Suspicious process running - can't turn off this

Post Reply
explosive
Junior Member
Posts: 1
Joined: 25 Mar 2013, 13:20

Suspicious process running - can't turn off this

Post by explosive »

Hi,

latest CSF, I've many emails like "lfd on host: Suspicious process running under user xxx". This is nice feature but this send me many emails, so i try to turn off this but with no result:

PT_LIMIT = 0
PT_USERPROC = 0
PT_USERMEM = 0
PT_USERTIME = 0

csf -r

and nothing changes. still have info about my procceses. So i try add them to cf.pignore:

mail says:

Code: Select all

"Executable:

/usr/bin/perl


Command Line (often faked in exploits):

monitorix-httpd listening on 8080"
so I've added:

Code: Select all

exe:/usr/bin/perl /usr/bin/monitorix-httpd
exe:/usr/bin/perl monitorix-httpd
cmd:/usr/bin/perl monitorix-httpd
pcmd:/usr/bin/perl /usr/bin/monitorix.*
csf -r

and still no change.

How to add this to pignore?!?
Top
parvathyrmenon
Junior Member
Posts: 1
Joined: 19 May 2013, 12:15

Re: Suspicious process running - can't turn off this

Post by parvathyrmenon »

Hi,

Apart from the CSF. you need to restart the LFD service too.

That is, after adding the CMD to the csf.pignore file, restart CSF and LFD.

===
csf -r
service lfd restart
===
Top
Post Reply

Return to “General Discussion (csf)”