Where can we view the lock out triggers / logs?
There are a few ways to do it.
The log itself is in
/var/log/lfd.log – this provides you with all the information about what
lfd is doing.
lfd is the process that keeps track of many things: login failures (technically it is called the “login failure daemon”) but also other irregularities on a hosting platform: long running processes, user-run script executions, root logins, things like that.
Another way is to look at the output of the ‘csf -g’ command.
Its full use is: csf -g ip.address.goes.here
This will show you real-time whether or not a certain ip is accepted or dropped (denied). If the IP does not show up when searched this way, then csf/lfd have no blocks or accepts on the IP in particular, at which point server-wide firewall settings will still apply; for example a server-wide deny to a certain port.
To manually unblock, you can use the ‘
csf -dr ip.addr.here‘
More usage information on csf is in the output of the ‘
csf‘ command, as well as the author’s website at