Whitelist PDNS processes

Post Reply
Floffy
Junior Member
Posts: 4
Joined: 15 Aug 2016, 09:03

Whitelist PDNS processes

Post by Floffy »

Hello,

As cPanel have implemented Powerdns to cPanel v. 60 (dev) I'm getting alot of emails from lfd:

Time: Mon Aug 15 10:00:44 2016 +0200
Account: named
Resource: Process Time
Exceeded: 41611 > 1800 (seconds)
Executable: /usr/sbin/pdns_server
Command Line: /usr/sbin/pdns_server --daemon
PID: 19587 (Parent PID:19587)
Killed: No


Time: Mon Aug 15 10:00:44 2016 +0200
PID: 19587 (Parent PID:19587)
Account: named
Uptime: 41611 seconds


Executable:

/usr/sbin/pdns_server


Command Line (often faked in exploits):

/usr/sbin/pdns_server --daemon


Network connections by the process (if any):

udp: 0.0.0.0:53 -> 0.0.0.0:0
tcp: 0.0.0.0:53 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/dev/null


Memory maps by the process (if any):

7f75dc000000-7f75dc021000 rw-p 00000000 00:00 0

Would it be possible for you to whitelist these processes as they will be common on many servers in the future when hosting companies are using PDNS?
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: Whitelist PDNS processes

Post by ForumAdmin »

We'll add this in the next release of csf. For now you can add the following to /etc/csf/csf.pignore and then resart lfd:

Code: Select all

exe:/usr/sbin/pdns_server
Floffy
Junior Member
Posts: 4
Joined: 15 Aug 2016, 09:03

Re: Whitelist PDNS processes

Post by Floffy »

I also get a lot of these:

Excessive resource usage:Virtual Memory Size - ttesting
Time: Fri Aug 19 07:48:12 2016 +0200
Account: ttesting
Resource: Virtual Memory Size
Exceeded: 419 > 256 (MB)
Executable: /opt/cpanel/ea-php70/root/usr/bin/lsphp.cagefs
Command Line: lsphp
PID: 132482 (Parent PID:131258)
Killed: No

Is this something you could add aswell?
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: Whitelist PDNS processes

Post by Sergio »

Do the same, add the following to csf.pignore:

Code: Select all

exe:/opt/cpanel/ea-php70/root/usr/bin/lsphp.cagefs
Post Reply