The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Repeated emails coming from CSF, and LFD

Discussion in 'General Discussion' started by SidedTech, May 29, 2016.

  1. SidedTech

    SidedTech Registered

    Joined:
    Jan 14, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I really used Google, and did not find a proper solution for this specific issue. I don't need or want these emails. I know the system is highly secure.

    I receive the email:

    Code:
    Subject:
    lfd on xxx.xxxxxxx.com: Suspicious process running under user avahi
    
    Body:
    Time: Sun May 29 19:00:31 2016 +0000
    PID: 3144 (Parent PID:3144)
    Account: avahi
    Uptime: 133816 seconds
    
    
    Executable:
    
    /usr/sbin/avahi-daemon
    
    
    Command Line (often faked in exploits):
    
    avahi-daemon: running [panel.local]
    
    
    Network connections by the process (if any):
    
    udp: 0.0.0.0:5353 -> 0.0.0.0:0
    udp: 0.0.0.0:55561 -> 0.0.0.0:0
    
    
    Files open by the process (if any):
    
    /dev/null
    anon_inode:inotify
    
    
    Memory maps by the process (if any):
    
    563765a5b000-563765a7a000 r-xp 00000000 08:00 13669 /usr/sbin/avahi-daemon
    
    
    (truncated because I don't need the whole message for this question)

    Is there ANY WAY to just shut off this email? I also receive others, but this one is the most annoying.
     
    #1 SidedTech, May 29, 2016
    Last edited by a moderator: May 29, 2016
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Yes, If you want to disable above mail alert then you need to update /etc/csf/csf.pignore file on your server with the following line, so that CSF will ignore this process and you will not get any alert for this process.

    Code:
    exe:/usr/sbin/avahi-daemon
     
    SidedTech likes this.
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    IMHO, you do.

    In WHM > CSF, at top, first button is for Check Server Security. Once that has ran, at bottom choose Run Again and Display Checks. Using just this one message you're getting for an example, avahi-daemon, read the checks close to find this message:

    With the Info in mind you can end the emails for the service by disabling that service.
     
    SidedTech likes this.
Loading...

Share This Page