How To Fix 8 Common Errors on CSF (ConfigServer Security & Firewall)

DigitalOcean Referral Badge
Start your VPS now with FREE $100 credit.

ConfigServer Security & Firewall (CSF) is one of the most advanced firewalls available for Linux servers. It can be easily installed on almost all Linux-based operating systems, including RedHat Enterprise Linux (RHEL), CentOS, CloudLinux, Debian, Ubuntu, Fedora, and OpenSUSE.

In addition, almost all types of virtual private servers are also compatible with CSF Firewall like KVM (Kernel-based Virtual Machine), Xen, OpenVZ, Virtuozzo, VMware, VirtualBox, and Microsoft Virtual Server.

It provides a more complete user interface and comprehensive features compared to other Linux firewall software.

CSF also offers user interface integration for several leading web hosting control panels including cPanel-WHM, Webmin, DirectAdmin, and VestaCP.

So if you’re not familiar with nano / vim editor, you can configure CSF + LFD via its user interface (UI). As a Stateful Packet Inspection (SPI) firewall, CSF has included a Login/Intrusion Detection system for Linux servers.

Although it’s quite easy to install ConfigServer Security & Firewall (CSF) on almost all Linux servers, you might get some common problems after installing CSF on your server.

Common Errors After Installing CSF Firewall

Here are 8 common errors that I got after installing CSF Firewall on my Linux server. In this tutorial I will show you how to solve these 8 common errors in CSF. Don’t worry, to fix this problem is very easy…!

READ:  How To Install & Setup Private Nameserver with BIND9 on Debian/Ubuntu

1. *WARNING* Binary location for [CHATTR] [/usr/bin/chattr] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable

To solve this problem, we need to install the E2fsprogs (Ext2 Filesystem Utilities) package. Run the following command to install the E2fsprogs package.

For Debian/Ubuntu Server:

$ apt-get install e2fsprogs

For RHEL/CentOS Server:

$ yum install e2fsprogs

2. Oops Unable to download Protocol scheme ‘https’ is not supported (IOSocketSSL not installed)

This error is most often found when we fail to update CSF Firewall on RHEL/CentOS. To fix this problem, please run the following command to install the required packages.

$ yum install perl-Crypt-SSLeay perl-Net-SSLeay

And then try again to update your CSF.

$ csf -u

3. Oops Unable to download Protocol scheme ‘https’ is not supported (LWPProtocolhttps not installed)

To resolve this issue, you need to install the LWP::Protocol::https module on your server. Simply run the following command to install the required packages.

For RHEL/CentOS Server:

$ yum install perl-LWP-Protocol-https

For Debian/Ubuntu Server:

$ apt-get install perl-LWP-Protocol-https

4. Testing ip_tablesiptable_filter…open3 exec of sbiniptables -I OUTPUT -p tcp –dport 9999 -j ACCEPT failed at usrlocalcsfbincsftest.pl line 144.

This error is caused because you don’t have iptables installed correctly on your server. So let’s install iptables to solve this issue.

READ:  How To Set Correct Permissions (CHMOD) on Linux with Single Command

For Debian/Ubuntu Server:

$ apt-get install iptables

For RHEL/CentOS Server:

$ yum install iptables

5. *WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality

This error message is most often found after the CSF Firewall installation process has finished. That’s closely related to the SENDMAIL problem. So to solve this issue, simply run the following command:

$ echo '#!/bin/sh' > /usr/sbin/sendmail
$ chmod +x /usr/sbin/sendmail

6. *WARNING* Binary location for [UNZIP] [usrbinunzip] in etccsfcsf.conf is either incorrect, is not installed or is not executable

Looking at the error message above, it’s clearly related to the ZIP and UNZIP utility packages that are not yet installed on your Linux server. So to solve this problem quite easily, you just need to install the ZIP and UNZIP command-line utility on your Linux server.

For Debian/Ubuntu Server:

$ apt-get install zip unzip

For RHEL/CentOS Server:

$ yum install zip unzip

7. *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

This problem is very similar to the error message No. 3 above. But this problem indicates that we don’t have the Perl module installed correctly on the server. Well, the solution is very easy, just run the following command to install the Perl module on your Linux server.

READ:  How To Fix CSF Error open3: exec of /usr/bin/systemctl is-active firewalld failed

For Debian/Ubuntu Server:

$ apt-get install libwww-perl
$ apt-get install perl-LWP-Protocol-https

For RHEL/CentOS Server:

$ yum install perl-libwww-perl
$ yum install perl-LWP-Protocol-https

8. *WARNING* Binary location for [HOST] [usrbinhost] in etccsfcsf.conf is either incorrect, is not installed or is not executable

This last CSF error message clearly tells us that we have not installed BIND Utilities. So to solve this error, simply run the following command to install BIND Utilities on your server.

For Debian/Ubuntu Server:

$ apt-get install dnsutils

For RHEL/CentOS Server:

$ yum install bind-utils

Leave a Comment