ConfigServer Community Forum

updates in horde have produced a mess of emails on one server that i can't seem to stop . Only occurring on one server but 6 a hours so to many. I do find that the directory is all ready told to not report in the configuration csf.fignore file with
/tmp/\.horde/.* but it doesn't seem to be working
message im receiving is below can someone suggest how to suppress this message .
File: /tmp/.horde
Reason: Suspicious directory
Owner: cpanelhorde:cpanelhorde (503:504)
Action: No action taken

thanks for help in advance

I am constantly getting these emails on the directory watch in csf:
Time: Thu Jan 30 18:05:54 2014 -0600
File: /tmp/.horde
Reason: Suspicious directory
Owner: cpanelhorde:cpanelhorde (32002:32002)
Action: No action taken

I asked cpanel about it and they told me they upgraded horde and it was a major upgrade and the firewall is not use to the changes.

I deleted that .horde temporary directory yesterday and didn't get an email until about an hour ago, one every ten minutes as I had lf_dirwatch set to 600 seconds. I just checked the tmp/.horde directories and nothing is in there except tmp/.horde/imp and /tmp/.horde/imp/compose and nothing is in either sub-directory.

Is there anything I can do to keep lf_dirwatch turned on and not get all these emails?

I sure would appreciate your help.

Thank you!

Getting the same messages all day.
The weird is, /tmp/.horde is already in ignore list.
Also trying to ignore user cpanelhorde doesn't help either.

Adding /* seems to work because imp subdirectory isn't hidden:
Watching it...
(except if I scr*w it up with regex)

/tmp/\.horde/.*
/tmp/\.horde/*

my concern is that the /tmp/\.horde/.* is working on one server but not others

The issue is that the example regex in csf.fignore only ignores the contents of /tmp/.horde/ but not the directory itself. To ignore the directory add the following to /etc/csf/csf.fignore and then restart lfd:

should not adding it to csf.fignore not work?

Thank you! It works great!

working here as well