Repeated emails coming from CSF, and LFD

SidedTech

Registered
Jan 14, 2015
3
0
1
cPanel Access Level
Reseller Owner
I really used Google, and did not find a proper solution for this specific issue. I don't need or want these emails. I know the system is highly secure.

I receive the email:

Code:
Subject:
lfd on xxx.xxxxxxx.com: Suspicious process running under user avahi

Body:
Time: Sun May 29 19:00:31 2016 +0000
PID: 3144 (Parent PID:3144)
Account: avahi
Uptime: 133816 seconds


Executable:

/usr/sbin/avahi-daemon


Command Line (often faked in exploits):

avahi-daemon: running [panel.local]


Network connections by the process (if any):

udp: 0.0.0.0:5353 -> 0.0.0.0:0
udp: 0.0.0.0:55561 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
anon_inode:inotify


Memory maps by the process (if any):

563765a5b000-563765a7a000 r-xp 00000000 08:00 13669 /usr/sbin/avahi-daemon
(truncated because I don't need the whole message for this question)

Is there ANY WAY to just shut off this email? I also receive others, but this one is the most annoying.
 
Last edited by a moderator:

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Yes, If you want to disable above mail alert then you need to update /etc/csf/csf.pignore file on your server with the following line, so that CSF will ignore this process and you will not get any alert for this process.

Code:
exe:/usr/sbin/avahi-daemon
 
  • Like
Reactions: SidedTech

Infopro

Well-Known Member
May 20, 2003
17,113
513
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
I don't need or want these emails
IMHO, you do.

In WHM > CSF, at top, first button is for Check Server Security. Once that has ran, at bottom choose Run Again and Display Checks. Using just this one message you're getting for an example, avahi-daemon, read the checks close to find this message:

Check server startup for avahi-daemon - On most servers avahi-daemon is not needed and should be stopped and disabled from starting if it is not required. This service is currently enabled in init and can usually be disabled using:
service avahi-daemon stop
chkconfig avahi-daemon off
With the Info in mind you can end the emails for the service by disabling that service.
 
  • Like
Reactions: SidedTech