🐛 Bug: csf.c error when running install.directadmin.sh

[RH-Adv1c3]

CSF › Version

15.10

CSF › Release

Stable

System › OS

Linux

System › Distro & Version

AlmaLinux 10

Control Panel › Name

DirectAdmin

Priority

High

Issue Description

First chart item is the fact the fact that the directadmin integrated UI for the plugin doesn't work for us out of the box. But during installation there are a lot of issues and errors popping up, mainly exactly one around the admin area (which would explain why the admin panel stays blank in directadmin for csf)

• We have tried a clean install as well, removing it entirely as far as we could find traces. And reinstall completely from the repo. Did not work.

Steps To Reproduce

• Get a AlmaLinux 10 VPS
• Run all the package updates, upgrades etc
• Install DirectAdmin according to the install guide.
• Add Softaculous (specifically for our scenario)
• Download and install CSF from the repo and install with the ./install.sh
• Check logs, there are install errors.

Logs › Lfd

(Due to character limit I had to cut the first section of one day ago)
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/log/exim/mainlog...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/log/secure...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/log/customlog...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/log/maillog...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/log/messages...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/log/httpd/error_log...
Apr 28 14:29:59 host04 lfd[5947]: Watching /var/log/directadmin/login.log...
Apr 28 14:29:59 host04 lfd[5961]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 28 14:30:06 host04 lfd[5984]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:06 host04 lfd[5988]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:07 host04 lfd[6009]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:07 host04 lfd[6012]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:08 host04 lfd[6026]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:08 host04 lfd[6029]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:08 host04 lfd[6035]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:09 host04 lfd[6044]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:09 host04 lfd[6047]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:10 host04 lfd[6054]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:12 host04 lfd[6067]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:12 host04 lfd[6070]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:12 host04 lfd[6081]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:13 host04 lfd[6091]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:13 host04 lfd[6094]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:13 host04 lfd[6103]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:18 host04 lfd[6114]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:18 host04 lfd[6117]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:18 host04 lfd[6124]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:18 host04 lfd[6133]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:18 host04 lfd[6135]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:18 host04 lfd[6142]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:20 host04 lfd[6153]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:20 host04 lfd[6155]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:30:20 host04 lfd[6164]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [(IP Replaced)]
Apr 28 14:33:11 host04 lfd[5947]: Main Process: TERM
Apr 28 14:33:11 host04 lfd[5947]: Daemon stopped
Apr 28 14:33:22 host04 lfd[6446]: Daemon started on host04 - csf v15.10 (directadmin)
Apr 28 14:33:22 host04 lfd[6446]: csf is currently restarting - command [/usr/bin/systemctl is-active firewalld] skipped on line 514
Apr 28 14:33:22 host04 lfd[6446]: LF_APACHE_ERRPORT: Set to [2]
Apr 28 14:33:22 host04 lfd[6446]: CSF Tracking...
Apr 28 14:33:22 host04 lfd[6446]: IPv6 Enabled...
Apr 28 14:33:22 host04 lfd[6446]: LOAD Tracking...
Apr 28 14:33:22 host04 lfd[6446]: csf Integrated UI running up on port 1888...
Apr 28 14:33:22 host04 lfd[6446]: Country Code Lookups...
Apr 28 14:33:22 host04 lfd[6446]: System Integrity Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Exploit Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Directory Watching...
Apr 28 14:33:22 host04 lfd[6446]: Email Relay Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Temp to Perm Block Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Process Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Account Tracking...
Apr 28 14:33:22 host04 lfd[6446]: SSH Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Webmin Tracking...
Apr 28 14:33:22 host04 lfd[6446]: SU Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Console Tracking...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/log/directadmin/login.log...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/log/exim/mainlog...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/log/customlog...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/log/secure...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/log/maillog...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/log/messages...
Apr 28 14:33:22 host04 lfd[6446]: Watching /var/log/httpd/error_log...
Apr 28 14:33:23 host04 lfd[6460]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/global.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/csftest.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/auto.vesta.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/uninstall.interworx.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/install.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/auto.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/auto.cwp.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/uninstall.generic.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/install.directadmin.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Suspicious File /tmp/csf/apf_stub.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 28 14:38:23 host04 lfd[13455]: Too many hits for LF_DIRWATCH - Directory Watching disabled
Apr 28 14:40:01 host04 lfd[6455]: Child UI: TERM
Apr 28 14:40:01 host04 lfd[6446]: Main Process: TERM
Apr 28 14:40:01 host04 lfd[6446]: Daemon stopped
Apr 29 00:00:01 host04 lfd[25881]: Error lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 146
Apr 29 00:00:01 host04 lfd[25881]: Daemon stopped
Apr 29 06:50:12 host04 lfd[36090]: Error lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 146
Apr 29 06:50:12 host04 lfd[36090]: Daemon stopped
Apr 29 06:50:21 host04 lfd[36273]: Daemon started on host04 - csf v15.10 (directadmin)
Apr 29 06:50:21 host04 lfd[36273]: LF_APACHE_ERRPORT: Set to [2]
Apr 29 06:50:21 host04 lfd[36273]: CSF Tracking...
Apr 29 06:50:21 host04 lfd[36273]: IPv6 Enabled...
Apr 29 06:50:21 host04 lfd[36273]: LOAD Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Country Code Lookups...
Apr 29 06:50:21 host04 lfd[36282]: CCL: Retrieving CC Lookup database [http://download.geonames.org/export/dump/countryInfo.txt]
Apr 29 06:50:21 host04 lfd[36273]: System Integrity Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Exploit Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Directory Watching...
Apr 29 06:50:21 host04 lfd[36273]: Email Relay Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Temp to Perm Block Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Process Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Account Tracking...
Apr 29 06:50:21 host04 lfd[36273]: SSH Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Webmin Tracking...
Apr 29 06:50:21 host04 lfd[36273]: SU Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Console Tracking...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/log/secure...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/log/customlog...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/log/directadmin/login.log...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/log/exim/mainlog...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/log/messages...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/log/maillog...
Apr 29 06:50:21 host04 lfd[36273]: Watching /var/log/httpd/error_log...
Apr 29 06:50:21 host04 lfd[36286]: User Processing PID:26290 Kill:0 User:nginx Time:23951 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 06:50:21 host04 lfd[36282]: CC: Retrieving DB-IP Country database [http://download.db-ip.com/free/dbip-country-lite-2026-04.csv.gz]
Apr 29 06:50:21 host04 lfd[36286]: User Processing PID:17004 Kill:0 User:dovecot Time:56771 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 06:50:22 host04 lfd[36286]: User Processing PID:26291 Kill:0 User:nginx Time:23951 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 06:50:22 host04 lfd[36286]: User Processing PID:26292 Kill:0 User:nginx Time:23951 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 06:50:22 host04 lfd[36286]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 06:50:22 host04 lfd[36286]: User Processing PID:880 Kill:0 User:mysql Time:59549 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 06:50:22 host04 lfd[36286]: User Processing PID:17005 Kill:0 User:dovecot Time:56771 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 06:50:22 host04 lfd[36286]: User Processing PID:16982 Kill:0 User:dovecot Time:56771 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 06:50:22 host04 lfd[36286]: User Processing PID:17006 Kill:0 User:dovecot Time:56771 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 06:55:21 host04 lfd[36611]: Suspicious File /tmp/csf/global.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/csftest.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/auto.vesta.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/uninstall.interworx.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/install.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/auto.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/auto.cwp.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/uninstall.generic.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/install.directadmin.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Suspicious File /tmp/csf/apf_stub.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 06:55:22 host04 lfd[36611]: Too many hits for LF_DIRWATCH - Directory Watching disabled
Apr 29 07:18:22 host04 lfd[42156]: User Processing PID:33723 Kill:0 User:admin Time:1819 EXE:/usr/bin/bash CMD:-bash
Apr 29 07:18:22 host04 lfd[42156]: User Processing PID:33722 Kill:0 User:admin Time:1819 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/0
Apr 29 07:18:22 host04 lfd[42156]: User Processing PID:33713 Kill:0 User:admin Time:1820 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 07:18:22 host04 lfd[42156]: User Processing PID:33710 Kill:0 User:admin Time:1820 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:26291 Kill:0 User:nginx Time:27553 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:16982 Kill:0 User:dovecot Time:60372 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:26292 Kill:0 User:nginx Time:27553 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:26290 Kill:0 User:nginx Time:27553 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:880 Kill:0 User:mysql Time:63150 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:17004 Kill:0 User:dovecot Time:60372 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:17006 Kill:0 User:dovecot Time:60372 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 07:50:23 host04 lfd[42932]: User Processing PID:17005 Kill:0 User:dovecot Time:60372 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 07:57:33 host04 lfd[43149]: (directadmin) Failed DirectAdmin login from (IP Replaced) (NL/The Netherlands/(Other Server)): 5 in the last 3600 secs - Blocked in csf [LF_DIRECTADMIN]
Apr 29 08:18:23 host04 lfd[43680]: User Processing PID:33710 Kill:0 User:admin Time:5421 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 08:18:23 host04 lfd[43680]: User Processing PID:33713 Kill:0 User:admin Time:5421 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 08:18:23 host04 lfd[43680]: User Processing PID:33722 Kill:0 User:admin Time:5420 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/0
Apr 29 08:18:23 host04 lfd[43680]: User Processing PID:33723 Kill:0 User:admin Time:5420 EXE:/usr/bin/bash CMD:-bash
Apr 29 08:27:23 host04 lfd[43883]: User Processing PID:43134 Kill:0 User:nginx Time:1817 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 08:27:23 host04 lfd[43883]: User Processing PID:43135 Kill:0 User:nginx Time:1817 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 08:27:23 host04 lfd[43883]: User Processing PID:43133 Kill:0 User:nginx Time:1817 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 08:50:24 host04 lfd[45406]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 08:50:24 host04 lfd[45406]: User Processing PID:880 Kill:0 User:mysql Time:66752 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 08:50:24 host04 lfd[45406]: User Processing PID:17005 Kill:0 User:dovecot Time:63973 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 08:50:24 host04 lfd[45406]: User Processing PID:16982 Kill:0 User:dovecot Time:63973 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 08:50:24 host04 lfd[45406]: User Processing PID:17004 Kill:0 User:dovecot Time:63973 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 08:50:24 host04 lfd[45406]: User Processing PID:17006 Kill:0 User:dovecot Time:63973 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:00:24 host04 lfd[45846]: User Processing PID:44037 Kill:0 User:nginx Time:1802 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 09:00:24 host04 lfd[45846]: User Processing PID:44039 Kill:0 User:nginx Time:1802 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 09:00:24 host04 lfd[45846]: User Processing PID:44038 Kill:0 User:nginx Time:1802 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 09:18:24 host04 lfd[49705]: User Processing PID:33722 Kill:0 User:admin Time:9022 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/0
Apr 29 09:18:24 host04 lfd[49705]: User Processing PID:33723 Kill:0 User:admin Time:9022 EXE:/usr/bin/bash CMD:-bash
Apr 29 09:18:24 host04 lfd[49705]: User Processing PID:33713 Kill:0 User:admin Time:9022 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 09:18:24 host04 lfd[49705]: User Processing PID:33710 Kill:0 User:admin Time:9022 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 09:50:25 host04 lfd[50477]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 09:50:25 host04 lfd[50477]: User Processing PID:880 Kill:0 User:mysql Time:70353 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 09:50:25 host04 lfd[50477]: User Processing PID:17006 Kill:0 User:dovecot Time:67574 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:50:25 host04 lfd[50477]: User Processing PID:17004 Kill:0 User:dovecot Time:67574 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:50:25 host04 lfd[50477]: User Processing PID:17005 Kill:0 User:dovecot Time:67574 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:50:25 host04 lfd[50477]: User Processing PID:16982 Kill:0 User:dovecot Time:67574 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:53:06 host04 lfd[36273]: Main Process: TERM
Apr 29 09:53:06 host04 lfd[36273]: Daemon stopped
Apr 29 09:53:06 host04 lfd[50777]: Daemon started on host04 - csf v15.10 (directadmin)
Apr 29 09:53:06 host04 lfd[50777]: LF_APACHE_ERRPORT: Set to [2]
Apr 29 09:53:06 host04 lfd[50777]: CSF Tracking...
Apr 29 09:53:06 host04 lfd[50777]: IPv6 Enabled...
Apr 29 09:53:06 host04 lfd[50777]: LOAD Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Country Code Lookups...
Apr 29 09:53:06 host04 lfd[50777]: System Integrity Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Exploit Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Directory Watching...
Apr 29 09:53:06 host04 lfd[50777]: Email Relay Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Temp to Perm Block Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Process Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Account Tracking...
Apr 29 09:53:06 host04 lfd[50777]: SSH Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Webmin Tracking...
Apr 29 09:53:06 host04 lfd[50777]: SU Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Console Tracking...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/log/messages...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/log/maillog...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/log/customlog...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/log/directadmin/login.log...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/log/secure...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/log/httpd/error_log...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 29 09:53:06 host04 lfd[50777]: Watching /var/log/exim/mainlog...
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:44039 Kill:0 User:nginx Time:4964 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:33722 Kill:0 User:admin Time:11104 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/0
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:17006 Kill:0 User:dovecot Time:67736 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:17004 Kill:0 User:dovecot Time:67736 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:880 Kill:0 User:mysql Time:70514 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:17005 Kill:0 User:dovecot Time:67736 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:44038 Kill:0 User:nginx Time:4964 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:33713 Kill:0 User:admin Time:11104 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:33710 Kill:0 User:admin Time:11104 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:44037 Kill:0 User:nginx Time:4964 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:33723 Kill:0 User:admin Time:11104 EXE:/usr/bin/bash CMD:-bash
Apr 29 09:53:07 host04 lfd[50790]: User Processing PID:16982 Kill:0 User:dovecot Time:67736 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/global.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/csftest.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/auto.vesta.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/uninstall.interworx.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/install.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/auto.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/auto.cwp.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/uninstall.generic.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/install.directadmin.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Suspicious File /tmp/csf/apf_stub.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 09:58:07 host04 lfd[51149]: Too many hits for LF_DIRWATCH - Directory Watching disabled
Apr 29 10:05:17 host04 lfd[51512]: SSH login from (IP Replaced) into the admin account using publickey authentication
Apr 29 10:05:17 host04 lfd[51513]: SU login from account admin(uid=0) to account root(uid=0): Successful login
Apr 29 10:36:07 host04 lfd[52373]: User Processing PID:51441 Kill:0 User:admin Time:1855 EXE:/usr/bin/bash CMD:-bash
Apr 29 10:36:07 host04 lfd[52373]: User Processing PID:51440 Kill:0 User:admin Time:1855 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:33713 Kill:0 User:admin Time:14705 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:33710 Kill:0 User:admin Time:14705 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:44037 Kill:0 User:nginx Time:8565 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:33723 Kill:0 User:admin Time:14705 EXE:/usr/bin/bash CMD:-bash
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:16982 Kill:0 User:dovecot Time:71337 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:44039 Kill:0 User:nginx Time:8565 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:33722 Kill:0 User:admin Time:14705 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/0
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:17006 Kill:0 User:dovecot Time:71337 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:17004 Kill:0 User:dovecot Time:71337 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:17005 Kill:0 User:dovecot Time:71337 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:880 Kill:0 User:mysql Time:74116 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 10:53:08 host04 lfd[52744]: User Processing PID:44038 Kill:0 User:nginx Time:8565 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 11:36:09 host04 lfd[54072]: User Processing PID:51440 Kill:0 User:admin Time:5457 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 11:36:09 host04 lfd[54072]: User Processing PID:51441 Kill:0 User:admin Time:5456 EXE:/usr/bin/bash CMD:-bash
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:44037 Kill:0 User:nginx Time:12167 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:33723 Kill:0 User:admin Time:18306 EXE:/usr/bin/bash CMD:-bash
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:16982 Kill:0 User:dovecot Time:74938 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:33713 Kill:0 User:admin Time:18306 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:33710 Kill:0 User:admin Time:18306 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:880 Kill:0 User:mysql Time:77717 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:17005 Kill:0 User:dovecot Time:74938 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:44038 Kill:0 User:nginx Time:12167 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:44039 Kill:0 User:nginx Time:12167 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:17006 Kill:0 User:dovecot Time:74938 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:33722 Kill:0 User:admin Time:18306 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/0
Apr 29 11:53:09 host04 lfd[54683]: User Processing PID:17004 Kill:0 User:dovecot Time:74938 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 12:36:10 host04 lfd[56044]: User Processing PID:51441 Kill:0 User:admin Time:9058 EXE:/usr/bin/bash CMD:-bash
Apr 29 12:36:10 host04 lfd[56044]: User Processing PID:51440 Kill:0 User:admin Time:9058 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:33710 Kill:0 User:admin Time:21908 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:33713 Kill:0 User:admin Time:21908 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:16982 Kill:0 User:dovecot Time:78540 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:44037 Kill:0 User:nginx Time:15768 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:17006 Kill:0 User:dovecot Time:78539 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:17004 Kill:0 User:dovecot Time:78539 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:44039 Kill:0 User:nginx Time:15768 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:44038 Kill:0 User:nginx Time:15768 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:17005 Kill:0 User:dovecot Time:78539 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 12:53:10 host04 lfd[56611]: User Processing PID:880 Kill:0 User:mysql Time:81318 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 13:36:11 host04 lfd[60068]: User Processing PID:51440 Kill:0 User:admin Time:12659 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 13:36:11 host04 lfd[60068]: User Processing PID:51441 Kill:0 User:admin Time:12659 EXE:/usr/bin/bash CMD:-bash
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:44038 Kill:0 User:nginx Time:19369 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:880 Kill:0 User:mysql Time:84919 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:17005 Kill:0 User:dovecot Time:82141 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:17004 Kill:0 User:dovecot Time:82141 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:17006 Kill:0 User:dovecot Time:82141 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:44039 Kill:0 User:nginx Time:19369 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:16982 Kill:0 User:dovecot Time:82141 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 13:53:11 host04 lfd[60862]: User Processing PID:44037 Kill:0 User:nginx Time:19369 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 13:53:12 host04 lfd[60862]: User Processing PID:33710 Kill:0 User:admin Time:25509 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 13:53:12 host04 lfd[60862]: User Processing PID:33713 Kill:0 User:admin Time:25509 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 14:24:38 host04 lfd[50777]: Main Process: TERM
Apr 29 14:24:38 host04 lfd[50777]: Daemon stopped
Apr 29 14:24:39 host04 lfd[63498]: Daemon started on host04 - csf v15.10 (directadmin)
Apr 29 14:24:39 host04 lfd[63498]: LF_APACHE_ERRPORT: Set to [2]
Apr 29 14:24:39 host04 lfd[63498]: CSF Tracking...
Apr 29 14:24:39 host04 lfd[63498]: IPv6 Enabled...
Apr 29 14:24:39 host04 lfd[63498]: LOAD Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Country Code Lookups...
Apr 29 14:24:39 host04 lfd[63498]: System Integrity Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Exploit Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Directory Watching...
Apr 29 14:24:39 host04 lfd[63498]: Email Relay Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Temp to Perm Block Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Process Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Account Tracking...
Apr 29 14:24:39 host04 lfd[63498]: SSH Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Webmin Tracking...
Apr 29 14:24:39 host04 lfd[63498]: SU Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Console Tracking...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/log/secure...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/log/messages...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/log/httpd/error_log...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/log/exim/mainlog...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/log/customlog...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/log/maillog...
Apr 29 14:24:39 host04 lfd[63498]: Watching /var/log/directadmin/login.log...
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:33710 Kill:0 User:admin Time:27396 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:51440 Kill:0 User:admin Time:15567 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:17006 Kill:0 User:dovecot Time:84028 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:16982 Kill:0 User:dovecot Time:84028 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:17004 Kill:0 User:dovecot Time:84028 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:51441 Kill:0 User:admin Time:15567 EXE:/usr/bin/bash CMD:-bash
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:17005 Kill:0 User:dovecot Time:84028 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:33713 Kill:0 User:admin Time:27396 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:24:39 host04 lfd[63511]: User Processing PID:880 Kill:0 User:mysql Time:86807 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:26:39 host04 lfd[63884]: User Processing PID:61255 Kill:0 User:nginx Time:1823 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 14:26:39 host04 lfd[63884]: User Processing PID:61256 Kill:0 User:nginx Time:1823 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 14:26:39 host04 lfd[63884]: User Processing PID:61253 Kill:0 User:nginx Time:1823 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 14:26:57 host04 lfd[63498]: Main Process: TERM
Apr 29 14:26:57 host04 lfd[63498]: Daemon stopped
Apr 29 14:26:57 host04 lfd[64138]: Daemon started on host04 - csf v15.10 (directadmin)
Apr 29 14:26:57 host04 lfd[64138]: LF_APACHE_ERRPORT: Set to [2]
Apr 29 14:26:57 host04 lfd[64138]: CSF Tracking...
Apr 29 14:26:57 host04 lfd[64138]: IPv6 Enabled...
Apr 29 14:26:57 host04 lfd[64138]: LOAD Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Country Code Lookups...
Apr 29 14:26:57 host04 lfd[64138]: System Integrity Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Exploit Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Directory Watching...
Apr 29 14:26:57 host04 lfd[64138]: Email Relay Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Temp to Perm Block Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Process Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Account Tracking...
Apr 29 14:26:57 host04 lfd[64138]: SSH Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Webmin Tracking...
Apr 29 14:26:57 host04 lfd[64138]: SU Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Console Tracking...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/log/directadmin/login.log...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/log/secure...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/log/httpd/error_log...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/log/exim/mainlog...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/log/maillog...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/log/customlog...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/log/messages...
Apr 29 14:26:57 host04 lfd[64138]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 29 14:26:57 host04 lfd[64151]: User Processing PID:51441 Kill:0 User:admin Time:15705 EXE:/usr/bin/bash CMD:-bash
Apr 29 14:26:57 host04 lfd[64151]: User Processing PID:51440 Kill:0 User:admin Time:15705 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 14:26:57 host04 lfd[64151]: User Processing PID:16982 Kill:0 User:dovecot Time:84167 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:26:57 host04 lfd[64151]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:26:57 host04 lfd[64151]: User Processing PID:880 Kill:0 User:mysql Time:86945 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:26:57 host04 lfd[64151]: User Processing PID:17004 Kill:0 User:dovecot Time:84167 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:26:58 host04 lfd[64151]: User Processing PID:61255 Kill:0 User:nginx Time:1842 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 14:26:58 host04 lfd[64151]: User Processing PID:33713 Kill:0 User:admin Time:27535 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 14:26:58 host04 lfd[64151]: User Processing PID:17006 Kill:0 User:dovecot Time:84167 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:26:58 host04 lfd[64151]: User Processing PID:17005 Kill:0 User:dovecot Time:84167 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:26:58 host04 lfd[64151]: User Processing PID:61253 Kill:0 User:nginx Time:1842 EXE:/usr/sbin/nginx CMD:nginx: worker process
Apr 29 14:26:58 host04 lfd[64151]: User Processing PID:61256 Kill:0 User:nginx Time:1842 EXE:/usr/sbin/nginx CMD:nginx: cache manager process
Apr 29 14:26:58 host04 lfd[64151]: User Processing PID:33710 Kill:0 User:admin Time:27535 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 14:31:57 host04 lfd[67049]: Suspicious File /tmp/csf/global.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:57 host04 lfd[67049]: Suspicious File /tmp/csf/csftest.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:57 host04 lfd[67049]: Suspicious File /tmp/csf/auto.vesta.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:57 host04 lfd[67049]: Suspicious File /tmp/csf/uninstall.interworx.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:58 host04 lfd[67049]: Suspicious File /tmp/csf/install.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:58 host04 lfd[67049]: Suspicious File /tmp/csf/auto.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:58 host04 lfd[67049]: Suspicious File /tmp/csf/auto.cwp.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:58 host04 lfd[67049]: Suspicious File /tmp/csf/uninstall.generic.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:58 host04 lfd[67049]: Suspicious File /tmp/csf/install.directadmin.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:58 host04 lfd[67049]: Suspicious File /tmp/csf/apf_stub.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:31:58 host04 lfd[67049]: Too many hits for LF_DIRWATCH - Directory Watching disabled
Apr 29 14:32:43 host04 lfd[64138]: Main Process: TERM
Apr 29 14:32:43 host04 lfd[64138]: Daemon stopped
Apr 29 14:32:44 host04 lfd[67318]: Daemon started on host04 - csf v15.10 (directadmin)
Apr 29 14:32:44 host04 lfd[67318]: LF_APACHE_ERRPORT: Set to [2]
Apr 29 14:32:44 host04 lfd[67318]: CSF Tracking...
Apr 29 14:32:44 host04 lfd[67318]: IPv6 Enabled...
Apr 29 14:32:44 host04 lfd[67318]: LOAD Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Country Code Lookups...
Apr 29 14:32:44 host04 lfd[67318]: System Integrity Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Exploit Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Directory Watching...
Apr 29 14:32:44 host04 lfd[67318]: Email Relay Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Temp to Perm Block Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Process Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Account Tracking...
Apr 29 14:32:44 host04 lfd[67318]: SSH Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Webmin Tracking...
Apr 29 14:32:44 host04 lfd[67318]: SU Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Console Tracking...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/log/maillog...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/log/customlog...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/log/httpd/error_log...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/log/directadmin/login.log...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/log/messages...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/log/secure...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/log/exim/mainlog...
Apr 29 14:32:44 host04 lfd[67318]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:17004 Kill:0 User:dovecot Time:84513 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:51440 Kill:0 User:admin Time:16052 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:51441 Kill:0 User:admin Time:16052 EXE:/usr/bin/bash CMD:-bash
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:880 Kill:0 User:mysql Time:87292 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:16982 Kill:0 User:dovecot Time:84513 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:17006 Kill:0 User:dovecot Time:84513 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:33713 Kill:0 User:admin Time:27881 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:33710 Kill:0 User:admin Time:27881 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 14:32:44 host04 lfd[67331]: User Processing PID:17005 Kill:0 User:dovecot Time:84513 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:36:22 host04 lfd[67318]: Main Process: TERM
Apr 29 14:36:22 host04 lfd[67318]: Daemon stopped
Apr 29 14:36:22 host04 lfd[67688]: Daemon started on host04 - csf v15.10 (directadmin)
Apr 29 14:36:22 host04 lfd[67688]: LF_APACHE_ERRPORT: Set to [2]
Apr 29 14:36:22 host04 lfd[67688]: CSF Tracking...
Apr 29 14:36:22 host04 lfd[67688]: IPv6 Enabled...
Apr 29 14:36:22 host04 lfd[67688]: LOAD Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Country Code Lookups...
Apr 29 14:36:22 host04 lfd[67688]: System Integrity Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Exploit Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Directory Watching...
Apr 29 14:36:22 host04 lfd[67688]: Email Relay Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Temp to Perm Block Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Process Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Account Tracking...
Apr 29 14:36:22 host04 lfd[67688]: SSH Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Webmin Tracking...
Apr 29 14:36:22 host04 lfd[67688]: SU Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Console Tracking...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/log/directadmin/login.log...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/log/exim/mainlog...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/log/httpd/error_log...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/www/html/squirrelmail/data/squirrelmail_access_log...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/www/html/phpMyAdmin/log/auth.log...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/www/html/roundcube/logs/errors.log...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/log/customlog...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/log/secure...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/log/messages...
Apr 29 14:36:22 host04 lfd[67688]: Watching /var/log/maillog...
Apr 29 14:36:22 host04 lfd[67701]: User Processing PID:33710 Kill:0 User:admin Time:28100 EXE:/usr/lib/systemd/systemd CMD:/usr/lib/systemd/systemd --user
Apr 29 14:36:22 host04 lfd[67701]: User Processing PID:51440 Kill:0 User:admin Time:16270 EXE:/usr/libexec/openssh/sshd-session CMD:sshd-session: admin@pts/2
Apr 29 14:36:22 host04 lfd[67701]: User Processing PID:17004 Kill:0 User:dovecot Time:84732 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:36:22 host04 lfd[67701]: User Processing PID:16982 Kill:0 User:dovecot Time:84732 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:36:22 host04 lfd[67701]: User Processing PID:51441 Kill:0 User:admin Time:16270 EXE:/usr/bin/bash CMD:-bash
Apr 29 14:36:23 host04 lfd[67701]: User Processing PID:17006 Kill:0 User:dovecot Time:84732 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:36:23 host04 lfd[67701]: User Processing PID:33713 Kill:0 User:admin Time:28100 EXE:/usr/lib/systemd/systemd-executor CMD:(sd-pam)
Apr 29 14:36:23 host04 lfd[67701]: User Processing PID:880 Kill:0 User:mysql VM:1376(MB) EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:36:23 host04 lfd[67701]: User Processing PID:880 Kill:0 User:mysql Time:87510 EXE:/usr/local/mariadb-10.11.16-F7Sb/bin/mariadbd CMD:/usr/local/mysql/bin/mysqld --datadir=/var/lib/mysql --socket=/run/mysql/mysql.sock
Apr 29 14:36:23 host04 lfd[67701]: User Processing PID:17005 Kill:0 User:dovecot Time:84732 EXE:/usr/libexec/dovecot/managesieve-login CMD:dovecot/managesieve-login
Apr 29 14:41:22 host04 lfd[67935]: Suspicious File /tmp/csf/global.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:22 host04 lfd[67935]: Suspicious File /tmp/csf/csftest.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:22 host04 lfd[67935]: Suspicious File /tmp/csf/auto.vesta.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Suspicious File /tmp/csf/uninstall.interworx.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Suspicious File /tmp/csf/install.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Suspicious File /tmp/csf/auto.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Suspicious File /tmp/csf/auto.cwp.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Suspicious File /tmp/csf/uninstall.generic.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Suspicious File /tmp/csf/install.directadmin.sh [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Suspicious File /tmp/csf/apf_stub.pl [webapps:webapps (1001:1001)] - Script, file extension
Apr 29 14:41:23 host04 lfd[67935]: Too many hits for LF_DIRWATCH - Directory Watching disabled

Config › csf.conf

csf.conf.txt

Screenshots

As seen in the following log, the install fails silently on some parts. The firewall works, but it has a couple file issues and the error on the admin panel. Which to my knowledge is the exact file that the error occurs on.

DA_Install.txt

[Aetherinox]

Thanks for this. Let me install a fresh copy of Rocky and investigate.

[Aetherinox]

Out of all of the stuff, I believe this is the error, you're referring to?

csf.c:34:1: error: return type defaults to ‘int’ [-Wimplicit-int]
   34 | main ()
      | ^~~~
csf.c: In function ‘main’:
csf.c:45:9: error: implicit declaration of function ‘setenv’; did you mean ‘setpwent’? [-Wimplicit-function-declaration]
   45 |         setenv("CSF_RESELLER","",1);
      |         ^~~~~~
      |         setpwent

Also, side question, when you installed, did you download from https://download.configserver.dev, or did you git clone the repo.

[RH-Adv1c3]

Out of all of the stuff, I believe this is the error, you're referring to?

csf.c:34:1: error: return type defaults to ‘int’ [-Wimplicit-int]
   34 | main ()
      | ^~~~
csf.c: In function ‘main’:
csf.c:45:9: error: implicit declaration of function ‘setenv’; did you mean ‘setpwent’? [-Wimplicit-function-declaration]
   45 |         setenv("CSF_RESELLER","",1);
      |         ^~~~~~
      |         setpwent

Also, side question, when you installed, did you download from https://download.configserver.dev, or did you git clone the repo.

Yes, that's the one. It's referring to the admin page, hence why I made the assumption that this error was the cause for the blank white page when visiting the CSF page through the admin panel.

I have tried both with the official docs direct admin install from the url you provided and the manual GitHub get on the latest release.

In between I made sure to use the uninstaller, manually searched for traces and rebooted to be sure the two installs wouldn't be a cause.

I haven't been able to further deeply investigate it due to corporate limitations as this issue was found during work hours and I didn't have the time to further search.

Thank you already.