LFD - Suspicious process running under user postgres

Hello, I come to you because I received several notification emails from my VPS server entitled: LFD - Suspicious process running under user postgres Here is the content of the email [QUOTE] Time: Sun May 29 11:00:57 2022 +0200 PID: 12692 (Parent PID:12686) Account: postgres Uptime: 801371 seconds Executable: /usr/pgsql-10/bin/postgres Command Line (often faked in exploits): postgres: wal writer process Network connections by the process (if any): udp6: 0:0:0:0:0:0:0:1:52577 -> 0:0:0:0:0:0:0:1:52577 Files open by the process (if any): /dev/null /var/lib/pgsql/10/data/pg_wal/000000010000000000000001 anon_inode:[eventpoll] Memory maps by the process (if any): 00400000-00aaa000 r-xp 00000000 08:01 8626148 /usr/pgsql-10/bin/postgres 00ca9000-00caa000 r--p 006a9000 08:01 8626148 /usr/pgsql-10/bin/postgres 00caa000-00cb8000 rw-p 006aa000 08:01 8626148 /usr/pgsql-10/bin/postgres 00cb8000-00d21000 rw-p 00000000 00:00 0 01f96000-01fdf000 rw-p 00000000 00:00 0 [heap] 7f10c87eb000-7f10d1595000 rw-s 00000000 00:04 329491107 /dev/zero (deleted) 7f10d1595000-7f10d7ad7000 r--p 00000000 08:01 3144553 /usr/lib/locale/locale-archive 7f10d7ad7000-7f10d7ad9000 r-xp 00000000 08:01 7217 /usr/lib64/libfreebl3.so 7f10d7ad9000-7f10d7cd8000 ---p 00002000 08:01 7217 /usr/lib64/libfreebl3.so 7f10d7cd8000-7f10d7cd9000 r--p 00001000 08:01 7217 /usr/lib64/libfreebl3.so 7f10d7cd9000-7f10d7cda000 rw-p 00002000 08:01 7217 /usr/lib64/libfreebl3.so 7f10d7cda000-7f10d7ce9000 r-xp 00000000 08:01 90432 /usr/lib64/libbz2.so.1.0.6 7f10d7ce9000-7f10d7ee8000 ---p 0000f000 08:01 90432 /usr/lib64/libbz2.so.1.0.6 7f10d7ee8000-7f10d7ee9000 r--p 0000e000 08:01 90432 /usr/lib64/libbz2.so.1.0.6 7f10d7ee9000-7f10d7eea000 rw-p 0000f000 08:01 90432 /usr/lib64/libbz2.so.1.0.6 7f10d7eea000-7f10d7f01000 r-xp 00000000 08:01 555646 /usr/lib64/libelf-0.176.so 7f10d8100000-7f10d8101000 r--p 00016000 08:01 555646 /usr/lib64/libelf-0.176.so 7f10d8102000-7f10d8162000 r-xp 00000000 08:01 90301 /usr/lib64/libpcre.so.1.2.0 7f10d8162000-7f10d8362000 ---p 00060000 08:01 90301 /usr/lib64/libpcre.so.1.2.0 7f10d8362000-7f10d8363000 r--p 00060000 08:01 90301 /usr/lib64/libpcre.so.1.2.0 7f10d8363000-7f10d8364000 rw-p 00061000 08:01 90301 /usr/lib64/libpcre.so.1.2.0 7f10d8364000-7f10d8368000 r-xp 00000000 08:01 90495 /usr/lib64/libattr.so.1.1.0 7f10d8368000-7f10d8567000 ---p 00004000 08:01 90495 /usr/lib64/libattr.so.1.1.0 7f10d8567000-7f10d8568000 r--p 00003000 08:01 90495 /usr/lib64/libattr.so.1.1.0 7f10d8568000-7f10d8569000 rw-p 00004000 08:01 90495 /usr/lib64/libattr.so.1.1.0 7f10d8569000-7f10d8571000 r-xp 00000000 08:01 2592653 /usr/lib64/libcrypt-2.17.so 7f10d8770000-7f10d8771000 r--p 00007000 08:01 2592653 /usr/lib64/libcrypt-2.17.so 7f10d8772000-7f10d87a0000 rw-p 00000000 00:00 0 7f10d87a0000-7f10d87a4000 r-xp 00000000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0 7f10d87a4000-7f10d89a4000 ---p 00004000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0 7f10d89a4000-7f10d89a5000 r--p 00004000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0 7f10d89a5000-7f10d89a6000 rw-p 00005000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0 7f10d89a6000-7f10d89f4000 r-xp 00000000 08:01 380235 /usr/lib64/libdw-0.176.so 7f10d8bf4000-7f10d8bf6000 r--p 0004e000 08:01 380235 /usr/lib64/libdw-0.176.so 7f10d8bf7000-7f10d8bfb000 r-xp 00000000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0 7f10d8bfb000-7f10d8dfa000 ---p 00004000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0 7f10d8dfa000-7f10d8dfb000 r--p 00003000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0 7f10d8dfb000-7f10d8dfc000 rw-p 00004000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0 7f10d8dfc000-7f10d8e79000 r-xp 00000000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2 7f10d8e79000-7f10d9078000 ---p 0007d000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2 7f10d9078000-7f10d9079000 r--p 0007c000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2 7f10d9079000-7f10d907c000 rw-p 0007d000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2 7f10d907c000-7f10d907d000 rw-p 00000000 00:00 0 7f10d907d000-7f10d908b000 r-xp 00000000 08:01 90795 /usr/lib64/liblz4.so.1.8.3 7f10d908b000-7f10d928a000 ---p 0000e000 08:01 90795 /usr/lib64/liblz4.so.1.8.3 7f10d928a000-7f10d928b000 r--p 0000d000 08:01 90795 /usr/lib64/liblz4.so.1.8.3 7f10d928b000-7f10d928c000 rw-p 0000e000 08:01 90795 /usr/lib64/liblz4.so.1.8.3 7f10d928c000-7f10d92b0000 r-xp 00000000 08:01 90300 /usr/lib64/libselinux.so.1 7f10d92b0000-7f10d94af000 ---p 00024000 08:01 90300 /usr/lib64/libselinux.so.1 7f10d94af000-7f10d94b0000 r--p 00023000 08:01 90300 /usr/lib64/libselinux.so.1 7f10d94b0000-7f10d94b1000 rw-p 00024000 08:01 90300 /usr/lib64/libselinux.so.1 7f10d94b1000-7f10d94b3000 rw-p 00000000 00:00 0 7f10d94b3000-7f10d94b7000 r-xp 00000000 08:01 90532 /usr/lib64/libcap.so.2.22 7f10d94b7000-7f10d96b6000 ---p 00004000 08:01 90532 /usr/lib64/libcap.so.2.22 7f10d96b6000-7f10d96b7000 r--p 00003000 08:01 90532 /usr/lib64/libcap.so.2.22 7f10d96b7000-7f10d96b8000 rw-p 00004000 08:01 90532 /usr/lib64/libcap.so.2.22 7f10d96b8000-7f10daa8a000 r-xp 00000000 08:01 442360 /usr/lib64/libicudata.so.50.2 7f10daa8a000-7f10dac89000 ---p 013d2000 08:01 442360 /usr/lib64/libicudata.so.50.2 7f10dac89000-7f10dac8a000 r--p 013d1000 08:01 442360 /usr/lib64/libicudata.so.50.2 7f10dac8a000-7f10dac8b000 rw-p 013d2000 08:01 442360 /usr/lib64/libicudata.so.50.2 7f10dac8b000-7f10daca0000 r-xp 00000000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f10daca0000-7f10dae9f000 ---p 00015000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f10dae9f000-7f10daea0000 r--p 00014000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f10daea0000-7f10daea1000 rw-p 00015000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f10daea1000-7f10daf8a000 r-xp 00000000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19 7f10daf8a000-7f10db18a000 ---p 000e9000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19 7f10db18a000-7f10db192000 r--p 000e9000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19 7f10db192000-7f10db194000 rw-p 000f1000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19 7f10db194000-7f10db1a9000 rw-p 00000000 00:00 0 7f10db1a9000-7f10db1e3000 r-xp 00000000 08:01 1830052 /usr/lib64/libnspr4.so 7f10db1e3000-7f10db3e2000 ---p 0003a000 08:01 1830052 /usr/lib64/libnspr4.so 7f10db3e2000-7f10db3e3000 r--p 00039000 08:01 1830052 /usr/lib64/libnspr4.so 7f10db3e3000-7f10db3e5000 rw-p 0003a000 08:01 1830052 /usr/lib64/libnspr4.so 7f10db3e5000-7f10db3e7000 rw-p 00000000 00:00 0 7f10db3e7000-7f10db3eb000 r-xp 00000000 08:01 3219103 /usr/lib64/libplc4.so 7f10db3eb000-7f10db5ea000 ---p 00004000 08:01 3219103 /usr/lib64/libplc4.so 7f10db5ea000-7f10db5eb000 r--p 00003000 08:01 3219103 /usr/lib64/libplc4.so 7f10db5eb000-7f10db5ec000 rw-p 00004000 08:01 3219103 /usr/lib64/libplc4.so 7f10db5ec000-7f10db5ef000 r-xp 00000000 08:01 3219104 /usr/lib64/libplds4.so 7f10db5ef000-7f10db7ee000 ---p 00003000 08:01 3219104 /usr/lib64/libplds4.so 7f10db7ee000-7f10db7ef000 r--p 00002000 08:01 3219104 /usr/lib64/libplds4.so 7f10db7ef000-7f10db7f0000 rw-p 00003000 08:01 3219104 /usr/lib64/libplds4.so 7f10db7f0000-7f10db819000 r-xp 00000000 08:01 11393 /usr/lib64/libnssutil3.so 7f10db819000-7f10dba18000 ---p 00029000 08:01 11393 /usr/lib64/libnssutil3.so 7f10dba18000-7f10dba1f000 r--p 00028000 08:01 11393 /usr/lib64/libnssutil3.so 7f10dba1f000-7f10dba20000 rw-p 0002f000 08:01 11393 /usr/lib64/libnssutil3.so 7f10dba20000-7f10dbb50000 r-xp 00000000 08:01 564431 /usr/lib64/libnss3.so 7f10dbb50000-7f10dbd50000 ---p 00130000 08:01 564431 /usr/lib64/libnss3.so 7f10dbd50000-7f10dbd55000 r--p 00130000 08:01 564431 /usr/lib64/libnss3.so 7f10dbd55000-7f10dbd58000 rw-p 00135000 08:01 564431 /usr/lib64/libnss3.so 7f10dbd58000-7f10dbd59000 rw-p 00000000 00:00 0 7f10dbd59000-7f10dbd7e000 r-xp 00000000 08:01 1841497 /usr/lib64/libsmime3.so 7f10dbd7e000-7f10dbf7d000 ---p 00025000 08:01 1841497 /usr/lib64/libsmime3.so 7f10dbf7d000-7f10dbf80000 r--p 00024000 08:01 1841497 /usr/lib64/libsmime3.so 7f10dbf80000-7f10dbf81000 rw-p 00027000 08:01 1841497 /usr/lib64/libsmime3.so 7f10dbf81000-7f10dbfde000 r-xp 00000000 08:01 1841517 /usr/lib64/libssl3.so 7f10dbfde000-7f10dc1de000 ---p 0005d000 08:01 1841517 /usr/lib64/libssl3.so 7f10dc1de000-7f10dc1e2000 r--p 0005d000 08:01 1841517 /usr/lib64/libssl3.so 7f10dc1e2000-7f10dc1e3000 rw-p 00061000 08:01 1841517 /usr/lib64/libssl3.so 7f10dc1e3000-7f10dc1e4000 rw-p 00000000 00:00 0 7f10dc1e4000-7f10dc200000 r-xp 00000000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0 7f10dc200000-7f10dc3ff000 ---p 0001c000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0 7f10dc3ff000-7f10dc400000 r--p 0001b000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0 7f10dc400000-7f10dc401000 rw-p 0001c000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0 7f10dc401000-7f10dc40f000 r-xp 00000000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7 7f10dc40f000-7f10dc60e000 ---p 0000e000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7 7f10dc60e000-7f10dc60f000 r--p 0000d000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7 7f10dc60f000-7f10dc610000 rw-p 0000e000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7 7f10dc610000-7f10dc626000 r-xp 00000000 08:01 3144705 /usr/lib64/libresolv-2.17.so 7f10dc826000-7f10dc827000 r--p 00016000 08:01 3144705 /usr/lib64/libresolv-2.17.so 7f10dc828000-7f10dc82a000 rw-p 00000000 00:00 0 7f10dc82a000-7f10dc82d000 r-xp 00000000 08:01 90563 /usr/lib64/libkeyutils.so.1.5 7f10dc82d000-7f10dca2c000 ---p 00003000 08:01 90563 /usr/lib64/libkeyutils.so.1.5 7f10dca2c000-7f10dca2d000 r--p 00002000 08:01 90563 /usr/lib64/libkeyutils.so.1.5 7f10dca2d000-7f10dca2e000 rw-p 00003000 08:01 90563 /usr/lib64/libkeyutils.so.1.5 7f10dca2e000-7f10dca3c000 r-xp 00000000 08:01 18791 /usr/lib64/libkrb5support.so.0.1 7f10dca3c000-7f10dcc3c000 ---p 0000e000 08:01 18791 /usr/lib64/libkrb5support.so.0.1 7f10dcc3c000-7f10dcc3d000 r--p 0000e000 08:01 18791 /usr/lib64/libkrb5support.so.0.1 7f10dcc3d000-7f10dcc3e000 rw-p 0000f000 08:01 18791 /usr/lib64/libkrb5support.so.0.1 7f10dcc3e000-7f10dcc6f000 r-xp 00000000 08:01 11425 /usr/lib64/libk5crypto.so.3.1 7f10dcc6f000-7f10dce6e000 ---p 00031000 08:01 11425 /usr/lib64/libk5crypto.so.3.1 7f10dce6e000-7f10dce70000 r--p 00030000 08:01 11425 /usr/lib64/libk5crypto.so.3.1 7f10dce70000-7f10dce71000 rw-p 00032000 08:01 11425 /usr/lib64/libk5crypto.so.3.1 7f10dce71000-7f10dce74000 r-xp 00000000 08:01 555623 /usr/lib64/libcom_err.so.2.1 7f10dce74000-7f10dd073000 ---p 00003000 08:01 555623 /usr/lib64/libcom_err.so.2.1 7f10dd073000-7f10dd074000 r--p 00002000 08:01 555623 /usr/lib64/libcom_err.so.2.1 7f10dd074000-7f10dd075000 rw-p 00003000 08:01 555623 /usr/lib64/libcom_err.so.2.1 7f10dd075000-7f10dd14e000 r-xp 00000000 08:01 18689 /usr/lib64/libkrb5.so.3.3 7f10dd14e000-7f10dd34d000 ---p 000d9000 08:01 18689 /usr/lib64/libkrb5.so.3.3 7f10dd34d000-7f10dd35b000 r--p 000d8000 08:01 18689 /usr/lib64/libkrb5.so.3.3 7f10dd35b000-7f10dd35e000 rw-p 000e6000 08:01 18689 /usr/lib64/libkrb5.so.3.3 7f10dd35e000-7f10dd37c000 r-xp 00000000 08:01 90540 /usr/lib64/libaudit.so.1.0.0 7f10dd37c000-7f10dd57b000 ---p 0001e000 08:01 90540 /usr/lib64/libaudit.so.1.0.0 7f10dd57b000-7f10dd57c000 r--p 0001d000 08:01 90540 /usr/lib64/libaudit.so.1.0.0 7f10dd57c000-7f10dd57d000 rw-p 0001e000 08:01 90540 /usr/lib64/libaudit.so.1.0.0 7f10dd57d000-7f10dd587000 rw-p 00000000 00:00 0 7f10dd587000-7f10dd5ac000 r-xp 00000000 08:01 90320 /usr/lib64/liblzma.so.5.2.2 7f10dd5ac000-7f10dd7ab000 ---p 00025000 08:01 90320 /usr/lib64/liblzma.so.5.2.2 7f10dd7ab000-7f10dd7ac000 r--p 00024000 08:01 90320 /usr/lib64/liblzma.so.5.2.2 7f10dd7ac000-7f10dd7ad000 rw-p 00025000 08:01 90320 /usr/lib64/liblzma.so.5.2.2 7f10dd7ad000-7f10dd7c2000 r-xp 00000000 08:01 90434 /usr/lib64/libz.so.1.2.7 7f10dd7c2000-7f10dd9c1000 ---p 00015000 08:01 90434 /usr/lib64/libz.so.1.2.7 7f10dd9c1000-7f10dd9c2000 r--p 00014000 08:01 90434 /usr/lib64/libz.so.1.2.7 7f10dd9c2000-7f10dd9c3000 rw-p 00015000 08:01 90434 /usr/lib64/libz.so.1.2.7 7f10dd9c3000-7f10ddb87000 r-xp 00000000 08:01 2592649 /usr/lib64/libc-2.17.so 7f10ddd86000-7f10ddd8a000 r--p 001c3000 08:01 2592649 /usr/lib64/libc-2.17.so 7f10ddd8c000-7f10ddd91000 rw-p 00000000 00:00 0 7f10ddd91000-7f10dddc0000 r-xp 00000000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0 7f10dddc0000-7f10ddfc0000 ---p 0002f000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0 7f10ddfc0000-7f10ddfc1000 r--p 0002f000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0 7f10ddfc1000-7f10ddfc2000 rw-p 00030000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0 7f10ddfc2000-7f10de126000 r-xp 00000000 08:01 2776387 /usr/lib64/libicuuc.so.50.2 7f10de126000-7f10de326000 ---p 00164000 08:01 2776387 /usr/lib64/libicuuc.so.50.2 7f10de326000-7f10de336000 r--p 00164000 08:01 2776387 /usr/lib64/libicuuc.so.50.2 7f10de336000-7f10de337000 rw-p 00174000 08:01 2776387 /usr/lib64/libicuuc.so.50.2 7f10de337000-7f10de33b000 rw-p 00000000 00:00 0 7f10de33b000-7f10de52b000 r-xp 00000000 08:01 442362 /usr/lib64/libicui18n.so.50.2 7f10de52b000-7f10de72b000 ---p 001f0000 08:01 442362 /usr/lib64/libicui18n.so.50.2 7f10de72b000-7f10de737000 r--p 001f0000 08:01 442362 /usr/lib64/libicui18n.so.50.2 7f10de737000-7f10de739000 rw-p 001fc000 08:01 442362 /usr/lib64/libicui18n.so.50.2 7f10de739000-7f10de73a000 rw-p 00000000 00:00 0 7f10de73a000-7f10de78c000 r-xp 00000000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7 7f10de78c000-7f10de98c000 ---p 00052000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7 7f10de98c000-7f10de98e000 r--p 00052000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7 7f10de98e000-7f10de98f000 rw-p 00054000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7 7f10de98f000-7f10dea90000 r-xp 00000000 08:01 3144565 /usr/lib64/libm-2.17.so 7f10dec8f000-7f10dec90000 r--p 00100000 08:01 3144565 /usr/lib64/libm-2.17.so 7f10dec91000-7f10dec93000 r-xp 00000000 08:01 3144563 /usr/lib64/libdl-2.17.so 7f10dee93000-7f10dee94000 r--p 00002000 08:01 3144563 /usr/lib64/libdl-2.17.so 7f10dee95000-7f10dee9c000 r-xp 00000000 08:01 3144713 /usr/lib64/librt-2.17.so 7f10df09b000-7f10df09c000 r--p 00006000 08:01 3144713 /usr/lib64/librt-2.17.so 7f10df09d000-7f10df0e7000 r-xp 00000000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2 7f10df0e7000-7f10df2e7000 ---p 0004a000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2 7f10df2e7000-7f10df2e8000 r--p 0004a000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2 7f10df2e8000-7f10df2ea000 rw-p 0004b000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2 7f10df2ea000-7f10df521000 r-xp 00000000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k 7f10df521000-7f10df720000 ---p 00237000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k 7f10df720000-7f10df73c000 r--p 00236000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k 7f10df73c000-7f10df749000 rw-p 00252000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k 7f10df749000-7f10df74d000 rw-p 00000000 00:00 0 7f10df74d000-7f10df7b4000 r-xp 00000000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k 7f10df7b4000-7f10df9b4000 ---p 00067000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k 7f10df9b4000-7f10df9b8000 r--p 00067000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k 7f10df9b8000-7f10df9bf000 rw-p 0006b000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k 7f10df9bf000-7f10df9cc000 r-xp 00000000 08:01 555953 /usr/lib64/libpam.so.0.83.1 7f10df9cc000-7f10dfbcc000 ---p 0000d000 08:01 555953 /usr/lib64/libpam.so.0.83.1 7f10dfbcc000-7f10dfbcd000 r--p 0000d000 08:01 555953 /usr/lib64/libpam.so.0.83.1 7f10dfbcd000-7f10dfbce000 rw-p 0000e000 08:01 555953 /usr/lib64/libpam.so.0.83.1 7f10dfbce000-7f10dfd2c000 r-xp 00000000 08:01 344743 /usr/lib64/libxml2.so.2.9.1 7f10dfd2c000-7f10dff2c000 ---p 0015e000 08:01 344743 /usr/lib64/libxml2.so.2.9.1 7f10dff2c000-7f10dff34000 r--p 0015e000 08:01 344743 /usr/lib64/libxml2.so.2.9.1 7f10dff34000-7f10dff36000 rw-p 00166000 08:01 344743 /usr/lib64/libxml2.so.2.9.1 7f10dff36000-7f10dff38000 rw-p 00000000 00:00 0 7f10dff38000-7f10dff4f000 r-xp 00000000 08:01 555600 /usr/lib64/libpthread-2.17.so 7f10e014e000-7f10e014f000 r--p 00016000 08:01 555600 /usr/lib64/libpthread-2.17.so 7f10e0150000-7f10e0154000 rw-p 00000000 00:00 0 7f10e0154000-7f10e0176000 r-xp 00000000 08:01 2585439 /usr/lib64/ld-2.17.so 7f10e0376000-7f10e0377000 rw-p 00022000 08:01 2585439 /usr/lib64/

cPRex Jurassic Moderator

May 31, 2022 15:11

Hey there! When PostGreSQL is installed with the "/scripts/installpostgres" command that currently installs version 9, so cPanel would not be creating anything in /usr/pgsql-10/bin/postgres. If you have manually installed a newer version of PostGreSQL on the machine, that would explain that file path. If you did perform a manual installation, and are using PostGreSQL on the server, it's possible that CSF could have flagged that process and you just need to add it to the LFD ignore list.

eventtex

June 14, 2022 09:08

Hello, Thank you for your reply. In the CSF settings at WHM level I edited the file /etc/csf/csf.ignore by adding the following line: exe:/usr/pgsql-10/bin/postgres However, I always receive the same type of email. Can you tell me if the syntax of the line I added is correct? Thank you for your reply.

June 14, 2022 13:35

That looks correct to me. If that isn't working how you expect, it would be best to reach out to the ConfigServer support team at Technical Support as cPanel doesn't develop this application.

June 14, 2022 14:46

That looks correct to me. If that isn't working how you expect, it would be best to reach out to the ConfigServer support team at

June 14, 2022 14:49

Let me know if you need anything else from our end!

June 15, 2022 13:02

I think I found where the problem was. I had added the line in the csf.ignore file when it was the csf.pignore file that needed to be modified. Until now I no longer receive alert notifications.

June 15, 2022 15:42

Thanks for posting that clarification!

LFD - Suspicious process running under user postgres

Comments

Didn't find what you were looking for?