I have installed the CSF in the server. When I try to run the perl test in the CSF, it is giving the following error.
===============
# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...FAILED [Error: iptables: Unknown error 4294967295] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf will function on this server but some features will not work due to some missing iptables modules [4]
===============
===============
# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...FAILED [Error: iptables: Unknown error 4294967295] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf will function on this server but some features will not work due to some missing iptables modules [4]
===============
Solution:
csf requires at least these iptables modules in the main node
ip_tables
ipt_state
ipt_multiport
iptable_filter
ipt_limit
ipt_LOG
ipt_REJECT
ipt_conntrack
ip_conntrack
ip_conntrack_ftp
iptable_mangle
Following modules are used for the other funcanality of csf
ipt_owner
ipt_recent
iptable_nat
ipt_REDIRECT
You can check if the above modules are installed in the server or not.
# lsmod |grep -i <module-name>
If it is not installed then you can install it via
modprob ipt_conntrack
You can test whether they have fixed the environment by running:
perl /etc/csf/csftest.pl
This will fix the issue.
In case of VPS like OpenVZ, Prallels Virtuozzo or etc, this might not been fixed some times. Just follow the steps below to fix the issue in the VPS container.
1. /sbin/iptables -F
2. Edit /etc/sysconfig/iptables-config
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables ip_conntrack_netbios_ns"
3.Edit /etc/sysconfig/vz
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables ip_conntrack_netbios_ns"
4. Execute the command in the console
service vz stop
service iptables restart
service vz start
ip_tables
ipt_state
ipt_multiport
iptable_filter
ipt_limit
ipt_LOG
ipt_REJECT
ipt_conntrack
ip_conntrack
ip_conntrack_ftp
iptable_mangle
Following modules are used for the other funcanality of csf
ipt_owner
ipt_recent
iptable_nat
ipt_REDIRECT
You can check if the above modules are installed in the server or not.
# lsmod |grep -i <module-name>
If it is not installed then you can install it via
modprob ipt_conntrack
You can test whether they have fixed the environment by running:
perl /etc/csf/csftest.pl
This will fix the issue.
In case of VPS like OpenVZ, Prallels Virtuozzo or etc, this might not been fixed some times. Just follow the steps below to fix the issue in the VPS container.
1. /sbin/iptables -F
2. Edit /etc/sysconfig/iptables-config
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables ip_conntrack_netbios_ns"
3.Edit /etc/sysconfig/vz
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables ip_conntrack_netbios_ns"
4. Execute the command in the console
service vz stop
service iptables restart
service vz start
No comments:
Post a Comment