Skip to content

CSF / LDF user / IP lock out info

Balázs Nagy

2012-08-27

Where can we view the lock out triggers / logs?

There are a few ways to do it.

The log itself is in – this provides you with all the information about what is doing. is the process that keeps track of many things: login failures (technically it is called the “login failure daemon”) but also other irregularities on a hosting platform: long running processes, user-run script executions, root logins, things like that.

Another way is to look at the output of the ‘csf -g’ command.
Its full use is: csf -g ip.address.goes.here

This will show you real-time whether or not a certain ip is accepted or dropped (denied). If the IP does not show up when searched this way, then csf/lfd have no blocks or accepts on the IP in particular, at which point server-wide firewall settings will still apply; for example a server-wide deny to a certain port.

To manually unblock, you can use the ‘‘

More usage information on csf is in the output of the ‘‘ command, as well as the author’s website at .

NewPush Events

Upcoming webinars

Security Automation for SOAR and Remediation in Higher Education

John McClure, CISO, Laureate

Register

Successful delivery of RPA for IT Compliance

Mark Johnson, Senior Principal, EY

Register

RPA in Higher Education

Jeff Tannebaum, VP IT Compliance, Laureate

Register
© 2021, All rights reserved. | NewPush LLC. | newpush.com