ConfigServer Community Forum

Couple of non-cPanel boxes that have upgraded themselves to 3.39 (generic), and we're now seeing a constant influx of warning emails such as:

Time: Fri Jul 11 07:22:19 2008
Account: haldaemon
Resource: Process Time
Exceeded: 76977 > 1800 (seconds)
Executable: /usr/sbin/hald
Command Line: hald
PID: 1818
Killed: No


What's weird is, in the csf.pignore we already had:

exec:/usr/sbin/hald

and when this first started yesterday, we added a:

user:haldaemon

and we're still getting the messages. These are centos boxes, and we're seeing emails for haldaemon, dbus, and mysql at this time. When we first installed csf we saw the same thing, but added the relevant "exec:" lines to csf.pignore and the emails stopped... but now they're back.

Now that I'm thinking about it, we did do a yum upgrade from centos 5.1 to 5.2 this week on these boxes, so it could be something that changed as a result of that... might not be a bug in 3.39?

Looks as though we're not the only ones seeing this. According to this post.

I've restarted lfd a few times while trying to resolve this, also added "user:" lines to csf.pignore in addition to the exec: lines, in an attempt to try and make the emails stop. No luck.

It's almost as if something happened and .pignore is just not being watched/followed at all.. I guess I could try removing it entirely to see if we get any *new* emails ontop of the ones we're already getting.... that would atleast tell me if the file is being taken into account at all.

That is odd. On my CentOS v5.2 server hald is running under root, not haldaemon.

Edit: just read that you tried excluding the haldaemon user.

I'll check the code.

In case it helps, here's a couple of the weird emails we just started getting in the last week or so.. all are from CentOS 5.2 servers or CentOS 5.2 xen DomUs, none of them used to do this until shortly after the 5.2 upgrade.
And here is our csf.pignore from one of said boxes:
Also seeing an occasional one for dbus as well... Don't seem to have any of those in my inbox just now however.

I've tried, but have been unable to replicate this problem (csf.pignore always works for me). If you have a server with this issue that I can access, please log a ticket.

I set PT_ALL_USERS to 1, and started receiving these mails:
I have these 3 lines (regarding dbus) in csf.pignore: I added user:dbus myself to see if that would make a difference, and restarted csf. The mails are still coming in. OS is Centos 4.7

Any ideas?

we have this occuring on all of our cPanel servers, all are running centos 4.7 or centos 5.2

I find that its all deleted processes that this occurs on and mostly postgres, hald and mysqld processes if that makes any difference

For deleted binary processes:
http://www.configserver.com/techfaq/index.php?faqid=72

Thanks for the tips on that...damn i have a lot of processes to restart across one hell of a lot of servers then... going to be a busy night

I get something like this
the following is already in the ignore file

exe:/usr/bin/dbus-daemon-1


Time: Fri Sep 19 15:58:59 2008 +0400
Account: dbus
Resource: Process Time
Exceeded: 6626985 > 1800 (seconds)
Executable: /usr/bin/dbus-daemon-1 (deleted)
Command Line: dbus-daemon-1 --system
PID: 4650
Killed: No

I did read the post to restart binaries and under /etc/init.d i dont see dbus

can you please guid me on how to prevent this message from coming

also i get the following very often

Time: Fri Sep 19 15:41:18 2008 +0400
File: /tmp/.wapi
Reason: Suspicious directory
Owner: nobody:nobody
Action: No action taken

But there is no file to delete when you go and check, can you help me out.
\
Thanks