ConfigServer Community Forum

Config:
OS: Centos 7.7
csf: 14.02
ipset: yes, enabled

Problem:
In config, i enable CC_ALLOW_PORTS to specific country, and list the CC_ALLOW_PORTS_TCP ports. When i restart csf and lfd, i cant reach the specific port from the blocked countries, but after some time, i can.

Example:
CC_ALLOW_PORTS: US
CC_ALLOW_PORTS_TCP: 22

After csf restart, i cant connet to ssh from a host in the US, but some...

So I've built this custom lfd in custom.regex.pm:

if (($globlogs{CUSTOM9_LOG}{$lgfile}) and ($line =~ /^ {2} \d{2} \d{2}:\d{2}:\d{2} Invalid user login booting from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/)) {
return ( Failed booting login from ,$1, booting ,${LF_CUSTOMLOGIN}, 80,443,8443 ,${LF_CUSTOMLOGIN_PERM});
}

In csf.conf I have these variables set:

CUSTOM9_LOG = /var/log/customsecure...

All csf commands on this server appear to hang, for example:

`csf -r`
`csf -g $IP`
`csf -x`

A strace doesn't show anything useful:

```
# ps aux | grep csf
root 2234908 8.2 0.0 169596 21016 pts/2 S+ 11:34 0:00 /usr/local/cpanel/3rdparty/bin/perl /usr/sbin/csf -v
root 2234932 0.0 0.0 114760 968 pts/0 S+ 11:34 0:00 grep --color=auto csf
# strace -p 2234908
strace: Process 2234908 attached...

I'm seeing this every time I restart lfd:

● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-03-28 09:47:35 EDT; 3ms ago
Process: 21413 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 21426 (lfd - starting)
CGroup: /system.slice/lfd.service...

Hi guys,

i have a problem. When CSF activated i encounter cloudflare 522 error. I also added the cloudflare ip addresses to CSF whitelist but my problem isnt solved yet. By the way, for example, you get this error when you are surfing on the web site. When you refresh the page, the error is dissappear and then you continue to the website from where you left off.

When i deactivated CSF, i never...

Is it necessary to remove firewalld for CSF to work properly or can they both be together and active?

I installed successfully. I have not yet turned off testing. I don't want to turn it off until I see that it's working but I don't know if not turning it off could be the cause of the errors.
I am getting these errors when Restarting CSF:

Job for lfd.service failed because a fatal signal was delivered to the control process. See systemctl status lfd.service and journalctl -xe for details....

In the firewall settings it say:
Testing flag - enables a CRON job that clears iptables incase of
configuration problems when you start csf. This should be enabled until you
are sure that the firewall works
So, how do I test the firewall to make sure it works before I set testing to Off?
Is there a way to test its functionality?

I try combine Firewall and Laravel. Is it possible to install Firewall as a separate installation and not as a cPanel installation?

I try to control Firewall settings within one application.

Is this technically possible?

Hello,

21 port is enabled on my server but when I run the command:

# nmap -p 21,22,80,443 x.x.x.x

Starting Nmap 6.40 ( ) at 2020-03-22 12:22 +0530
Nmap scan report for server1.xxxxxxxxxx.com (x.x.x.x)
Host is up (0.000079s latency).
PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
#

Anyone...

Via email I get the following notifications (hundreds a day):

Time: Mon Mar 2 02:16:07 2020 +0000
Account: mailman
Resource: Process Time
Exceeded: 17249 > 10000 (seconds)
Executable: /usr/bin/python2.7
Command Line: /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
PID: 8576 (Parent PID:8549)
Killed: No

I have added the following lines to my csf pignore...

I have just installed and completed setup latest configserver on a vps running centos 7.
I can receive email lfd on myhost: Excessive Resource Usage,
but I see no other email like SSH Login Alert, Firewall block etc.
What am i missing? Please help. Thanks in advance.

Hi Everyone,

I'm trying to configure CSF to cluster 3 servers, I want server 1 to be the master and then the other two servers to share information.

###############################################################################
# lfd Clustering. This allows the configuration of an lfd cluster environment
# where a group of servers can share blocks and configuration option changes.
# Included...

Hello,
LFD do NOT recognize matching mod_security rules from Imunify.

We tested with many imunify rules with LF_MODSEC directive and DEBUG directive enabled in csf.conf.

Imunify mod_security rules are not counted neither ignored.

Tested with:

Imunify 4.5.6-1
CloudLinux 7.7
cPanel 11.84
CSF 14.02

Example.
In csf.conf
LF_TRIGGER= 0
LF_MODSEC= 10
LF_MODSEC_PERM= 1

Our custom rule matched:...

Hi,

I installed a docker on my machine, running a Discourse instance.

On the host machine, lfd coninues to call out Excessive Resource usage for some commands that I really think are coming from the docker.

Examples:

Executable: /usr/local/bin/ruby
Command Line: unicorn worker -E production -c config/unicorn.conf.rb
---
Executable: /usr/local/bin/ruby
Command Line: unicorn master -E...

yesterday i block ip 62.109.24.84 it work but today this ip still attach my server, then i block this ip again, can you suggest me.

Thank you

We are using the csf RELAYHOSTS setting to prevent lfd from creating temporary firewall entries for customers who successfully check email. We are not on cPanel, so the setting isn't normally there, but it works well. We have a separate daemon that maintains /etc/relayhosts with the IPs of recent successful connections.

The problem is that during a csf upgrade it seems to strip the RELAYHOSTS...

Hi

I'm in the process of moving from Apache to Nginx, but I can't seem to get the new regex rules working for Nginx.

My rule for 404 flood detection is here:

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /.*No such file or directory\), client: (\S+),.*/)) {
return ( NGINX Security rule triggered from ,$1, nginx_404s , 4 , 80,443 , 86400 );
}

An example log is here:

2020/03/08...

Hi,

I was looking through settings, and documentation, and i could not find, any wy to disable just mail of Excessive resource usage . Is that even possible ?

Asking as i want to switch using log reports instead, and do not want completly disable time and resource usage tracking of processes.

I have a sandbox server that mimics my live site. We have some CRM systems that make outbound connections to smtp servers on port 995. And since our sandbox is sync'd/refreshed regularly with our live site, I've blocked outbound port 995 on our sandbox to prevent the sandbox copy of the live servers from accidentally ever retrieving customer email from our POP servers. I can't disable the cron...