Security 10809 Published by

ConfigServer has released a new version of their Linux server firewall



Changes:

- Only add the /128 IPv6 bound address per NIC instead of the whole /64 to the local IPv6 addresses

- Modify SSHD and SU regexes to allow for empty hostname field in log file

- Added new option UNBLOCK_REPORT. This option will run an external script when a temporary block is unblocked

- Additional entries in csf.logignore on new installations

- Switched from using the iptables state module to using the conntrack module in preparation of the formers obsolescence

- Removed LF_EXPLOIT_CHECK and replaced it with LF_EXPLOIT_IGNORE so that new tests can be easily added and then ignored desired

- Added new LF_EXPLOIT check SSHDSPAM to check for the existence of /lib64/libkeyutils.so.1.9 or /lib/libkeyutils.so.1.9, See:
http://www.webhostingtalk.com/showthread.php?t=1235797
  CSF 5.76 released