Get the most out of your Centmin Mod LEMP stack
Become a Member

CSF Disable lfd server load email

Discussion in 'Other Centmin Mod Installed software' started by BamaStangGuy, Aug 6, 2017.

  1. BamaStangGuy

    BamaStangGuy Active Member

    470
    137
    43
    May 25, 2014
    Ratings:
    +180
    Local Time:
    12:34 AM
    How can I disable the email alerting me to server load average being high? We are running CPU intensive software on some of our servers and its getting annoying have the emails streaming in.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,195
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    3:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    You can also setup email filters to group and manage these alerts which is better than disabling all alerts.

    Also check CSF Firewall's config /etc/csf/csf.conf and official docs/readme linked at bottom of CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS ? hint custom via csf.pignore ;)
    another hint check options related to LF_ALERT_*, PT_LOAD* and references to csf.pignore
    Code (Text):
    egrep -C5  'LF_ALERT_|PT_LOAD|csf.pignore' /etc/csf/csf.conf
    

    Code (Text):
    egrep -C5  'LF_ALERT_|PT_LOAD|csf.pignore' /etc/csf/csf.conf
    
    # By default, lfd will send alert emails using the relevant alert template to
    # the To: address configured within that template. Setting the following
    # option will override the configured To: field in all lfd alert emails
    #
    # Leave this option empty to use the To: field setting in each alert template
    LF_ALERT_TO = ""
    
    # By default, lfd will send alert emails using the relevant alert template from
    # the From: address configured within that template. Setting the following
    # option will override the configured From: field in all lfd alert emails
    #
    # Leave this option empty to use the From: field setting in each alert template
    LF_ALERT_FROM = ""
    
    # By default, lfd will send all alerts using the SENDMAIL binary. To send using
    # SMTP directly, you can set the following to a relaying SMTP server, e.g.
    # "127.0.0.1". Leave this setting blank to use SENDMAIL
    LF_ALERT_SMTP = ""
    
    # Block Reporting. lfd can run an external script when it performs and IP
    # address block following for example a login failure. The following setting
    # is to the full path of the external script which must be executable. See
    # readme.txt for format details
    --
    #
    # While enabling this setting will reduce false-positives, having it set to 0
    # does provide better checking for exploits running on the server
    PT_SKIP_HTTP = "0"
    
    # lfd will report processes, even if they're listed in csf.pignore, if they're
    # tagged as (deleted) by Linux. This information is provided in Linux under
    # /proc/PID/exe. A (deleted) process is one that is running a binary that has
    # the inode for the file removed from the file system directory. This usually
    # happens when the binary has been replaced due to an upgrade for it by the OS
    # vendor or another third party (e.g. cPanel). You need to investigate whether
    --
    PT_DELETED_ACTION = ""
    
    # User Process Tracking. This option enables the tracking of the number of
    # process any given account is running at one time. If the number of processes
    # exceeds the value of the following setting an email alert is sent with
    # details of those processes. If you specify a user in csf.pignore it will be
    # ignored
    #
    # Set to 0 to disable this feature
    PT_USERPROC = "0"
    
    # This User Process Tracking option sends an alert if any user process exceeds
    # the virtual memory usage set (MB). To ignore specific processes or users use
    # csf.pignore
    #
    # Set to 0 to disable this feature
    PT_USERMEM = "512"
    
    # This User Process Tracking option sends an alert if any user process exceeds
    # the RSS memory usage set (MB) - RAM used, not virtual. To ignore specific
    # processes or users use csf.pignore
    #
    # Set to 0 to disable this feature
    PT_USERRSS = "256"
    
    # This User Process Tracking option sends an alert if any linux user process
    # exceeds the time usage set (seconds). To ignore specific processes or users
    # use csf.pignore
    #
    # Set to 0 to disable this feature
    PT_USERTIME = "0"
    
    # If this option is set then processes detected by PT_USERMEM, PT_USERTIME or
    --
    # process(es) in a comma separated list.
    #
    # The action script must have the execute bit and interpreter (shebang) set
    PT_USER_ACTION = ""
    
    # Check the PT_LOAD_AVG minute Load Average (can be set to 1 5 or 15 and
    # defaults to 5 if set otherwise) on the server every PT_LOAD seconds. If the
    # load average is greater than or equal to PT_LOAD_LEVEL then an email alert is
    # sent. lfd then does not report subsequent high load until PT_LOAD_SKIP
    # seconds has passed to prevent email floods.
    #
    # Set PT_LOAD to "0" to disable this feature
    PT_LOAD = "600"
    PT_LOAD_AVG = "15"
    PT_LOAD_LEVEL = "8"
    PT_LOAD_SKIP = "3600"
    
    # This is the Apache Server Status URL used in the email alert. Requires the
    # Apache mod_status module to be installed and configured correctly
    PT_APACHESTATUS = "http://127.0.0.1/server-status"
    
    # If a PT_LOAD event is triggered, then if the following contains the path to
    # a script, it will be run in a child process. For example, the script could
    # contain commands to terminate and restart httpd, php, exim, etc incase of
    # looping processes. The action script must have the execute bit an
    # interpreter (shebang) set
    PT_LOAD_ACTION = ""
    
    # Fork Bomb Protection. This option checks the number of processes with the
    # same session id and if greater than the value set, the whole session tree is
    # terminated and an alert sent
    #
    --
    #
    # On cPanel servers, PT_ALL_USERS should be enabled to use this option
    # effectively
    #
    # This option will check root owned processes. Session id 0 and 1 will always
    # be ignored as they represent kernel and init processes. csf.pignore will be
    # honoured, but bear in mind that a session tree can contain a variety of users
    # and executables
    #
    # Care needs to be taken to ensure that this option only detects runaway fork
    # bombs, so should be set higher than any session tree is likely to get (e.g.
    

    Default /etc/csf/csf.pignore setup by Centmin Mod for custom CSF pignore.
    Code (Text):
    ###############################################################################
    # Copyright 2006-2017, Way to the Web Limited
    # URL: http://www.configserver.com
    # Email: sales@waytotheweb.com
    ###############################################################################
    # The following is a list of executables (exe) command lines (cmd) and
    # usernames (user) that lfd process tracking will ignore.
    #
    # You must use the following format:
    #
    # exe:/full/path/to/file
    # user:username
    # cmd:command line
    #
    # Or, perl regular expression matching (regex):
    #
    # pexe:/full/path/to/file as a perl regex[*]
    # puser:username as a perl regex[*]
    # pcmd:command line as a perl regex[*]
    #
    # [*]You must remember to escape characters correctly when using regex's, e.g.:
    # pexe:/home/.*/public_html/cgi-bin/script\.cgi
    # puser:bob\d.*
    # pcmd:/home/.*/command\s\to\smatch\s\.pl\s.*
    #
    # It is strongly recommended that you use command line ignores very carefully
    # as any process can change what is reported to the OS.
    #
    # For more information see readme.txt
    
    exe:/bin/dbus-daemon
    exe:/sbin/ntpd
    exe:/usr/bin/dbus-daemon
    exe:/usr/bin/lsmd
    exe:/usr/lib/courier-imap/bin/imapd
    exe:/usr/lib/courier-imap/bin/pop3d
    exe:/usr/lib/polkit-1/polkitd
    exe:/usr/libexec/dovecot/imap
    exe:/usr/libexec/dovecot/imap
    exe:/usr/libexec/dovecot/pop3
    exe:/usr/libexec/dovecot/pop3
    exe:/usr/libexec/mysqld
    exe:/usr/local/apache/bin/httpd
    exe:/usr/local/libexec/dovecot/imap
    exe:/usr/local/libexec/dovecot/imap-login
    exe:/usr/local/libexec/dovecot/pop3
    exe:/usr/local/libexec/dovecot/pop3-login
    exe:/usr/sbin/chronyd
    exe:/usr/sbin/exim
    exe:/usr/sbin/exim4
    exe:/usr/sbin/named
    exe:/usr/sbin/nscd
    exe:/usr/sbin/ntpd
    exe:/usr/sbin/ntpd
    exe:/usr/sbin/proftpd
    exe:/usr/sbin/pure-ftpd
    exe:/usr/sbin/sshd
    pexe:/usr/local/lsws/bin/lshttpd.*
    pexe:/usr/local/lsws/fcgi-bin/lsphp.*
    exe:/usr/local/bin/memcached
    cmd:/usr/local/bin/memcached
    user:mysql
    exe:/usr/sbin/mysqld
    cmd:/usr/sbin/mysqld
    user:varnish
    exe:/usr/sbin/varnishd
    cmd:/usr/sbin/varnishd
    exe:/sbin/portmap
    cmd:portmap
    exe:/usr/libexec/gdmgreeter
    cmd:/usr/libexec/gdmgreeter
    exe:/usr/sbin/avahi-daemon
    cmd:avahi-daemon
    exe:/sbin/rpc.statd
    cmd:rpc.statd
    exe:/usr/libexec/hald-addon-acpi
    cmd:hald-addon-acpi
    user:nsd
    user:nginx
    user:ntp
    user:dbus
    user:smmsp
    user:postfix
    user:dovecot
    user:www-data
    user:spamfilter
    exe:/usr/libexec/dovecot/imap
    exe:/usr/libexec/dovecot/pop3
    exe:/usr/libexec/dovecot/anvil
    exe:/usr/libexec/dovecot/auth
    exe:/usr/libexec/dovecot/pop3-login
    exe:/usr/libexec/dovecot/imap-login
    exe:/usr/libexec/postfix
    exe:/usr/libexec/postfix/bounce
    exe:/usr/libexec/postfix/discard
    exe:/usr/libexec/postfix/error
    exe:/usr/libexec/postfix/flush
    exe:/usr/libexec/postfix/local
    exe:/usr/libexec/postfix/smtp
    exe:/usr/libexec/postfix/smtpd
    exe:/usr/libexec/postfix/pickup
    exe:/usr/libexec/postfix/tlsmgr
    exe:/usr/libexec/postfix/qmgr
    exe:/usr/libexec/postfix/virtual
    exe:/usr/libexec/postfix/proxymap
    exe:/usr/libexec/postfix/anvil
    exe:/usr/libexec/postfix/lmtp
    exe:/usr/libexec/postfix/scache
    exe:/usr/libexec/postfix/cleanup
    exe:/usr/libexec/postfix/trivial-rewrite
    exe:/usr/libexec/postfix/master