Skip to main content

CSF csf.pignore syntax for suspicious process

Comments

4 comments

  • cPanelJamesW
    Greetings! The syntax for the 'csf.pignore' file is: exe:/full/path/to/file user:username cmd:command line
    so if you would like to whitelist the 'cron.php' file itself, you would need to use the full path, e.g.: exe:/home/${cPuser}/path/to/cron.php
    or alternatively, you may also try the entire command, e.g.: cmd:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php
    Please give that a try and let us know if it works for you. Thanks!
    0
  • jazee
    Prior to your reply, I added all 4 of these: cmd:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php pcmd:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php cmd:/opt/cpanel/.*/root/usr/bin/php -f cron.php pcmd:/opt/cpanel/.*/root/usr/bin/php -f cron.php One of them worked as I stopped getting the warning. When I get some time I'll use trial and error to find out. I'm guessing/hoping it's this one: cmd:/opt/cpanel/.*/root/usr/bin/php -f cron.p As the first two will no longer work if I upgrade to a PHP version newer than 7.3 and will have to remember to go update the file.
    0
  • ffeingol
    You can's use wildcards in the cmd option. That's what pcmd is for. pcmd uses perl regular expressions. If you look in /etc/csf/csf.pignore it gives examples near the top.
    0
  • jazee
    Then it is probably the pcmd:/opt/cpanel/.*/root/usr/bin/php -f cron.php that is working. Thanks for the clarification. I for some reason misunderstood 'p' as referring to process instead of PERL.
    0

Please sign in to leave a comment.