Join the community today
Become a Member

CSF CSF not updating from cron

Discussion in 'Other Centmin Mod Installed software' started by jscott, May 24, 2018.

  1. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    10:10 AM
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 6 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.13.12
    • PHP Version Installed: 7.2.5
    • MariaDB MySQL Version Installed: 10.0.35
    • When was last time updated Centmin Mod code base ? : "a few days ago"
    • Persistent Config: None

    I have noticed over the last week or so that my CSF firewall is not updating.

    The error message I get in email is: Oops: Unable to download: Connect failed: connect: Connection timed out; Connection timed out

    I am getting this message on two different VPS

    Digital Ocean shows
    Code:
    [17:41][ ... centminlogs]# csf -u
    Oops: Unable to download: Connect failed: connect: Connection timed out; Connection timed out
    [17:41][ ... ]# csf -v
    csf: v12.01 (generic)
    [17:41][ ...] centminlogs]# 
    
    
    HOSTUS shows
    Code:
    [17:54][ ... backup]# csf -v
    Warning: failed to load Config_git.pl, something strange about this perl...
    csf: v10.11 (generic)
    [17:54][ ... backup]# csf -u
    Warning: failed to load Config_git.pl, something strange about this perl...
    Oops: Unable to download: Connect failed: connect: Connection timed out; Connection timed out
    [17:55][ ... backup]# 
    
    PS. Anyone know anything about that strange perl....

    Thanks
    -John
     
  2. eva2000

    eva2000 Administrator Staff Member

    40,190
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,698
    Local Time:
    12:10 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    both servers centos 6.x ?

    csf v10.11 is ancient version ! how old is that hostus install of centmin mod ? output for
    Code (Text):
    yum list perl
    

    Code (Text):
    perl -V
    

    Code (Text):
    yum history list perl
    

    Code (Text):
    yum info perl -v | grep -A15 'Installed Packages' 
    
     
  3. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    10:10 AM
    Yes

    hostus = centminmod_1.2.3-eva2000.08_080617-135423_install.log

    DO = centminmod_1.2.3-eva2000.08_260318-185740_install.log

    Code:
    [19:39][ ... netdata]# yum list perl
    Loaded plugins: fastestmirror, priorities, security, versionlock
    Loading mirror speeds from cached hostfile
     * base: ewr.edge.kernel.org
     * epel: mirror.cogentco.com
     * extras: ewr.edge.kernel.org
     * rpmforge: mirror.us.leaseweb.net
     * updates: ewr.edge.kernel.org
    1985 packages excluded due to repository priority protections
    Installed Packages
    perl.x86_64                                                                4:5.10.1-144.el6                                                                 @base
    
    Code:
    [19:39][ ... netdata]# perl -V
    Warning: failed to load Config_git.pl, something strange about this perl...
    Summary of my perl5 (revision 5 version 10 subversion 1) configuration:
      undef undef
      Platform:
        osname=linux, osvers=3.10.0-514.10.2.el7.x86_64, archname=x86_64-linux-thread-multi
        uname='linux c1bm.rdu2.centos.org 3.10.0-514.10.2.el7.x86_64 #1 smp fri mar 3 00:04:05 utc 2017 x86_64 x86_64 x86_64 gnulinux '
        config_args='-des -Doptimize=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -DDEBUGGING=-g -Dversion=5.10.1 -Dmyhostname=localhost [email protected] -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl5 -Dsitearch=/usr/local/lib64/perl5 -Dprivlib=/usr/share/perl5 -Darchlib=/usr/lib64/perl5 -Dvendorlib=/usr/share/perl5/vendor_perl -Dvendorarch=/usr/lib64/perl5/vendor_perl -Dinc_version_list=5.10.0 -Darchname=x86_64-linux-thread-multi -Dlibpth=/usr/local/lib64 /lib64 /usr/lib64 -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto -Dscriptdir=/usr/bin -Dusesitecustomize'
        hint=recommended, useposix=true, d_sigaction=define
        useithreads=define, usemultiplicity=define
        useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
        use64bitint=define, use64bitall=define, uselongdouble=undef
        usemymalloc=n, bincompat5005=undef
      Compiler:
        cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
        optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic',
        cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
        ccversion='', gccversion='4.4.7 20120313 (Red Hat 4.4.7-18)', gccosandvers=''
        intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
        d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
        ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
        alignbytes=8, prototype=define
      Linker and Libraries:
        ld='gcc', ldflags =' -fstack-protector'
        libpth=/usr/local/lib64 /lib64 /usr/lib64
        libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
        perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
        libc=, so=so, useshrplib=true, libperl=libperl.so
        gnulibc_version='2.12'
      Dynamic Linking:
        dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib64/perl5/CORE'
        cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
    
    
    Characteristics of this binary (from libperl):
      Compile-time options: MULTIPLICITY PERL_DONT_CREATE_GVSV
                            PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP USE_64_BIT_ALL
                            USE_64_BIT_INT USE_ITHREADS USE_LARGE_FILES
                            USE_PERLIO USE_REENTRANT_API USE_SITECUSTOMIZE
      Built under linux
      Compiled at Mar 22 2017 11:01:50
      @INC:
        /usr/local/lib64/perl5
        /usr/local/share/perl5
        /usr/lib64/perl5/vendor_perl
        /usr/share/perl5/vendor_perl
        /usr/lib64/perl5
        /usr/share/perl5
        .
    
    Code:
    [19:40][ ... netdata]# yum history list perl
    Loaded plugins: fastestmirror, priorities, security, versionlock
    ID     | Login user               | Date and time    | Action(s)      | Altered
    -------------------------------------------------------------------------------
         1 | System <unset>           | 2017-06-08 13:47 | I, U           |   33  
    Warning: RPMDB altered outside of yum.
    ** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
    duplicati-2.0.3.3-2.0.3.3_beta_20180402.noarch has missing requires of desktop-file-utils
    duplicati-2.0.3.3-2.0.3.3_beta_20180402.noarch has missing requires of libappindicator
    duplicati-2.0.3.3-2.0.3.3_beta_20180402.noarch has missing requires of mono(appindicator-sharp)
    history list
    
    Code:
    [19:41][ ... netdata]# yum info perl -v | grep -A15 'Installed Packages'
    Installed Packages
    Name        : perl
    Arch        : x86_64
    Epoch       : 4
    Version     : 5.10.1
    Release     : 144.el6
    Size        : 34 M
    Repo        : installed
    From repo   : base
    Committer   : Petr Pisar <[email protected]>
    Committime  : Thu Nov  3 08:00:00 2016
    Buildtime   : Wed Mar 22 07:12:27 2017
    Install time: Thu Jun  8 13:47:55 2017
    Installed by: System <unset>
    Changed by  : System <unset>
    Summary     : Practical Extraction and Report Language
    [19:42][ ... netdata]#
    
     
  4. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    5:10 PM
    I checked my Hostus mail and saw error too. csf - u
    Oops: Unable to download: Can't connect to download.configserver.com:443
    I have centos 7
    csf -v
    csf: v12.03 (generic)

    The mail was sent on sunday.
     
  5. eva2000

    eva2000 Administrator Staff Member

    40,190
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,698
    Local Time:
    12:10 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    what's output for
    Code (Text):
    curl -Iv https://download.configserver.com
    

    Try doing
    Code (Text):
    yum clean all
    yum -y update
    

    then reboot server
    Code (Text):
    reboot
    
     
  6. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    10:10 AM
    Code:
    [22:11][ ... ~]# curl -Iv https://download.configserver.com
    * About to connect() to download.configserver.com port 443 (#0)
    *   Trying 85.10.199.177... Connection timed out
    * couldn't connect to host
    * Closing connection #0
    curl: (7) couldn't connect to host
    [22:13][ ... ~]#
    
    
    yum cleanup, update and reboot did not change anything.
    Code:
    No Packages marked for Update
    
    -John
     
  7. eva2000

    eva2000 Administrator Staff Member

    40,190
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,698
    Local Time:
    12:10 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    connectivity issues on your server to csf download url so check your dns resolver and network connectivity

    on working vps
    Code (Text):
    curl -Iv https://download.configserver.com
    * About to connect() to download.configserver.com port 443 (#0)
    *   Trying 85.10.199.177...
    * Connected to download.configserver.com (85.10.199.177) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    * Server certificate:
    *       subject: CN=download.configserver.com
    *       start date: May 11 00:00:00 2018 GMT
    *       expire date: Dec 20 12:00:00 2018 GMT
    *       common name: download.configserver.com
    *       issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: download.configserver.com
    
     
  8. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    10:10 AM
    I have contacted Digital Ocean and asked them to check for connectivity problems.

    -John
     
  9. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    5:10 PM
    My Hostus connection is ok now.

    Code:
     curl -Iv https://download.configserver.com     
    * About to connect() to download.configserver.com port 443 (#0)         
    *   Trying 85.10.199.177...                                             
    * Connected to download.configserver.com (85.10.199.177) port 443 (#0) 
    * Initializing NSS with certpath: sql:/etc/pki/nssdb                   
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt                           
      CApath: none                                                         
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384           
    * Server certificate:                                                   
    *       subject: CN=download.configserver.com                           
    *       start date: May 11 00:00:00 2018 GMT                           
    *       expire date: Dec 20 12:00:00 2018 GMT                           
    *       common name: download.configserver.com                         
    *       issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert I
    nc,C=US                                                                 
    > HEAD / HTTP/1.1                                                       
    > User-Agent: curl/7.29.0                                               
    > Host: download.configserver.com                                       
    > Accept: */*                                                           
    >                                                                       
    < HTTP/1.1 200 OK                                                       
    HTTP/1.1 200 OK                                                         
    < Date: Thu, 24 May 2018 15:58:43 GMT                                   
    Date: Thu, 24 May 2018 15:58:43 GMT                                     
    < Server: Apache/2.2.15 (CentOS)                                       
    Server: Apache/2.2.15 (CentOS)                                         
    < Last-Modified: Sat, 04 Jul 2015 20:55:45 GMT                         
    Last-Modified: Sat, 04 Jul 2015 20:55:45 GMT                           
    < ETag: "5140054-1c-51a12e57716d0"                                     
    ETag: "5140054-1c-51a12e57716d0"                                       
    < Accept-Ranges: bytes                                                 
    Accept-Ranges: bytes                                                   
    < Content-Length: 28                                                   
    Content-Length: 28                                                     
    < Vary: Accept-Encoding,User-Agent                                     
    Vary: Accept-Encoding,User-Agent                                       
    < Connection: close                                                     
    Connection: close                                                       
    < Content-Type: text/html; charset=UTF-8                               
    Content-Type: text/html; charset=UTF-8                                 
                                                                            
    <                                                                       
    * Closing connection 0                                                 
    
     
  10. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    10:10 AM
    SOLVED!

    OK, looks like I shot myself in the foot.

    configserver.com looks like a German site hosted in the UK.

    GDPR is scaring the crap out of everybody including myself....

    SO... A couple of weeks ago I used CSF to block the countries in the EU.

    Including Germany and the UK. ( for now )

    It seems CSF does not check to see if you have done something to block its own updates.

    Apparently, when you block a country code it does inbount ( expected ) and outbound ( not expected ).

    OUCH!!

    Looking through csf -h, I noticed a disable firewall option and gave it a try.

    Instant update!!

    Worked on both hostus and Digital Ocean.


    -John
     
    • Funny Funny x 1
  11. eva2000

    eva2000 Administrator Staff Member

    40,190
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,698
    Local Time:
    12:10 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Ah ha geo blocking at it's finest :D
     
..