ConfigServer Services Blog

Changes:

• Fixed POD display in UI

Changes:

• Fixed issue with cxs Watch not reporting running state correctly

Changes:

• Fixed issue with reporting boolean CLI options

Changes:

• Fixed issue with creation of new quarantine directory for new installs
• Improved quarantine directory detection for conversion on upgrade to v4

(see changelog for v4 for main changes for this release tree)

Changes:

• Introducing a new Quarantine system. This new version creates a more secure method of quarantining suspicious files in cxs. It removes the need for a directory with 1777 permissions. It also makes the layout and maintenance of the quarantine directory much simpler
• Automatically rename old quarantine directory to [dir].(timestamp) and create new quarantine structure. An email is sent to root with a reminder to remove the old directory
• Any pre v4 old quarantine directory can still be viewed and restored from through the UI if required, though this functionality (for old quarantine directories) will be removed in the future
• New option –qcreate. This option is used to create a new quarantine directory structure. It will rename any pre-existing directory to [name].(timestamp)
• New option –qclean [days]. This option is used to clean a quarantine directory specificed with –quarantine [dir], retaining the last [days] worth of files
• New option –qrestore [file]. This option is used to restore a quarantine file via the CLI to the original file location (v4 quarantined files only)
• New option –qview [file]. This option is used to view a quarantined file via the CLI
• Modified cxs UI to cater for new quarantine layout and provide some additional information on quarantined files
• Added new file /etc/cxs/cxsdaily.sh as an example file to symlink from /etc/cron.daily/ to perform daily tasks and added to RECOMMENDATIONS in the docs
• Modified cxs Watch scanning to automatically scan newly created directories for exploits to help overcome an issue where files are created before a new directory is watched
• Support for running cxs through suhosin has been removed
• Fixed issue with –defapache [user]
• Modified recommendations on file ownership and permissions when using –logfile [file]
• HTTP::Tiny upgraded to v0.037
• POD documentation tidy
• Exploit fingerprint definitions database additions

Changes:

• NOTE: Support for using suhosin is deprecated and will be removed in the near future – use ModSecurity instead. If you are unable to use ModSecurity, you will have to rely on either cxs Watch or manual scans
• New option added: –defapache [user]. This is the default account under which apache runs. This will be set to “apache” by default except on cPanel servers where it is set to “nobody” by default
• Make cxs watch restart reason more verbose
• Improved file type detection for files within archives
• Improvements to the main decoder regex
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions

Changes:

• Fixed issue with cxs process termination due to scanning timeouts
• Prevent regex hangs due to some exploit tactics
• Fixed quarantine UI not restoring file permissions correctly

Changes:

• Extended fingerprint checks for alternative linefeeds in scripts
• Fixed functionality of the included test.cgi upload test script
• Enforce stricter permissions on /var/log/cxswatch.log
• Disable option to upgrade cxs in DA UI and instruct to use CLI
• Added use of –force to –upgrade to redo upgrade to latest version if required
• Additional checks to terminate php child process if timeout occurs
• Exploit fingerprint definitions database additions