csf/lfd... seems broken, not sure

J

jlpeifer

Verified User
Joined
Jun 6, 2006
Messages
107
I tried installing csf and I'm pretty sure it's not working correctly. Here's what I see when I check the status of csf and lfd...
Code: 
service lfd status
* lfd.service - ConfigServer Firewall & Security - lfd
   Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-12-28 06:45:45 UTC; 18min ago
Main PID: 28209 (lfd - sleeping)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/lfd.service
           `-28209 lfd - sleeping

Dec 28 06:45:45 hosting usermod[28356]: add 'root' to shadow group 'mysyslog'
Dec 28 06:45:45 hosting usermod[28376]: add 'daemon' to group 'mysyslog'
Dec 28 06:45:45 hosting usermod[28376]: add 'daemon' to shadow group 'mysyslog'
Dec 28 06:45:45 hosting usermod[28389]: add 'mail' to group 'mysyslog'
Dec 28 06:45:45 hosting usermod[28389]: add 'mail' to shadow group 'mysyslog'
Dec 28 06:50:45 hosting lfd[28209]: SYSLOG check [INQSxuhd64X2DF8iK2HPWnpbo52e]
Dec 28 06:55:45 hosting lfd[28209]: SYSLOG check [YuZBGwEZRxnyuOXaoC]
Dec 28 06:58:52 hosting systemd[1]: lfd.service: Failed to reset devices.list: Operation not permitted
Dec 28 06:59:05 hosting systemd[1]: lfd.service: Failed to reset devices.list: Operation not permitted
Dec 28 07:00:45 hosting lfd[28209]: SYSLOG check [ZeOOtEeuLyhFlgxIA]

service csf status
* csf.service - ConfigServer Firewall & Security - csf
   Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
   Active: active (exited) since Mon 2020-12-28 06:13:46 UTC; 51min ago
Main PID: 16070 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/csf.service

Dec 28 06:13:46 hosting systemd[1]: Stopped ConfigServer Firewall & Security - csf.
Dec 28 06:13:46 hosting systemd[1]: csf.service: Failed to reset devices.list: Operation not permitted
Dec 28 06:13:46 hosting systemd[1]: Starting ConfigServer Firewall & Security - csf...
Dec 28 06:13:46 hosting csf[16070]: (restoring iptables) (restoring ip6tables)
Dec 28 06:13:46 hosting systemd[1]: Started ConfigServer Firewall & Security - csf.
Dec 28 06:45:44 hosting systemd[1]: csf.service: Failed to reset devices.list: Operation not permitted
Dec 28 06:58:52 hosting systemd[1]: csf.service: Failed to reset devices.list: Operation not permitted
Dec 28 06:59:05 hosting systemd[1]: csf.service: Failed to reset devices.list: Operation not permitted

Lines here that particularly catch my eye are...
Code: 
CGroup: /system.slice/lfd.service
           `-28209 lfd - sleeping
and
Code: 
csf.service: Failed to reset devices.list: Operation not permitted

I am able to manually deny an IP address from terminal...
Code: 
csf -d 212.108.234.94
Adding 212.108.234.94 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  212.108.234.94  -> 0.0.0.0/0
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 212.108.234.94

But I don't think any IPs identified by BFM are being blocked automatically.

Can someone help me troubleshoot this? Much appreciated.
 
Lines here that particularly catch my eye are...
Code:
Code: 
CGroup: /system.slice/lfd.service
           `-28209 lfd - sleeping
Click to expand...

This should be fine :)

csf.service: Failed to reset devices.list: Operation not permitted
Click to expand...
This on the other hand does not appear to be. Is this a VM? If so, what type of virtualization and which OS are you using?

Try run csftest.pl (in /etc/csf/ on CentOS)
 
You must log in or register to reply here.
Back
Top