ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Help with pignore / Ubuntu Landscape

https://mail.forum.configserver.com/viewtopic.php?t=11544

Page 1 of 1

Help with pignore / Ubuntu Landscape

Posted: 12 Oct 2019, 12:39
by autumnwalker
Hi Folks,

I've been reading the forums and the readme and I cannot get this sorted out. I have a server running Ubuntu Landscape and the following four "command line" items keep triggering CSF for excessive research usage:

/usr/bin/python3 /usr/bin/landscape-monitor --ignore-sigint --quiet
/usr/bin/python3 /usr/bin/landscape-broker --ignore-sigint --quiet
/usr/bin/python3 /usr/bin/landscape-package-reporter
/usr/bin/python3 /usr/bin/landscape-package-changer --quiet

Example email:

Time: Sat Oct 12 08:20:15 2019 -0300
Account: landscape
Resource: Virtual Memory Size
Exceeded: 274 > 256 (MB)
Executable: /usr/bin/python3.6
Command Line: /usr/bin/python3 /usr/bin/landscape-package-reporter --quiet
PID: 8052 (Parent PID:23501)
Killed: No

I've tried various combinations of cmd: and pcmd: to ignore them, but nothing is working. What is the right way to ignore these commands?

Thanks!

Re: Help with pignore / Ubuntu Landscape

Posted: 13 Oct 2019, 12:18
by autumnwalker
I've tried:

exe:/usr/bin/python3.6
pexe:/usr/bin/python3.*
cmd:/usr/bin/python3 /usr/bin/landscape-monitor
pcmd:/usr/bin/python3 /usr/bin/landscape-*

Nothing is working. Still getting hammered by alerts.

Re: Help with pignore / Ubuntu Landscape

Posted: 15 Oct 2019, 07:49
by BallyBasic79
# [*]You must remember to escape characters correctly when using regex's, e.g.:
# pexe:/home/.*/public_html/cgi-bin/script\.cgi

The . needs to be escaped:
exe:/usr/bin/python3\.6

HTH

Re: Help with pignore / Ubuntu Landscape

Posted: 15 Oct 2019, 18:24
by autumnwalker
I ended up going with user:landscape which seems to have stopped the emails.

What is the right way to ignore these processes?

Re: Help with pignore / Ubuntu Landscape

Posted: 15 Oct 2019, 19:33
by BallyBasic79
For detail, refer to 8. Process Tracking in https://download.configserver.com/csf/readme.txt (if you haven't already.)

There are several notes in the readme on identifying the source of the process that CSF uses for evaluation (/proc), where to get more information, and a caution about a problematic NULL character that can be inadvertently copied into the pignore file.

I hope this helps you solve this.

Re: Help with pignore / Ubuntu Landscape

Posted: 15 Oct 2019, 19:38
by autumnwalker
Thanks @BallyBasic79. I did read the readme, but it has not answered my question.

What is the right way to ignore this process? Should I ignore python altogether (seems wrong) or should I ignore the command (it's suggested that is dangerous)? I've ignored the user which (in my environment) is likely ok, but could be problematic if that user is compromised.

Re: Help with pignore / Ubuntu Landscape

Posted: 15 Oct 2019, 20:00
by BallyBasic79
You could try:
exe:/usr/bin/python3.6 (sorry, exe does not need to be escaped.)
pcmd:/usr/bin/python3 /usr/bin/landscape-.* (fixed .* at end)

You can also raise the 256 (MB) Virtual Memory Size threshold.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited