LF_DIST_ACTION not triggering

Post Reply
willdashwood
Junior Member
Posts: 8
Joined: 15 May 2012, 12:18

LF_DIST_ACTION not triggering

Post by willdashwood »

Hello,

I've created a bash script which should be triggered by LF_DIST_ACTION but doesn't appear to be. I've set the execute bit and csf.conf appears to be set OK.

Code: Select all

root@server [~]# grep ^LF_DIST_ACTION /etc/csf/csf.conf
LF_DIST_ACTION = "/root/LF_DIST_ACTION.sh"
If I call the script directly over the command line seems to work fine. It sends me a Pushbullet alert, which is how I know if it has or has not executed.

I'm tailing the lfd.log and I can see plenty of entries where the script should be triggered. For example...

Code: Select all

10 distributed smtpauth attacks on account [xxxx@xxxx.com] in the last 3600 secs - *Blocked in csf* [LF_DISTATTACK]
But the script doesn't seem to execute. I've set this up on 10 different servers but the result is the same. I'm really scratching my head on this one. Does anyone have any ideas? I notice there's a debug mode in CSF/LFD. Would enabling this give me some more information on what's happening?

Many thanks,
Will
willdashwood
Junior Member
Posts: 8
Joined: 15 May 2012, 12:18

Re: LF_DIST_ACTION not triggering

Post by willdashwood »

Actually, have I misunderstood this feature? Is LF_DIST_ACTION only triggered when there's successful logins to a username? The ones I'm seeing in the logs now will be failed authentications because the mailbox password in question has already been reset. Is that why I'm also not getting email notifications with LF_DISTSMTP_ALERT enabled?
Post Reply