Trying to install CSF on Virtualmin/Webmin on OVH VPS but csftest.pl fatal errors

SYSTEM INFORMATION
OS type and version Debian 10
Webmin version 2.013
Virtualmin version 7.5
Related packages CSF

I am trying to install CSF via https://download.configserver.com/csf/install.txt
It installs but fails when I run the perl test with the following errors:

sudo perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...FAILED [FATAL Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for csf to function
Testing ipt_LOG...FAILED [FATAL Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for csf to function
Testing ipt_REJECT...FAILED [FATAL Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for csf to function
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for csf to function
Testing ipt_recent...FAILED [Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables v1.8.2 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.8.2 (legacy): can't initialize iptables table `nat': iptables who? (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.8.2 (legacy): can't initialize iptables table `nat': iptables who? (do you need to insmod?)] - Required for csf.redirect feature

Does not seem to be running (even tho the CPU is now at 100% all the time after install)

systemctl status csf
● csf.service - ConfigServer Firewall & Security - csf
   Loaded: loaded (/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
   Active: inactive (dead)

To be honest this is not an Virtualmin issue but a CSF issue that relates to how you have iptables installed on your Debian.
CSF makes the statement clear here: ConfigServer Security and Firewall (csf) – ConfigServer Services

1 Like

I’m familiar with the package after years on cPanel. That said, did you give any consideration to how it might interfere with the way Webmin/Virtual min interfaces? One nice thing about the way Webmin is set up with fail2ban, if you set up a new email account and happen to mis-configure it, your IP isn’t blocked for all services on the server.

I haven’t had time yet to check firewall rules past ports allowed. More advanced rules can be added as needed.

Webmin doesn’t care, and Virtualmin works fine with CSF (though I don’t recommend it, but Ilia uses it and likes it). There’s even GUI support for using CSF instead of firewalld and fail2ban, etc.

But, security tools that work are better than security tools that are broken. Virtualmin installs a variety of security tools (including firewalld and fail2ban) that work out of the box and provides GUI support for them. Seems counter-productive to switch to something more complicated that you don’t have experience with.

1 Like

My point is simply you should do one or the other, especially if you don’t understand how it works. Disable the Webmin stuff first. Otherwise you don’t know which system is doing what. Or why things mysteriously change.

I havent setup anything special, I just use the built in firewall tools in Webmin/Virtualmin.

Im looking for automatic ban rules for IP’s mostly, I caught a 4.8GB log of peolpe trying to mass brute force login.

so did you install the webmin module as in install text file?
Webmin Module Installation/Upgrade

To install or upgrade the csf webmin module:

Install csf as above
Install the csf webmin module in:
Webmin > Webmin Configuration > Webmin Modules >
From local file > /usr/local/csf/csfwebmin.tgz > Install Module

Once installed you can enable the service

Im going to assume theres an issue with OVH VPS hosting, as it all the tests fail.