Page 1 of 1
lfd.service: main process exited
Posted: 20 Jan 2017, 01:21
by BuycPanel Admin
Hello,
The following happens every day and I'm not sure why. Could someone explain the purpose of this? Is this intended, or is it an error?
How can I prevent it from happening, and is that recommended?
Daily in /var/log/cron:
Jan 19 00:00:01 <servername> CROND[9782]: (root) CMD (/usr/sbin/csf --lfd restart > /dev/null 2>&1)
Daily in /var/loq/messages
Jan 19 00:00:01 <servername> systemd: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid argument.
Jan 19 00:00:01 <servername> systemd: Stopping ConfigServer Firewall & Security - lfd...
Jan 19 00:00:01 <servername> systemd: lfd.service: main process exited, code=killed, status=9/KILL
Jan 19 00:00:01 <servername> systemd: Unit lfd.service entered failed state.
Jan 19 00:00:01 <servername> systemd: lfd.service failed.
Jan 19 00:00:01 <servername> systemd: Starting ConfigServer Firewall & Security - lfd...
CPANEL VERSION: 60.0 (build 35)
CENTOS VERSION: centos-release-7-3.1611.el7.centos.x86_64
PHP: PHP 5.6.29 (cli) (built: Jan 4 2017 15:09:17)
MYSQL: mysql Ver 14.14 Distrib 5.6.34, for Linux (x86_64) using EditLine wrapper
KERNEL: 4.8.6-x86_64-linode78
APACHE: EasyApache4 (latest)
Re: lfd.service: main process exited
Posted: 24 Jan 2017, 11:46
by qlpqlp
Hello,
Same problem here withe cPanel/Cloudlinux7
Mostly at 00h01 but there also some randome times that is killed
We also have faced a total lockout server pinging ok but locked out without able to connect to SSH/cPanel/Websites after we "Edit csf.allow" and added an IP and restarted the CSF/LDF
To fix it we had to rename etc/csf/ directory, reboot the server then uninstall CSF and installit again because we had no "
Console" to execute the commands on our Datacenter, but we had an external access to mount the disck to manually rename to force CSF/LFD fail on boot.
Here is the log wen I was locked out:
------------------
Code: Select all
ConfigServer Security & Firewall - csf v9.29
Restarting csf...
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SMTPOUTPUT'
Flushing chain `cphulk'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SMTPOUTPUT'
Deleting chain `cphulk'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SMTPOUTPUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SMTPOUTPUT'
csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
LOG tcp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
LOG tcp opt in * out * ::/0 -> ::/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
LOG udp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
LOG udp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP6OUT Blocked* "
LOG icmpv6 opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP6IN Blocked* "
LOG icmpv6 opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt in * out * ::/0 -> ::/0
DROP all opt in * out * ::/0 -> ::/0
DENYOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
DENYIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
ALLOWOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
ALLOWIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
DENYOUT all opt in * out !lo ::/0 -> ::/0
DENYIN all opt in !lo out * ::/0 -> ::/0
ALLOWOUT all opt in * out !lo ::/0 -> ::/0
ALLOWIN all opt in !lo out * ::/0 -> ::/0
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
INVALID tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
INVALID tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt in * out * ::/0 -> ::/0
INVALID tcp opt in !lo out * ::/0 -> ::/0
INVALID tcp opt in * out !lo ::/0 -> ::/0
csf: FASTSTART loading csf.deny (IPv4)
DROP all opt -- in !lo out * 171.5.145.144 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 70.31.49.57
DROP all opt -- in !lo out * 213.174.10.195 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 213.174.10.195
DROP all opt -- in !lo out * 41.142.226.55 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 41.142.226.55
DROP all opt -- in !lo out * 185.27.105.150 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 185.27.105.150
csf: FASTSTART loading csf.allow (IPv4)
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all opt in !lo out * ::/0 -> ::/0 ctstate RELATED,ESTABLISHED
ACCEPT all opt in * out !lo ::/0 -> ::/0 ctstate RELATED,ESTABLISHED
csf: FASTSTART loading TCP_IN (IPv4)
csf: FASTSTART loading TCP6_IN (IPv6)
csf: FASTSTART loading TCP_OUT (IPv4)
csf: FASTSTART loading TCP6_OUT (IPv6)
csf: FASTSTART loading UDP_IN (IPv4)
csf: FASTSTART loading UDP6_IN (IPv6)
csf: FASTSTART loading UDP_OUT (IPv4)
csf: FASTSTART loading UDP6_OUT (IPv6)
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 0
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 0 limit: avg 1/sec burst 5
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 11
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 3
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 11
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 3
ACCEPT icmpv6 opt in !lo out * ::/0 -> ::/0
ACCEPT icmpv6 opt in * out !lo ::/0 -> ::/0
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
LOGDROPIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt in lo out * ::/0 -> ::/0
ACCEPT all opt in * out lo ::/0 -> ::/0
LOGDROPOUT all opt in * out !lo ::/0 -> ::/0
LOGDROPIN all opt in !lo out * ::/0 -> ::/0
SMTPOUTPUT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
SMTPOUTPUT all opt in * out * ::/0 -> ::/0
csf: FASTSTART loading SMTP Block (IPv4)
csf: FASTSTART loading SMTP Block (IPv6)
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)
-------------------------------------------
Any advice what append?
Regards,
Re: lfd.service: main process exited
Posted: 13 Feb 2017, 11:27
by yorodriguez
Same problem here.
Edit:
See:
viewtopic.php?f=6&t=9942 ???
Re: lfd.service: main process exited
Posted: 06 May 2017, 12:30
by hanzzon
Same problem here, but not a Cpanel server, just CentOS7 standard install.
This issue started for me after an update of CentOS7, but back then a Google search revealed no matches.
The same error is logged when doing a manual "csf --restartall".
Re: lfd.service: main process exited
Posted: 05 Apr 2018, 08:37
by bouvrie
Same issue here, cPanel is able to restart the service, but I'm curious why it gets killed in the first place.
Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.
Re: lfd.service: main process exited
Posted: 05 Apr 2018, 11:48
by yorodriguez
bouvrie wrote: ↑05 Apr 2018, 08:37
Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.
Worked for me.