Server Software and Configuration Services
New cxs v6.04
Changes:
- Ensure CallUploadScript is disabled in /etc/pure-ftpd.conf on cPanel servers on uninstall
- Exploit fingerprint definitions database additions
ConfigServer Services Blog
New csf v8.16
Changes:
- Removed UI integration from CentOS Web Panel as recent permission changes break the implementation. The csf installer will restore the original functionality
Problems upgrading to csf v8.15?
If you see this error on uprading csf (if you installed v8.14 before 8.15 replaced that release):
# csf -u Can't locate object method "ssl_opts" via package "LWP::UserAgent" at /usr/local/csf/lib/ConfigServer/URLGet.pm line 142.
You can fix the code and then upgrade using:
# sed -i "s/\$ua->ssl_opts/#\$ua->ssl_opts/" /usr/local/csf/lib/ConfigServer/URLGet.pm # csf -u
New csf v8.15
Changes:
- Added new configuration option IP to point to the IP binary. This will be used in preference to IFCONFIG, the latter is no longer required when the IP binary is correctly configured and executable
- Added full UI integration into CentOS Web Panel (CWP). To disable integration:
Rename: /usr/local/cwpsrv/htdocs/resources/admin/modules/csf.orig.php
to: /usr/local/cwpsrv/htdocs/resources/admin/modules/csf.php
create: /etc/csf/cwp.disable - Updated Postfix SMTP AUTH regex (thanks to Marcele)
- Added support for /etc/csf/csf.blocklists in ZIP format. The zip file MUST only contain a single text file of a single IP/CIDR per line
- Added Stop Forum Spam (ZIP) example to csf.blocklists
- Added IPV6 support to csf.sips
- Fixed detection of ip6tables nat
- Removed development code for ispconfig from distribution as this should NOT be used. It has never been implemented nor released as a supported solution and is likely to be insecure. Upgrading will remove any installations of this development code
New cxs v6.03
Changes:
- Fixed UI issue where –soptions [as] were not being set
- Exploit fingerprint definitions database additions
New csf v8.13
Changes:
- Added /usr/local/cpanel/3rdparty/php/54/sbin/php-fpm to csf.pignore for cPanel installs
- Clarify cluster CLI commands that refer to remote server actions
- Added number of failures to the RBL check Subject field
- Modified Port Scan checks for more kernel log line formats in regex.pm
ConfigServer scripts on cPanel v11.56
cPanel are upgrading the embedded version of perl on cPanel v11.56 (v56) from perl v5.14 to v5.22, which is a good thing. However, any daemons running under the cPanel embedded version of perl must be restarted after cPanel upgrades otherwise they will start to fail with obscure messages.
To avoid this, you should ensure that any such daemon processes are restarted soon after the upgrade to cPanel v11.56. In the case of ConfigServer products, this means: lfd, cxs and MailScanner.
Fortunately, if you are running csf/lfd on your server then lfd automatically does this for you (for lfd, cxs and MailScanner) whenever upcp runs and upgrades the cPanel version, so you should not need to do anything.
However, if you do have problems or you do not run csf/lfd but do use MailScanner or cxs, then you will need to restart those services manually once your installation of cPanel upgrades to this new release.
New MailScanner Script v2.95
Changes:
- Removed mention of “transtec” from reports
- Fixed deprecated use of “use IO” in perl modules for cPanel v56 support
New csf v8.12
Changes:
- Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options
- Fixed GLOBAL_ALLOW and GLOBAL_DENY when LF_IPSET is enabled
- Fixed GLOBAL_DYNDNS when LF_IPSET and LF_IPV6 are enabled
- IPSET binary location set to /sbin/ipset for Debian/Ubuntu new installs
- Additional regex included for vsftp login failures
New csf v8.11
Changes:
- Fixed issue on non-RedHat OS installations that failed due to problems whitelisting the installers IP address