The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/tmp directory lfd emails

Discussion in 'Security' started by salvatore333, Nov 9, 2010.

  1. salvatore333

    salvatore333 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    I keep getting a lot of the below emails (suspicous file alert from lfd) every time this customer updates their joomla. i have secured the /tmp directory long ago per below. Should I be concerned about this and what action should I take?

    I have googled everything, thanks so much

    Time: Tue Nov 9 00:05:04 2010 -0500
    File: /tmp/install_4cd8064875***/CustoMenu-v2.5.3/installer.php
    Reason: Script, file extension
    Owner: plumm***:plumm*** (566:563)
    Action: No action taken
    ----------------------------------------------
    I have already secured below:
    /var/tmp is mounted noexec,nosuid
    /var/tmp is mounted as a filesystem
    Suhosin for PHP enabled in apache.
    Mod Security enabled in apache.
    ---------------------------------------------

    This is whats in my /tmp directory on the server:

    aquota.user
    ArticlesAnywhere-v1.4.4.zip
    .cpanel_easy-.MvwOeCDIqxU6QU3v
    .cpanel_easy-.MvwOeCDIqxU6QU3v.had_error
    CustoMenu-v2.5.3.zip
    eaccelerator/
    .ftpquota
    .ICE-unix/
    install_4cd8061e2a6fe/
    install_4cd80648754d5/
    lost+found/
    mm.sem.zg4eXB
    mysql.sock@
    pear/
    .spamassassin20015FRkcDtmp
    .spamassassin2001EEmlbXtmp
    spamd-24132-init/

    and hundreds of the below files:
    sess_ffe8498fa9503ceed35712317c8f0c34


    thanks again for any help
     
  2. smoge

    smoge Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Any false-positives can be added to /etc/csf/csf.fignore and lfd will then
    ignore those listed files and directories.

    Within csf.fignore is a list of files that lfd directory watching will ignore.
    You must specify the full path to the file

    You can also use perl regular expression pattern matching, for example:
    /tmp/clamav.*
    /tmp/.*\.wrk

    Remember that you will need to escape special characters (precede them with a
    backslash) such as \. \?

    Pattern matching will only occur with strings containing an asterisk (*),
    otherwise full file path matching will be applied
     
Loading...

Share This Page