Home » Categories » Website Panels » DirectAdmin

lfd: *Suspicious Process* PID:

Last Updated: Tue, Dec 4, 2012 9:03 PM

On servers with DirectAdmin installed, SeFlow preconfigures CSF (security appliance). It can happen that some processes, especially the most used, are seen as false positive and the system send alert messages. If you are sure that the process is authorized you can put it in the ignore list. Please log in DirectAdmin and press "ConfigServer Firewall & Security" in the Extra Features.

Go to section "lfd - Login Failure Daemon" and in the dropdown menu select "csf.pignore, Process tracking" and press Edit

A window will open where you can enter the process to ignore. It important to enter the process with the full path and preceded by exe:

if you receive email with this example message:

Dec 4 20:19:05 fs lfd[4351]: *Suspicious Process* PID:4072 User:admin
Uptime:100 secs EXE:/usr/libexec/dovecot/pop3 CMD:dovecot/pop3

The full process path is /usr/libexec/dovecot/pop3 . Insert in the ignore tracking process


Now press on Change and then restart.
Attachments Attachments
There are no attachments for this article.
Comments Comments
There are no comments for this article. Be the first to post a comment.
Related Articles RSS Feed
There are no related articles for this article.
© 2018 SeFlow All Rights reserved | Home | Server Dedicati | Server Virtuali | Domini | Contatti