ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

lfd web UI - connection refused

https://mail.forum.configserver.com/viewtopic.php?t=10221

Page 1 of 1

lfd web UI - connection refused

Posted: 27 Apr 2017, 13:57
by jez
My LFD web UI was working fine. I clicked "disable firewall" and it stopped responding. I then enabled the firewall with "csf -e" as root, and the firewall was enabled (apparently)... but now I get "connection refused" when I try to connect to the LFD web UI. I've tried rebooting the machine and I get the same problem. I tried connecting from localhost and it still gives me "connection refused". There are no entries in /etc/csf/ui/ui.ban (and my IP address is in both /etc/csf/ui/ui.allow and /etc/csf/csf.allow). As far as I can see the config is fine:

Code: Select all

###############################################################################
# SECTION:Integrated User Interface
###############################################################################
# Integrated User Interface. This feature provides a HTML UI to csf and lfd,
# without requiring a control panel or web server. The UI runs as a sub process
# to the lfd daemon
#
# As it runs under the root account and successful login provides root access
# to the server, great care should be taken when configuring and using this
# feature. There are additional restrictions to enhance secure access to the UI
#
# See readme.txt for more information about using this feature BEFORE enabling
# it for security and access reasons
# 
# 1 to enable, 0 to disable
UI = "1"

# Set this to the port that want to bind this service to. You should configure
# this port to be >1023 and different from any other port already being used
#
# Do NOT enable access to this port in TCP_IN, instead only allow trusted IP's
# to the port using Advanced Allow Filters (see readme.txt)
UI_PORT = "6666"

# Optionally set the IP address to bind to. Normally this should be left blank
# to bind to all IP addresses on the server.
#
# If the server is configured for IPv6 but the IP to bind to is IPv4, then the
# IP address MUST use the IPv6 representation. For example 1.2.3.4 must use
# ::ffff:1.2.3.4
#
# Leave blank to bind to all IP addresses on the server
UI_IP = ""

# This should be a secure, hard to guess username
# 
# This must be changed from the default
UI_USER = "root"

# This should be a secure, hard to guess password. That is, at least 8
# characters long with a mixture of upper and lowercase characters plus 
# numbers and non-alphanumeric characters
#
# This must be changed from the default
UI_PASS = "[removed]"

# This is the login session timeout. If there is no activity for a logged in
# session within this number of seconds, the session will timeout and a new
# login will be required
#
# For security reasons, you should always keep this option low (i.e 60-300)
UI_TIMEOUT = "600"

# This is the maximum concurrent connections allowed to the server. The default
# value should be sufficient
UI_CHILDREN = "5"

# The number of login retries allowed within a 24 hour period. A successful
# login from the IP address will clear the failures
#
# For security reasons, you should always keep this option low (i.e 0-10)
UI_RETRY = "10"

# If enabled, this option will add the connecting IP address to the file 
# /etc/csf/ui/ui.ban after UI_RETRY login failures. The IP address will not be
# able to login to the UI while it is listed in this file. The UI_BAN setting
# does not refer to any of the csf/lfd allow or ignore files, e.g. csf.allow,
# csf.ignore, etc.
#
# For security reasons, you should always enable this option
UI_BAN = "1"

# If enabled, only IPs (or CIDR's) listed in the file /etc/csf/ui/ui.allow will
# be allowed to login to the UI. The UI_ALLOW setting does not refer to any of
# the csf/lfd allow or ignore files, e.g. csf.allow, csf.ignore, etc.
#
# For security reasons, you should always enable this option and use ui.allow
UI_ALLOW = "1"

# If enabled, this option will trigger an iptables block through csf after
# UI_RETRY login failures
#
# 0 = no block;1 = perm block;nn=temp block for nn secs
UI_BLOCK = "1"

# This controls what email alerts are sent with regards to logins to the UI. It
# uses the uialert.txt template
#
# 4 = login success + login failure/ban/block + login attempts
# 3 = login success + login failure/ban/block
# 2 = login failure/ban/block
# 1 = login ban/block
# 0 = disabled
UI_ALERT = "4"

# This is the SSL cipher list that the Integrated UI will negotiate from
UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"

# This is the SSL protocol version used. See IO::Socket::SSL if you wish to
# change this and to understand the implications of changing it
UI_SSL_VERSION = "SSLv23:!SSLv2"

# If cxs is installed then enabling this option will provide a dropdown box to
# switch between applications
UI_CXS = "0"

# There is a modified installation of ConfigServer Explorer (cse) provided with
# the csf distribution. If this option is enabled it will provide a dropdown
# box to switch between applications
UI_CSE = "0"
What could be the problem?

Re: lfd web UI - connection refused

Posted: 27 Apr 2017, 14:04
by jez
I've just noticed someone else has had the same problem; LFD is failing to start. Topic at: viewtopic.php?f=6&t=10220&p=28098
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited