Server Software and Configuration Services
Apologies for the upheaval
We’ve installed new blog software and caused a bit of a mess on our Twitter account and RSS feed. Hopefully this has now been cleaned up and things will settle back down 😉
ConfigServer Services Blog
Forthcoming csf file and directory changes
In the next release (due in the next few days) we will be moving csf towards the Linux Filesystem Hierarchy Standard (FHS), rather than installing everything in /etc/csf/. The following structure will be used:
/etc/csf/ - (mostly) configuration files
/var/lib/csf/ - temporary data files
/usr/local/csf/bin/ - scripts
/usr/local/csf/lib/ - perl modules and static data
/usr/local/csf/tpl/ - email alert templates
The functionality and usage of csf remains the same with the csf CLI running from /usr/sbin/csf as it does now. The main difference will be the storing of temporary data in /var/lib/csf/. All the configuration files (apart from the email alert templates and regex.custom.pm) remain in /etc/csf/.
Existing data and templates files are migrated into the new structure automatically when upgrading to the new version. Some files and directories are symlinked to /etc/csf/ for backwards compatibility and ease of use. Nothing needs to be done at all other than performing a standard upgrade.
This information is being provided more for information than anything else, incase you panic because things appear to have suddenly disappeared from your installation. If you are modifying csf through anything other than the provided CLI or modification of the configuration files, you will have to take into consideration the location of, for example, the temporary data.
Here is a sample listing from those directories:
/etc/csf:
total 504
drw------- 4 root root 4096 Jun 24 16:30 ./
drwx--x--x 77 root root 12288 Jun 24 16:56 ../
lrwxrwxrwx 1 root root 18 Jun 20 12:05 alerts -> /usr/local/csf/tpl/
-rw------- 1 root root 145160 Jun 23 11:04 changelog.txt
-rw------- 1 root root 860 Mar 11 11:56 csf.allow
-rw------- 1 root root 3216 Jun 23 11:04 csf.blocklists
-rw------- 1 root root 78924 Jun 23 11:04 csf.conf
-rw------- 1 root root 78924 Jun 23 11:04 csf.conf.preupdate
-rw------- 1 root root 16761 Jun 24 09:24 csf.deny
-rw------- 1 root root 617 Mar 7 17:13 csf.dirwatch
-rw------- 1 root root 712 Mar 7 17:13 csf.dyndns
-rw------- 1 root root 923 Mar 7 17:12 csf.fignore
-rw------- 1 root root 554 Mar 11 11:56 csf.ignore
-rw------- 1 root root 657 Mar 7 17:12 csf.logfiles
-rw------- 1 root root 1949 May 9 16:07 csf.logignore
-rw------- 1 root root 408 Mar 7 17:13 csf.mignore
-rw------- 1 root root 3137 Mar 7 18:01 csf.pignore
lrwxrwxrwx 1 root root 13 Jun 23 11:04 csf.pl -> /usr/sbin/csf*
-rw------- 1 root root 1142 Mar 7 17:13 csf.redirect
-rw------- 1 root root 1938 Mar 7 17:13 csf.resellers
-rw------- 1 root root 1622 Mar 7 17:13 csf.rignore
-rw------- 1 root root 413 Mar 7 17:13 csf.signore
-rw------- 1 root root 510 Mar 7 17:13 csf.sips
-rw------- 1 root root 368 Mar 7 17:13 csf.suignore
lrwxrwxrwx 1 root root 29 Jun 23 11:04 csftest.pl -> /usr/local/csf/bin/csftest.pl*
-rw------- 1 root root 457 Jun 1 15:31 csf.uidignore
lrwxrwxrwx 1 root root 27 Jun 23 11:04 csfui.pl -> /usr/local/csf/bin/csfui.pl*
lrwxrwxrwx 1 root root 28 Jun 23 11:04 csfwebmin.tgz -> /usr/local/csf/csfwebmin.tgz
-rw------- 1 root root 2609 Jun 23 11:04 install.txt
lrwxrwxrwx 1 root root 13 Jun 23 11:04 lfd.pl -> /usr/sbin/lfd*
-rw------- 1 root root 10174 Jun 23 11:04 license.txt
drw------- 2 root root 4096 Mar 7 17:12 messenger/
lrwxrwxrwx 1 root root 39 Jun 23 11:04 pt_deleted_action.pl -> /usr/local/csf/bin/pt_deleted_action.pl*
-rw------- 1 root root 50354 Jun 23 11:04 readme.txt
lrwxrwxrwx 1 root root 34 Jun 24 16:30 regex.custom.pm -> /usr/local/csf/bin/regex.custom.pm*
lrwxrwxrwx 1 root root 36 Jun 23 11:04 remove_apf_bfd.sh -> /usr/local/csf/bin/remove_apf_bfd.sh*
drw------- 3 root root 4096 Jun 17 16:12 ui/
lrwxrwxrwx 1 root root 31 Jun 23 11:04 uninstall.sh -> /usr/local/csf/bin/uninstall.sh*
-rw------- 1 root root 4 Jun 23 11:04 version.txt
lrwxrwxrwx 1 root root 25 Jun 23 11:04 webmin -> /usr/local/csf/lib/webmin/
/usr/local/csf:
total 36
drw------- 5 root root 4096 Jun 23 11:04 ./
drwxr-xr-x 21 root root 4096 Jun 20 12:05 ../
drw------- 2 root root 4096 Jun 20 12:05 bin/
-rw------- 1 root root 15485 Jun 23 11:04 csfwebmin.tgz
drw------- 7 root root 4096 Jun 22 11:48 lib/
drw------- 2 root root 4096 Jun 20 12:05 tpl/
/usr/local/csf/bin:
total 436
drw------- 2 root root 4096 Jun 20 12:05 ./
drw------- 5 root root 4096 Jun 23 11:04 ../
-rwx------ 1 root root 32992 Jun 23 11:04 cseui.pl*
-rwx------ 1 root root 5877 Jun 23 11:04 csftest.pl*
-rwx------ 1 root root 238031 Jun 23 11:04 csfui.pl*
-rwx------ 1 root root 11817 Jun 23 11:04 csfuir.pl*
-rwx------ 1 root root 4587 Jun 17 16:12 migratedata.pl*
-rwx------ 1 root root 1151 Jun 13 15:47 pt_deleted_action.pl*
-rwx------ 1 root root 2077 Mar 7 17:13 regex.custom.pm*
-rwx------ 1 root root 25367 Jun 23 11:04 regex.pm*
-rwx------ 1 root root 397 Jun 23 11:04 remove_apf_bfd.sh*
-rwx------ 1 root root 75613 Jun 23 11:04 servercheck.pm*
-rwx------ 1 root root 1019 Jun 23 11:04 uninstall.sh*
/usr/local/csf/lib:
total 52
drw------- 7 root root 4096 Jun 22 11:48 ./
drw------- 5 root root 4096 Jun 23 11:04 ../
drw------- 2 root root 4096 Jun 23 11:04 Crypt/
-rw------- 1 root root 14349 Jun 23 11:04 csf.div
-rw------- 1 root root 3745 Jun 23 11:04 csf.help
drw------- 3 root root 4096 Jun 23 11:04 Geo/
drw------- 2 root root 4096 Jun 23 11:04 HTTP/
drw------- 3 root root 4096 Jun 23 11:03 Net/
-rw------- 1 root root 3857 Jun 23 11:04 sanity.txt
drw------- 3 root root 4096 Jun 23 11:04 webmin/
/usr/local/csf/tpl:
total 136
drw------- 2 root root 4096 Jun 20 12:05 ./
drw------- 5 root root 4096 Jun 23 11:04 ../
-rw------- 1 root root 124 Mar 7 17:13 accounttracking.txt
-rw------- 1 root root 181 Mar 7 17:12 alert.txt
-rw------- 1 root root 192 Mar 7 17:13 connectiontracking.txt
-rw------- 1 root root 76 Mar 7 17:12 consolealert.txt
-rw------- 1 root root 136 Mar 7 17:13 cpanelalert.txt
-rw------- 1 root root 129 Mar 7 17:12 exploitalert.txt
-rw------- 1 root root 151 Mar 7 17:12 filealert.txt
-rw------- 1 root root 132 Mar 7 17:13 forkbombalert.txt
-rw------- 1 root root 374 Mar 7 17:12 integrityalert.txt
-rw------- 1 root root 1042 Mar 7 17:13 loadalert.txt
-rw------- 1 root root 103 Mar 7 17:13 logalert.txt
-rw------- 1 root root 101 Mar 7 17:13 logfloodalert.txt
-rw------- 1 root root 191 Mar 7 17:12 netblock.txt
-rw------- 1 root root 209 Mar 7 17:12 permblock.txt
-rw------- 1 root root 129 Mar 7 17:12 portknocking.txt
-rw------- 1 root root 175 Mar 7 17:13 portscan.txt
-rw------- 1 root root 391 Mar 7 17:12 processtracking.txt
-rw------- 1 root root 97 Mar 7 17:12 queuealert.txt
-rw------- 1 root root 196 Mar 7 17:13 relayalert.txt
-rw------- 1 root root 260 Mar 7 17:12 resalert.txt
-rw------- 1 root root 181 Jun 23 11:04 reselleralert.txt
-rw------- 1 root root 200 Mar 7 17:12 scriptalert.txt
-rw------- 1 root root 176 Mar 7 17:12 sshalert.txt
-rw------- 1 root root 159 Mar 7 17:13 sualert.txt
-rw------- 1 root root 194 Mar 7 17:12 syslogalert.txt
-rw------- 1 root root 298 Mar 7 17:13 tracking.txt
-rw------- 1 root root 129 Mar 7 17:12 uialert.txt
-rw------- 1 root root 150 Jun 1 15:31 uidscan.txt
-rw------- 1 root root 192 Mar 7 17:13 usertracking.txt
-rw------- 1 root root 129 Mar 7 17:13 watchalert.txt
-rw------- 1 root root 146 May 25 09:15 webminalert.txt
-rw------- 1 root root 1207 Jun 23 11:04 x-arf.txt
/var/lib/csf:
total 62708
drw------- 8 root root 4096 Jun 24 09:24 ./
drwxr-xr-x 21 root root 4096 Jun 20 12:05 ../
-rw------- 1 root root 317 Jun 24 15:01 csf.block.DSHIELD
-rw------- 1 root root 7910 Jun 24 15:01 csf.block.SPAMDROP
-rw------- 1 root root 276 Jun 24 15:01 csf.block.SPAMEDROP
-rw------- 1 root root 0 Jun 24 16:00 csf.cclookup
-rw------- 1 root root 58 Jun 24 09:39 csf.dnscache
-rw------- 1 root root 0 Mar 7 17:13 csf.lock
-rw------- 1 root root 1095 Jun 24 16:51 csf.logtemp
-rw------- 1 root root 0 Jun 23 11:04 csf.tempallow
-rw------- 1 root root 0 Jun 24 10:39 csf.tempban
-rw------- 1 root root 16 Jun 24 16:58 csf.tempdisk
-rw------- 1 root root 73350 Jun 23 11:04 csf.tempint
-rw------- 1 root root 54 Jun 24 09:39 csf.tempip
-rw------- 1 root root 64000000 Jun 24 16:58 dd_test
drw------- 2 root root 4096 Jun 24 16:00 Geo/
drw------- 2 root root 4096 May 28 09:29 lock/
drw------- 2 root root 4096 Jun 24 00:00 stats/
drw------- 2 root root 4096 Jun 20 12:05 ui/
drw------- 2 root root 4096 Jun 22 11:48 webmin/
drw------- 2 root root 4096 Mar 7 17:13 zone/
New cxs v2.99
Changes:
– Fix –wttw [file] successful submission text
New cxs v2.98
Changes:
– Added check for clamd when using –wttw [file]
– Added check for script files when using –wttw [file]
– HTTP::Tiny upgraded to v0.031
– Removed a false-postitive fingerprint definition
– Exploit fingerprint definitions database additions
New csf v6.15
Changes:
– Modified MaxMind City Database lookup code to be more resilent
New cmq v1.14
Changes:
– Fixed image location code
ConfigServer Script Updates
With the release of updates to all of our cPanel scripts, if you would like a convenient way to upgrade all of your installed ConfigServer scripts on a cPanel server then we have provided a simple script that can do this for you:
This script will update: cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:
curl -s configserver.com/free/csupdate | perlYou should take care to read through the output to ensure that all the upgrades have worked as expected.
New cxs v2.97
Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
– Added new option –comment “text” which can be used to add a short comment to files submitted using –wttw [file]
– Modified –wttw [file] to ensure that it is not already detected as a Virus or Fingerprint (now requires –force to report a false-positive)
– Fixed packed hex advanced decoder regex
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions
NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the cxs WHM plugin will change from /cgi/addon_cxs.cgi to /cgi/configserver/cxs.cgi. This will only happen with cxs v2.97+ and cPanel v11.38.1+. Older version of cxs will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications
New csf v6.14
Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
– Added support for cPanel v11.38.1+ Custom ACL driver. This creates an ACL (software-ConfigServer-csf) which must be used to grant resellers access via “WHM > Edit Reseller Nameservers and Privileges > Third Party Services > ConfigServer Security & Firewall (Reseller UI)” when running cPanel v11.38.1+
– Added Server Check for AppConfig restrictions for cPanel v11.38.1+
– Switched from using Geo::IP::PurePerl to Geo::IP perl module
– Added MaxMind GeoIP Anonymous Proxies to csf.blocklists. This will be appended, disabled, to existing csf.blocklists files
– Added new setting CSFDATADIR. This is the location of the csf and lfd temporary data. By default it is set to the current value of /etc/csf with the intention of moving this data to /var/lib/csf in the future in a move towards the Linux Filesystem Hierarchy Standard (FHS)
– Moved the default location for ST_DISKW_DD to /var/lib/dd_test for new installations
NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the csf WHM plugin will change from /cgi/addon_csf.cgi to /cgi/configserver/csf.cgi. This will only happen with csf v6.14+ and cPanel v11.38.1+. Older version of csf will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications
New MailScanner Front-End v4.42
Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the msfe WHM plugin will change from /cgi/addon_mailscanner.cgi to /cgi/configserver/mailscanner.cgi. This will only happen with msfe v4.41+ and cPanel v11.38.1+. Older version of msfe will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications. The URL to MailWatch will remain the same