LFD: Excessive resource usage

Rob —  August 4, 2014 — Leave a comment

If you run the CSF/LFD firewall on your server then you’ve no doubt seen the emails complaining about high resource usage for various accounts. This small tutorial will show you how to minimize them.

What does it mean?
Simply, it means that the process is using more resources than allowed.

Is it safe to change the default settings for it?
This is up to you – more than likely, if you’re searching for the term “Excessive resource usage”, then you are getting hammered with emails – which is actually worse because you’ll be numb to the alerts and won’t react if something really is going wrong (or won’t notice it because of all of the other email/alerts coming in all the time).

There are three thing you can do:
1. Disable the check
2. Modify the check
3. Ignore certain users/commands that frequently send resource emails

1. Disable:
If you want to disable the check (we recommend you modify it instead – since you actually DO want these emails.. if they’re real), simply edit /etc/csf/csf.conf and change:

to:

2. Modify:
If you would like to modify the check (we recommend), simply edit /etc/csf.csf.conf and change:

to:

This will raise the limit from 200mb to 300mb. You can put whatever you want there.. but you want to put it a little higher than what you’re seeing come through as your false positives.

3. Ignore certain users/commands:
If you want to ignore certain users or commands, then you would edit /etc/csf/csf.pignore and add a line for each user or command.

If you get an ‘excessive resource usage’ email that looks like:

And you know it’s ok.. then you can ignore either the user or the command. In this case, the line could be:
user:

or.. command:

With any of the above, always restart csf and lfd when done:

Related posts from Linux Brigade!

  • Install CSF/LFD Firewall on your Linux Server The first thing on your mind when setting up a new Linux server (dedicated or VPS) is how you can increase security.  One of the best tools in your bag of tricks should be the CSF […]
  • Block Countries from your server easily with CSFBlock Countries from your server easily with CSF If you don’t have a need for certain international visitors to your Linux server, its easy to block them out!  First, you’ll need to make sure that CSF is installed.  You can follow our […]
  • Learn the CSF command line options You have CSF installed and use the GUI to do most things.  (If you don’t have it installed yet, you can read our article on how to install csf).  BUT – knowing the csf (ConfigServer […]
  • Enable statistics in Configserver Firewall (CSF) I’ve noticed recently that a new install of CSF won’t have statistics enabled by default.  Here’s how to enable them…

    Edit your /etc/csf/csf.conf file and change:

    ST_ENABLE = […]

  • cPanel / CSF: Fix 500 internal server error or 404 for the CSF GUI I’ve run into this a couple times – where I’ll spin up a CentOS/cPanel machine, then run a cpupdate (/scripts/upcp) to get cpanel up to date.  I’ll then go into the configserver firewall […]

No Comments

Be the first to start the conversation.

Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url=""> 

*