Help with pignore / Ubuntu Landscape

7 posts Page 1 of 1
autumnwalker
Junior Member
Posts: 4
Joined: 12 Oct 2019, 12:35


Hi Folks,

I've been reading the forums and the readme and I cannot get this sorted out. I have a server running Ubuntu Landscape and the following four "command line" items keep triggering CSF for excessive research usage:

/usr/bin/python3 /usr/bin/landscape-monitor --ignore-sigint --quiet
/usr/bin/python3 /usr/bin/landscape-broker --ignore-sigint --quiet
/usr/bin/python3 /usr/bin/landscape-package-reporter
/usr/bin/python3 /usr/bin/landscape-package-changer --quiet

Example email:

Time: Sat Oct 12 08:20:15 2019 -0300
Account: landscape
Resource: Virtual Memory Size
Exceeded: 274 > 256 (MB)
Executable: /usr/bin/python3.6
Command Line: /usr/bin/python3 /usr/bin/landscape-package-reporter --quiet
PID: 8052 (Parent PID:23501)
Killed: No

I've tried various combinations of cmd: and pcmd: to ignore them, but nothing is working. What is the right way to ignore these commands?

Thanks!
autumnwalker
Junior Member
Posts: 4
Joined: 12 Oct 2019, 12:35


I've tried:

exe:/usr/bin/python3.6
pexe:/usr/bin/python3.*
cmd:/usr/bin/python3 /usr/bin/landscape-monitor
pcmd:/usr/bin/python3 /usr/bin/landscape-*

Nothing is working. Still getting hammered by alerts.
BallyBasic79
Junior Member
Posts: 70
Joined: 22 Aug 2019, 21:43


# [*]You must remember to escape characters correctly when using regex's, e.g.:
# pexe:/home/.*/public_html/cgi-bin/script\.cgi

The . needs to be escaped:
exe:/usr/bin/python3\.6

HTH
autumnwalker
Junior Member
Posts: 4
Joined: 12 Oct 2019, 12:35


I ended up going with user:landscape which seems to have stopped the emails.

What is the right way to ignore these processes?
BallyBasic79
Junior Member
Posts: 70
Joined: 22 Aug 2019, 21:43


For detail, refer to 8. Process Tracking in https://download.configserver.com/csf/readme.txt (if you haven't already.)

There are several notes in the readme on identifying the source of the process that CSF uses for evaluation (/proc), where to get more information, and a caution about a problematic NULL character that can be inadvertently copied into the pignore file.

I hope this helps you solve this.
autumnwalker
Junior Member
Posts: 4
Joined: 12 Oct 2019, 12:35


Thanks @BallyBasic79. I did read the readme, but it has not answered my question.

What is the right way to ignore this process? Should I ignore python altogether (seems wrong) or should I ignore the command (it's suggested that is dangerous)? I've ignored the user which (in my environment) is likely ok, but could be problematic if that user is compromised.
BallyBasic79
Junior Member
Posts: 70
Joined: 22 Aug 2019, 21:43


You could try:
exe:/usr/bin/python3.6 (sorry, exe does not need to be escaped.)
pcmd:/usr/bin/python3 /usr/bin/landscape-.* (fixed .* at end)

You can also raise the 256 (MB) Virtual Memory Size threshold.
7 posts Page 1 of 1