Closed bitfactory-henk-batelaan closed 5 years ago
Hi Henk, thanks for reporting. Can you show your process listing filtered with lfd/csf (ps -ef | grep -E "lfd|csf")
Thanks for the reply! lfd is apparently sleeping?
ps -ef | grep -E "lfd|csf" root 18340 1 0 13:17 ? 00:00:00 lfd - sleeping root 32396 1360 0 13:23 pts/0 00:00:00 grep -E lfd|csf
We want to simulate this in our lab. How did you install CSF (and in particular the systemd service file)?
I believe they don't have a repo? I've installed it manually like so:
# cd /tmp/
# wget https://download.configserver.com/csf.tgz
# tar xzf csf.tgz
# cd csf/
# ./csftest.pl
Everything was OK, so finally:
# ./install.sh
Performed installation on Ubuntu 18.04 and a Fedora 29 system. Both end with:
root@ubuntu1804:/etc/csf# systemctl start lfd.service Job for lfd.service failed because a fatal signal was delivered to the control process. See "systemctl status lfd.service" and "journalctl -xe" for details.
Running lfd manually shows only 'Killed'.
Did you configure something regarding LFD in particular?
So at your end it doesn't work at all? What does the log say?
I did some editing of course in the config file, but nothing crazy. Also, it just works after installation.
The # ./csftest.pl
didn't bring anything up either?
I believe these are all changed and / or relevant settings:
TESTING = "0"
RESTRICT_SYSLOG = "3"
RESTRICT_SYSLOG_GROUP = "mysyslog"
RESTRICT_UI = "2"
AUTO_UPDATES = "1"
# Allow incoming TCP ports
TCP_IN = "80,443"
# Allow outgoing TCP ports
TCP_OUT = "25,80,443,587"
# Allow incoming UDP ports
UDP_IN = ""
# Allow outgoing UDP ports
UDP_OUT = "53,67,123"
SYSLOG_CHECK = "300"
URLGET = "1"
CC_OLDGEOLITE = "0"
LF_DIRWATCH = "0"
LF_DIRWATCH_DISABLE = "0"
LF_DIRWATCH_FILE = "0"
LF_INTEGRITY = "0"
PT_LIMIT = "0"
PT_USERMEM = "0"
PT_USERTIME = "0"
UI = "0"
LOGSCANNER = "0"
Fire it up:
# csf -r
# systemctl start csf lfd
# systemctl enable csf lfd
Hi, I just realised with a manual scan this one is still open. The problem persists on all our CSF/LFD equipped Debian servers.
Services are running:
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2019-03-11 08:30:43 CET; 1h 50min ago
Process: 3881 ExecStop=/usr/sbin/csf --stop (code=exited, status=0/SUCCESS)
Process: 3864 ExecStop=/usr/sbin/csf --initdown (code=exited, status=0/SUCCESS)
Process: 3919 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
Main PID: 3919 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/csf.service
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-03-11 08:30:44 CET; 1h 50min ago
Process: 3983 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 3996 (lfd - sleeping)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/lfd.service
└─3996 lfd - sleeping
But lfd is sleeping? Maybe this is something?
Found the underlying reason. The process needs to be exactly matched in this case 'lfd - sleeping'.
Fixed with commit https://github.com/CISOfy/lynis/commit/fa064a824b6ba5519296dfd87e4604c2f15be897
Describe the bug This is from the output of a full system audit:
From the log: 2018-10-04 11:01:55 IsRunning: process 'lfd ' not found.
systemctl status lfd ● lfd.service - ConfigServer Firewall & Security - lfd Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-10-04 10:47:48 CEST; 19min ago TIME-3124
Version Debian 9.5 Lynis 2.6.9
Expected behavior Sincs LFD (and CSF) is running, I would expect an [ OK ] status here.