Added a [block] section to the Login Failure alert.txt template. This new report template will be copied to /etc/csf/alert.txt.new on existing installations, rename it to alert.txt to use it
Modified existing lfd alerts to use currently used tags instead of appending block information to the IP address (alert.txt modified as above)
Added new options trigger for RT_LOCALHOSTRELAY_* to csf.conf for email sent via a local IP addresses, separating the trigger from RT_LOCALRELAY_* which is now only for /usr/sbin/sendmail. See csf.conf for more information
Added Relay Tracking to Direct Admin running exim. See RT_* and SMTPRELAY_LOG in csf.conf for more information
Added csf.mignore to allow ignoring of specified usernames or local IP addresses from RT_LOCALRELAY_ALERT
Modified csf UI to use a single dropdown for all lfd ignore files
Added proftpd regex matching for “UseReverseDNS on” in proftpd config
Removed FUSER from csf.conf as it is no longer used
Added UNZIP to csf.conf which is required for Country Code to CIDR functions
Modified the Country Code allow/deny/allow_filter feature to generate CC CIDRs from the Maxmind GeoLite Country database instead of using iplocationtools.com. Note: GeoLite is much more accurate that the previous zones used. This also means that there are usually more CIDRs for each CC which adds to the burden of using this feature
Added checks before Net::CIDR:Lite calls to ensure inputs are CIDR’s to prevent module failures
New feature – LF_CPANEL_ALERT. Send an email alert if anyone accesses WHM via root. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted)
Modified mail sending code to use a common procedure that copes better with differing combinations and variations of From:, To:, LF_ALERT_TO and LF_ALERT_FROM settings for lfd alerts
Added csf.allow and GLOBAL_ALLOW lookups during lfd blocking and note added to alert if ip match found
Modified Server Check for Fedora v9 EOL now that Fedora v11 has been released
Modified iptables output from csf.pl to exclude the Fedora v11 intrapositioned negation messages
Fixed typo in integrity.txt alert template for new installations
Modified the email header for csf –mail
Fix Relay Tracking from 127.0.0.1 to always report as a LOCALRELAY
Modified lfd output filehandle names to avoid read/write conflicts
Added Advanced Allow/Deny Filters for csf.dyndns. See readme.txt for an example
Added new option CC_ALLOW_FILTER as an alternative to CC_ALLOW where only listed Country Codes are allowed, however normal port and packet filter rules are still applied to those connections. All other connections are dropped
Modified UI access to csf.sips to display checkboxes instead of direct editing, for ease of use
Fixed problem where RELAYHOSTS setting wasn’t always being honoured
Modified mod_security configuration editor to handle HTML elements
Rewritten RT_*_ALERT regex and counting code to better deal with a variety of exim log output formats
Added recipient count to RT_*_ALERT to include emails sent to multiple recipients. This option requires that the exim log_selector setting in the exim configuration includes the option: +received_recipients So, the recommended log_selector setting is now:
