You probably will face some issues when using ConfigServer Security & Firewall (CSF LFD) on your server. Well, on this today tutorial I will show you on how to solving some important issues or errors on ConfigServer Security & Firewall (CSF and LFD). These problems should be fixing on your side in order to get CSF LFD running properly.
Here I will make a list of 10 important issues (with corresponding error logs) on CSF LFD that we should fix it. Please note if we don’t solve this problems, CSF LFD cannot work properly. So it’s very important to fix this problems, so ConfigServer Security & Firewall can running without any issues.
PREREQUISITES:
- VPS / Cloud / Dedicated Server
- Server IPv4 Address
- Full Root Access
- gNome Terminal for Linux
- PuTTy SSH client for Windows/Mac
1.) ERROR CSF *WARNING* Binary location for [CHATTR] [/usr/bin/chattr] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
To solve this problems, simply run the following commands. But it depends on your distribution systems.
------------------------------------------------- * On RPM-Based Systems (RHEL/CentOS/Fedora) $ yum install e2fsprogs * On APT-Based Systems (Debian/Ubuntu) $ apt-get install e2fsprogs -------------------------------------------------
2.) Oops Unable to download Protocol scheme ‘https’ is not supported (IOSocketSSL not installed)
This errors caused by IO-Socket-SSL not installed on your system. To fix this issues, run this command.
------------------------------------------------- * On RPM-Based Systems (RHEL/CentOS/Fedora) $ yum install perl-Crypt-SSLeay perl-Net-SSLeay * On APT-Based Systems (Debian/Ubuntu) $ apt-get install libcrypt-ssleay-perl -------------------------------------------------
Then, run CSF LFD Update with the following command
------------------------------------------------- $ csf -u -------------------------------------------------
3.) CSF Error Oops Unable to download Protocol scheme ‘https’ is not supported (LWPProtocolhttps not installed):
After configuring ConfigServer Security & Firewall, we forced to install Perl Modules as required software dependencies in order to the firewall running properly.
Run the following command to install on your distribution system.
------------------------------------------------- * On RPM-Based Systems (RHEL/CentOS/Fedora) $ yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph * On APT-Based Systems (Debian/Ubuntu) $ apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl -------------------------------------------------
4.) CSF ERROR: Testing ip_tablesiptable_filter…open3 exec of sbiniptables -I OUTPUT -p tcp –dport 9999 -j ACCEPT failed at usrlocalcsfbincsftest.pl line 144.
The error log above indicated that your system don’t have iptables installed on it. To fix this problems, simply install iptables.
------------------------------------------------- * On RPM-Based Systems (RHEL/CentOS/Fedora) $ yum install iptables * On APT-Based Systems (Debian/Ubuntu) $ apt-get install iptables -------------------------------------------------
5.) ERROR CSF WARNING Binary location for [HOST] [usrbinhost] in etccsfcsf.conf is either incorrect, is not installed or is not executable
This errors is caused by dnsutils which is not installed properly on your system. So, simply run the following command to solve this issues.
------------------------------------------------- * On RPM-Based Systems (RHEL/CentOS/Fedora) $ yum install bind-utils * On APT-Based Systems (Debian/Ubuntu) $ apt-get install dnsutils -------------------------------------------------
6.) CSF Error WARNING Binary location for [UNZIP] [usrbinunzip] in etccsfcsf.conf is either incorrect, is not installed or is not executable
Simply install zip and unzip aplication to fix these issues.
------------------------------------------------- * On RPM-Based Systems (RHEL/CentOS/Fedora) $ yum install zip unzip * On APT-Based Systems (Debian/Ubuntu) $ apt-get install zip unzip -------------------------------------------------
7.) *WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
The above problem usually caused by sendmail, so simply run the following commands to fix this issues. The following snippet code can be applied on both RPM and APT-Based Systems.
------------------------------------------------- $ echo '#!/bin/sh' > /usr/sbin/sendmail $ chmod +x /usr/sbin/sendmail -------------------------------------------------
CONCLUSIONS:
Deploying ConfigServer Security & Firewall (CSF LFD) on Linux server is quite easy. Also, to solve any issues on this SPI iptables firewall is quite easy as well. We just need relax time to undestand any issues we found on CSF LFD.
