Disable LFD alert for a specific user in Linux

How to disable alerts from LFD for a specific user in Linux? Is it possible?

Yes, it is possible! Before that we have a small discussion on LFD. Login Failure Daemon is abbreviated as LFD. This comes with CSF. It is a daemon process running on a server which has CSF for server security.

LFD scans the server logs files periodically (every X seconds) for resent login failures and consider such attepts like “Brute Force Attacks” and block that IPs with the help of CSF.

We already discussed how disable the Lfd excessive resource usage alert on a server in one of our previous post. Please see the article below for more details:

How to disable Lfd excessive resource usage alert?

In this article, we are going to disable alert completely for a particular user on the server. This can be simply done by adding the user name in “csf.uidignore” file.

The steps pasted below will explain it deeply.

Step 1 : Log into server as root user.

Step 2 : Next, you need to findout the UID (User ID) of that user.

You can check the UID information from /etc/passwd file or from the CLI by using the command “id.”

grep -i username /etc/passwd

Example:

# grep -i nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin
id -u username

Example:

# id -u nobody
99

Step 3 : Open the CSF conf file “/etc/csf/csf.uidignore” with your favorite text editor.

Step 4 : Add the UID in that file.

Step 5 : Restart CSF and LFD.

csf -r

CSF commands for Unix/Linux servers

# /etc/init.d/lfd restart

That’s it dude!!
Now you are free from those annoying email alerts.

Let me know if you have any questions..

Arunlal Ashok

Sr. Linux Server Administrator. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Check My Profile in uPwork (oDesk) and create a job, if you need any administration help. Thanks!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *