Spawned process deletes pid file on error causing main lfd proc to exit

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
2 posts Page 1 of 1
mdh-netfire
Junior Member
Posts: 1
Joined: 16 Oct 2018, 20:27


lfd spawns a secondary process to handle &integrity()

This secondary process, when it encounters an error (in this case, inability to send a report because it can't reach the configured smtp server), calls &cleanup which subsequently calls unlink on the pid file. This then causes the pid file check near the top of the main while(1) loop to fail, which causes lfd's main process to exit.

In this case, lfd runs &integrity on start which leads to the main lfd process exiting very shortly after having been started each time you try to start it.

Logs look like this. The main lfd process here being pid 22674, and the sub-process for &integrity being 22683. The 22683 process is the one which calls &cleanup that unlinks the pid file, causing 22674's pid file sanity check to fail which then pid 22674 exits as well.

Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /var/log/maillog...
Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /var/log/customlog...
Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /var/log/secure...
Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /etc/apache2/logs/error_log...
Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /usr/local/cpanel/logs/access_log...
Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /usr/local/cpanel/logs/login_log...
Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /var/log/messages...
Oct 16 15:22:48 shared1-nj1 lfd[22674]: Watching /var/log/exim_mainlog...
Oct 16 15:22:52 shared1-nj1 lfd[22683]: *System Integrity* has detected modified file(s): /usr/bin/ghostscript /usr/bin/gs /usr/sbin/lfd /bin/ghostscript /bin/gs /sbin/lfd
Oct 16 15:22:52 shared1-nj1 lfd[22683]: Main Process: Unable to send SMTP alert via [10.20.4.4]: Connection refused at /usr/sbin/lfd line 6923.
Oct 16 15:22:52 shared1-nj1 lfd[22683]: daemon stopped
Oct 16 15:22:53 shared1-nj1 lfd[22674]: *Error* pid mismatch or missing (22674 ne 22674) (46543248 ne ), at line 1113
Oct 16 15:22:53 shared1-nj1 lfd[22674]: daemon stopped
ForumAdmin
Moderator
Posts: 1391
Joined: 01 Oct 2008, 09:24


Thank you for posting this. We'll have a fix in the next csf release.
2 posts Page 1 of 1