CSF and LFD not being restarted correctly on RHEL 7.9
Posted: 17 Aug 2023, 19:10
I was trying to figure out why changes to blocklists and firewall configurations didn't seem to be taking effect. After digging into it more today, I think I have found a potential bug.
When restarting csf and lfd through or through the web interface, the web interface reports back that CSF and LFD were restarted, however when checking the service status with and , both show that they have not been restarted, and still show the running status from months prior.
When restarting csf and lfd through [icode]csf -ra[/icode] or through the web interface, CSF reports that it has been restarted. LFD outputs nothing. However when checking the service status with and , both show that they have not been restarted, and still show the running status from months prior.
Only until I restarted csf.service and lfd.service via the OS systemctl, did they actually get properly reloaded and restarted:
Some details of the OS to help:
When restarting csf and lfd through
Code: Select all
csf -raCode: Select all
systemctl status lfd.serviceCode: Select all
systemctl status csf.serviceWhen restarting csf and lfd through [icode]csf -ra[/icode] or through the web interface, CSF reports that it has been restarted. LFD outputs nothing. However when checking the service status with
Code: Select all
systemctl status lfd.serviceCode: Select all
systemctl status csf.serviceCode: Select all
root@myserver: /etc/csf
# systemctl status csf.service
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
Active: active (exited) since Mon 2023-06-19 22:05:36 MDT; 1 months 28 days ago
Main PID: 1394 (code=exited, status=1/SUCCESS)
Tasks: 0
Memory: 0B
CGroup: /system.slice/csf.service
Jun 19 22:05:35 myserver.example.com systemd[1]: Starting ConfigServer Firewall & Security - csf...
Jun 19 22:05:36 myserver.example.com csf[1394]: (restoring ipsets) (restoring iptables) (restoring ip6tables)
Jun 19 22:05:36 myserver.example.com systemd[1]: Started ConfigServer Firewall & Security - csf.
Only until I restarted csf.service and lfd.service via the OS systemctl, did they actually get properly reloaded and restarted:
Code: Select all
root@myserver: /etc/csf
# systemctl restart csf.service
root@myserver: /etc/csf
# systemctl restart lfd.service
root@myserver: /etc/csf
# systemctl status csf.service
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2023-08-17 11:52:00 MDT; 16s ago
Process: 6487 ExecStop=/usr/sbin/csf --stop (code=exited, status=0/SUCCESS)
Process: 6475 ExecStop=/usr/sbin/csf --initdown (code=exited, status=0/SUCCESS)
Process: 6513 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
Main PID: 6513 (code=exited, status=0/SUCCESS)
Tasks: 0
Memory: 0B
CGroup: /system.slice/csf.service
Aug 17 11:52:00 myserver.example.com csf[6513]: ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
Aug 17 11:52:00 myserver.example.com csf[6513]: LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
Aug 17 11:52:00 myserver.example.com csf[6513]: LOGDROPIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
Aug 17 11:52:00 myserver.example.com csf[6513]: ACCEPT udp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 udp spt:53
Aug 17 11:52:00 myserver.example.com csf[6513]: ACCEPT tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:53
Aug 17 11:52:00 myserver.example.com csf[6513]: ACCEPT udp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:53
Aug 17 11:52:00 myserver.example.com csf[6513]: ACCEPT tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:53
Aug 17 11:52:00 myserver.example.com csf[6513]: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
Aug 17 11:52:00 myserver.example.com csf[6513]: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
Aug 17 11:52:00 myserver.example.com systemd[1]: Started ConfigServer Firewall & Security - csf.
root@myserver: /etc/csf
# systemctl status lfd.service
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-08-17 11:52:10 MDT; 17s ago
Process: 6784 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 6794 (lfd - sleeping)
Tasks: 2
Memory: 33.1M
CGroup: /system.slice/lfd.service
├─6794 lfd - sleeping
└─6803 lfd UI
Aug 17 11:52:09 myserver.example.com systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Aug 17 11:52:10 myserver.example.com systemd[1]: Started ConfigServer Firewall & Security - lfd.
Some details of the OS to help:
Code: Select all
root@myserver: /etc/csf
# cat /etc/os-release
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Red Hat Enterprise Linux"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.9
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.9"
root@myserver: /etc/csf
# uname -a
Linux myserver.example.com 3.10.0-1160.76.1.el7.x86_64 #1 SMP Tue Jul 26 14:15:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
root@myserver: /etc/csf
# csf -v
csf: v14.19 (generic)