This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
We are facing issue of LFD daemon failure regularly.
In WHM, it shows running and enabled, but failed to start.
Following is the error LFD generate:
>> Starting ConfigServer Firewall & Security - lfd...
>> Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd (see /etc/csf/csf.error)
>> PID file /var/run/lfd.pid not readable...
The Log Scanner Report emails contain lines of data from the log that appear to be continuations of previous multi-lined log entries.
It appears that the format of the log entries looks like:
-------------------------------
begin with the date/time in brackets
a space
the type of log entry ( info, warning, error)
a space
a source ( program or procedure ) of the log entry in brackets
a...
When using the webminmodule and the new fancy theme the csf page shows just a spinning wheel, nothing happens. When switching back to the old theme everythings works as expected.
What can I do?
I've got CSF and LFD csf v9.11 running on my VPS server without problems until a couple of weeks now.
Every couple of hours or sometimes a day LFD create a zombie defunct process on my Directadmin vps server.
When i restart LFD the zombie is gone a couple of hours but then its back again. Is this a bug in LFD?
Is there a way to debug LFD or do you have any idea where to look and to fix...
I noticed that the Log Scanner Report is not sent on a daily basis as it is configured. So one day i receive the report the other day I do not receive the report.
I observed this behaviour on two servers. I already removed CSF and re-installed it but no way. It still sends the reports randomly.
Checked also the crontab list but did not find any abnormalities.
Sometime yesterday CSF firewall stopped logging AUTHRELAY alerts and stopped sending notifications. I updated to the latest version of CSF but that functionality is still missing.
$ csf -c
csf is already at the latest version: v9.10
$ csf -td 1.2.3.4 -p 22 Comment: TEST
DROP tcp opt -- in !lo out * 1.2.3.4 -> 0.0.0.0/0 tcp dpt:22
csf: 1.2.3.4 blocked on port 22 for 3600 seconds inbound
$ csf -t
A/D IP address Port Dir Time To Live Comment
DENY 1.2.3.4 in 59m 56s Comment: TEST
This is actually in reference to another bug that was recently fixed.
9.07 - Fixed removal of complex allow and deny rules
It appears that these changes are preventing complex rules from being removed when using the IP address itself. This complicates things when iptables rules generated for LFD automated blocks are entered. As an example:
Its look like there come some problems when my installation upgrade to 9.07
cPanel Monitoring
Jul 05 13:57:29 web1.myserver.com systemd : Starting ConfigServer Firewall & Security - lfd...
Jul 05 13:57:30 web1.myserver.com lfd : Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd (see /etc/csf/csf.error)
Jul 05 13:57:30...
Recently I enabled the IPv6 support in my office and because of that I decided to also start to enable IPv6 support on my servers too.
But after I configured everything I notice that the connection to ports that are in CC_ALLOW_PORTS_TCP are always going through IPv4 and never through IPv6. So I listed in IP6TABLES and IPTABLES I notice that the Chain CC_ALLOWPORTS is empty in...
i have multiple Servers, all with CSF/LFD + CXS working on Cpanel.
After Updating the Mod_security LF_MODSEC Trigger no longer working (no IP ban on configured Trigger)
I have CPANEL/WHM, 56.0 Build 24 on CENTOS 6.8 x86_64 running on Servers.
I use classic Apache/2.4.18 compiled with EasyApache3 under CP.
I run common Atomicorp Modsec Rules Subscriptions on Servers.
After the upgrade to 9.x they try to unblock but it does not actually work. On the web page they get the CSF manpage. In the email we get the search for the IP, it not getting unblocked and then the CSF manpage.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum