issue with csf [#40623]

Submitted by edwardsmarkf on Wed, 05/04/2016 - 12:15 Pro Licensee

hello - i am only posting this question here because it seems more like "concierge " service. ;-)

my email box is getting filled up with these emails (and gmail starts to block me)

    Time:         Wed May  4 13:00:13 2016 -0400
    Account:      apache
    Resource:     Virtual Memory Size
    Exceeded:     674 > 300 (MB)
    Executable:   /usr/sbin/httpd
    Command Line: /usr/sbin/httpd -DFOREGROUND
    PID:          19071 (Parent PID:22338)
    Killed:       No

so, using this as my guide:

http://crybit.com/lfd-excessive-resource-usage-alert/

/etc/csf/csf.conf: i changed PT_USERMEM to zero (later to 10000)

in /etc/csf/csf.pignore i added the following

    exe:/usr/sbin/httpd
    exe:/usr/bin/php-cgi
    user:apache
    user:comptonpeslonline.com

and of course after each change i did this:

/usr/sbin/csf --restart ;

but for now, i have the following:

/usr/sbin/csf --stop ; ### until i can figure out what to do !

any advice? i dont like leaving the firewall down.

Status:

Active

Comments

Submitted by edwardsmarkf on Wed, 05/04/2016 - 12:16 Pro Licensee Comment #1

Body:

View changes

Submitted by edwardsmarkf on Wed, 05/04/2016 - 12:17 Pro Licensee Comment #2

Body:

View changes

Submitted by andreychek on Wed, 05/04/2016 - 12:56 Comment #3

Howdy -- sorry that you're seeing so many emails from CSF!

It looks like those are false positives though, as it's not unusual for Apache to grow in size.

We unfortunately don't know much about CSF, that's a bit outside our areas of expertise.

I'm personally not sure that I would use that particular functionality though... process sizes can indeed grow quite large, especially with things like MySQL. That's fairly normal. So disabling the process size checks for Apache seems like a good option.

Are you saying that's not working though, even when setting the PT_USERMEM to 0?

Submitted by edwardsmarkf on Wed, 05/04/2016 - 13:37 Pro Licensee Comment #4

hi - i tried setting PT_USERMEM to zero - but will try again. i have been known to mess stuff like that up.

the problem with the csf forum is the answers are very slow !

Submitted by andreychek on Wed, 05/04/2016 - 13:41 Comment #5

You may have meant this, but just to be sure -- it looks like the docs you linked to above are saying the value should be "0", rather than "zero". Just wanted to be certain you were using that :-)

Submitted by jimdunn on Wed, 05/04/2016 - 16:50 Pro Licensee Comment #6

Remember, after making changes to CSF, be sure to reboot the services:

(as root) # csf -r ; service lfd restart

Submitted by edwardsmarkf on Wed, 05/04/2016 - 21:16 Pro Licensee Comment #7

i disabled practically every setting - that seems to have helped quite a bit.

LF_PERMBLOCK = "0"          
LF_WEBMIN_EMAIL_ALERT = "0"     
CT_LIMIT = "0"
PT_USERPROC = "0"
PT_USERTIME = "0"
PT_USERKILL_ALERT = "0"
PS_INTERVAL = "0"

once all the emails have stopped i will reset each of these one by one, slowly.