Issues after upgrade from CentOS 7.9 to AlmaLinux (Via cPanel Elevate)

[HappymanUK]

I've just gone through the process of upgrading from CentOS 7.9 to AlmaLinux using the cPanel elevate script and everything went through successfully.

However, since the upgrade CSF has stopped functioning.

I'm getting hourly alerts with the following errors:

Aug 12 11:10:12 server.rhdns.com systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Aug 12 11:11:42 server.rhdns.com systemd[1]: lfd.service: start operation timed out. Terminating.
Aug 12 11:11:42 server.rhdns.com systemd[1]: lfd.service: Failed with result 'timeout'.
Aug 12 11:11:42 server.rhdns.com systemd[1]: Failed to start ConfigServer Firewall & Security - lfd.

I've tried to re-install CSF but still doesn't function. It freezes at the part 'Adding current SSH session IP address to the csf whitelist in csf.allow'. I can press CTRL+C to skip this stage but obviously something is wrong somewhere.

I'm now trying an uninstall but that freezes on the message 'Uninstalling csf and lfd'.

Can anyone suggest how best to troubleshoot this and how to proceed.

Thanks in advance for any assistance.

[alexf]

I am just guessing about what has caused this dilemma.
DISCLAIMER: This is all conjecture on my part. I have not experienced this OS upgrade dilemma and I am guessing at the cure.

The CSF installation script checks to see what your OS and Management Panel (ie. cPanel, Plesk, etc.) is and then sets those variables for the scripts use. Different OS and Management Panels will use different directory structures for where logfiles and commands can be found. When CSF is installed, OS Specific settings are written in the /etc/csf/csf.conf file in the "Section: OS Specific Settings". Here is what my server with CentOS 7.9.2009 Standard Virtuozzo and cPanel 110.0.9 looks like:

Code: Select all

###############################################################################
# SECTION:OS Specific Settings
###############################################################################
# Binary locations
IPTABLES = "/sbin/iptables"
IPTABLES_SAVE = "/sbin/iptables-save"
IPTABLES_RESTORE = "/sbin/iptables-restore"
IP6TABLES = "/sbin/ip6tables"
IP6TABLES_SAVE = "/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/sbin/ip6tables-restore"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
UNZIP = "/usr/bin/unzip"
GUNZIP = "/bin/gunzip"
DD = "/bin/dd"
TAIL = "/usr/bin/tail"
GREP = "/bin/grep"
ZGREP = "/usr/bin/zgrep"
IPSET = "/usr/sbin/ipset"
SYSTEMCTL = "/usr/bin/systemctl"
HOST = "/usr/bin/host"
IP = "/sbin/ip"
CURL = "/usr/bin/curl"
WGET = "/usr/bin/wget"

# Log file locations
#
# File globbing is allowed for the following logs. However, be aware that the
# more files lfd has to track, the greater the performance hit
#
# Note: File globs are only evaluated when lfd is started
#
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
SUDO_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/exim_mainlog"
SMTPRELAY_LOG = "/var/log/exim_mainlog"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
CPANEL_LOG = "/usr/local/cpanel/logs/login_log"
CPANEL_ACCESSLOG = "/usr/local/cpanel/logs/access_log"
SCRIPT_LOG = "/var/log/exim_mainlog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/secure"

CUSTOM1_LOG = "/var/log/nginx/error.log"
CUSTOM2_LOG = "/var/log/messages"
CUSTOM3_LOG = "/var/log/messages"
CUSTOM4_LOG = "/var/log/messages"
CUSTOM5_LOG = "/var/log/messages"
CUSTOM6_LOG = "/var/log/messages"
CUSTOM7_LOG = "/var/log/messages"
CUSTOM8_LOG = "/var/log/messages"
CUSTOM9_LOG = "/var/log/messages"

# The following are comma separated lists used if LF_SELECT is enabled,
# otherwise they are not used. They are derived from the application returned
# from a regex match in /usr/local/csf/bin/regex.pm
#
# All ports default to tcp blocks. To specify udp or tcp use the format:
# port;protocol,port;protocol,... For example, "53;udp,53;tcp"
PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53;udp,53;tcp"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_cpanel = "2077,2078,2082,2083,2086,2087,2095,2096"
# This list is extended, if present, by the ports defined by
# /etc/chkservd/exim-*
PORTS_smtpauth = "25,465,587"
PORTS_eximsyntax = "25,465,587"
# This list is replaced, if present, by "Port" definitions in
# /etc/ssh/sshd_config
PORTS_sshd = "22"

# For internal use only. You should not enable this option as it could cause
# instability in csf and lfd
DEBUG = "0"
###############################################################################

I am guessing that the Alma Linux upgrade would not update your /etc/csf/csf.conf file. And now because certain "OS Specific" settings have changed that neither the current install of CSF & LFD will start or the CSF uninstall script will run.

Here are 2 methods you can try:

Method 1
1. Make a backup copy of your /etc/csf/csf.conf file first thing.
2. Do some sleuthing on what should be the proper "OS Specific Settings" for your new Alma Linux setup and edit your /etc/csf/csf.conf file to match.
3. Try to start CSF after updating your OS Specific Settings.
4. If CSF & LFD still fail to start, keep tweaking the OS Specific Settings and try again.

If Method 1 fails, I would suggest that you restore your server to its pre-Alma Linux glory and make sure that CSF is running.

Method 2
1. Make a backup copy of your /etc/csf/csf.conf file so you have all of your settings.
2. Then, uninstall CSF from a working situation.
3. Run your Alma Linux upgrade.
4. Reinstall your CSF and confirm that it will start.
5. Edit your /etc/csf/csf.conf file to restore your settings using the backup copy as a guide. DO NOT replace with your backup copy, as the "OS Specific Settings" will break your CSF again.

[HappymanUK]

Thanks for your reply.

I think I'm going to have to go down the route of Method 1, although I don't mind resetting all the configurations to default if I could find a way to manually uninstall CSF before re-installing a clean install.

Does anyone on here have copy of the settings of the CSF.CONF file for an AlmaLinux install ?

Thanks in advance

[innovaciones]

@HappymanUK did you fix this issue? I'm ready to make the jump from CentOS 7.9 to AlmaLinux 8 but I'm afraid I will have a lot of problems after migration

[HappymanUK]

@HappymanUK did you fix this issue? I'm ready to make the jump from CentOS 7.9 to AlmaLinux 8 but I'm afraid I will have a lot of problems after migration

Unfortunately I couldn't get this resolved so in the end I did a clean install of AlmaLinux and restored my site backups afterwards.

[innovaciones]

Thanks for the update, today I'm doing the upgrade and I did snapshots of the full server if something goes wrong I can go back, I really really want this to work if not I will have to do a clean install too, did you bought the ConfigServer cPanel Server Service for the new server?

[HappymanUK]

Thanks for the update, today I'm doing the upgrade and I did snapshots of the full server if something goes wrong I can go back, I really really want this to work if not I will have to do a clean install too, did you bought the ConfigServer cPanel Server Service for the new server?

Good Luck! - No, I just use the free version.

[innovaciones]

Thank you!! I'm happy to report that everything went great, not issues or errors, just in the last stage my terminal log got stuck so I waited like an hour to be sure everything got updated and then I had to do a manual reboot directly from AWS and finally I got:

Great SUCCESS! Your upgrade to AlmaLinux 8 is complete.
The cPanel & WHM server has completed the elevation process from CentOS 7 to AlmaLinux 8

I'm just fixing some little things like modsec custom rules, but everything else seems to be working fine, I guess CSF got updated to fix some of the issue you had when you did the upgrade a couple months ago.