Author Topic: error in firewall after update  (Read 653 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
error in firewall after update
« on: August 16, 2021, 12:38:29 PM »
I faced a problem after updating the csf to version 14.10, it stops automatically, and to solve the problem I have to restart ldf to work well

error files(ldf.error)
Code: [Select]
Aug 16 09:26:10 mail lfd[5534]: Main Process: TERM
Aug 16 09:26:10 mail lfd[5534]: daemon stopped
Aug 16 09:26:11 mail lfd[16796]: daemon started on mail.alsalamgroup.com - csf v14.10 (CentOS Web Panel)
Aug 16 09:26:11 mail lfd[16796]: LF_APACHE_ERRPORT: Set to [2]
Aug 16 09:26:11 mail lfd[16796]: Restricting syslog/rsyslog socket acccess to group [mysyslog]...
Aug 16 09:26:11 mail lfd[16796]: CSF Tracking...
Aug 16 09:26:11 mail lfd[16796]: LOAD Tracking...
Aug 16 09:26:11 mail lfd[16796]: Country Code Lookups...
Aug 16 09:26:11 mail lfd[16796]: System Integrity Tracking...
Aug 16 09:26:11 mail lfd[16796]: Exploit Tracking...
Aug 16 09:26:11 mail lfd[16796]: Directory Watching...
Aug 16 09:26:11 mail lfd[16796]: Temp to Perm Block Tracking...
Aug 16 09:26:11 mail lfd[16796]: Process Tracking...
Aug 16 09:26:11 mail lfd[16796]: Account Tracking...
Aug 16 09:26:11 mail lfd[16796]: SSH Tracking...
Aug 16 09:26:11 mail lfd[16796]: Webmin Tracking...
Aug 16 09:26:11 mail lfd[16796]: SU Tracking...
Aug 16 09:26:11 mail lfd[16796]: Console Tracking...
Aug 16 09:26:11 mail lfd[16796]: RESTRICT_SYSLOG: Unix socket permissions reapplied. Reopening log files...
Aug 16 09:26:11 mail lfd[16796]: Watching /var/log/messages...
Aug 16 09:26:11 mail lfd[16796]: Watching /var/log/proftpd/auth.log...
Aug 16 09:26:11 mail lfd[16796]: Watching /var/log/secure...
Aug 16 09:26:11 mail lfd[16796]: Watching /var/log/smtp/current...
Aug 16 09:26:11 mail lfd[16796]: Watching /var/log/customlog...
Aug 16 09:26:11 mail lfd[16796]: Watching /var/log/dovecot/dovecot.log...
Aug 16 09:26:11 mail lfd[16796]: Watching /var/log/httpd/error_log...
Aug 16 09:26:11 mail lfd[16807]: *User Processing* PID:536 Kill:0 User:rpc Time:37090 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 09:26:11 mail lfd[16807]: *User Processing* PID:20606 Kill:0 User:amavis Time:18064 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 09:26:11 mail lfd[16807]: *User Processing* PID:798 Kill:0 User:clamupdate Time:37089 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 09:26:11 mail lfd[16807]: *User Processing* PID:20605 Kill:0 User:amavis Time:18064 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 09:26:11 mail lfd[16807]: *User Processing* PID:20585 Kill:0 User:amavis Time:18071 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 09:26:16 mail lfd[16796]: csf (re)start requested - running *csf startup*...
Aug 16 09:26:18 mail lfd[16796]: csf (re)start completed
Aug 16 09:40:28 mail lfd[16796]: Main Process: TERM
Aug 16 09:40:28 mail lfd[16796]: daemon stopped
Aug 16 09:40:33 mail lfd[20560]: daemon started on mail.alsalamgroup.com - csf v14.10 (CentOS Web Panel)
Aug 16 09:40:33 mail lfd[20560]: LF_APACHE_ERRPORT: Set to [2]
Aug 16 09:40:33 mail lfd[20560]: Restricting syslog/rsyslog socket acccess to group [mysyslog]...
Aug 16 09:40:33 mail lfd[20560]: CSF Tracking...
Aug 16 09:40:33 mail lfd[20560]: LOAD Tracking...
Aug 16 09:40:33 mail lfd[20560]: Country Code Lookups...
Aug 16 09:40:33 mail lfd[20560]: System Integrity Tracking...
Aug 16 09:40:33 mail lfd[20560]: Exploit Tracking...
Aug 16 09:40:33 mail lfd[20560]: Directory Watching...
Aug 16 09:40:33 mail lfd[20560]: Temp to Perm Block Tracking...
Aug 16 09:40:33 mail lfd[20560]: Process Tracking...
Aug 16 09:40:33 mail lfd[20560]: Account Tracking...
Aug 16 09:40:33 mail lfd[20560]: SSH Tracking...
Aug 16 09:40:33 mail lfd[20560]: Webmin Tracking...
Aug 16 09:40:33 mail lfd[20560]: SU Tracking...
Aug 16 09:40:33 mail lfd[20560]: Console Tracking...
Aug 16 09:40:33 mail lfd[20560]: Watching /var/log/messages...
Aug 16 09:40:33 mail lfd[20560]: Watching /var/log/proftpd/auth.log...
Aug 16 09:40:33 mail lfd[20560]: Watching /var/log/secure...
Aug 16 09:40:33 mail lfd[20560]: Watching /var/log/smtp/current...
Aug 16 09:40:33 mail lfd[20560]: Watching /var/log/customlog...
Aug 16 09:40:33 mail lfd[20560]: Watching /var/log/dovecot/dovecot.log...
Aug 16 09:40:33 mail lfd[20560]: Watching /var/log/httpd/error_log...
Aug 16 09:40:33 mail lfd[20592]: *User Processing* PID:536 Kill:0 User:rpc Time:37952 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 09:40:33 mail lfd[20592]: *User Processing* PID:20606 Kill:0 User:amavis Time:18926 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 09:40:33 mail lfd[20592]: *User Processing* PID:798 Kill:0 User:clamupdate Time:37952 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 09:40:34 mail lfd[20592]: *User Processing* PID:20605 Kill:0 User:amavis Time:18926 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 09:40:34 mail lfd[20592]: *User Processing* PID:20585 Kill:0 User:amavis Time:18934 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 09:41:48 mail lfd[20560]: csf (re)start requested - running *csf startup*...
Aug 16 09:41:49 mail lfd[20560]: csf (re)start completed
Aug 16 09:44:04 mail lfd[20560]: csf (re)start requested - running *csf startup*...
Aug 16 09:44:06 mail lfd[20560]: csf (re)start completed
Aug 16 09:55:53 mail lfd[20560]: Main Process: TERM
Aug 16 09:55:53 mail lfd[20560]: daemon stopped
Aug 16 09:55:54 mail lfd[32048]: daemon started on mail.alsalamgroup.com - csf v14.10 (CentOS Web Panel)
Aug 16 09:55:54 mail lfd[32048]: LF_APACHE_ERRPORT: Set to [2]
Aug 16 09:55:54 mail lfd[32048]: Restricting syslog/rsyslog socket acccess to group [mysyslog]...
Aug 16 09:55:54 mail lfd[32048]: CSF Tracking...
Aug 16 09:55:54 mail lfd[32048]: LOAD Tracking...
Aug 16 09:55:54 mail lfd[32048]: Country Code Lookups...
Aug 16 09:55:54 mail lfd[32048]: System Integrity Tracking...
Aug 16 09:55:54 mail lfd[32048]: Exploit Tracking...
Aug 16 09:55:54 mail lfd[32048]: Directory Watching...
Aug 16 09:55:54 mail lfd[32048]: Temp to Perm Block Tracking...
Aug 16 09:55:54 mail lfd[32048]: Process Tracking...
Aug 16 09:55:54 mail lfd[32048]: Account Tracking...
Aug 16 09:55:54 mail lfd[32048]: SSH Tracking...
Aug 16 09:55:54 mail lfd[32048]: Webmin Tracking...
Aug 16 09:55:54 mail lfd[32048]: SU Tracking...
Aug 16 09:55:54 mail lfd[32048]: Console Tracking...
Aug 16 09:55:54 mail lfd[32048]: Watching /var/log/messages...
Aug 16 09:55:54 mail lfd[32048]: Watching /var/log/proftpd/auth.log...
Aug 16 09:55:54 mail lfd[32048]: Watching /var/log/secure...
Aug 16 09:55:54 mail lfd[32048]: Watching /var/log/smtp/current...
Aug 16 09:55:54 mail lfd[32048]: Watching /var/log/customlog...
Aug 16 09:55:54 mail lfd[32048]: Watching /var/log/dovecot/dovecot.log...
Aug 16 09:55:54 mail lfd[32048]: Watching /var/log/httpd/error_log...
Aug 16 09:55:54 mail lfd[32059]: *User Processing* PID:536 Kill:0 User:rpc Time:38873 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 09:55:54 mail lfd[32059]: *User Processing* PID:20606 Kill:0 User:amavis Time:19847 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 09:55:54 mail lfd[32059]: *User Processing* PID:798 Kill:0 User:clamupdate Time:38872 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 09:55:54 mail lfd[32059]: *User Processing* PID:20605 Kill:0 User:amavis Time:19847 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 09:55:54 mail lfd[32059]: *User Processing* PID:20585 Kill:0 User:amavis Time:19855 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 10:08:25 mail lfd[1526]: *LOAD* 5 minute load average is 6.70, threshold is 6 - email sent
Aug 16 10:08:58 mail lfd[1702]: *Excessive Processes* User:motors Kill:0 Process Count:128
Aug 16 10:51:00 mail lfd[9654]: *User Processing* PID:4111 Kill:0 User:amavis Time:1845 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 10:51:00 mail lfd[9654]: *User Processing* PID:4110 Kill:0 User:amavis Time:1845 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 10:51:00 mail lfd[9654]: *User Processing* PID:4104 Kill:0 User:amavis Time:1848 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 10:56:00 mail lfd[10749]: *User Processing* PID:536 Kill:0 User:rpc Time:42479 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 10:56:00 mail lfd[10749]: *User Processing* PID:798 Kill:0 User:clamupdate Time:42478 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 10:59:00 mail lfd[11050]: *Suspicious Process* PID:1647 PPID:20559 User:nobody Uptime:3005 secs EXE:/usr/bin/perl CMD:spamd child
Aug 16 11:30:15 mail lfd[14540]: *Excessive Processes* User:motors Kill:0 Process Count:141
Aug 16 11:30:35 mail lfd[14664]: *LOAD* 5 minute load average is 18.14, threshold is 6 - email sent
Aug 16 11:51:06 mail lfd[16663]: *User Processing* PID:4111 Kill:0 User:amavis Time:5452 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 11:51:06 mail lfd[16663]: *User Processing* PID:4110 Kill:0 User:amavis Time:5452 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 11:51:06 mail lfd[16663]: *User Processing* PID:4104 Kill:0 User:amavis Time:5455 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 11:56:07 mail lfd[17535]: *User Processing* PID:536 Kill:0 User:rpc Time:46086 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 11:56:07 mail lfd[17535]: *User Processing* PID:798 Kill:0 User:clamupdate Time:46085 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 11:56:15 mail lfd[32048]: Main Process: TERM
Aug 16 11:56:15 mail lfd[32048]: daemon stopped
Aug 16 11:56:15 mail lfd[17732]: daemon started on mail.alsalamgroup.com - csf v14.10 (CentOS Web Panel)
Aug 16 11:56:15 mail lfd[17732]: LF_APACHE_ERRPORT: Set to [2]
Aug 16 11:56:15 mail lfd[17732]: Restricting syslog/rsyslog socket acccess to group [mysyslog]...
Aug 16 11:56:15 mail lfd[17732]: CSF Tracking...
Aug 16 11:56:15 mail lfd[17732]: LOAD Tracking...
Aug 16 11:56:15 mail lfd[17732]: Country Code Lookups...
Aug 16 11:56:15 mail lfd[17732]: System Integrity Tracking...
Aug 16 11:56:15 mail lfd[17732]: Exploit Tracking...
Aug 16 11:56:15 mail lfd[17732]: Directory Watching...
Aug 16 11:56:15 mail lfd[17732]: Temp to Perm Block Tracking...
Aug 16 11:56:15 mail lfd[17732]: Process Tracking...
Aug 16 11:56:15 mail lfd[17732]: Account Tracking...
Aug 16 11:56:15 mail lfd[17732]: SSH Tracking...
Aug 16 11:56:15 mail lfd[17732]: Webmin Tracking...
Aug 16 11:56:15 mail lfd[17732]: SU Tracking...
Aug 16 11:56:15 mail lfd[17732]: Console Tracking...
Aug 16 11:56:15 mail lfd[17732]: Watching /var/log/messages...
Aug 16 11:56:15 mail lfd[17732]: Watching /var/log/proftpd/auth.log...
Aug 16 11:56:15 mail lfd[17732]: Watching /var/log/secure...
Aug 16 11:56:15 mail lfd[17732]: Watching /var/log/smtp/current...
Aug 16 11:56:15 mail lfd[17732]: Watching /var/log/customlog...
Aug 16 11:56:15 mail lfd[17732]: Watching /var/log/dovecot/dovecot.log...
Aug 16 11:56:15 mail lfd[17732]: Watching /var/log/httpd/error_log...
Aug 16 11:56:16 mail lfd[17743]: *User Processing* PID:4111 Kill:0 User:amavis Time:5761 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 11:56:16 mail lfd[17743]: *User Processing* PID:536 Kill:0 User:rpc Time:46095 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 11:56:16 mail lfd[17743]: *User Processing* PID:4110 Kill:0 User:amavis Time:5761 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 11:56:16 mail lfd[17743]: *User Processing* PID:4104 Kill:0 User:amavis Time:5764 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 11:56:16 mail lfd[17743]: *User Processing* PID:798 Kill:0 User:clamupdate Time:46094 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 11:56:20 mail lfd[17732]: csf (re)start requested - running *csf startup*...
Aug 16 11:56:21 mail lfd[17732]: csf (re)start completed
Aug 16 12:11:17 mail lfd[19410]: *Suspicious Process* PID:1647 PPID:20559 User:nobody Uptime:7342 secs EXE:/usr/bin/perl CMD:spamd child
Aug 16 12:30:32 mail lfd[21769]: *Excessive Processes* User:motors Kill:0 Process Count:141
Aug 16 12:30:57 mail lfd[22030]: *LOAD* 5 minute load average is 20.24, threshold is 6 - email sent
Aug 16 12:56:25 mail lfd[25528]: *User Processing* PID:536 Kill:0 User:rpc Time:49704 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 12:56:25 mail lfd[25528]: *User Processing* PID:798 Kill:0 User:clamupdate Time:49704 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 13:01:26 mail lfd[26147]: *User Processing* PID:22044 Kill:0 User:amavis Time:1825 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 13:01:26 mail lfd[26147]: *User Processing* PID:22128 Kill:0 User:amavis Time:1822 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 13:01:26 mail lfd[26147]: *User Processing* PID:22129 Kill:0 User:amavis Time:1822 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 13:28:29 mail lfd[29694]: *Suspicious Process* PID:1647 PPID:20559 User:nobody Uptime:11974 secs EXE:/usr/bin/perl CMD:spamd child
Aug 16 13:31:38 mail lfd[30504]: *LOAD* 5 minute load average is 16.24, threshold is 6 - email sent
Aug 16 13:31:42 mail lfd[30489]: *Excessive Processes* User:motors Kill:0 Process Count:140
Aug 16 13:56:36 mail lfd[1890]: *User Processing* PID:536 Kill:0 User:rpc Time:53315 EXE:/usr/sbin/rpcbind CMD:/sbin/rpcbind -w
Aug 16 13:56:36 mail lfd[1890]: *User Processing* PID:798 Kill:0 User:clamupdate Time:53314 EXE:/usr/bin/freshclam CMD:/usr/bin/freshclam -d --foreground=true
Aug 16 14:02:36 mail lfd[2791]: *User Processing* PID:30563 Kill:0 User:amavis Time:1848 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 14:02:36 mail lfd[2791]: *User Processing* PID:30531 Kill:0 User:amavis Time:1851 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (master)
Aug 16 14:02:36 mail lfd[2791]: *User Processing* PID:30562 Kill:0 User:amavis Time:1848 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
Aug 16 14:31:47 mail lfd[7356]: *LOAD* 5 minute load average is 11.33, threshold is 6 - email sent
Aug 16 14:31:52 mail lfd[17732]: *Error* cannot fork: Cannot allocate memory, at line 10605
after day or 2 day the firewall turn off automatically .... i want solve this problem plzz
« Last Edit: August 16, 2021, 12:51:14 PM by nizardrabia »

Offline
*
Re: error in firewall after update
« Reply #1 on: August 17, 2021, 06:51:58 AM »
You make the update that causes the problems and you don't find the solutions  >:( >:( >:( >:( >:( >:(

Offline
*
Re: error in firewall after update
« Reply #2 on: August 19, 2021, 10:08:57 AM »
- For anyone looking for a solution, visit the following path: /var/log/lfd.log

-  after this Ignore any error by insert it in this path:  /etc/csf/csf.pignore - This process prevents lfd from reading these processes that cause convulsions

for example in above i face this error
Code: [Select]
Aug 16 14:02:36 mail lfd[2791]: *User Processing* PID:30563 Kill:0 User:amavis Time:1848 EXE:/usr/bin/perl CMD:/usr/sbin/amavisd (virgin child)
i solve it by insert exe:/usr/bin/perl  in  csf.pignore to prevent lfd reading this process

-  restart lfd

« Last Edit: August 19, 2021, 10:11:46 AM by nizardrabia »