Suspicious process running - can't turn off this
Posted: 25 Mar 2013, 13:27
Hi,
latest CSF, I've many emails like "lfd on host: Suspicious process running under user xxx". This is nice feature but this send me many emails, so i try to turn off this but with no result:
PT_LIMIT = 0
PT_USERPROC = 0
PT_USERMEM = 0
PT_USERTIME = 0
csf -r
and nothing changes. still have info about my procceses. So i try add them to cf.pignore:
mail says:
so I've added:
csf -r
and still no change.
How to add this to pignore?!?
latest CSF, I've many emails like "lfd on host: Suspicious process running under user xxx". This is nice feature but this send me many emails, so i try to turn off this but with no result:
PT_LIMIT = 0
PT_USERPROC = 0
PT_USERMEM = 0
PT_USERTIME = 0
csf -r
and nothing changes. still have info about my procceses. So i try add them to cf.pignore:
mail says:
Code: Select all
"Executable:
/usr/bin/perl
Command Line (often faked in exploits):
monitorix-httpd listening on 8080"Code: Select all
exe:/usr/bin/perl /usr/bin/monitorix-httpd
exe:/usr/bin/perl monitorix-httpd
cmd:/usr/bin/perl monitorix-httpd
pcmd:/usr/bin/perl /usr/bin/monitorix.*and still no change.
How to add this to pignore?!?