رتبه موضوع:
  • 0 رای - 0 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
اطلاعیه انتشار بروز رسانی های فایروال CSF
#51
نسخه 11.04 فایروال csf منتشر شد
تغییرات:
Added new configuration option LF_APACHE_ERRPORT. This option is used to determine if the Apache error_log format contains the client port after the client IP. By default it is set to autodetect
پاسخ
#52
نسخه 11.05 فایروال csf منتشر شد
تغییرات:
Added new configuration option PT_SSHDKILL. This option will terminate the SSH processes created when blocking an IP
Added a “Fix Common Problems” section to the csf UI for various common configuration issues
Ensure application ports are always defined in lfd
پاسخ
#53
نسخه 11.06 فایروال csf منتشر شد
تغییرات:
Modified Integrated UI to use new cxs UI perl modules
Added custom redirect line for webmin UI when STYLE_CUSTOM enabled
Ensure ip6tables nat table is flushed if present whether MESSENGER is enabled or not
پاسخ
#54
نسخه 11.07 فایروال csf منتشر شد
تغییرات:
Added missing WAITLOCK to iptables when processing advanced port filters in csf and lfd and checking csf status in UI
Added WAITLOCK, if enabled, to iptables-restore commands during FASTSTART
Server Check Report – removed ini_set check as so many scripts use ini_set nowadays. Updated text on various checks
Updated the postfix SMTP AUTH regex
Added new SSHD “maximum authentication attempts exceeded” regex
Set basic PATH before running csfpre.sh/csfpost.sh to avoid binary location issues
csf now runs csfpre.sh/csfpost.sh directly without forcing it through /bin/sh. If present, csf chmods the script 0700 and checks for a shebang. If the shebang is missing #!/bin/bash is added to the top. The script is then run
Added seventh parameter to regex.custom.pm to allow Cloudflare blocking if a CUSTOM regex is triggered (see latest regex.custom.pm in distro)
Rearranged UI tabs and shortened tab names. Moved quick actions to the top of the “csf” tab pane
Added “AUTH command used when not advertised” to the LF_EXIMSYNTAX regex check
Added new csf CLI cluster option: -ci, –cignore ip [comment] This will add the IP to each remote /etc/csf/csf.ignore member and then restart lfd. This has also been added to the UI
Fixed cluster grep output in UI
Modified MESSENGERV2 to support combined certificates+keys in cPanel v68+
Added triggered setting and, if applicable, temporary TTL to the “Blocked:” status in block alert emails
Added “wildcard” option to “Search System Logs” UI to use ZGREP to search the specified log with a wildcard suffix
ZGREP option added to csf.conf which must point to the zgrep binary
Added git binaries to csf.pignore on cPanel servers for upcoming v72/74 features
پاسخ
#55
نسخه 12.00 فایروال csf منتشر شد
تغییرات:
Added support for GeoLite2 databases from Maxmind for CC_*. These databases are significantly larger than the soon to be deprecated GeoLite ones stored in /var/lib/csf/
Added support for GeoLite2 databases from Maxmind for CC_LOOKUPS and CC6_LOOKUPS
Added new option: CC_OLDGEOLITE. This option is enabled by default to continue using the old GeoLite databases. See csf.conf for more information. This option will be removed in the near future so that all installations use the new GeoLite2 databases
GeoLite2 lookups now use the CSV files instead of the formatted Data files because the Perl dependencies for the MaxMind Perl modules that access the Data files are prohibitively excessive. We have developed our own fast binary search module to perform the required lookups on the CSV files for both IPv4 and IPv6
An advantage of the new GeoLite2 databases is that IPv6 lookups can now be done to the same level as IPv4: Country Code; Country; Region; City; ASN
Unified storage of GeoLite2 database to avoid duplication between CC_LOOKUPS and CC_* databases
Added new CC_LOOKUPS value of “4”. This option does not use the MaxMind databases directly for lookups. Instead it uses a URL-based lookup from a third-party provider at freegeoip.net and so avoids having to download and process the large databases. See csf.conf for more information and limitations
Modified CC_INTERVAL default to 14 days on new installations
Ensure MESSENGERV2 service will not start if using a valid cPanel account in MESSENGER_USER (must be non-cPanel account)
Create entry in /etc/aliases for “csf” if MESSENGERV2 is enabled on cPanel servers to reserve the account name
Added new feature: DOCKER support. This configures iptables rules to allow Docker containers to communicate through the host. This is currently in BETA testing. See csf.conf for more information. Thanks to Marcele for the rules
Removed redundant nat table check for ip6tables in Config.pm
Replaced all remaining bareword file handles
پاسخ
#56
نسخه 12.01 فایروال csf منتشر شد
تغییرات:
Added missing DOCKER_DEVICE setting from the generic and directadmin csf.conf files
Ensure iptables/ip6tables mangle and raw tables are flushed on stop/start if they exist
CC_OLDGEOLITE set to “0” on new servers and those upgrading to v12.* for the first time. This enables MaxMind GeoLite2 by default unless already set
Note: The old MaxMind Geolite v1 database code will be removed in the near future, before the end of March, in favour of the v2 databases
پاسخ
#57
نسخه 12.02 فایروال csf منتشر شد
تغییرات:
Removed CC_OLDGEOLITE and associated code so that all installations will now use the MaxMind GeoLite2 databases
Added more CLI options that work if csf is disabled
Added Include line support to 20 more /etc/csf/csf.* configuration files. See /etc/csf/readme.txt under “Include statement in configuration files” for the list of supported files
Added mangle and raw tables to csf –grep [IP] and modified output to show a new column with the table then the chain that a rule is in
Added mangle and raw tables to csf –status output and modified output to show a new header line with the table that a rule is in
Added new option USE_FTPHELPER. This enables the ftp helper via the iptables CT target on supporting kernels instead of the current method via /proc/sys/net/netfilter/nf_conntrack_helper and unrestricted use of RELATED state
Modified ICMP_IN/ICMP_OUT to only affect PING (echo-request), all other ICMP traffic is allowed (which can help network performance) unless otherwise blocked. This is for IPv4, it does not affect IPv6
Improved rule placement to prevent existing connections bypassing ICMP_IN_RATE/ICMP_OUT_RATE limits
Updated csf.conf documentation relating to the ICMP/PING settings
Added new option ICMP_TIMESTAMPDROP. For those with PCI Compliance tools that state that ICMP timestamps should be dropped, you can enable this option. Otherwise, there appears to be little evidence that it has anything to do with a security risk but can impact network performance, so should be left disabled by everyone else
csf and lfd now exit with status 1 on error or if disabled. However, this will not happen with csf if the CLI option used still works while disabled
USE_CONNTRACK is now enabled by default on new installations
Fixed DOCKER IPv6 warning message when DOCKER not enabled
Modified csf.blocklists for GREENSNOW to use https on existing and new installations
پاسخ
#58
نسخه 12.03 فایروال csf منتشر شد
تغییرات:
Make CC_IGNORE check case-insensitive
Improved TCP/UDP port inspection for IPv6 connections (affecting CT_*, PT_* and PT_SSHDKILL)
Updated cxs FontAwsome to v5
Added fixes for additional Include line processing
Fixed race condition when processing CC_* zip files that could sometimes prevent the csv files from being extracted
Updated HTTP::Tiny to v0.070


-----
تغییرات نسخه 12.05
Removed rbl.jp RBLs from csf.rbls
Modify Project Honey Pot blocklist URLs to use https
Ignore $SIG{PIPE} when running ipset
Ensure csf shows ipset warnings
Added osmd to lfd restart routine when cPanel upgrades
Modified Server Check to look for underscore as well as dash settings
Added test in lfd to ensure the pidfile is open before attempting to close it
Added new regex for LF_EXIMSYNTAX
Added new option: URLPROXY. If you need csf/lfd to use a proxy, then you can set this option to the URL of the proxy

-----
تغییرات نسخه 12.06
Removed new regex for LF_EXIMSYNTAX
پاسخ
#59
نسخه 12.07 فایروال csf منتشر شد
تغییرات:
Added commented out regex lines in csf.pignore on cPanel servers for the upcoming ubic implementation by cPanel
Added port 53 filters in cpanel.comodo.allow on cPanel servers
Added postfix support for LF_DISTSMTP
Switched Sendmail and URLGET modules from using croak to carp to avoid unexpected parent death from child failure
Double fork external commands in DA UI to work around DA mod_perl restrictions, allowing full functionality
Added reason text information to IPs and CC_LOOKUPS to netblocks for LF_PERMBLOCK and LF_NETBLOCK reports and csf.deny entries


------

نسخه 12.08 فایروال csf منتشر شد
تغییرات:
Removed debugging code from lfd output
Improvements for reason text information to IPs and CC_LOOKUPS to netblocks for LF_PERMBLOCK and LF_NETBLOCK reports
پاسخ
#60
نسخه 12.09 فایروال csf منتشر شد
تغییرات:
Added new option CT_SUBNET_LIMIT. If the total number of connections from a class C subnet is greater than this value then the offending subnet is blocked according to the other CT_* settings. This option is disabled by default
Removed ALTTOR from csf.blocklists on new installations as it has been discontinued
Use ConfigServer::Slurp to read csf.resellers to avoid invalid line endings
Modified CLUSTER_SENDTO and CLUSTER_RECVFROM so that they can be set to a file instead of listing IP’s within the respective setting. See csf.conf for more details
Removed open_basedir check on cPanel servers in Server Check
Fixed csf.conf typo
Updates to Courier IMAP regexes for Plesk



* به دلیل محدودیت زمانی، اطلاعیه نسخه های دیگر قرار داده نخواهد شد.
پاسخ


پرش به انجمن:


کاربران در حال بازدید این موضوع: 1 مهمان