Want more timely Centmin Mod News Updates?
Become a Member

Automatic nightly YUM updates with yum-cron

Discussion in 'System Administration' started by eva2000, Sep 28, 2014.

  1. MaximilianKohler

    MaximilianKohler Member

    125
    1
    18
    Jun 23, 2023
    Ratings:
    +13
    Local Time:
    9:57 AM
    I had mine set to "stdio" and when I got my server host (Hetzner) to open my SMTP ports, I started getting spammed with hundreds (now over 1000) of email notifications. Subject:
    How do I stop this? It looks like it went back and sent all existing entries. It's not just sending me new ones.

    I also noticed that when I type "mutt", there's only 50 entries and they're all from June 28.

    I commented out the lines under "email" (they had my email in "email_to =") but that didn't seem to work.

    I tried to find other files that may have my email address using:
    Code:
    grep -rinw "admin@mydomain.com"
    but that doesn't work for just "/". You have to specify other folders at least.'

    EDIT: Oh, wow, they were coming from my test server too...

     
    Last edited: Dec 3, 2023
  2. eva2000

    eva2000 Administrator Staff Member

    51,248
    11,900
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,374
    Local Time:
    3:57 AM
    Nginx 1.25.x
    MariaDB 10.x
    Those are related to CSF Firewall LFD daemon and not related to yum auto updates.

    From /etc/csf/csf.conf settings config for those specific lfd emails are related to LF_EMAIL_ALERT and LF_TEMP_EMAIL_ALERT - both set to 1 = enabled. You can set to 0 to disable and restart CSF via command
    Code (Text):
    csf -ra

    from CSF Firewall config file grep filter for *_ALERT = variable settings
    Code (Text):
    grep -B1 -i '_ALERT = "' /etc/csf/csf.conf
    # reported log file for the reason for the flooding
    LOGFLOOD_ALERT = "0"
    --
    LF_PERMBLOCK_COUNT = "4"
    LF_PERMBLOCK_ALERT = "1"
    --
    LF_NETBLOCK_CLASS = "C"
    LF_NETBLOCK_ALERT = "1"
    --
    # Send an email alert if an IP address is blocked by one of the [*] triggers
    LF_EMAIL_ALERT = "1"
    --
    # Note: LF_EMAIL_ALERT must still be enabled to get permanent block emails
    LF_TEMP_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_SSH_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_SU_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_SUDO_EMAIL_ALERT = "0"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_WEBMIN_EMAIL_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    LF_CONSOLE_EMAIL_ALERT = "1"
    --
    # file to report in gigabytes, e.g. set to 5 for 5GB
    LF_MODSECIPDB_ALERT = "0"
    --
    # Send an email alert if LF_DISTFTP is triggered
    LF_DISTFTP_ALERT = "1"
    --
    # Send an email alert if LF_DISTSMTP is triggered
    LF_DISTSMTP_ALERT = "1"
    --
    # per IP
    LT_EMAIL_ALERT = "1"
    --
    # Send an email alert if an IP address is blocked due to connection tracking
    CT_EMAIL_ALERT = "1"
    --
    # this option to 0
    PT_USERKILL_ALERT = "1"
    --
    # "0" to disable them
    PS_EMAIL_ALERT = "1"
    --
    # 3 = enable this feature only for the root account
    AT_ALERT = "2"
    --
    # 0 = disabled
    UI_ALERT = "4"
    --
    # Set to "0" to disable
    RECAPTCHA_ALERT = "1"
    --
    # this file about RESTRICT_SYSLOG before enabling this option:
    PORTKNOCKING_ALERT = "0"
    

    The Centmin Mod official Getting started guide step 18 outlines how you can handle root@ destined emails https://centminmod.com/getstarted.html. I usually just follow that guide and have such emails directed to a separate email address that is filtered and labelled in Gmail to organise emails and be able to track security related CSF Firewall and system emails.
     
  3. MaximilianKohler

    MaximilianKohler Member

    125
    1
    18
    Jun 23, 2023
    Ratings:
    +13
    Local Time:
    9:57 AM
    Ah, thank you. Do you really think it's useful to get those emails? Especially by default? What do you even do with them? Surely you're not looking through hundreds of "firewall blocked IP" emails a day? There's no option to turn them all off except by blocking the port (25?) in the firewall, or editing all the individual settings manually?
     
  4. eva2000

    eva2000 Administrator Staff Member

    51,248
    11,900
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,374
    Local Time:
    3:57 AM
    Nginx 1.25.x
    MariaDB 10.x
    Just turn them all off by using sed replace - read up on grep, sed linux commands

    filter grep match for EMAIL_ALERT = "1"
    Code (Text):
    grep 'EMAIL_ALERT = "1"' /etc/csf/csf.conf
    

    will list all enabled alerts
    Code (Text):
    grep 'EMAIL_ALERT = "1"' /etc/csf/csf.conf
    LF_EMAIL_ALERT = "1"
    LF_TEMP_EMAIL_ALERT = "1"
    LF_SSH_EMAIL_ALERT = "1"
    LF_SU_EMAIL_ALERT = "1"
    LF_WEBMIN_EMAIL_ALERT = "1"
    LF_CONSOLE_EMAIL_ALERT = "1"
    LT_EMAIL_ALERT = "1"
    CT_EMAIL_ALERT = "1"
    PS_EMAIL_ALERT = "1"
    

    backup CSF Firewall config with backup named = b4emailoff
    Code (Text):
    csf --profile backup b4emailoff
    

    check CSF backup file name
    Code (Text):
    csf --profile list | grep b4emailoff
    1701602078_b4emailoff (Sun Dec  3 05:14:38 2023)
    

    sed replace all from "1" to "0"
    Code (Text):
    sed -i -E 's/(LF|LT|CT|PS|LF_TEMP|LF_SSH|LF_SU|LF_WEBMIN|LF_CONSOLE)_EMAIL_ALERT = "1"/\1_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
    

    verify with grep
    Code (Text):
    grep 'EMAIL_ALERT = "0"' /etc/csf/csf.conf
    LF_EMAIL_ALERT = "0"
    LF_TEMP_EMAIL_ALERT = "0"
    LF_SSH_EMAIL_ALERT = "0"
    LF_SU_EMAIL_ALERT = "0"
    LF_SUDO_EMAIL_ALERT = "0"
    LF_WEBMIN_EMAIL_ALERT = "0"
    LF_CONSOLE_EMAIL_ALERT = "0"
    LT_EMAIL_ALERT = "0"
    CT_EMAIL_ALERT = "0"
    PS_EMAIL_ALERT = "0"
    

    restart CSF Firewall
    Code (Text):
    csf -ra

    If i need to restore from backup
    Code (Text):
    csf --profile restore 1701602078_b4emailoff
    Restoring backup...
    '/var/lib/csf/backup/1701602078_b4emailoff' -> '/etc/csf/csf.conf'
    You should now restart csf and then lfd
    

    restart CSF Firewall
    Code (Text):
    csf -ra


    But turning them all off, prevents you from understanding the state of your CSF Firewall operations. Though you could get some overview via cminfo netstat command still https://community.centminmod.com/threads/cminfo-command-explained.11399/#post-64104 at https://community.centminmod.com/threads/update-cminfo-command-with-netstat-flag-option.14468/