CFS bugged?

[nibb]

I just installed CFS for testing to see if it can replace a very basic feature I use on a bash script.

But right after enabling it I get flooded with emails about Excessive resource usage from their LFD feature.

This was one of the reasons I did not wanted to use it for some many years, because I think its a little to blooded, I just need a basic GUI for iptables.

I read their documentation and even the posts here on WHT from the developer and it says you can turn the process tracking feature off or put the lists of process, this can´t be done as its spamming me about /usr/bin/php process which is mainly PHP process.

I set the setting PT_LIMIT = 0

And it does nothing. Im still getting the emails. How exactly do you turn process tracking off? Because as far as I see if I just turn the email notification off, it will just do that, not actually turn process tracking off.

How exactly do I turn the process tracking feature completely off?

As a side note, the port scanning started to block external servers which connect remotely to MYSQL (that is not port scan) so I turned it off. Of course the other solution if to add the IPs to the white lists except that I could not find how to do something very basic which I would love in the Webmin iptables interface.

I want to whitelist some IP but only for some specific ports, not all of them...which is what CSF seems to do when you add an IP to the allowed list, it allows that IP for everything.

 

[Infopro]

you can turn the process tracking feature off or put the lists of process, this can´t be done as its spamming me about /usr/bin/php process which is mainly PHP process.

This thread while not exactly related may be helpful all the same:
lfd Excessive resource usage squirrelmail - ConfigServer Forums

 

[nibb]

The option does seem to work, except that I keep receiving email for 2 hours as it send out a couple of thousands. I delete the queue in my "receiving" email server.

This gave me the impression the script was not doing anything.

What I can't possibly understand is why it would tag resource excessive for PHP scripts. Yes, PHP scripts (at least in the email messages) says there where running for 1800 seconds, but I don´t think that is even possible as PHP has a 60 to 90 timeout. Not sure from where CSF is getting this numbers, as its basically telling that PHP process are running for hours and hours.

 

[quizknows]

If you want to whitelist an IP or CIDR range for a specific port that's otherwise closed, use this syntax in csf.allow:

tcp:in:d=3306:s=1.2.3.4/24

This would allow 1.2.3.4/24 to access your MySQL port while leaving it otherwise closed in csf.conf.

CSF and LFD run as separate daemons, you have to restart both to finalize changes to process tracking:

csf -r
/etc/init.d/lfd restart

If you're not on centos or don't have /etc/init.d/lfd, use this to completely disable and then re-enable CSF / LFD. This will also finalize config changes:

csf -x ; csf -e

- - - Updated - - -

As far as the long-running processes, it should give you a PID in the e-mail. you can use ps (usually ps faux) to see more detail of the procs and where they're forked from. You can also add things to /etc/csf/csf.pignore if you want certain processes or binaries ignored from process tracking.

one more edit, they're very helpful on their forums. http://forum.configserver.com/viewforum.php?f=6&sid=6d06fa731246fca070ae9bdbe8ec43ea