lfd: *Suspicious Process* PID:

On servers with DirectAdmin installed, SeFlow preconfigures CSF (security appliance). It can happen that some processes, especially the most used, are seen as false positive and the system send alert messages. If you are sure that the process is authorized you can put it in the ignore list. Please log in DirectAdmin and press "ConfigServer Firewall & Security" in the Extra Features.

Go to section "lfd - Login Failure Daemon" and in the dropdown menu select "csf.pignore, Process tracking" and press Edit

A window will open where you can enter the process to ignore. It important to enter the process with the full path and preceded by exe:

if you receive email with this example message:

Dec 4 20:19:05 fs lfd[4351]: *Suspicious Process* PID:4072 User:admin
Uptime:100 secs EXE:/usr/libexec/dovecot/pop3 CMD:dovecot/pop3

The full process path is /usr/libexec/dovecot/pop3 . Insert in the ignore tracking process


Now press on Change and then restart.
Posted - Tue, Dec 4, 2012 8:59 PM. This article has been viewed 9737 times.
Online URL: http://kb.seflow.it/article/lfd-%2asuspicious-process%2a-pid-13.html