LFD issue

johnchristy · 03-26-2014, 02:22 AM

Hello

I'm using Centos 5.10 with latest CSF installed. Yesterday I did some changes from UI. I only changed SU/SSH login alerts set to root and it was working great for like 6 hours. Today when I saw my mail box I got around 50 mails with this

===
lfd failed @ Wed Mar 26 06:55:41 2014. A restart was attempted automagically.
===

Then I quickly checked few things, but I was getting these errors :

===
centos *Error* LF_DAEMON not enabled in /etc/csf/csf.conf, at line 70
===

===
Error: (iptables binary location) does not exist!, at line 41
===

So I had to contact my host and they said iptables crashed and they stopped iptables and I was able to SSH again. So what I did was I re-installed CSF.

But now When i start iptables I'm getting

===
root@123[~/csf]# service csf start
Starting csf:iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
===

When I checked /etc/sysconfig/iptables it shows last line

==
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
==

Should I remove this line? Again started to getting this same LFD alerts. So I stopped LFD for now.

I need some help here to narrow down this issue

Thank you in advance

Additional detail : now when I start csf, my httpd going down
Outage reason: name lookup timed out
if I stop csf then httpd is up

unSpawn · 03-29-2014, 04:34 AM

Quote:

Originally Posted by johnchristy

(..) iptables crashed and they stopped iptables and I was able to SSH again. So what I did was I re-installed CSF. (..) I need some help here to narrow down this issue

The first thing would be to get rid of the reflex to re-install software. That may work with certain other OSes but is generally speaking completely unnecessary when dealing with Linux. What's worse is it points to a way of trying to "solve" problems without having to understand a system. That's often caused by a lack of practical knowledge and hampered by the use of web-based control panels.

So the first thing would be to ensure you white list your own admin IP (ranges), then review log files for errors and clues, then revert configuration to distribution standards and then apply configuration changes. That requires you to know your system (and probably more intimate then you would like) but that's the cost of using Linux.