How to disable Lfd excessive resource usage alert
LFD : is the abbreviation of Login Failure Daemon. It is a daemon process running on a server which has CSF for server security. LFD scans the server logs files periodically (every X seconds) for resent login failures and consider such attepts like “Brute Force Attacks” and block that IPs with the help of CSF.
In some strange situations you may get some alert emails from server for excessive resource usage. In LFD we can set resource usage limit. You can refer here for more details on Process tracking with the help of csf.
How to disable Lfd excessive resource usage alert?
Example email alert from LFD.
Time: Tue Nov 25 09:15:10 2012 +0520 Account: crybit Resource: Virtual Memory Size Exceeded: 205 > 200 (MB) Executable: /usr/bin/php Command Line: /usr/bin/php /home/crybit/public_html/index.php PID: 11254 (Parent PID:11254) Killed: No
From the above email example you can see that, here the alert is for excessive memory usage from the server for a particular user. You can avoid this email alert by different ways.
You can disable this particular feature from CSF configuration. That’s not a good method to solve this issue. This email alert is actually much useful for monitoring user’s resource usage under your server.
How to disable it?
Step 1: Login to your server via SSH as root user.
Step 2: Open the CSF configuration file (/etc/csf/csf.conf) with your favorite editor and search the directive ‘PT_USERMEM’. By considering the above example, the PT_USERMEM is 200. You can set the value of PT_USERMEM to ‘0’ to disable this feature from CSF.
[[email protected] #] vim /etc/csf/csf.conf ----- # This User Process Tracking option sends an alert if any linux user process # exceeds the memory usage set (MB). To ignore specific processes or users use # csf.pignore # # Set to 0 to disable this feature PT_USERMEM = "200" -----
You can increase the PT_USERMEM limit. By setting the value of PT_USERMEM to a higher value than 200 may help you.
This is the simplest and standard way to stop such alerts from CSF and LFD. There is a file in csf directory ‘csf.pignore’. You can add the process or the user which you want to ignore this type of alert in to this file.
[[email protected] #] vim /etc/csf/csf.pignore
This type of alerts are useful for monitoring your server.
Restart the services CSF and LFD
That’s it. 🙂