updates in horde have produced a mess of emails on one server that i can't seem to stop . Only occurring on one server but 6 a hours so to many. I do find that the directory is all ready told to not report in the configuration csf.fignore file with
/tmp/\.horde/.* but it doesn't seem to be working
message im receiving is below can someone suggest how to suppress this message .
File: /tmp/.horde
Reason: Suspicious directory
Owner: cpanelhorde:cpanelhorde (503:504)
Action: No action taken
thanks for help in advance
can not suppress message on directory watch
cpanelhorde:cpanelhorde suspicious file alerts
I am constantly getting these emails on the directory watch in csf:
Time: Thu Jan 30 18:05:54 2014 -0600
File: /tmp/.horde
Reason: Suspicious directory
Owner: cpanelhorde:cpanelhorde (32002:32002)
Action: No action taken
I asked cpanel about it and they told me they upgraded horde and it was a major upgrade and the firewall is not use to the changes.
I deleted that .horde temporary directory yesterday and didn't get an email until about an hour ago, one every ten minutes as I had lf_dirwatch set to 600 seconds. I just checked the tmp/.horde directories and nothing is in there except tmp/.horde/imp and /tmp/.horde/imp/compose and nothing is in either sub-directory.
Is there anything I can do to keep lf_dirwatch turned on and not get all these emails?
I sure would appreciate your help.
Thank you!
Time: Thu Jan 30 18:05:54 2014 -0600
File: /tmp/.horde
Reason: Suspicious directory
Owner: cpanelhorde:cpanelhorde (32002:32002)
Action: No action taken
I asked cpanel about it and they told me they upgraded horde and it was a major upgrade and the firewall is not use to the changes.
I deleted that .horde temporary directory yesterday and didn't get an email until about an hour ago, one every ten minutes as I had lf_dirwatch set to 600 seconds. I just checked the tmp/.horde directories and nothing is in there except tmp/.horde/imp and /tmp/.horde/imp/compose and nothing is in either sub-directory.
Is there anything I can do to keep lf_dirwatch turned on and not get all these emails?
I sure would appreciate your help.
Thank you!
Re: can not suppress message on directory watch
Getting the same messages all day.
The weird is, /tmp/.horde is already in ignore list.
Also trying to ignore user cpanelhorde doesn't help either.
The weird is, /tmp/.horde is already in ignore list.
Also trying to ignore user cpanelhorde doesn't help either.
Re: can not suppress message on directory watch
Adding /* seems to work because imp subdirectory isn't hidden:
Watching it...
(except if I scr*w it up with regex)
/tmp/\.horde/.*
/tmp/\.horde/*
Watching it...
(except if I scr*w it up with regex)
/tmp/\.horde/.*
/tmp/\.horde/*
Re: can not suppress message on directory watch
my concern is that the /tmp/\.horde/.* is working on one server but not others
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: can not suppress message on directory watch
The issue is that the example regex in csf.fignore only ignores the contents of /tmp/.horde/ but not the directory itself. To ignore the directory add the following to /etc/csf/csf.fignore and then restart lfd:
Code: Select all
/tmp/\.hordeRe: can not suppress message on directory watch
should not adding it to csf.fignore not work?
Re: can not suppress message on directory watch
Thank you! It works great!
Re: can not suppress message on directory watch
working here as well