Repeated emails coming from CSF, and LFD
I really used Google, and did not find a proper solution for this specific issue. I don't need or want these emails. I know the system is highly secure.
I receive the email:
(truncated because I don't need the whole message for this question) Is there ANY WAY to just shut off this email? I also receive others, but this one is the most annoying.
Subject:
lfd on xxx.xxxxxxx.com: Suspicious process running under user avahi
Body:
Time: Sun May 29 19:00:31 2016 +0000
PID: 3144 (Parent PID:3144)
Account: avahi
Uptime: 133816 seconds
Executable:
/usr/sbin/avahi-daemon
Command Line (often faked in exploits):
avahi-daemon: running [panel.local]
Network connections by the process (if any):
udp: 0.0.0.0:5353 -> 0.0.0.0:0
udp: 0.0.0.0:55561 -> 0.0.0.0:0
Files open by the process (if any):
/dev/null
anon_inode:inotify
Memory maps by the process (if any):
563765a5b000-563765a7a000 r-xp 00000000 08:00 13669 /usr/sbin/avahi-daemon
(truncated because I don't need the whole message for this question) Is there ANY WAY to just shut off this email? I also receive others, but this one is the most annoying.
-
Yes, If you want to disable above mail alert then you need to update /etc/csf/csf.pignore file on your server with the following line, so that CSF will ignore this process and you will not get any alert for this process. exe:/usr/sbin/avahi-daemon
0 -
I don't need or want these emails
IMHO, you do. In WHM > CSF, at top, first button is for Check Server Security. Once that has ran, at bottom choose Run Again and Display Checks. Using just this one message you're getting for an example, avahi-daemon, read the checks close to find this message: Check server startup for avahi-daemon - On most servers avahi-daemon is not needed and should be stopped and disabled from starting if it is not required. This service is currently enabled in init and can usually be disabled using: service avahi-daemon stop chkconfig avahi-daemon off
With the Info in mind you can end the emails for the service by disabling that service.0
Please sign in to leave a comment.
Comments
2 comments