Welcome to Centmin Mod Community
Register Now

Install csf broken?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by hellenic, May 24, 2019.

  1. hellenic

    hellenic New Member

    20
    4
    3
    Mar 4, 2019
    Ratings:
    +5
    Local Time:
    2:39 PM
    1.15.9
    10.1.38
    Hello
    I just got a VPS OpenVZ with centos 7.6 and i use the command line to install centminmod:
    When i try to restart it using csf -r i got this error:
    After i disabled FASTSTART i got this:
    Then i used this command:
    perl /etc/csf/csftest.pl
    and i got this results:
    Any ideas how to fix this?
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,441
    10,312
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,994
    Local Time:
    10:39 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    problem is your web host hasn't configured iptables correctly so they need to ensure it's fixed at OpenVZ host node level/kernel level. Who is the web host ?

    contact your web host and provide them the output you got from /etc/csf/csftest.pl command run

    once they fix it, then best to reload a fresh CentOS 7.6 and do fresh Centmin Mod install.

    if they don't fix it, try a different web host :)

    a working iptables command run should look like this
    Code (Text):
    perl /etc/csf/csftest.pl
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK
    Testing iptable_nat/ipt_DNAT...OK
    
    RESULT: csf should function on this server
    
     
  3. GASTAN

    GASTAN Member

    89
    12
    8
    Jun 28, 2017
    Ratings:
    +18
    Local Time:
    1:39 PM
    Hi


    I have this problem on my machine:
    perl /etc/csf/csftest.pl
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...FAILED [Error: FATAL: Module ip_tables not found.] - Required for MESSENGER feature
    Testing iptable_nat/ipt_DNAT...FAILED [Error: FATAL: Module ip_tables not found.] - Required for csf.redirect feature

    RESULT: csf will not function on this server due to FATAL errors from missing modules [1]


    does that mean I need to check with hosting (RAM node)?
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,441
    10,312
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,994
    Local Time:
    10:39 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Yup as I posted in 2nd post above, need to contact your web host as they're only one with access to a VPS host node layer to fix it.
     
  5. GASTAN

    GASTAN Member

    89
    12
    8
    Jun 28, 2017
    Ratings:
    +18
    Local Time:
    1:39 PM
    I finally got around and contacted support (after my other VPS went into Read Only mode) and they fixed up this issue too.

    now I get
    it was still complaining on centmin start
    so I deleted /etc/csf/csf.error

    the got this on CM startup:
    I assume all is well now (as far as csf goes)?
     
  6. eva2000

    eva2000 Administrator Staff Member

    45,441
    10,312
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,994
    Local Time:
    10:39 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    check after a csf restart and service check
    Code (Text):
    csf -ra
    service lfd status
    service csf status
    
     
  7. GASTAN

    GASTAN Member

    89
    12
    8
    Jun 28, 2017
    Ratings:
    +18
    Local Time:
    1:39 PM
    restart was complaining a bit:
    Code:
    *ERROR*: Country Code Lookups setting MM_LICENSE_KEY must be set in /etc/csf/csf.conf to continue using the MaxMind databases
    *WARNING* LF_DISTFTP sanity check. LF_DISTFTP = 40. Recommended range: 0-20 (Default: 0)
    *WARNING* LF_DISTFTP_UNIQ sanity check. LF_DISTFTP_UNIQ = 40. Recommended range: 2-20 (Default: 2)
    *WARNING* DENY_TEMP_IP_LIMIT sanity check. DENY_TEMP_IP_LIMIT = 3000. Recommended range: 10-1000 (Default: 100)
    
    *WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
    
    but service status seems ok
    Code:
    service lfd status
    Status of lfd:lfd (pid  7915) is running...
    
    csf status is very long:
    Code:
    =====================
    Chain INPUT (policy DROP 0 packets, 0 bytes)
    num   pkts bytes target     prot opt in     out     source               destination
    1        0     0 ACCEPT     tcp  --  !lo    *       8.8.4.4              0.0.0.0/0           tcp dpt:53
    2        0     0 ACCEPT     udp  --  !lo    *       8.8.4.4              0.0.0.0/0           udp dpt:53
    3        0     0 ACCEPT     tcp  --  !lo    *       8.8.4.4              0.0.0.0/0           tcp spt:53
    4        0     0 ACCEPT     udp  --  !lo    *       8.8.4.4              0.0.0.0/0           udp spt:53
    5        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0           tcp dpt:53
    6        0     0 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0           udp dpt:53
    7        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0           tcp spt:53
    8       18  2158 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0           udp spt:53
    
    but looks like it's running...
    thx
     
  8. eva2000

    eva2000 Administrator Staff Member

    45,441
    10,312
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,994
    Local Time:
    10:39 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    those warnings are normal

    looks good !