ConfigServer Security & Firewall (csf)/csf.pignore
Uit WaaaghPedia
Voorkom onnodige email met onderwerp "Suspicious process running under user dovecot"
Open:
nano /etc/csf/csf.pignore
Voeg een van onderstaande regels toe: deze zijn bijna gelijk aan de Executable: regel in de email
exe:/bin/dbus-daemon exe:/sbin/ntpd exe:/usr/bin/dbus-daemon exe:/usr/bin/dbus-daemon-1 exe:/usr/bin/lsmd exe:/usr/bin/postgres exe:/usr/bin/spamc exe:/usr/lib/courier-imap/bin/imapd exe:/usr/lib/courier-imap/bin/pop3d exe:/usr/lib/polkit-1/polkitd exe:/usr/libexec/dovecot/anvil exe:/usr/libexec/dovecot/auth exe:/usr/libexec/dovecot/dict exe:/usr/libexec/dovecot/imap exe:/usr/libexec/dovecot/imap-login exe:/usr/libexec/dovecot/lmtp exe:/usr/libexec/dovecot/pop3 exe:/usr/libexec/dovecot/pop3-login exe:/usr/libexec/dovecot/quota-status exe:/usr/libexec/dovecot/stats exe:/usr/libexec/gam_server exe:/usr/libexec/hald-addon-acpi exe:/usr/libexec/hald-addon-keyboard exe:/usr/libexec/mysqld exe:/usr/local/apache/bin/httpd exe:/usr/local/cpanel/3rdparty/bin/analog exe:/usr/local/cpanel/3rdparty/bin/english/webalizer exe:/usr/local/cpanel/3rdparty/bin/imapd exe:/usr/local/cpanel/3rdparty/bin/php exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english exe:/usr/local/cpanel/3rdparty/php/54/bin/php-cgi exe:/usr/local/cpanel/3rdparty/php/56/bin/php-cgi exe:/usr/local/cpanel/3rdparty/php/56/sbin/php-fpm exe:/usr/local/cpanel/3rdparty/php/54/sbin/php-fpm exe:/usr/local/cpanel/3rdparty/sbin/mydns exe:/usr/local/cpanel/3rdparty/sbin/p0f exe:/usr/local/cpanel/bin/cppop exe:/usr/local/cpanel/bin/cppop-ssl exe:/usr/local/cpanel/bin/cpuwatch exe:/usr/local/cpanel/bin/cpwrap exe:/usr/local/cpanel/bin/logrunner exe:/usr/local/cpanel/bin/pkgacct exe:/usr/local/cpanel/cpanel exe:/usr/local/cpanel/cpdavd exe:/usr/local/cpanel/cpsrvd exe:/usr/local/cpanel/cpsrvd-ssl exe:/usr/local/libexec/dovecot/imap exe:/usr/local/libexec/dovecot/imap-login exe:/usr/local/libexec/dovecot/pop3 exe:/usr/local/libexec/dovecot/pop3-login exe:/usr/local/urchin/bin/urchinwebd exe:/usr/sbin/chronyd exe:/usr/sbin/exim exe:/usr/sbin/exim exe:/usr/sbin/hald exe:/usr/sbin/httpd exe:/usr/sbin/mysqld exe:/usr/sbin/mysqld_safe exe:/usr/sbin/named exe:/usr/sbin/nscd exe:/usr/sbin/nsd exe:/usr/sbin/ntpd exe:/usr/sbin/proftpd exe:/usr/sbin/pure-ftpd exe:/usr/sbin/sshd exe:/var/cpanel/3rdparty/bin/php exe:/usr/sbin/pdns_server exe:/usr/local/cpanel/bin/autossl_check exe:/usr/local/cpanel/bin/whm_xfer_download-ssl pexe:^/usr/lib/jvm/java-.*/jre/bin/java$ exe:/usr/libexec/dovecot/indexer-worker exe:/usr/libexec/dovecot/indexer
Herstart LFD
systemctl restart lfd.service