Page 1 of 1
stop Process mail alerts
Posted: 08 Aug 2016, 07:35
by dushyant
Hi,
i am getting many email from CSF which I have installed on my server which are of
suspicious process is running under Avahi some times some other daemons
how can I stop such emails?
I have disabled LF_PERMBLOCK_ALERT but it stopped login and login failure mails.
i want to stop process mails only.
Thanks
Re: stop Process mail alerts
Posted: 08 Aug 2016, 15:30
by Sergio
Please, show the execute and command lines from the email to know what suspicious processes are them.
You don't need to copy the complete email, just the first 10 lines from it.
Re: stop Process mail alerts
Posted: 09 Aug 2016, 07:08
by dushyant
Time: Wed Aug 3 00:00:02 2016 -0500 Account: avahi Resource: Process Time Exceeded: 1366208 > 1800 (seconds) Executable: /usr/sbin/avahi-daemon Command Line: avahi-daemon: running [server.local] PID: 659 (Parent PID:659) Killed: No
above are the only details which I am getting on mail from firewall after every 15-30 mins of interval.
I don't required such mails from firewall.
I am getting mails for server access with authentication and if someone has tried to attack and firewall has blocked those IPs.
Re: stop Process mail alerts
Posted: 10 Aug 2016, 03:12
by Sergio
You have 2 choices:
1. Disable AVAHI, you can find about this in google.
2. Set AVAHI in csf.pignore to allow AVAHI processes and you will not receive any more emails about it.
To add AVAHI in csf.pignore, you can add:
user:avahi
Re: stop Process mail alerts
Posted: 10 Aug 2016, 10:44
by dushyant
To add AVAHI in csf.pignore, you can add:
user:avahi
This works for me
Thanks Sergio
Re: stop Process mail alerts
Posted: 17 Aug 2016, 05:31
by Elizine
The hourly emails are from logcheck which runs from the hourly cron in /etc/cron.hourly/logcheck.sh. If you don't want the reports, simply delete that file. If you'd rather reschedule them to be made one per day, do:
mv /etc/cron.hourly/logcheck.sh /etc/cron.daily/