This article provides a guide to suppress CSF LFD warnings for a specific process. CSF/LFD notification emails are sent by the server when specific criteria are met, for the sake of alerting admins regarding potential security concerns on the server.
In some cases, it may be desirable to ignore specific notifications that may be safe, but due to the CSF configuration, trigger a warning (the subject line contains "Excessive Resource Usage").
Selectively Suppress CSF LFD Warnings
There are many guides out there that outline steps to suppress ALL CSF/LFD notification messages. This is not ideal for all scenarios. In fact, the notification system can be very helpful when CSF is appropriately configured.
However, sometimes, an admin may prefer to allocate additional resources to certain processes which exceed the limits set in CSF config. In this case, the process, will trigger the alert notification emails. For this specific process, we would prefer not to be notified.
Edit LFD Process Tracking Ignored Commands
In this guide, we will be modifying the /etc/csf/csf.pignore file. This file contains the list of executables (exe) and commands (cmd) that will be ignored by LFD process tracking.
Follow the steps below to setup suppression of CSF and LFD warnings for a specific process:
- First, login to the server as root user.
- Make a copy of the /etc/csf/csf.pignore file:
cp /etc/csf/csf.pignore /etc/csf/csf.pignore.bak
- Next, edit the original file with your preferred text editor:
- Once complete, exit and write changes to the /etc/csf/csf.pignore file.
- Restart CSF and LFD services to process the changes:
The CSF and LFD services will now restart using the updated /etc/csf/csf.pignore data.