Excluding Suspicious Process

Post Reply
consultant
Junior Member
Posts: 19
Joined: 24 Aug 2016, 04:49

Excluding Suspicious Process

Post by consultant »

I've searched and read many posts on this topics before but I still don't find it clear what specific syntax to use in the csf.pignore file. These is the type of warning I'm trying to ignore.

lfd[5333]: *Suspicious Process* PID:3792 PPID:3788 User:username Uptime:121 secs EXE:/home/virtfs/elemcms/opt/cpanel/ea-php73/root/usr/bin/php CMD:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php

Right now I have:

pcmd:cron\.php$
cmd:cron\.php$

There's so many different options of what to specify in the file and the syntax, it leaves most users like myself on sort of a trial and error quest and so for I'm unsuccessful.
Post Reply