Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

help with perl syntax in csf.fignore

Discussion in 'General Discussion' started by WorkinOnIt, Mar 22, 2019.

  1. WorkinOnIt

    WorkinOnIt Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    168
    Likes Received:
    24
    Trophy Points:
    18
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi all

    I keep getting the "Suspicious process running under user" email from CSF.

    I know that I can modify the pignore (ignore process) file in CSF, but for this particular issue, it is relevant only to a specific file - a log file that is taking too long to upload to external backup repository (Dropbox). The reason it's taking too long is a separate issue (that I am working to solve) and that will ultimately stop the emails.....

    However, meanwhile, I would like some help on writing the correct Perl syntax, that I can add to the file ignore (csf.fignore) in CSF so that I no longer get the Suspicious process emails, where the log file is referenced.

    The full path of the log file is as follows;

    /home/userxyz/public_html/wp-content/infinitewp/backups/log.1234567abcdef.txt

    The prefix and suffix changes due to user and log file name change - so I need some wildcards to ignore the first and last part of the string will be ignored e.g.

    */infinitewp/backups/log.*.txt

    Here is what I have tried in the fignore file, but it is not working (I am still getting the emails)

    *\/wp-content\/infinitewp\/backups\/log.*\.txt

    I created this using the Regex Tester and Debugger Online - Javascript, PCRE, PHP reg ex debugger - where it seemed to be valid, but not working with CSF.

    Thanks for any help!
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I think the reason your regex is not working is because you are trying to block a data file and not a process.

    Try blocking the specific process that CSF reports (this will probably be a PHP file somewhere in your wp fileset) that is responsible for uploading the file to your Dropbox
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. WorkinOnIt

    WorkinOnIt Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    168
    Likes Received:
    24
    Trophy Points:
    18
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Thanks for your help, however as mentioned, I don't want to block the process as that has wide reaching ramifications.

    For example, the process concerned is listed as either;

    exe: /opt/cpanel/ea-php56/root/usr/bin/php-cgi or
    exe: /opt/cpanel/ea-php71/root/usr/bin/php-cgi

    My understanding is the fignore would allow me to target a specific data file, rather than a wider process.
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    csf.fignore is a list of files that lfd directory watching will ignore. (eg directories and/or files being watched for changes)

    If your alert is due to a process
    the presence of the filename in the fignore will not have any impact on the process alert

    If you have a specific PHP file that is eg being called by a cron, try adding that to the
    csf.pignore file (full path to file) or add the username the PHP is running under.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 rpvw, Mar 23, 2019
    Last edited: Mar 23, 2019
    cPanelLauren likes this.
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    506
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Thanks for the great explanation and assistance @rpvw


    @WorkinOnIt please let us know if you need any further assistance with this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice