LFD overly generic process notice, any way to weed out?
Posted: 02 Jul 2024, 17:03
I am attempting to lower my signal to noise ratio on LFD notices so they don't start getting ignored when I get them. For the most part I have done a decent job with the csf.pignore file for weeding out legitimate processes. However, I just got one for LiteSpeed Enterprise web server process itself, and I think it is too generic. If I ignore it as provided in the notice, I would be allowing anything served by the web server (unless I am mistaken.) So I am wondering, is there anything I can do about these? Any help would be highly appreciated. My server stack is CloudLinux 9 / cPanel / Litespeed Enterprise.
Code: Select all
Time: Tue Jul 2 08:44:32 2024 -0700
PID: 3259830 (Parent PID:3259824)
Account: nobody
Uptime: 85 seconds
Executable:
/usr/local/lsws/bin/lshttpd.6.2.2
Command Line (often faked in exploits):
litespeed (lshttpd - #02)
. . .