Skip to main content
We are aware of an issue after updating to cPanel versions 11.110.0.65, 11.126.0.21, or 11.128.0.11, some cPanel plugins or features are no longer functioning properly including WP Toolkit. Please see the following article for more information and updates:
Update to latest cPanel 110, 126, or 128 versions removes "addonfeatures" directory.

CSF csf.pignore syntax for suspicious process

jazee
I know a lot of Cpanel users are running CSF/LFD. I've searched and read many posts on this topics before but I still don't find it clear what specific syntax to use in the csf.pignore file. These is the type of warning I'm trying to ignore. lfd[5333]: *Suspicious Process* PID:3792 PPID:3788 User:username Uptime:121 secs EXE:/home/virtfs/elemcms/opt/cpanel/ea-php73/root/usr/bin/php CMD:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php Right now I have: pcmd:cron\.php$ cmd:cron\.php$ There's so many different options of what to specify in the file and the syntax, it leaves most users like myself on sort of a trial and error quest and so for I'm unsuccessful.

Comments

4 comments

Date Votes
  • cPanelJamesW
    Greetings! The syntax for the 'csf.pignore' file is: exe:/full/path/to/file user:username cmd:command line
    so if you would like to whitelist the 'cron.php' file itself, you would need to use the full path, e.g.: exe:/home/${cPuser}/path/to/cron.php
    or alternatively, you may also try the entire command, e.g.: cmd:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php
    Please give that a try and let us know if it works for you. Thanks!
    0
  • jazee
    Prior to your reply, I added all 4 of these: cmd:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php pcmd:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php cmd:/opt/cpanel/.*/root/usr/bin/php -f cron.php pcmd:/opt/cpanel/.*/root/usr/bin/php -f cron.php One of them worked as I stopped getting the warning. When I get some time I'll use trial and error to find out. I'm guessing/hoping it's this one: cmd:/opt/cpanel/.*/root/usr/bin/php -f cron.p As the first two will no longer work if I upgrade to a PHP version newer than 7.3 and will have to remember to go update the file.
    0
  • ffeingol
    You can's use wildcards in the cmd option. That's what pcmd is for. pcmd uses perl regular expressions. If you look in /etc/csf/csf.pignore it gives examples near the top.
    0
  • jazee
    Then it is probably the pcmd:/opt/cpanel/.*/root/usr/bin/php -f cron.php that is working. Thanks for the clarification. I for some reason misunderstood 'p' as referring to process instead of PERL.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post