Page 1 of 1
CSF.Gallow problem on lfd dialy restart
Posted: 01 Jun 2011, 22:19
by leozim
Hello Chirpy,
I have a problem with csf in all my server, appears are a bug.
All days, lfd restart on 00:00 automactly, by script /etc/cron.d/lfdcron.sh
but when this script rn, csf.gallow file, corrupt, have lost data (probably when request this file from my GLOBAL_ALLOW have problems)
when lfd refresh GLOBAL_ALLOW, after 1 hour (my configuration its 1 hour to refresh), problem is fixed
I already try to change time, but problem persists. Problem not affect 100% of server, is 5% of server each day, different servers... very stranger.
Detail: GLOBAL_ALLOW is a url of my local network and not have problems.
Can help to found and fix this problem?
Thanks
Leo
Re: CSF.Gallow problem on lfd dialy restart
Posted: 05 Jun 2011, 15:40
by ForumAdmin
I am unable to recreate a problem with GLOBAL_ALLOW. What data is lost and from where when lfd is restarted?
Re: CSF.Gallow problem on lfd dialy restart
Posted: 09 Jun 2011, 03:58
by leozim
Thanks for reply...
I cant found data losted on gallow or gdeny files, when fail ocurring I cant access server.
On my case, have I gdeny rules to block all ftp and all ssh access, and on gallow I put my ips to whitelisted my ips
Is a very specifical configuration, and only when csf restart via cron of problem ocouring.
Re: CSF.Gallow problem on lfd dialy restart
Posted: 05 Jul 2011, 16:22
by leozim
After I have problems all days, today can I see more details..
Problem ocorruing only lfd restart automactly , via cronjob
I make a iptables --list on this situation, and analising Chain GALLOWIN (1 references) is'not present
file /etc/csf/csf.gallow is ok, but when lfd restart not load this file to iptables
Its possible help-me on this case?
Thanks
Le
Re: CSF.Gallow problem on lfd dialy restart
Posted: 05 Jul 2011, 16:44
by ForumAdmin
You need to post the full startup log lines in /var/log/lfd.log from when lfd restarts at midnight. For example:
Code: Select all
Jul 5 00:00:02 homer lfd[1693]: daemon started on homer.webumake.net - csf v5.32 (cPanel)
Jul 5 00:00:02 homer lfd[1693]: Clock Ticks: 100
Jul 5 00:00:02 homer lfd[1693]: debug: **** DEBUG LEVEL 1 ENABLED ****
Jul 5 00:00:02 homer lfd[1693]: CSF Tracking...
Jul 5 00:00:02 homer lfd[1693]: IPv6 Enabled...
Jul 5 00:00:02 homer lfd[1693]: LOAD Tracking...
Jul 5 00:00:02 homer lfd[1693]: Messenger HTML Service starting...
Jul 5 00:00:02 homer lfd[1693]: Messenger TEXT Service starting...
Jul 5 00:00:02 homer lfd[1693]: Global Allow Tracking...
Jul 5 00:00:02 homer lfd[1693]: DSHIELD Tracking...
Jul 5 00:00:02 homer lfd[1693]: SPAMHAUS Tracking...
Jul 5 00:00:02 homer lfd[1693]: Country Code Lookups...
Jul 5 00:00:02 homer lfd[1693]: System Integrity Tracking...
Jul 5 00:00:02 homer lfd[1693]: Exploit Tracking...
Jul 5 00:00:02 homer lfd[1693]: Directory Watching...
Jul 5 00:00:02 homer lfd[1693]: Email Script Tracking...
Jul 5 00:00:02 homer lfd[1693]: Email Queue Tracking...
Jul 5 00:00:02 homer lfd[1693]: Email Relay Tracking...
Jul 5 00:00:02 homer lfd[1693]: Temp to Perm Block Tracking...
Jul 5 00:00:02 homer lfd[1693]: Port Scan Tracking...
Jul 5 00:00:02 homer lfd[1699]: Global Allow - retrieved and allowing IP address ranges
Jul 5 00:00:02 homer lfd[1693]: Connection Tracking...
Jul 5 00:00:02 homer lfd[1693]: Process Tracking...
Jul 5 00:00:02 homer lfd[1693]: Account Tracking...
Jul 5 00:00:02 homer lfd[1693]: SSH Tracking...
Jul 5 00:00:02 homer lfd[1693]: SU Tracking...
Jul 5 00:00:02 homer lfd[1693]: WHM Tracking...
Jul 5 00:00:02 homer lfd[1693]: Watching /var/log/maillog...
Jul 5 00:00:02 homer lfd[1693]: Watching /var/log/exim_mainlog...
Jul 5 00:00:02 homer lfd[1693]: Watching /var/log/messages...
Jul 5 00:00:02 homer lfd[1693]: Watching /var/log/secure...
Jul 5 00:00:02 homer lfd[1693]: Watching /usr/local/cpanel/logs/login_log...
Jul 5 00:00:02 homer lfd[1693]: Watching /usr/local/apache/logs/error_log...
Jul 5 00:00:02 homer lfd[1693]: Watching /usr/local/cpanel/logs/access_log...
Re: CSF.Gallow problem on lfd dialy restart
Posted: 05 Jul 2011, 22:50
by leozim
Hi,
Thanks for fast response.
I goes to change csf.conf to debug=1, after this I restart lfd, and imediatly restart csf too, and problem ocourring!
After 1 hour, when crontab restart again csf/lfd server is fine, and i check logs, I not see problems, is below...
Apper to me, /etc/csf/g* files is ok, the problem is on iptables not load csf.gallow file...
logs:
Jul 5 15:39:00 urano lfd[22676]: TERM
Jul 5 15:39:00 urano lfd[22676]: daemon stopped
Jul 5 15:39:01 urano lfd[29252]: daemon started on urano.yyyyyycom - csf v5.32 (cPanel)
Jul 5 15:39:01 urano lfd[29252]: Clock Ticks: 100
Jul 5 15:39:01 urano lfd[29252]: debug: **** DEBUG LEVEL 1 ENABLED ****
Jul 5 15:39:01 urano lfd[29252]: CSF Tracking...
Jul 5 15:39:01 urano lfd[29252]: LOAD Tracking...
Jul 5 15:39:01 urano lfd[29252]: Messenger HTML Service starting...
Jul 5 15:39:01 urano lfd[29252]: Messenger TEXT Service starting...
Jul 5 15:39:01 urano lfd[29252]: Global Ignore Tracking...
Jul 5 15:39:01 urano lfd[29252]: Global Allow Tracking...
Jul 5 15:39:01 urano lfd[29252]: Global Deny Tracking...
Jul 5 15:39:01 urano lfd[29252]: DSHIELD Tracking...
Jul 5 15:39:01 urano lfd[29252]: SPAMHAUS Tracking...
Jul 5 15:39:01 urano lfd[29252]: Country Code Filters...
Jul 5 15:39:01 urano lfd[29252]: Country Code Lookups...
Jul 5 15:39:01 urano lfd[29252]: System Integrity Tracking...
Jul 5 15:39:01 urano lfd[29252]: Exploit Tracking...
Jul 5 15:39:01 urano lfd[29252]: Directory Watching...
Jul 5 15:39:01 urano lfd[29252]: Email Queue Tracking...
Jul 5 15:39:01 urano lfd[29252]: Email Relay Tracking...
Jul 5 15:39:01 urano lfd[29252]: Temp to Perm Block Tracking...
Jul 5 15:39:01 urano lfd[29252]: Connection Tracking...
Jul 5 15:39:01 urano lfd[29252]: Process Tracking...
Jul 5 15:39:02 urano lfd[29252]: Account Tracking...
Jul 5 15:39:02 urano lfd[29252]: SSH Tracking...
Jul 5 15:39:02 urano lfd[29252]: SU Tracking...
Jul 5 15:39:02 urano lfd[29252]: WHM Tracking...
Jul 5 15:39:02 urano lfd[29252]: Watching /var/log/maillog...
Jul 5 15:39:02 urano lfd[29252]: Watching /var/log/exim_mainlog...
Jul 5 15:39:02 urano lfd[29252]: Watching /var/log/messages...
Jul 5 15:39:02 urano lfd[29252]: Watching /var/log/secure...
Jul 5 15:39:02 urano lfd[29252]: Watching /usr/local/cpanel/logs/login_log...
Jul 5 15:39:02 urano lfd[29252]: Watching /usr/local/apache/logs/error_log...
Jul 5 15:39:02 urano lfd[29252]: Watching /usr/local/cpanel/logs/access_log...
Jul 5 15:39:02 urano lfd[29265]: DSHIELD - retrieved and blocking IP address ranges
Jul 5 15:39:02 urano lfd[29264]: Global Allow - retrieved and allowing IP address ranges
Jul 5 15:39:05 urano lfd[29264]: Global Deny - retrieved and blocking IP address ranges
Jul 5 15:39:12 urano lfd[29252]: debug: (processloginline) Account name [elizabeth+xxxxx.com.br] is invalid
Jul 5 15:39:12 urano lfd[29252]: debug: (processloginline) Account name [elizabeth+xxxxx.com.br] is invalid
Jul 5 15:39:18 urano lfd[29264]: Global Ignore - retrieved and ignoring
Re: CSF.Gallow problem on lfd dialy restart
Posted: 13 Jul 2011, 14:33
by leozim
Hello,
I not receive more updates about this problem, can I make one sugestion?
on this crontab:
/etc/cron.d/lfdcron.sh
MAILTO=
SHELL=/bin/sh
0 0 * * * root /etc/init.d/lfd restart > /dev/null 2>&1
put csf restart too, because the problem is on csf not receive all iptables rules, and not up the csf.gallow rules
Thanks
Leo
Re: CSF.Gallow problem on lfd dialy restart
Posted: 13 Jul 2011, 17:53
by chirpy
As I said, I am unable to recreate any issues with GLOBAL_ALLOW. The only other suggestion I can make is to change your configuration of SAFECHAINUPDATE. If you have it set to 1, set it to 0. If it set to 0, set it to 1. Then restart csf and then lfd.