ConfigServer Community Forum

If you disable LFD in the CSF configuration (LF_DAEMON = "0") it will still be enabled in systemd. This means that systemd will try to start LFD on boot. That will fail because if LFD is disabled in the configuration the lfd binary will immediately kill it's own process.

root@server:~/csf# lfd
Killed

This is caused by line 6704 in /usr/sbin/lfd (version 10.00).

kill (9, -$$);

Systemd (correctly) interprets this as a failure.

root@server:~/csf# systemctl status lfd.service
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled)
Active: failed (Result: signal) since Tue 2017-02-28 15:34:37 CET; 8min ago

Feb 28 15:34:37 hostname systemd[1]: lfd.service: control process exited, code=killed status=9
Feb 28 15:34:37 hostname systemd[1]: Failed to start ConfigServer Firewall & Security - lfd.
Feb 28 15:34:37 hostname systemd[1]: Unit lfd.service entered failed state.

And systemd will be in a degraded state because of this.

root@server:~# systemctl status
● hostname
State: degraded
Jobs: 1 queued
Failed: 1 units

To prevent this I could manually disable LFD in systemd (with systemctl disable lfd.service) but after each update of CSF the service will be enabled again by the setup script.

There are multiple ways to fix this. My suggestion would be to either disable the systemd service if LFD is disabled in the CSF configuration or make sure the lfd binary exits cleanly if LFD is disabled in the CSF configuration.

This is to be expected if you disable the LF_DAEMON. If you want to keep it disabled in systemd, create a csfpost.sh and add any systemctl commands that you want into it, rmember to use full paths to any binaries.

Why does CSF enable the LFD systemd service if LF_DAEMON is set to 0? Why would you want to start something on boot that is disabled? That makes no sense.