Whitelist PDNS processes

[Floffy]

Hello,

As cPanel have implemented Powerdns to cPanel v. 60 (dev) I'm getting alot of emails from lfd:

Time: Mon Aug 15 10:00:44 2016 +0200
Account: named
Resource: Process Time
Exceeded: 41611 > 1800 (seconds)
Executable: /usr/sbin/pdns_server
Command Line: /usr/sbin/pdns_server --daemon
PID: 19587 (Parent PID:19587)
Killed: No


Time: Mon Aug 15 10:00:44 2016 +0200
PID: 19587 (Parent PID:19587)
Account: named
Uptime: 41611 seconds


Executable:

/usr/sbin/pdns_server


Command Line (often faked in exploits):

/usr/sbin/pdns_server --daemon


Network connections by the process (if any):

udp: 0.0.0.0:53 -> 0.0.0.0:0
tcp: 0.0.0.0:53 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/dev/null


Memory maps by the process (if any):

7f75dc000000-7f75dc021000 rw-p 00000000 00:00 0

Would it be possible for you to whitelist these processes as they will be common on many servers in the future when hosting companies are using PDNS?

[ForumAdmin]

We'll add this in the next release of csf. For now you can add the following to /etc/csf/csf.pignore and then resart lfd:

Code: Select all

exe:/usr/sbin/pdns_server

[Floffy]

I also get a lot of these:

Excessive resource usage:Virtual Memory Size - ttesting
Time: Fri Aug 19 07:48:12 2016 +0200
Account: ttesting
Resource: Virtual Memory Size
Exceeded: 419 > 256 (MB)
Executable: /opt/cpanel/ea-php70/root/usr/bin/lsphp.cagefs
Command Line: lsphp
PID: 132482 (Parent PID:131258)
Killed: No

Is this something you could add aswell?

[Sergio]

Do the same, add the following to csf.pignore:

Code: Select all

exe:/opt/cpanel/ea-php70/root/usr/bin/lsphp.cagefs