If you run the CSF/LFD firewall on your server then you’ve no doubt seen the emails complaining about high resource usage for various accounts. This small tutorial will show you how to minimize them.
What does it mean?
Simply, it means that the process is using more resources than allowed.
Is it safe to change the default settings for it?
This is up to you – more than likely, if you’re searching for the term “Excessive resource usage”, then you are getting hammered with emails – which is actually worse because you’ll be numb to the alerts and won’t react if something really is going wrong (or won’t notice it because of all of the other email/alerts coming in all the time).
There are three thing you can do:
1. Disable the check
2. Modify the check
3. Ignore certain users/commands that frequently send resource emails
1. Disable:
If you want to disable the check (we recommend you modify it instead – since you actually DO want these emails.. if they’re real), simply edit /etc/csf/csf.conf and change:
|
1 |
PT_USERMEM = "200" |
to:
|
1 |
PT_USERMEM = "0" |
2. Modify:
If you would like to modify the check (we recommend), simply edit /etc/csf.csf.conf and change:
|
1 |
PT_USERMEM = "200" |
to:
|
1 |
PT_USERMEM = "300" |
This will raise the limit from 200mb to 300mb. You can put whatever you want there.. but you want to put it a little higher than what you’re seeing come through as your false positives.
3. Ignore certain users/commands:
If you want to ignore certain users or commands, then you would edit /etc/csf/csf.pignore and add a line for each user or command.
If you get an ‘excessive resource usage’ email that looks like:
|
1 2 3 4 5 6 7 8 |
Time: Sat Aug 2 08:00:12 2014 -0400 Account: nrpe Resource: Process Time Exceeded: 2669 > 1800 (seconds) Executable: /usr/sbin/nrpe Command Line: /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d PID: 1541 (Parent PID:1541) Killed: No |
And you know it’s ok.. then you can ignore either the user or the command. In this case, the line could be:
user:
|
1 |
user:nrpe |
or.. command:
|
1 |
exe:/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d |
With any of the above, always restart csf and lfd when done:
|
1 2 |
csf -r service lfd restart |
Related posts from Linux Brigade!
Install CSF/LFD Firewall on your Linux Server The first thing on your mind when setting up a new Linux server (dedicated or VPS) is how you can increase security. One of the best tools in your bag of tricks should be the CSF […]- Enable statistics in Configserver Firewall (CSF) I’ve noticed recently that a new install of CSF won’t have statistics enabled by default. Here’s how to enable them…
Edit your /etc/csf/csf.conf file and change:
ST_ENABLE = […]
- cPanel / CSF: Fix 500 internal server error or 404 for the CSF GUI I’ve run into this a couple times – where I’ll spin up a CentOS/cPanel machine, then run a cpupdate (/scripts/upcp) to get cpanel up to date. I’ll then go into the configserver firewall […]
- Learn the CSF command line options You have CSF installed and use the GUI to do most things. (If you don’t have it installed yet, you can read our article on how to install csf). BUT – knowing the csf (ConfigServer […]
Block Countries from your server easily with CSF If you don’t have a need for certain international visitors to your Linux server, its easy to block them out! First, you’ll need to make sure that CSF is installed. You can follow our […]
