HOWTO: CSF Firewall + LFD Login Failure Daemon

I followed all instructions on 2 brand new servers with Centos 5.2 and DirectAdmin custombuild. Without ANY activity or ANY users about 10 alers A SECOND

We followed the instructions on a brand new machine with no activity, does anyone have any suggestions because it seems this is real #$# and we need to go back to APF.
 
littleoak,

Would you be so kind as to please edit the first post in this thread to repeat what you just wrote in your last post?

Thanks.

Jeff
 
Thanks! This way browsers finding the thread for the first time won't spend a lot of time if something isn't going to work for them.

Jeff
 
Not sure if it's just me, but this line in the config:
FTPD_LOG = "/var/log/messages"
needs to be changed to:
FTPD_LOG = "/var/log/secure"

I was wondering why LFD wasn't picking up the failed logins for FTP.
 
I installed CSF on the 8th, and have v4.26. I'm not noticing alot of problems with it, save for these processes. I have looked though, and they have had 3 releases since. They're now on v4.29. Could you include what version you have, and details of the actual problem? I don't want to upgrade, if it will cause issues.
 
Last edited:
Just a note - I will be creating an updated conf file for the newest version of CSF and DirectAdmin in the next week or so. I can't vouch that the latest version of CSF plays nicely until I have had time to test it on one of our development servers.
 
Henrik thanks. I cautiously tried updating to v4.29 and it seems to have stopped what others were talking about. Seems good.


LittleOak, looking forward to it. Thnx for the writeup and all your efforts.
 
Thanks for the howto. But I have disabled Process Tracking because PRM is more flexible as it allow me to set limit on a per service basis.
 
Just an observation...

in the process log file of lfd, you'll have an entry like this...

Dec 17 21:22:01 sexton lfd[4855]: *User Processing* PID:2834 Kill:0 User:mail Time:85636 EXE:/usr/sbin/exim CMD:/usr/sbin/exim -bd -q15m -oP /var/run/exim.pid


When you add that to your pignore file, you only need to enter "EXE /usr/sbin/exim"

The log file has EXE, but if you notice the entries that are already generated, it's exe. I added the processes i wanted to ignore, and it was still logging them. Went back in and made EXE lower case, and they've stopped. Anyone else notice this? Or maybe I'm having a "moment"? :p
 
No issues w/ v4.29 for several days now. Looks like they've released v4.30 with expanded documentation on the pignore file that alot have had issues with.

Changes:


* If you add the text "do not delete" to the comments of an entry in csf.deny then DENY_IP_LIMIT will ignore those entries and not remove them. Updated csf.deny information text for new installations

* Made the (deleted) process text even more explicit for those that are not reading csf.conf or the FAQ for their explanation

* Updated DSHIELD information URL in csf.conf

* Added new feature - csf.rignore is an ignore file that lists domains and partial domains that lfd should ignore. Read /etc/csf/csf.rignore for more information. Note that .cpanel.net is always added on cPanel csf installations

* Option GOOGLEBOT removed. This feature is now performed using csf.rignore. If GOOGLEBOT was previously enabled it will be added to csf.rignore
 
I have a question, some of my users are blocked by the firewall, I edited the file "etc/csf/csf.deny" and removed their IPs from the file. They still cant visit their websites. Why?
 
I've upgraded my old csf/lfd and now am using 4.5, but there is no plugin in my DA. I've restarted DA and still no plugin. How do we add the plugin to DA?
 
Back
Top