csf

New csf v2.92

Changes:

  • Improved the cPanel version check for < v11 and whether up to date
  • Added new CLI option -t (–temp) which lists the temporary IP bans and the TTL before the IP is flushed from iptables
  • Added “View Temporary IP Bans” to WHM UI
  • Changed WHM UI lfd Log auto-refresh default to unchecked
  • Added regex for dovecot “Aborted login” messages in /var/log/maillog
  • Added support for displaying mod_security v2 logs in WHM UI

New csf v2.91

Changes:

  • Added Fedora Core v6 to the obsolete OS check
  • Added php v4 check
  • Added apache v2.2 check
  • Added Perl v5.8.8 check
  • Added cPanel v11 check
  • Modified Sys::Syslog use to utilise the ndelay and nofatal options
  • Added new option GLOBAL_IGNORE which makes lfd ignore IP’s listed in a globally located ignore file
  • Modified Connection Tracking so that lfd doesn’t block IP addresses that resolve to *.cpanel.net (to prevent CT_LIMIT being triggered during a upcp upgrade of cPanel)
  • Added new option CT_STATES to Connection Tracking so that you can specify which connection states you want to count towards CT_LIMIT, e.g. SYN_RECV

cPanel: Problems sending email through Squirrelmail

cPanel have created a problem with a recent modification to how webmail, squirrelmail in particular, works on the latest versions of cPanel. In the past, webmail sent using the sendmail binary (exim) and worked without issue. In an attempt to identify outgoing email with the correct cPanel account, squirrelmail is now configured by cPanel to connect directly to the local port 25 under the UID of the account sending email.This causes problems with the cPanel configuration of the security SMTP Tweak option in WHM Server Security which cannot allow through such email without making that option less secure. Enabling it to do so would effectively open up the security tweak in the firewall for any script under a user account to send email out on localhost port 25. There is a workaround option by allowing localhost connections to the SMTP port which will allow squirrelmail to work, but does still reduce the security option level.The SMTP_BLOCK option in csf performs the same iptables configuration as the SMTP Tweak does through WHM and is also affected by this change by cPanel.There are 3 options to workaround this anomaly until cPanel come up with a solution:1. Enable the SMTP_ALLOWLOCAL (“Allow connections to localhost on port 25” option in WHM SMTP Tweak if you don’t use csf) which should allow port 25 connections from localhost (127.0.0.1)2. Disable the SMTP_BLOCK (or WHM SMTP Tweak option if you don’t use csf) option. In doing so, you leave yourself open to exploited scripts sending out spam while bypassing exim3. Use the following workaround mentioned on the cPanel forums:http://forums.cpanel.net/showthread.php?t=71073There is a cPanel bugzilla entry open for this issue:http://bugzilla.cpanel.net/show_bug.cgi?id=5917

New csf v2.90

Changes:

  • Ensured that Process Tracking doesn’t affect processes running under root
  • Added /usr/local/cpanel/bin/cpwrap to the csf.pignore file for new and existing installations
  • Added Apache v2 checks to Server Checks Report
  • Removed mod_evasive from Server Checks Report as it appears to be less relevant, especially with Apache v2

New csf v2.89

Changes:

  • Fixed the csf webmin module
  • Added updates to the webmin module
  • Completely removed use of cat in the WHM module and wget/cat from the webmin module

New csf v2.88

Changes:

  • Fixed typo in csf.conf for new installs LF_LOAD -> PT_LOAD
  • Modified the courier IMAP and POP3D regex’s to include connections over SSL in lfd
  • Modified lfd to ignore cpdavd processes
  • Modified the cPanel regex’s to include cPanel v11 variants in lfd

New csf v2.87

Changes:

  • Fixed duplication of settings during generic configuration upgrade procedure
  • Only display version confirmation update message when running csf -u interactively (Thanks to Brian Coogan for the perl tip)
  • Fixed issue with temporary files not being truncated before being written to, which caused problems e.g. with global allow/deny files
  • Added new option CT_SKIP_TIME_WAIT to exclude TIME_WAIT state from connection tracking
  • Updated the csf webmin module to use the &ReadParse() routine to overcome problems when running through SSL (Thanks to Tim Ballantine for this tip)

New csf v2.85

Changes:

  • Fixed a problem with v2.84 which broke permanent IP blocking in lfd – it’s been a long week :-/

New csf v2.84

Changes:

  • Fixed problem with permanent LF blocks in lfd for individual application port blocks when set to permanent
  • Added new SYSLOG option to csf.conf to allow additional lfd logging to SYSLOG (requires perl module Sys::Syslog)
  • Added a minimum to LF_DSHIELD and LF_SPAMHAUS ip block lists refresh interval of 3600 to prevent getting yourself blocked!

N

New csf v2.82

Changes:

  • Fixed a documentation for LF_TRIGGER_PERM
  • Fixed issue where RT_[relay]_ALERT set to “0” was being ignored
  • Fixed condition from v2.80 which prevented SCRIPT_ALERT from working
  • If killproc.conf does not exist the Server Check now links to the Background Process Killer page instead of issuing a file missing error