ConfigServer Community Forum

Hello

I've installed Messenger v3 on my DA servers with CL7 and CL8, it works as on the cpanel server but if I block my own IP and access a site ober port 443 the page loads, if I access it over port 80 I get the message from the Messenger.

I have compared the configs of CP with DA and found out that the file /var/lib/csf/csf.conf is not filled with the vhosts.

I changed MESSENGERV3HTTPS_CONF...

I've just noticed the new Docker options in CSF under Docker Settings , if we enable these do we no longer need to add the following to /etc/csf/csfpre.sh ?

#!/bin/bash
iptables -t nat -N DOCKER
iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 !...

I'm having problems with a Docker container on my server which loses connection to the internet intermittently (it seems to be ok for a day to a few days, then loses connection to the internet). I've posted an issue with Docker, and they think it might be CSF:

The problem is most likely caused by your custom firewall which runs a script periodically and breaks the firewall. Please check if...

I'm setting up a new server on Debian 10 ready for transfer and noticed in the Webmin Plugin the 'Server Information' Panel is no longer there and most importantly the 'Check Server Security'

Does anyone know where/why this has gone? In the past it has been essential in setting up CSF and I'm a bit lost without it.

I think I'll try exporting and importing the old module in the meantime, however...

Anyone recommend which plugins/settings to use in combination with CSF for protecting Wordpress sites. It seems many of the security plugins are going to be overlapping with CSF functionality.

Hi,
I restart CSF + LFD and finally show:

● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-05-23 15:04:32 +0430; 4ms ago
Process: 29497 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 29510 (lfd - starting)
CGroup:...

No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/configserver/cmm.cgi): The subprocess reported error number 72,057,594,037,927,935 when it ended. The process dumped a core file.

Getting this all the time. I have reinstalled CSF but it still persists!

Hello ConfigServer Community, Longtime lurker, first time poster.

We use CSF as our go-to for a bunch of cPanel servers, and for a while now we've been tightening everything up by controlling them with Ansible. The general idea is that we have a CSF config template, apply it to a server (so that if policies change, all servers are updated and CSF is ensured to be running) and away we go.

I'm...

I'm getting these suspicious process warnings:

Executable:

/home/virtfs/elemcms/opt/cpanel/ea-php73/root/usr/bin/php

Command Line (often faked in exploits):

/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php

I'm not a REGEX expert and the documentation on all the different configs in the Pignore file is a bit thin.

My PHP version may change in the future so I just want to ignore execution of...

The title says it all i think.

When i want to unban an IP in the temp list i need it to be unbanned when working in a clustered csf.

am i missing a setting or is it a bug?

Is there a simple way to open all outbound UDP ports on a device only for destinations within the LAN? I know I could do it manually with iptables:
# iptables -I OUTPUT -p udp -d 192.168.0.0/24 -j ACCEPT
But is there a standard way to do this within CSF configuration?

Just installed the latest csf on my Debian 10 setup and it works fine, the Web-UI is however showing a connection refused error. Checking the lf logs shows this error:

Dec 15 12:15:04 xxxx lfd : UI: *Error* cannot open server on port 1026: Failed to load certificate from file (no PEM, DER or PKCS12) error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag error:0D07803A:asn1 encoding...

how i must set .conf file when i use centos7 and iptables to be return just like resualt i want just localhost allowed for using this port for example 35555 and denied every external ip ;

Hello!

We got memcached installed on our server a few days ago, and we get from CSF, every hour, a mail with content like this:

Time: Fri May 8 22:16:11 2020 +0000
Account: memcached
Resource: Process Time
Exceeded: 77389 > 1800 (seconds)
Executable: /usr/bin/memcached
Command Line: /usr/bin/memcached -u memcached -p 11211 -m 2GB -c 1024 -l 127.0.0.1 -U 0
PID: 9582 (Parent PID:9582)
Killed: No...

Good morning friends...

I use CentOs 6.1 with CSF 14.2. I have two network cards, one external to connect to the Internet (PPPOE) and the internal network.

I am trying to open some ports (Port Forward) and forward them to my internal server (192.168.1.2).

For example. I need to open port 27015 and forward all the external Ip's that arrive to that port and forward to 192.168.1.2. I put some...

Hello friends.
I was looking at the Logs (/ var / log / messages) and this error message is appearing:

May 8 19:47:00 localdomain lfd : Integrated UI Service died, restarted
May 8 19:47:00 localdomain lfd : Child UI: Can't locate object method new via package IO :: Socket :: SSL at / usr / sbin / lfd line 9360.

I use CentOs 6.1 with CSF 14.2

Thx

I'm using CSF on a VPS running WHM/cPanel. Every 30 seconds /var/log/lfd.log logs this error:

RESTRICT_SYSLOG: *Error* No matching unix sockets found

Is this something to be concerned about? Google isn't shedding much light on the subject.

We cleared our iptables on centos before installing this firewall.
We opened up the ports we needed by the configuration in the firewall and saved them we made sure 3306 was left out. This is because we dont want 3306 to be open on our whm server however it seams it's being added to the allow list and shows as open when we double check the ports we opened there is no 3306
This makes me wonder...

Hi all,

those regex's huh ;)

according to several regextesters this should work:

SSHD_LOG = /var/log/auth.log

The regex:
if (($globlogs{SSHD_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ wordpress(\(.*)\).* Authentication failure for (.*) from (.*)/)) {
$ip = $3; $website = $1; $user = $2;
return ( Failed WordPress login from ,$ip, WP-BRUTEFORCE , 5 , 80,443 , 86400 );
}

The...

Hi,

I set the setting to 3 but found out some logs were not writing any more so wnted to do more research on which user needs the rights to write to LOG_AUTH (for example). So based on the docs reverting should be easy:

If you want to revert RESTRICT_SYSLOG to another option and disable this
feature, change the setting of RESTRICT_SYSLOG and then restart lfd and then
syslog/rsyslog and the...