Bug with PT_SSHDHUNG and sshd: unknown [net]

3 posts Page 1 of 1
Stassy
Junior Member
Posts: 2
Joined: 21 Oct 2017, 18:24


EXPECTED:
PT_SSHDHUNG is supposed to kill "sshd: unknown [priv]" and "sshd: unknown [net]" processes.

PROBLEM:
It doesn"t kill "sshd: unknown [net]"

SOLUTION:
Change the following line in lfd and add a test with SPACE at the end just like this "sshd: unknown [net] "<-- note the space at the end.

from
if ($cmdline eq "sshd: unknown [net]" or $cmdline eq "sshd: unknown [priv]") {
to
if ($cmdline eq "sshd: unknown [net]" or $cmdline eq "sshd: unknown [net] " or $cmdline eq "sshd: unknown [priv]") {

NOTE:
Maybe the problem comes from ssh and will be corrected later, but lfd has to manage this.

VERSIONS:
Centos 4.7 with cPanel v66.0.26 (last available)
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
csf v11.01
ForumAdmin
Moderator
Posts: 1341
Joined: 01 Oct 2008, 09:24


We will implement a regex solution in the next release.
Stassy
Junior Member
Posts: 2
Joined: 21 Oct 2017, 18:24


Thanks
3 posts Page 1 of 1