New csf v1.73

Some new features and fixes:

  • Added new option LF_CSF to restart csf if iptables appears to have been flushed (i.e. stopped)
  • Added new option LF_SCRIPT_PERM to disable directories identified by LF_SCRIPT_ALERT – see csf.conf for more information
  • Workaround to child reaper when 2 children die at the same time
  • Added workaround for PT spamd false-positives

New csf v1.64

Major new feature in this release:

  • Updated CLI help and readme.txt for new csf -u command from v1.63
  • Changed the format of the email templates for new installations – if you want to use the new format remove /etc/csf/*.txt and then install csf
  • Added mechanism to prevent multiple email/block attempts from login attacks in lfd
  • Added new feature – Process Tracking. This option enables tracking of user and nobody processes and examines them for suspicious executables or open network ports. Its purpose is to identify potential exploit processes that are running on the server, even if they are obfuscated to appear as system services. If a suspicious process is found an alert email is sent with relevant information – readme.txt for details

New csf v1.63

A new release of csf+lfd with the following changes:

  • Added feature to WHM UI to enable editing of the email templates
  • Modified WHM UI to use fixed-width larger font for command output and edit boxes
  • Added notice to install.txt and readme.txt about enabling klogd (on VPS systems in particular)
  • Added autoupdates system using AUTO_UPDATES – see csf.conf for details

New csf v1.61

New release, new major feature:

  • Tighten up some of the csf rules
  • Added new fature – LF_SCRIPT_ALERT when enabled will scan /var/log/exim_mainlog for extended exim logging lines that show the cwd= line for paths in /home which indicate emails sent from scripts. If LF_SCRIPT_LIMIT emails from the same path are sent within an hour, an email alert is sent using scriptalert.txt containing the first 10 probably exim mainlog line matches and also likely mailing scripts within the identifed path – an ideal tool to help identify spamming scripts sending out email through exim. The option is disabled by default as you do need to enable extended exim logging first as

New csf v1.60

New release with a nice new feature:

  • Modified lfd to use a child reaper instead of ignoring the CHLD signal
  • Added login failure detection of cpanel, webmail and whm connections – this will only work for access to non-secure ports as cPanel doesn’t know the IP address of the user when connection are over SSL due to the way stunnel works