This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
As soon as one of the log files causes an error (e.g. is simply not present), all future log file reads on any file will fail until the error is cleared.
I solved this by adding a clearerr call before each log read, which is in the LFD file and the function getlogfile (around line 2195 for the function start).
if (!defined($lffd[$lfn])) {
if (&openlogfile($logfile,$lfn)) {return undef}
}
$lffd[$lfn]->clearerr(); # <-- THIS IS THE NEW LINE
(undef, $ino, undef, undef, undef, undef, undef, $size, undef) = stat($logfile);
Now LFD reads the log files under Perl 5.38. Not sure if this has any side effects or might occur elsewhere, so use at your own risk. I've not checked but assume a similar fix would be needed anywhere a file open/read could fail as this will now affect all future opens/reads.
You can then apply Vark's fix with the command: `patch /usr/sbin/lfd lfd-debian12.patch`
Don't forget to `csf -ra` to restart CSF+LFD after.
(Obviously you'll need to be working with super user privileges to do that.)
You will almost certainly receive the following email if you have firewall emails turned on:
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
Thanks for making the patch file, I'll snarf that back for my use!
Are you seeing the portscan checks working OK? Mine don't seem to, but I'm not sure if that's from this change (or an affect somewhere else), or something I've configured (tho I've got it configured the same as another one on Debian Bullseye that is correctly detecting).
