How to disable alerts from LFD for a specific user in Linux? Is it possible?
Yes, it is possible! Before that we have a small discussion on LFD. Login Failure Daemon is abbreviated as LFD. This comes with CSF. It is a daemon process running on a server which has CSF for server security.
LFD scans the server logs files periodically (every X seconds) for resent login failures and consider such attepts like “Brute Force Attacks” and block that IPs with the help of CSF.
We already discussed how disable the Lfd excessive resource usage alert on a server in one of our previous post. Please see the article below for more details:
How to disable Lfd excessive resource usage alert?
In this article, we are going to disable alert completely for a particular user on the server. This can be simply done by adding the user name in “csf.uidignore” file.
The steps pasted below will explain it deeply.
Step 1 : Log into server as root user.
Step 2 : Next, you need to findout the UID (User ID) of that user.
You can check the UID information from /etc/passwd file or from the CLI by using the command “id.”
grep -i username /etc/passwd
Example:
# grep -i nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin
id -u username
Example:
# id -u nobody
99
Step 3 : Open the CSF conf file “/etc/csf/csf.uidignore” with your favorite text editor.
Step 4 : Add the UID in that file.
Step 5 : Restart CSF and LFD.
csf -r
CSF commands for Unix/Linux servers
# /etc/init.d/lfd restart
That’s it dude!!
Now you are free from those annoying email alerts.
Let me know if you have any questions..
