Page 1 of 1

Last updated messed up LFD on Debian Jessie/systemd

Posted: 14 Apr 2015, 12:14
by nleibert
Hi,

CSF/LFD updated automatically on my Debian 8.0 Jessie servers last night and now I am unable to start LFD and CSF is no longer working as well (iptables shows no rules anymore, tried csf -r ). The CSF/LFD Update was from 7.66 (which worked great!) to 7.67. Here is the error that I received when the update was running:

Restarting csf and lfd...
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
open3: exec of /usr/bin/systemctl is-active firewalld failed at /usr/sbin/csf line 625.
open3: exec of /usr/bin/systemctl restart lfd.service failed at /usr/local/csf/lib/ConfigServer/Service.pm line 88.

I tried starting LFD manually by using: systemctl start lfd and systemctl restart lfd but both fail and also tried reloading csf rules.

systemctl status lfd
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled)
Active: failed (Result: signal) since Tue 2015-04-14 07:12:59 EDT; 47s ago
Process: 13715 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 13716 (code=killed, signal=KILL)

journalctl -u csf
-- Logs begin at Tue 2015-04-14 08:30:03 EDT, end at Tue 2015-04-14 09:09:01 EDT. --
Apr 14 08:30:05 corrupt systemd[1]: Starting ConfigServer Firewall & Security - csf...
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `INPUT'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `FORWARD'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `OUTPUT'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `PREROUTING'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `INPUT'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `OUTPUT'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `POSTROUTING'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `INPUT'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `FORWARD'
Apr 14 08:30:08 corrupt csf[480]: Flushing chain `OUTPUT'
Apr 14 08:30:08 corrupt csf[480]: open3: exec of /usr/bin/systemctl is-active firewalld failed at /usr/sbin/csf line 625.
Apr 14 08:30:08 corrupt systemd[1]: csf.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Apr 14 08:30:08 corrupt systemd[1]: Failed to start ConfigServer Firewall & Security - csf.
Apr 14 08:30:08 corrupt systemd[1]: Unit csf.service entered failed state.

Re: Last updated messed up LFD on Debian Jessie/systemd

Posted: 14 Apr 2015, 14:47
by ForumAdmin
You need to set the location of the systemctl binary for your installation in the SYSTEMCTL = "" option in csf.conf

If it is correct, what is the output from:

Code: Select all

/usr/bin/systemctl is-active firewalld

Re: Last updated messed up LFD on Debian Jessie/systemd

Posted: 14 Apr 2015, 14:58
by nleibert
ForumAdmin wrote:You need to set the location of the systemctl binary for your installation in the SYSTEMCTL = "" option in csf.conf

If it is correct, what is the output from:

Code: Select all

/usr/bin/systemctl is-active firewalld
Hi thanks for the reply!

csf.conf shows: SYSTEMCTL = "/usr/bin/systemctl"

the output of /usr/bin/systemctl is-active firewalld shows:
-bash: /usr/bin/systemctl: No such file or directory

When I look in /usr/bin I see these systemd paths:
systemd-analyze
systemd-cat
systemd-cgls
systemd-cgtop
systemd-delta
systemd-detect-virt
systemd-nspawn
systemd-path
systemd-run
systemd-stdio-bridge

I also created a brand new Debian 8.0 Jessie KVM server and installed CSF without changing any settings, it also failed to start now with the new CSF release.

Re: Last updated messed up LFD on Debian Jessie/systemd

Posted: 14 Apr 2015, 15:00
by ForumAdmin
You need to establish the location of systemctl on the server. Try:

Code: Select all

which systemctl
or

Code: Select all

whereis systemctl

Re: Last updated messed up LFD on Debian Jessie/systemd

Posted: 14 Apr 2015, 15:05
by ForumAdmin
I've just built a Debian 8 system and you need to set:

Code: Select all

SYSTEMCTL = "/bin/systemctl"

Re: Last updated messed up LFD on Debian Jessie/systemd

Posted: 14 Apr 2015, 15:09
by nleibert
ForumAdmin wrote:You need to establish the location of systemctl on the server. Try:

Code: Select all

which systemctl
or

Code: Select all

whereis systemctl
Okay it looks like it's located in "/bin/systemctl" so I changed the default /usr/bin/systemctl setting to just /bin and now it works! Thanks so much!!!

I really appreciate your help, I never had to change that setting before so I didn't even think about :)

Re: Last updated messed up LFD on Debian Jessie/systemd

Posted: 14 Apr 2015, 15:11
by nleibert
ForumAdmin wrote:I've just built a Debian 8 system and you need to set:

Code: Select all

SYSTEMCTL = "/bin/systemctl"
Ahh just saw this post after I changed it :) once again thanks so much for your help, it looks like everything is working correctly now, I absolutely love CSF/LFD.