csf.pignore issue
Posted: 13 Feb 2024, 07:56
Hi,
either I don't know how to use it or csf.pignore is not working as it should, this is what I tried so far:
and
The reason I'm doing this is very high rate of email notifications containing (Suspicious File Alert):
None of the above worked. Any suggestion on how to stop monitoring "/tmp/systemd-private-*" folders and why is user still monitored?
either I don't know how to use it or csf.pignore is not working as it should, this is what I tried so far:
Code: Select all
# stop monitoring wordpress breakdance /tmp files
dir:/tmp/systemd-private-*-ea-php*-php-fpm.service-*/tmp/
dir:/tmp/systemd-private-*/*
dir:/tmp/systemd-private-*
dir:/tmp/systemd-private-*-ea-php81-php-fpm.service-*/tmp/breakdance-ffea200c/twig-auto-generated-cache/*Code: Select all
# stop monitoring user
user:user1
user:user2Code: Select all
File: /tmp/systemd-private-48e12b312c2a482786a513ddcbf214b0-ea-php81-php-fpm.service-9oahU0/tmp/breakdance-bb3ae9f8/twig-auto-generated-cache/95/95263025d28d383c8e354d0dd8406abb.php
Reason: Script, file extension
Owner: user1:user1 (1050:1051)
Action: No action taken