LFD : is the abbreviation of Login Failure Daemon. It is a daemon process running on a server which has CSF for server security. LFD scans the server logs files periodically (every X seconds) for resent login failures and consider such attepts like “Brute Force Attacks” and block that IPs with the help of CSF.
In some strange situations you may get some alert emails from server for excessive resource usage. In LFD we can set resource usage limit. You can refer here for more details onProcess tracking with the help of csf.
How to disable Lfd excessive resource usage alert?
Example email alert from LFD.
Time: Tue Nov 25 09:15:10 2012 +0520
Account: crybit
Resource: Virtual Memory Size
Exceeded: 205 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/crybit/public_html/index.php
PID: 11254 (Parent PID:11254)
Killed: No
From the above email example you can see that, here the alert is for excessive memory usage from the server for a particular user. You can avoid this email alert by different ways.
Method I
You can disable this particular feature from CSF configuration. That’s not a good method to solve this issue. This email alert is actually much useful for monitoring user’s resource usage under your server.
How to disable it?
Step 1: Login to your server via SSH as root user.
Step 2: Open the CSF configuration file (/etc/csf/csf.conf) with your favorite editor and search the directive ‘PT_USERMEM’. By considering the above example, the PT_USERMEM is 200. You can set the value of PT_USERMEM to ’0′ to disable this feature from CSF.
You can disable this particular feature from CSF configuration. That’s not a good method to solve this issue. This email alert is actually much useful for monitoring user’s resource usage under your server.
How to disable it?
Step 1: Login to your server via SSH as root user.
Step 2: Open the CSF configuration file (/etc/csf/csf.conf) with your favorite editor and search the directive ‘PT_USERMEM’. By considering the above example, the PT_USERMEM is 200. You can set the value of PT_USERMEM to ’0′ to disable this feature from CSF.
[root@server #] vim /etc/csf/csf.conf ----- # This User Process Tracking option sends an alert if any linux user process # exceeds the memory usage set (MB). To ignore specific processes or users use # csf.pignore # # Set to 0 to disable this feature PT_USERMEM = "200" -----
Method II
You can increase the PT_USERMEM limit. By setting the value of PT_USERMEM to a higher value than 200 may help you.
You can increase the PT_USERMEM limit. By setting the value of PT_USERMEM to a higher value than 200 may help you.
Method III
This is the simplest and standard way to stop such alerts from CSF and LFD. There is a file in csf directory ‘csf.pignore’. You can add the process or the user which you want to ignore this type of alert in to this file.
File location:
This is the simplest and standard way to stop such alerts from CSF and LFD. There is a file in csf directory ‘csf.pignore’. You can add the process or the user which you want to ignore this type of alert in to this file.
File location:
[root@server #] vim /etc/csf/csf.pignore
Note:
This type of alerts are useful for monitoring your server.
That’s it. 
1 Comments
Also PT_USERTIME needs to be 0 in order to get rid of these emails.
ReplyDelete