Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CFS bugged?

Discussion in 'Security' started by nibb, Apr 18, 2013.

  1. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    310
    Likes Received:
    2
    Trophy Points:
    68
    I just installed CFS for testing to see if it can replace a very basic feature I use on a bash script.

    But right after enabling it I get flooded with emails about Excessive resource usage from their LFD feature.

    This was one of the reasons I did not wanted to use it for some many years, because I think its a little to blooded, I just need a basic GUI for iptables.

    I read their documentation and even the posts here on WHT from the developer and it says you can turn the process tracking feature off or put the lists of process, this can´t be done as its spamming me about /usr/bin/php process which is mainly PHP process.

    I set the setting PT_LIMIT = 0

    And it does nothing. Im still getting the emails. How exactly do you turn process tracking off? Because as far as I see if I just turn the email notification off, it will just do that, not actually turn process tracking off.

    How exactly do I turn the process tracking feature completely off?

    As a side note, the port scanning started to block external servers which connect remotely to MYSQL (that is not port scan) so I turned it off. Of course the other solution if to add the IPs to the white lists except that I could not find how to do something very basic which I would love in the Webmin iptables interface.

    I want to whitelist some IP but only for some specific ports, not all of them...which is what CSF seems to do when you add an IP to the allowed list, it allows that IP for everything.
     
    #1 nibb, Apr 18, 2013
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,160
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This thread while not exactly related may be helpful all the same:
    lfd Excessive resource usage squirrelmail - ConfigServer Forums
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Apr 18, 2013
  3. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    310
    Likes Received:
    2
    Trophy Points:
    68
    The option does seem to work, except that I keep receiving email for 2 hours as it send out a couple of thousands. I delete the queue in my "receiving" email server.

    This gave me the impression the script was not doing anything.

    What I can't possibly understand is why it would tag resource excessive for PHP scripts. Yes, PHP scripts (at least in the email messages) says there where running for 1800 seconds, but I don´t think that is even possible as PHP has a 60 to 90 timeout. Not sure from where CSF is getting this numbers, as its basically telling that PHP process are running for hours and hours.
     
    #3 nibb, Apr 18, 2013
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    If you want to whitelist an IP or CIDR range for a specific port that's otherwise closed, use this syntax in csf.allow:

    tcp:in:d=3306:s=1.2.3.4/24

    This would allow 1.2.3.4/24 to access your MySQL port while leaving it otherwise closed in csf.conf.

    CSF and LFD run as separate daemons, you have to restart both to finalize changes to process tracking:

    csf -r
    /etc/init.d/lfd restart

    If you're not on centos or don't have /etc/init.d/lfd, use this to completely disable and then re-enable CSF / LFD. This will also finalize config changes:

    csf -x ; csf -e

    - - - Updated - - -

    As far as the long-running processes, it should give you a PID in the e-mail. you can use ps (usually ps faux) to see more detail of the procs and where they're forked from. You can also add things to /etc/csf/csf.pignore if you want certain processes or binaries ignored from process tracking.

    one more edit, they're very helpful on their forums. http://forum.configserver.com/viewforum.php?f=6&sid=6d06fa731246fca070ae9bdbe8ec43ea
     
    #4 quizknows, Apr 18, 2013
(You must log in or sign up to post here.)

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice