csf.pignore is not working

Post Reply
phamhung77
Junior Member
Posts: 14
Joined: 04 May 2011, 04:33

csf.pignore is not working

Post by phamhung77 »

I get multiple copies of this email
Time: Sun Jul 14 05:12:23 2013 +0700
PID: 23073 (Parent PID:29765)
Account: apache
Uptime: 4220 seconds


Executable:

/usr/sbin/httpd


Command Line (often faked in exploits):

/usr/sbin/httpd


Network connections by the process (if any):

tcp: 0.0.0.0:80 -> 0.0.0.0:0
I have

Code: Select all

cmd:/usr/sbin/httpd
exe:usr/sbin/httpd
in csf.pignore already, and restarted lfd. Even tried to reboot the whole server and nothing change. It seems lfd just ignores that file. It's v6.22 on a CentOS 5.9 - 64bits.

Any idea please?

Thanks.
kdean
Junior Member
Posts: 12
Joined: 09 Apr 2013, 23:14

Re: csf.pignore is not working

Post by kdean »

Try revising your exe line to include the first slash, so:

exe:/usr/sbin/httpd
phamhung77
Junior Member
Posts: 14
Joined: 04 May 2011, 04:33

Re: csf.pignore is not working

Post by phamhung77 »

Thanks for replying. However, it's my mistake. In fact, here are the code in csf.pignore

Code: Select all

exe:/usr/sbin/httpd
cmd:/usr/sbin/httpd
user:apache
I tried all 3 options, but still receiving multiple warnings.
kdean
Junior Member
Posts: 12
Joined: 09 Apr 2013, 23:14

Re: csf.pignore is not working

Post by kdean »

Weird. Have you tried restarting apache as well to see if it makes a difference?
phamhung77
Junior Member
Posts: 14
Joined: 04 May 2011, 04:33

Re: csf.pignore is not working

Post by phamhung77 »

As I mentioned above, I even tried to restart the whole server, but after it's coming back, warnings still appear in my email. Have no clue why it's happening. I search on board and see some others have the same issue, that lfs seems ignore csf.ignore settings. Don't know where the bug is.
Post Reply