Fli
03-24-2014, 11:58 PM
Hi,
im getting alot of emails with subject like "lfd on *: Suspicious process running under user *"
its sent to [email protected]
--------------
MESSAGE NUMBER 436799167
--------------
Received: (qmail 5653 invoked by alias); 24 Mar 2014 05:58:17 -0000
Delivered-To: [email protected]
Received: (qmail 5649 invoked by uid 0); 24 Mar 2014 05:58:17 -0000
Date: 24 Mar 2014 05:58:17 -0000
Message-ID: <[email protected]>
From: [email protected]
To: [email protected]
Subject: lfd on myfqdn.hostname.tld: Suspicious process running under user apache
Time: Mon Mar 24 06:58:17 2014 +0100
PID: 3945 (Parent PID:1696)
Account: apache
Uptime: 84 seconds
This is LFD/COnfig Server Firewall feature which sents this alert when some process works more than 60 seconds i think?
When i went into /etc/csf/csf.conf
and changed:
PT_LIMIT = "60"
to
PT_LIMIT = "300"
it stopped sending these mails.
this can be disabled in my case by command: find /etc/csf -name 'csf.conf' -type f -print0 | xargs -0 sed -i 's|PT_LIMIT = "60"|PT_LIMIT = "300"|g';csf -r;service lfd restart
im getting alot of emails with subject like "lfd on *: Suspicious process running under user *"
its sent to [email protected]
--------------
MESSAGE NUMBER 436799167
--------------
Received: (qmail 5653 invoked by alias); 24 Mar 2014 05:58:17 -0000
Delivered-To: [email protected]
Received: (qmail 5649 invoked by uid 0); 24 Mar 2014 05:58:17 -0000
Date: 24 Mar 2014 05:58:17 -0000
Message-ID: <[email protected]>
From: [email protected]
To: [email protected]
Subject: lfd on myfqdn.hostname.tld: Suspicious process running under user apache
Time: Mon Mar 24 06:58:17 2014 +0100
PID: 3945 (Parent PID:1696)
Account: apache
Uptime: 84 seconds
This is LFD/COnfig Server Firewall feature which sents this alert when some process works more than 60 seconds i think?
When i went into /etc/csf/csf.conf
and changed:
PT_LIMIT = "60"
to
PT_LIMIT = "300"
it stopped sending these mails.
this can be disabled in my case by command: find /etc/csf -name 'csf.conf' -type f -print0 | xargs -0 sed -i 's|PT_LIMIT = "60"|PT_LIMIT = "300"|g';csf -r;service lfd restart