CSF has been updated with a security warning around the security of the information in system logs. While I digest this (the http://configserver.com/free/csf/readme.txt contains useful further information) are there any cPanel scripts and features that can be similarly mislead?
6.41 - SECURITY WARNING:
Unfortunately, syslog and rsyslog allow end-users to log messages to
some system logs via the same unix socket that other local services
use. This means that any log line shown in these system logs that
syslog or rsyslog maintain can be spoofed (they are exactly the same
as real log lines).
Since some of the features of lfd rely on such log lines, spoofed
messages can cause false-positive matches which can lead to confusion
at best, or blocking of any innocent IP address or making the server
inaccessible at worst.
Any option that relies on the log entries in the files listed in
/etc/syslog.conf and /etc/rsyslog.conf should therefore be considered
vulnerable to exploitation by end-users and scripts run by end-users.
There is a new RESTRICT_SYSLOG option that disables all those features
that rely on affected logs. This option is NOT enabled by default.
See /etc/csf/csf.conf and /etc/csf/readme.txt for more information
about this issue and mitigation advice
NOTE: This issue affects all scripts that process information from
syslog/rsyslog logs, not just lfd. So you should use other such
scripts with care
Our thanks go to Rack911.com for bringing this issue to our attention