Today, all server's firewalls (ConfigServer Firewall & Security) were updated to their latest version (ver 2.77). Below a list of the improvments added in the new release:

  • Fixed duplication of settings during generic configuration upgrade procedure;
  • Only display version confirmation update message when running csf -u interactively;
  • Fixed issue with temporary files not being truncated before being written to, which caused problems e.g. with global allow/deny files;
  • Added new option CT_SKIP_TIME_WAIT to exclude TIME_WAIT state from connection trackin;
  • Updated the csf webmin module to use the &ReadParse() routine to overcome problems when running through SSL;
  • Added regex for SSH on Debian v4 and for "Failed keyboard-interactive" on RedHat;
  • Fixed a problem with v2.84 which broke permanent IP blocking in lfd;
  • Fixed problem with permanent LF blocks in lfd for individual application port blocks when set to permanent;
  • Added new SYSLOG option to csf.conf to allow additional lfd logging to SYSLOG;
  • Added a minimum to LF_DSHIELD and LF_SPAMHAUS ip block lists refresh interval of 3600;
  • Fixed broken Server Check from v2.82;
  • Fixed a documentation for LF_TRIGGER_PERM;
  • Fixed issue where RT_[relay]_ALERT set to "0" was being ignored;
  • Fixed condition from v2.80 which prevented SCRIPT_ALERT from working;
  • If killproc.conf does not exist the Server Check now links to the Background Process Killer page instead of issuing a file missing error;
  • Added exe:/usr/local/cpanel/cpdavd to csf.pignore;
  • Added option to disable refresh in WHM csf UI when viewing lfd.log;
  • Removed debug code that prevented IP blocking;
  • Added new lfd feature - Relay Tracking;
  • Introduced a new blocking mechanism in lfd that allows a choice of permanent or temporary IP blocking;
  • Modified new installations to default to using seperate triggers for login failures, instead of the global LF_TRIGGER value;
  • Added ACCEPT rule to 127.0.0.1:25 for the "cpanel" user if SMTP_BLOCK is enabled for the new cPanel Webmail configuration in v11;
  • Added new configuration option DROP that allows you to choose the drop target for rejected packets;
  • Remove /etc/cron.d/csf_update on uninstall.

--
Best regards,
Elie P.
Tech support Supervisor.



Monday, August 13, 2007

« Back