CSF installation fails

Tristan

Tristan

Verified User
Joined
Feb 11, 2005
Messages
684
Location
The Netherlands
Hi there,

just installed CSF as per instructions here:
Code: 
da build set csf yes
da build csf
since it wasn't installed by default when this DirectAdmin server was installed. Noticed some problems after installation though. The section for additional DirectAdmin entries in csf.pignore is empty after installation resulting in lots of false "Excessive resource usage" emails of course and when issuing a restart:
Code: 
● csf.service - ConfigServer Firewall & Security - csf
     Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-02-28 13:54:34 CET; 5s ago
    Process: 8928 ExecStart=/usr/sbin/csf --initup (code=exited, status=2)
   Main PID: 8928 (code=exited, status=2)
        CPU: 565ms

Feb 28 13:54:34 server.example.com csf[8928]: Flushing chain `OUTPUT'
Feb 28 13:54:34 server.example.com csf[8928]: Flushing chain `PREROUTING'
Feb 28 13:54:34 server.example.com csf[8928]: Flushing chain `INPUT'
Feb 28 13:54:34 server.example.com csf[8928]: Flushing chain `FORWARD'
Feb 28 13:54:34 server.example.com csf[8928]: Flushing chain `OUTPUT'
Feb 28 13:54:34 server.example.com csf[8928]: Flushing chain `POSTROUTING'
Feb 28 13:54:34 server.example.com csf[8928]: open3: exec of /sbin/ipset flush failed: No such file or directory at /usr/sbin/csf line 5650.
Feb 28 13:54:34 server.example.com systemd[1]: csf.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Feb 28 13:54:34 server.example.com systemd[1]: csf.service: Failed with result 'exit-code'.
Feb 28 13:54:34 server.example.com systemd[1]: Failed to start ConfigServer Firewall & Security - csf.
Does anyone know how to install CSF properly nowadays on Debian 11 with DirectAdmin stable 1.658?
 
tristan said:
open3: exec of /sbin/ipset flush failed: No such file or directory at /usr/sbin/csf line 5650.
Click to expand...
Looks like it's missing ipset.

Try this:
Code: 
sudo apt-get update
sudo apt-get install ipset

Try restarting after this.

Would be a bit strange however, because I don't remember ipset to be enabled in csf.conf by default, but I could be wrong.
 
Thanks for the quick reply! Ipset is already installed though:

Code: 
# apt install ipset
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
ipset is already the newest version (7.10-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

It's weird it doesn't have these custom DirectAdmin lines added to csf.pignore as well.
 
Yes that's very odd indeed, normally the csf.conf and csf.pignore is filled with the custom lines.
Maybe some kind of odd Debian issue.

Because if I look at this part:
tristan said:
No such file or directory at /usr/sbin/csf line 5650.
Click to expand...
and checking my own csf binary there, then line 5650 contains this:
my $cmdpid = open3($childin, $childout, $childout, $command);
but this is coming from an iptables part.

Could you check if iptables is indeed installed and not ufw instead?
Use the iptables -L command or something to check.

If it is installed, then this is a very weird issue. I can't remember encountering this when I temporarily ran a VPS on Debian 11.
Maybe best in that case is to send in a ticket.
Because this should just be handeld by Custombuild when installed via CB as you did.
 
maybe missing some symbolic link from "/sbin/" to "/usr/sbin"

Code: 
stat /sbin
 
I had the same problem after updating Debian 10 to Debian 12 (Updating DA and custombuilds as well).
In Debian 11 (necessary inbetween step) this issue occurs, after the update to Debian 12 it was working again.

Just fyi.

Ronald
 
You must log in or register to reply here.
Back
Top