21secolo
Verified User
same message if you try to update it... I need fix too!
[PLUGIN] ConfigServer Security & Firewall
- Thread starter chirpy
- Start date
same message if you try to update it... I need fix too!
Arieh
Verified User
I doubt someone knows a simple fix, I think its just build this way and you have to run it from commandline.
Richard G
Verified User
I just got a reply from the Configserver crew. It's not possible due to the DA use of mod_perl so you have to start it again from console. So there is no fix or other way.
ErBergez
Verified User
CSF -u Command Not Found - Help
Hi -
I have installed and I have been running CSF for many years; however, this evening I went to upgrade CSF by logging into the server via SSH --> su to Root and entered the command:
[root@server ~]$ csf -u
However, my server replied: -bash: csf: command not found.
Am I missing something? Should I be in a particular directory?
I have a 2nd server and successfully upgrade CSF with the above process. So now I'm totally lost...
I'm not an expert Linux user so any help or suggestions would be greatly appreciated.
Thank you,
Eric
BCN, Inc.
Hi -
I have installed and I have been running CSF for many years; however, this evening I went to upgrade CSF by logging into the server via SSH --> su to Root and entered the command:
[root@server ~]$ csf -u
However, my server replied: -bash: csf: command not found.
Am I missing something? Should I be in a particular directory?
I have a 2nd server and successfully upgrade CSF with the above process. So now I'm totally lost...
I'm not an expert Linux user so any help or suggestions would be greatly appreciated.
Thank you,
Eric
BCN, Inc.
SeLLeRoNe
Super Moderator
Prolly /usr/sbin/ is missing in your path
Regards
Regards
mr.applesauce
Verified User
- Joined
- Jun 3, 2009
- Messages
- 535
When you su to root make sure you use "su -" not just "su"
nobaloney
NoBaloney Internet Svcs - In Memoriam †
@nadlerz:
Post the output of running thes on your server:
and
Jeff
Post the output of running thes on your server:
Code:
$ df -h
Code:
$ cat /etc/fstabSame issue here, any solution?
nobaloney
NoBaloney Internet Svcs - In Memoriam †
For the first error, figure out why your nameserver isn't responding. If it's on the same server as your first nameserver, then the IP# may not be resolving.
For the second error, either rent a small VPS somewhere else to use for Slave DNS, make an arrangement with someone else using DirectAdmin to share DNS services, or buy slaveDNS from me or someone else who offers it.
Note if you're going to contact me, please use email (address below in my siglines) rather than PM as I answer email more quickly.
Jeff
For the second error, either rent a small VPS somewhere else to use for Slave DNS, make an arrangement with someone else using DirectAdmin to share DNS services, or buy slaveDNS from me or someone else who offers it.
Note if you're going to contact me, please use email (address below in my siglines) rather than PM as I answer email more quickly.
Jeff
groomy
Verified User
Hi, in Centos i have this problem :
Thanks...
Thanks...
SeLLeRoNe
Super Moderator
try install this:
yum install perl-LWP-UserAgent-Determined
Regards
yum install perl-LWP-UserAgent-Determined
Regards
groomy
Verified User
thanks now is good....
Just added this to one of my servers and initial impressions is that it is great. Should be part of DA's standard install in my opinion.
I notice that I am getting a ton of warning emails like this one:
----------------
Subject: lfd on one.of.my.servers.com: Suspicious process running under user xxxxx
Date: October 7, 2012 3:44:07 PM PDT
To: [email protected]
Time: Sun Oct 7 15:44:07 2012 -0700
PID: 13424
Account: xxxxx
Uptime: 77 seconds
Executable:
/usr/libexec/dovecot/imap
Command Line (often faked in exploits):
dovecot/imap [[email protected] xxx.xxx.xxx.xxx]
Network connections by the process (if any):
tcp: xxx.xxx.xxx.xxx:143 -> xxx.xxx.xxx.xxx:55236
Files open by the process (if any):
/dev/null
/dev/null
anon_inode:[eventpoll]
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index.log (deleted)
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index (deleted)
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot-uidlist
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index.log
Memory maps by the process (if any):
00110000-00111000 r-xp 00000000 00:00 0 [vdso]
00111000-00164000 r-xp 00000000 fd:00 57674090 /usr/lib/libssl.so.1.0.0
00164000-00166000 r--p 00052000 fd:00 57674090 /usr/lib/libssl.so.1.0.0
00166000-00169000 rw-p 00054000 fd:00 57674090 /usr/lib/libssl.so.1.0.0
00169000-0016c000 r-xp 00000000 fd:00 36701070 /lib/libdl-2.12.so
0016c000-0016d000 r--p 00002000 fd:00 36701070 /lib/libdl-2.12.so
0016d000-0016e000 rw-p 00003000 fd:00 36701070 /lib/libdl-2.12.so
0016e000-00175000 r-xp 00000000 fd:00 36701118 /lib/librt-2.12.so
00175000-00176000 r--p 00006000 fd:00 36701118 /lib/librt-2.12.so
00176000-00177000 rw-p 00007000 fd:00 36701118 /lib/librt-2.12.so
00177000-0018c000 r-xp 00000000 fd:00 36701140 /lib/libresolv-2.12.so
0018c000-0018d000 ---p 00015000 fd:00 36701140 /lib/libresolv-2.12.so
0018d000-0018e000 r--p 00015000 fd:00 36701140 /lib/libresolv-2.12.so
0018e000-0018f000 rw-p 00016000 fd:00 36701140 /lib/libresolv-2.12.so
0018f000-00191000 rw-p 00000000 00:00 0
00191000-001a8000 r-xp 00000000 fd:00 36701078 /lib/libpthread-2.12.so
001a8000-001a9000 r--p 00016000 fd:00 36701078 /lib/libpthread-2.12.so
001a9000-001aa000 rw-p 00017000 fd:00 36701078 /lib/libpthread-2.12.so
001aa000-001ac000 rw-p 00000000 00:00 0
001ac000-001c9000 r-xp 00000000 fd:00 36701120 /lib/libselinux.so.1
001c9000-001ca000 r--p 0001c000 fd:00 36701120 /lib/libselinux.so.1
001ca000-001cb000 rw-p 0001d000 fd:00 36701120 /lib/libselinux.so.1
0022e000-0024c000 r-xp 00000000 fd:00 36701041 /lib/ld-2.12.so
0024c000-0024d000 r--p 0001d000 fd:00 36701041 /lib/ld-2.12.so
0024d000-0024e000 rw-p 0001e000 fd:00 36701041 /lib/ld-2.12.so
00254000-003e4000 r-xp 00000000 fd:00 36701044 /lib/libc-2.12.so
003e4000-003e6000 r--p 0018f000 fd:00 36701044 /lib/libc-2.12.so
003e6000-003e7000 rw-p 00191000 fd:00 36701044 /lib/libc-2.12.so
003e7000-003ea000 rw-p 00000000 00:00 0
003ea000-0055f000 r-xp 00000000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
0055f000-00560000 ---p 00175000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
00560000-0056e000 r--p 00175000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
0056e000-00574000 rw-p 00183000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
00574000-00577000 rw-p 00000000 00:00 0
0059c000-005a8000 r-xp 00000000 fd:00 36701079 /lib/libnss_files-2.12.so
005a8000-005a9000 r--p 0000b000 fd:00 36701079 /lib/libnss_files-2.12.so
005a9000-005aa000 rw-p 0000c000 fd:00 36701079 /lib/libnss_files-2.12.so
0061a000-0061d000 r-xp 00000000 fd:00 36701150 /lib/libcom_err.so.2.1
0061d000-0061e000 r--p 00002000 fd:00 36701150 /lib/libcom_err.so.2.1
0061e000-0061f000 rw-p 00003000 fd:00 36701150 /lib/libcom_err.so.2.1
00621000-0064a000 r-xp 00000000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064a000-0064b000 ---p 00029000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064b000-0064c000 r--p 00029000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064c000-0064d000 rw-p 0002a000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064f000-00658000 r-xp 00000000 fd:00 36701148 /lib/libkrb5support.so.0.1
00658000-00659000 r--p 00008000 fd:00 36701148 /lib/libkrb5support.so.0.1
00659000-0065a000 rw-p 00009000 fd:00 36701148 /lib/libkrb5support.so.0.1
0065c000-00699000 r-xp 00000000 fd:00 36701156 /lib/libgssapi_krb5.so.2.2
00699000-0069a000 r--p 0003c000 fd:00 36701156 /lib/libgssapi_krb5.so.2.2
0069a000-0069b000 rw-p 0003d000 fd:00 36701156 /lib/libgssapi_krb5.so.2.2
006e2000-007c4000 r-xp 00000000 fd:00 57806007 /usr/lib/dovecot/libdovecot-storage.so.0.0.0
007c4000-007c6000 r--p 000e1000 fd:00 57806007 /usr/lib/dovecot/libdovecot-storage.so.0.0.0
007c6000-007ca000 rw-p 000e3000 fd:00 57806007 /usr/lib/dovecot/libdovecot-storage.so.0.0.0
00800000-0087b000 r-xp 00000000 fd:00 57806001 /usr/lib/dovecot/libdovecot.so.0.0.0
0087b000-0087d000 rw-p 0007b000 fd:00 57806001 /usr/lib/dovecot/libdovecot.so.0.0.0
0087d000-0087f000 rw-p 00000000 00:00 0
00884000-00953000 r-xp 00000000 fd:00 36701152 /lib/libkrb5.so.3.3
00953000-00959000 r--p 000ce000 fd:00 36701152 /lib/libkrb5.so.3.3
00959000-0095a000 rw-p 000d4000 fd:00 36701152 /lib/libkrb5.so.3.3
0095c000-0095e000 r-xp 00000000 fd:00 36701147 /lib/libkeyutils.so.1.3
0095e000-0095f000 r--p 00001000 fd:00 36701147 /lib/libkeyutils.so.1.3
0095f000-00960000 rw-p 00002000 fd:00 36701147 /lib/libkeyutils.so.1.3
00aad000-00ac0000 r-xp 00000000 fd:00 57677888 /usr/local/lib/libz.so.1.2.3
00ac0000-00ac1000 rw-p 00012000 fd:00 57677888 /usr/local/lib/libz.so.1.2.3
00efb000-00ff1000 r-xp 00000000 fd:00 57677937 /usr/local/lib/libiconv.so.2.5.1
00ff1000-00ff2000 rw-p 000f6000 fd:00 57677937 /usr/local/lib/libiconv.so.2.5.1
08048000-08064000 r-xp 00000000 fd:00 57952133 /usr/libexec/dovecot/imap
08064000-08065000 r--p 0001b000 fd:00 57952133 /usr/libexec/dovecot/imap
08065000-08066000 rw-p 0001c000 fd:00 57952133 /usr/libexec/dovecot/imap
0818a000-0820a000 rw-p 00000000 00:00 0 [heap]
b7819000-b7831000 r--s 00000000 fd:00 28198865 /home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index.log (deleted)
b7831000-b7836000 rw-p 00000000 00:00 0
b7846000-b7847000 rw-p 00000000 00:00 0
bff0a000-bff1f000 rw-p 00000000 00:00 0 [stack]
---------------
Now I like the idea of something that looks for suspicious processes but obviously this is just some user communicating with their mailbox and I don't need to be warned about it.
Is there a way to exempt proceses like this from being reported on without disabling the email notifications entirely?
I notice that I am getting a ton of warning emails like this one:
----------------
Subject: lfd on one.of.my.servers.com: Suspicious process running under user xxxxx
Date: October 7, 2012 3:44:07 PM PDT
To: [email protected]
Time: Sun Oct 7 15:44:07 2012 -0700
PID: 13424
Account: xxxxx
Uptime: 77 seconds
Executable:
/usr/libexec/dovecot/imap
Command Line (often faked in exploits):
dovecot/imap [[email protected] xxx.xxx.xxx.xxx]
Network connections by the process (if any):
tcp: xxx.xxx.xxx.xxx:143 -> xxx.xxx.xxx.xxx:55236
Files open by the process (if any):
/dev/null
/dev/null
anon_inode:[eventpoll]
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index.log (deleted)
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index (deleted)
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot-uidlist
/home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index.log
Memory maps by the process (if any):
00110000-00111000 r-xp 00000000 00:00 0 [vdso]
00111000-00164000 r-xp 00000000 fd:00 57674090 /usr/lib/libssl.so.1.0.0
00164000-00166000 r--p 00052000 fd:00 57674090 /usr/lib/libssl.so.1.0.0
00166000-00169000 rw-p 00054000 fd:00 57674090 /usr/lib/libssl.so.1.0.0
00169000-0016c000 r-xp 00000000 fd:00 36701070 /lib/libdl-2.12.so
0016c000-0016d000 r--p 00002000 fd:00 36701070 /lib/libdl-2.12.so
0016d000-0016e000 rw-p 00003000 fd:00 36701070 /lib/libdl-2.12.so
0016e000-00175000 r-xp 00000000 fd:00 36701118 /lib/librt-2.12.so
00175000-00176000 r--p 00006000 fd:00 36701118 /lib/librt-2.12.so
00176000-00177000 rw-p 00007000 fd:00 36701118 /lib/librt-2.12.so
00177000-0018c000 r-xp 00000000 fd:00 36701140 /lib/libresolv-2.12.so
0018c000-0018d000 ---p 00015000 fd:00 36701140 /lib/libresolv-2.12.so
0018d000-0018e000 r--p 00015000 fd:00 36701140 /lib/libresolv-2.12.so
0018e000-0018f000 rw-p 00016000 fd:00 36701140 /lib/libresolv-2.12.so
0018f000-00191000 rw-p 00000000 00:00 0
00191000-001a8000 r-xp 00000000 fd:00 36701078 /lib/libpthread-2.12.so
001a8000-001a9000 r--p 00016000 fd:00 36701078 /lib/libpthread-2.12.so
001a9000-001aa000 rw-p 00017000 fd:00 36701078 /lib/libpthread-2.12.so
001aa000-001ac000 rw-p 00000000 00:00 0
001ac000-001c9000 r-xp 00000000 fd:00 36701120 /lib/libselinux.so.1
001c9000-001ca000 r--p 0001c000 fd:00 36701120 /lib/libselinux.so.1
001ca000-001cb000 rw-p 0001d000 fd:00 36701120 /lib/libselinux.so.1
0022e000-0024c000 r-xp 00000000 fd:00 36701041 /lib/ld-2.12.so
0024c000-0024d000 r--p 0001d000 fd:00 36701041 /lib/ld-2.12.so
0024d000-0024e000 rw-p 0001e000 fd:00 36701041 /lib/ld-2.12.so
00254000-003e4000 r-xp 00000000 fd:00 36701044 /lib/libc-2.12.so
003e4000-003e6000 r--p 0018f000 fd:00 36701044 /lib/libc-2.12.so
003e6000-003e7000 rw-p 00191000 fd:00 36701044 /lib/libc-2.12.so
003e7000-003ea000 rw-p 00000000 00:00 0
003ea000-0055f000 r-xp 00000000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
0055f000-00560000 ---p 00175000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
00560000-0056e000 r--p 00175000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
0056e000-00574000 rw-p 00183000 fd:00 57673522 /usr/lib/libcrypto.so.1.0.0
00574000-00577000 rw-p 00000000 00:00 0
0059c000-005a8000 r-xp 00000000 fd:00 36701079 /lib/libnss_files-2.12.so
005a8000-005a9000 r--p 0000b000 fd:00 36701079 /lib/libnss_files-2.12.so
005a9000-005aa000 rw-p 0000c000 fd:00 36701079 /lib/libnss_files-2.12.so
0061a000-0061d000 r-xp 00000000 fd:00 36701150 /lib/libcom_err.so.2.1
0061d000-0061e000 r--p 00002000 fd:00 36701150 /lib/libcom_err.so.2.1
0061e000-0061f000 rw-p 00003000 fd:00 36701150 /lib/libcom_err.so.2.1
00621000-0064a000 r-xp 00000000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064a000-0064b000 ---p 00029000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064b000-0064c000 r--p 00029000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064c000-0064d000 rw-p 0002a000 fd:00 36701149 /lib/libk5crypto.so.3.1
0064f000-00658000 r-xp 00000000 fd:00 36701148 /lib/libkrb5support.so.0.1
00658000-00659000 r--p 00008000 fd:00 36701148 /lib/libkrb5support.so.0.1
00659000-0065a000 rw-p 00009000 fd:00 36701148 /lib/libkrb5support.so.0.1
0065c000-00699000 r-xp 00000000 fd:00 36701156 /lib/libgssapi_krb5.so.2.2
00699000-0069a000 r--p 0003c000 fd:00 36701156 /lib/libgssapi_krb5.so.2.2
0069a000-0069b000 rw-p 0003d000 fd:00 36701156 /lib/libgssapi_krb5.so.2.2
006e2000-007c4000 r-xp 00000000 fd:00 57806007 /usr/lib/dovecot/libdovecot-storage.so.0.0.0
007c4000-007c6000 r--p 000e1000 fd:00 57806007 /usr/lib/dovecot/libdovecot-storage.so.0.0.0
007c6000-007ca000 rw-p 000e3000 fd:00 57806007 /usr/lib/dovecot/libdovecot-storage.so.0.0.0
00800000-0087b000 r-xp 00000000 fd:00 57806001 /usr/lib/dovecot/libdovecot.so.0.0.0
0087b000-0087d000 rw-p 0007b000 fd:00 57806001 /usr/lib/dovecot/libdovecot.so.0.0.0
0087d000-0087f000 rw-p 00000000 00:00 0
00884000-00953000 r-xp 00000000 fd:00 36701152 /lib/libkrb5.so.3.3
00953000-00959000 r--p 000ce000 fd:00 36701152 /lib/libkrb5.so.3.3
00959000-0095a000 rw-p 000d4000 fd:00 36701152 /lib/libkrb5.so.3.3
0095c000-0095e000 r-xp 00000000 fd:00 36701147 /lib/libkeyutils.so.1.3
0095e000-0095f000 r--p 00001000 fd:00 36701147 /lib/libkeyutils.so.1.3
0095f000-00960000 rw-p 00002000 fd:00 36701147 /lib/libkeyutils.so.1.3
00aad000-00ac0000 r-xp 00000000 fd:00 57677888 /usr/local/lib/libz.so.1.2.3
00ac0000-00ac1000 rw-p 00012000 fd:00 57677888 /usr/local/lib/libz.so.1.2.3
00efb000-00ff1000 r-xp 00000000 fd:00 57677937 /usr/local/lib/libiconv.so.2.5.1
00ff1000-00ff2000 rw-p 000f6000 fd:00 57677937 /usr/local/lib/libiconv.so.2.5.1
08048000-08064000 r-xp 00000000 fd:00 57952133 /usr/libexec/dovecot/imap
08064000-08065000 r--p 0001b000 fd:00 57952133 /usr/libexec/dovecot/imap
08065000-08066000 rw-p 0001c000 fd:00 57952133 /usr/libexec/dovecot/imap
0818a000-0820a000 rw-p 00000000 00:00 0 [heap]
b7819000-b7831000 r--s 00000000 fd:00 28198865 /home/xxxxx/imap/theirdomain.com/sbj/Maildir/dovecot.index.log (deleted)
b7831000-b7836000 rw-p 00000000 00:00 0
b7846000-b7847000 rw-p 00000000 00:00 0
bff0a000-bff1f000 rw-p 00000000 00:00 0 [stack]
---------------
Now I like the idea of something that looks for suspicious processes but obviously this is just some user communicating with their mailbox and I don't need to be warned about it.
Is there a way to exempt proceses like this from being reported on without disabling the email notifications entirely?
Wouldn't you know it. I found the answer to my own question just minutes after posting it.... D'oh!
I didn't see the dropdown menu in the "lfd - Login Failure Daemon" section...
I noticed that in the csf.pignore file, there are these two lines:
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
on my system (A virgin DA on centOS 6 install using all the defaults) it needed to be changed to:
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
Hope that helps someone else...
Richard G
Verified User
Yep, you might encounter also other kindlike notices.
You can disable the notices by excluding them in the csf.pignore if necessary. Sometimes it's also good not to exclude, depends on what it is and what's it doing.
We are using CSF already serveral years on all our servers, it's great, because you can also minimize or maximize the behaviour as you want due to the various configuration options possible.
You can disable the notices by excluding them in the csf.pignore if necessary. Sometimes it's also good not to exclude, depends on what it is and what's it doing.
We are using CSF already serveral years on all our servers, it's great, because you can also minimize or maximize the behaviour as you want due to the various configuration options possible.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
hi,
After secure my /tmp dir, the maillog warn 2 lines:
How I can solve it?
many thanks
After secure my /tmp dir, the maillog warn 2 lines:
How I can solve it?
Code:
[root@csrv01 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
50G 4.9G 42G 11% /
none 4.9G 0 4.9G 0% /dev/shm
/dev/mapper/ddf1_4c53492020202020808627c3000000004711471100001450p1
485M 60M 400M 13% /boot
/dev/mapper/VolGroup-lv_home
168G 934M 159G 1% /home
[root@csrv01 ~]#many thanks
zEitEr
Super Moderator
I guess you need to mount /tmp back. How exactly did you secure it?