Excluding Suspicious Process
Posted: 22 Sep 2020, 17:55
I've searched and read many posts on this topics before but I still don't find it clear what specific syntax to use in the csf.pignore file. These is the type of warning I'm trying to ignore.
lfd[5333]: *Suspicious Process* PID:3792 PPID:3788 User:username Uptime:121 secs EXE:/home/virtfs/elemcms/opt/cpanel/ea-php73/root/usr/bin/php CMD:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php
Right now I have:
pcmd:cron\.php$
cmd:cron\.php$
There's so many different options of what to specify in the file and the syntax, it leaves most users like myself on sort of a trial and error quest and so for I'm unsuccessful.
lfd[5333]: *Suspicious Process* PID:3792 PPID:3788 User:username Uptime:121 secs EXE:/home/virtfs/elemcms/opt/cpanel/ea-php73/root/usr/bin/php CMD:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php
Right now I have:
pcmd:cron\.php$
cmd:cron\.php$
There's so many different options of what to specify in the file and the syntax, it leaves most users like myself on sort of a trial and error quest and so for I'm unsuccessful.