptables has been flushed after reaching TESTING_INTERVAL

New csf v3.12

Changes:

  • Added SMTP AUTH failure regex for Kerio MailServers
  • Fixed an issue where a permanent Port Scanning alert would report as a temporary block, eventhough a permanent block was performed
  • Added regex for failed SSH key authentication logins (thanks to Paul)

New RootKit Hunter v1.3.2

The Rootkit Hunter project team announces release 1.3.2.The changelog lists 3 additions, 6 changes and 14 bugfixes. Naming a few:- Socklog and rsyslog daemons support.- IRIX/IRIX64 support.- Application version check errors mostly ignored.- Unset ALLOW_SSH_ROOT_USER and ALLOW_SSH_PROT_V1.- Application check whitelisting.- ‘pflog’ checked for all *BSD now.- Correct scanning of /dev in LAZY mode.- Whitelisted passwordless account names logged.- Corrected obtaining process names in Solaris.- Unset MANPATH for .spec (OpenSuSE).- Correct hidden files/directories test behaviour.This is the procedure we use to upgrade rkhunter:

wget http://prdownloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gztar -xzf rkhunter*cd rkhunter-*./installer.sh –layout default –install

New csf v3.11

Changes:

  • Use /proc for Process Tracking instead of ps output incase of exploited system binaries and to better determine resource usage of each process