CSF Changelog

New in version 6.15

June 14th, 2013
  • Modified MaxMind City Database lookup code to be more resilent.

New in version 6.11 (May 31st, 2013)

  • Fixed SMTP_ALLOWLOCAL not functioning correctly. Added IPv6 support for SMTP_ALLOWLOCAL
  • Removed SMTP_BLOCK restriction for IPv6 requiring port 25 to be present in TCP6_OUT

New in version 6.09 (May 25th, 2013)

  • Modified csf UI to detect Webmin install and symlink script and images directory so as to no longer require Webmin module update on a new csf version
  • Tidied up csf UI html
  • Fixed System Statistics graph display when using Webmin
  • Modified Server Security check to only perform GENERIC test when using Webmin to prevent hanging processes
  • Added CLI options --car, --carm. This removes an allowed IP in a Cluster and removes it from /etc/csf.allow
  • Added new options LF_WEBMIN, LF_WEBMIN_PERM. This feature adds login failure detection for Webmin in WEBMIN_LOG
  • Added new option LF_WEBMIN_EMAIL_ALERT. This feature sends an email if a successful login to Webmin is detected in WEBMIN_LOG
  • Modified LF_SCRIPT_ALERT text in csf.conf for cPanel servers
  • Modified proftpd regex to cope with non-standard format and to remove trailing colons from account name
  • Modified LF_SCRIPT_ALERT regex to cater for paths containing spaces
  • Improvements to LF_SCRIPT_ALERT memory usage and possible script detection
  • Added alternative LF_SCRIPT_ALERT regex for specific 1H.com exim logging ACL

New in version 6.08 (April 25th, 2013)

  • Added IPV6_SPI workaround for CentOS/RedHat v5 and custom kernels that do not support IPv6 connection tracking by opening ephemeral port range 32768:61000. This is only applied if IPV6_SPI is not enabled. This is the same workaround implemented by RedHat in the sampe default IPv6 rules.

New in version 6.07 (April 4th, 2013)

  • Fixed issue with processing /proc/PID/stat for process information.

New in version 6.06 (March 25th, 2013)

  • Prevent csf/lfd from failing to run if a non-critical configuration file does not exist
  • In webmin, force table stylesheet to override webmin css. Requires webmin module reinstall on existing installations

New in version 6.03 (March 22nd, 2013)

  • Switched from using LWP to HTTP::Tiny to reduce memory footprint and reliance on the LWP perl module. The HTTP::Tiny module is included in the distribution, so no further action is necessary
  • Modified lfd perl module loading to be conditional where possible to reduce lfd memory footprint
  • Modify initial file processing to reduce lfd memory footprint
  • Modify PS_PORTS processing to reduce lfd memory footprint
  • Moved init of Geo::IP::PurePerl into iplookup subroutine
  • Removed "DEFERRED" login failure checking from CPANEL_LOG regex due to false-positives
  • Modify LF_DIRWATCH_DISABLE so that only files are added to suspicious.tar and removed. Suspicious directories will no longer be removed
  • Removed File::Path - no longer required

New in version 6.02 (March 19th, 2013)

  • Modify MESSENGER HTML header to return code 403 instead of 200
  • Modify UI daemon to fallback to IPv4 if IPV6 setting is not enabled
  • Added new options LF_SYMLINK and LF_SYMLINK_PERM. This feature enables detection of repeated Apache symlink race condition triggers from the Apache patch provided by: http://www.mail-archive.com/dev@httpd.apache.org/msg55666.html
  • This patch has also been included by cPanel via the easyapache option: "Symlink Race Condition Protection"

New in version 6.01 (March 13th, 2013)

  • Ensure all binaries are called with their full paths for the scheduled Server Security Check reports
  • Allow csf -u/-uf/--update and -c/--check when csf is disabled
  • Make RT_* checks IPv6 compatible
  • Added dns query caching for ip lookups during lfd process lifetime
  • Modify TOR rule loading to use FASTSTART in lfd if enabled
  • Added iptables locking to FASTSTART code
  • LF_INTERVAL now defaults to 3600 on new installations to better cope with slow brute force login attempts
  • Removed references to .cpanel.net being ignored from the changelog as they no longer apply and could cause confusion
  • Fix csf.rignore loader regex causing unnecessary DNS lookups if file has no entries
  • Added "DEFERRED" login failure checking to CPANEL_LOG regex