csf

New csf v14.01

Changes:

  • Changed mailman listings in csf.pignore on cPanel servers to cater for changes in python versions in RHEL v6/7 and 8
  • Fixed issue with CC_ALLOW_FILTER when not using IPSET but using SAFECHAINUPDATE would cause the new chain to be created in the wrong place by lfd when the zone is retrieved/updated
  • Fixed issue when using CC_ALLOW_FILTER with IPSET enabled not adding the final DROP rule in lfd
  • Further modifications to support RHEL/CentOS v8
  • Fixed issues with MESSENGER and CLUSTER server listeners terminating prematurely

New csf v14.00

Changes:

  • Added alternative database for Country Code Lists and Settings. These do not currently require logins/keys and in some cases are better optimised. A new setting CC_SRC allows switching between sources. For new installations these new sources are used. Existing installations are configured to continue to use the MaxMind databases. See the “Country Code Lists and Settings” section in /etc/csf/csf.conf for detailed information
  • Added binary locations for CURL and WGET which will be tried if data retrieval fails when using the LWP perl module, e.g. on outdated OS’s
  • Added new option for URLGET setting “3”. This allow the use of either CURL or WGET instead of the perl modules

New csf v13.12

Changes:

  • Modified CyberPanel installation to support move to python3

New csf v13.11

Changes:

  • Fixed interdependence issue between Country Code lookups and Country Code filters in lfd introduced in v13.09
  • Improved MM_LICENSE_KEY error messages

New csf v13.10

Changes:

  • Removed hard-coded date from MaxMind ASN url

New csf v13.09

Changes:

  • Due to MaxMind changing their free download policy to require signup and a license key, a new option MUST be configured to continue to use Country Code lookups (CC_LOOKUPS). The option MM_LICENSE_KEY must be set to the key obtained from the MaxMind site. See:

    https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/

    https://www.maxmind.com/en/geolite2/signup

    Note: Existing installations will continue to use downloaded d/b’s from before the MaxMind change, though may be cleared after CC_INTERVAL

  • Changed CC_LOOKUPS option 4 from freegeoip.net to db-ip.com as the former no longer exists
  • Fixed System Stats graphs not displaying on CyberPanel
  • Updated csf control panel reporting in version display

New csf v13.08

Changes:

  • Added official CyberPanel integration and CyberPanel panel specific configuration (only tested on CentOS v7)
  • More changes to support RHEL/CentOS v8

New csf v13.07

Changes:

  • Added format requirements for ASN entries in CC_* settings
  • Removed SSHDSPAM exploit check as it’s no longer critically relevant
  • Modifications to support RHEL/CentOS v8
  • Modified systemd service to cater for RHEL/CentOS v7.7 pidfile symlink check changes
  • Fixes and improvements to UI Ajax code
  • Removed legacy bandmin code for cPanel servers and LF_CPANEL_BANDMIN setting
  • Modified default InterWorx csf.conf to set SMTP_ALLOWGROUP appropriately for SMTP_BLOCK

New csf v13.06

Changes:

  • Removed debugging code from log file globbing routine
  • Fixed reseller UI HTML text for each supported control panel
  • Replaced the need in InterWorx for a custom Firewall.php with a preAction to intercept calls instead
  • Moved csf in InterWorx to the Advanced section in Plugins UI
  • Updated the InterWorx plugin.ini information to be more descriptive

New csf v13.05

Changes:

  • Added official CentOS Web Panel (CWP) integration and CWP panel specific configuration. See /etc/csf/readme.txt for more information (only tested on CentOS v7)
  • Added official VestaCP integration and VestaCP specific configuration (only tested on CentOS v7)
  • Additional entries to csf.pignore for new DirectAdmin installations
  • Corrected DirectAdmin UI link text
  • Fixed UI presentation HTML
  • Fixed vsftpd regex for single character date of the month
  • Modified Debian installation to detect ip(6)tables-legacy and use update-alternatives to switch to using them
  • Modified InterWorx installation to not use chattr on /etc/apf/apf stub which was preventing apf upgrading. The lfd daemon will now reapply the stub if needed
  • Modified Server Check on DA to get case-insensitive config from the binary rather than the directadmin.conf file
  • Modified csf warning text on cPanel DNSONLY servers regarding the smtpgidonlytweak to disable it from CLI as it is not currently possible from the DNSONLY WHM UI