Search found 5 matches
- 18 Apr 2018, 19:25
- Forum: General Discussion (csf)
- Topic: LFD count sometimes inflated
- Replies: 1
- Views: 1940
LFD count sometimes inflated
I typoed my name and didn't notice and just TWO logins triggered where the count is specified to be 5 failures. i..e these 5 lines were each counted, when in reality the first 3 actually belong to the same attempt I shall need to be more generous with the numbers for this specific case: Blocked: Per...
- 22 Feb 2018, 15:50
- Forum: General Discussion (csf)
- Topic: False Positives - SU login alert
- Replies: 3
- Views: 5104
Re: False Positives - SU login alert
There is a bug in RHEL and presumably GNU Linux - because I am seeing the same thing. https://bugzilla.redhat.com/show_bug.cgi?id=1216957 The journal dumps some retained old messages into /var/log/messages AND /var/log/secure so you see a chunk of stale entries out of place: Feb 22 00:15:54 to pure-...
- 16 Oct 2017, 22:47
- Forum: Suggestions (csf)
- Topic: Desire for 2 types of netblocks
- Replies: 1
- Views: 2932
Desire for 2 types of netblocks
Your netblock function counts number of block episodes within a class. I would like one that counts by number of unique IP addresses within a class. So this didn't work as *I* had intended- by your mentioning ddos mitigation it is clear that you meant this to be use against rapid fire bombardment. I...
- 13 Oct 2017, 14:03
- Forum: Suggestions (csf)
- Topic: More specific exemptions
- Replies: 1
- Views: 2920
Re: More specific exemptions
Solved for now by editing file at /usr/local/csf/tpl/resalert.txt Subject: lfd on [hostname]: Excess resource use: [user] ([cmd]) Subject: lfd on XXXXXX: Excess resource use: XXXXX (-bash) This way they are still being sent off the server by csf, but at least can be filtered out of our inboxes by su...
- 02 Oct 2017, 15:41
- Forum: Suggestions (csf)
- Topic: More specific exemptions
- Replies: 1
- Views: 2920
More specific exemptions
I would like to exempt alerting for our own activity in SSH - we keep a window open all day for quick access. This results in wasteful emails all day Subject: lfd on XXXXXX: Excessive resource usage: XXXXX (19422 (Parent PID:19420)) Time: Mon Oct 2 07:00:11 2017 -0400 Account: XXXXX Resource: Proces...