not ignoring processes and users in pignore
Posted: 24 Mar 2022, 13:41
csf.pignore entries:
----
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt
puser: .*conf
puser: .*arch
exe: /usr/bin/icecast
exe: /opt/cpanel/ea-php74/root/usr/bin/php
exe: /usr/local/src/pontifiserver/pontifiserver
exe: /usr/local/src/pontifiserver/pontifistreamer
exe: /usr/local/src/pontificorder2/pontificorder2
exe: /usr/local/bin/pontificorder2
exe: /usr/local/bin/pontifiserver
exe: /usr/local/bin/pontifistreamer
user: audio
user: audio2
user: streampacserv
-----
lfd.log entries:
-----
Mar 20 07:00:24 nu lfd[27938]: *Suspicious Process* PID:15358 PPID:15358 User:streampacserv Uptime:2000465 secs EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 07:00:24 nu lfd[27938]: *User Processing* PID:5645 Kill:0 User:wdbxconf Time:36911 EXE:/usr/bin/bash CMD:-bash
Mar 20 07:00:24 nu lfd[27938]: *User Processing* PID:15358 Kill:0 User:streampacserv VM:1069(MB) EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 07:00:24 nu lfd[27938]: *User Processing* PID:15358 Kill:0 User:streampacserv Time:2000465 EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *Suspicious Process* PID:15358 PPID:15358 User:streampacserv Uptime:2004068 secs EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *User Processing* PID:15358 Kill:0 User:streampacserv VM:1069(MB) EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *User Processing* PID:15358 Kill:0 User:streampacserv Time:2004068 EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *User Processing* PID:5645 Kill:0 User:wdbxconf Time:40514 EXE:/usr/bin/bash CMD:-bash
Mar 20 09:00:29 nu lfd[24000]: *Suspicious Process* PID:15358 PPID:15358 User:streampacserv Uptime:2007670 secs EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 09:00:30 nu lfd[24000]: *User Processing* PID:5645 Kill:0 User:wdbxconf Time:44116 EXE:/usr/bin/bash CMD:-bash
------
i'm sure i've done something wrong... but i can't figure out what it is.
any help would be greatly appreciated.
O.
----
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt
puser: .*conf
puser: .*arch
exe: /usr/bin/icecast
exe: /opt/cpanel/ea-php74/root/usr/bin/php
exe: /usr/local/src/pontifiserver/pontifiserver
exe: /usr/local/src/pontifiserver/pontifistreamer
exe: /usr/local/src/pontificorder2/pontificorder2
exe: /usr/local/bin/pontificorder2
exe: /usr/local/bin/pontifiserver
exe: /usr/local/bin/pontifistreamer
user: audio
user: audio2
user: streampacserv
-----
lfd.log entries:
-----
Mar 20 07:00:24 nu lfd[27938]: *Suspicious Process* PID:15358 PPID:15358 User:streampacserv Uptime:2000465 secs EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 07:00:24 nu lfd[27938]: *User Processing* PID:5645 Kill:0 User:wdbxconf Time:36911 EXE:/usr/bin/bash CMD:-bash
Mar 20 07:00:24 nu lfd[27938]: *User Processing* PID:15358 Kill:0 User:streampacserv VM:1069(MB) EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 07:00:24 nu lfd[27938]: *User Processing* PID:15358 Kill:0 User:streampacserv Time:2000465 EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *Suspicious Process* PID:15358 PPID:15358 User:streampacserv Uptime:2004068 secs EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *User Processing* PID:15358 Kill:0 User:streampacserv VM:1069(MB) EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *User Processing* PID:15358 Kill:0 User:streampacserv Time:2004068 EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 08:00:27 nu lfd[5519]: *User Processing* PID:5645 Kill:0 User:wdbxconf Time:40514 EXE:/usr/bin/bash CMD:-bash
Mar 20 09:00:29 nu lfd[24000]: *Suspicious Process* PID:15358 PPID:15358 User:streampacserv Uptime:2007670 secs EXE:/usr/bin/icecast CMD:/usr/bin/icecast -c /home/streampacserv/public_html/icecast_streampacserv.xml
Mar 20 09:00:30 nu lfd[24000]: *User Processing* PID:5645 Kill:0 User:wdbxconf Time:44116 EXE:/usr/bin/bash CMD:-bash
------
i'm sure i've done something wrong... but i can't figure out what it is.
any help would be greatly appreciated.
O.