Skocz do zawartości

Historia edycji

Vasthi

Vasthi

Te raporty są przydatne jak masz np. użytkownika joomla i on zamiast uruchomionego PHP ma jakiś serwer w pythonie. Konfigurujesz w pliku /etc/csf/csf.pignore

###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# The following is a list of executables (exe) command lines (cmd) and
# usernames (user) that lfd process tracking will ignore.
#
# You must use the following format:
#
# exe:/full/path/to/file
# user:username
# cmd:command line
#
# Or, perl regular expression matching (regex):
#
# pexe:/full/path/to/file as a perl regex[*]
# puser:username as a perl regex[*]
# pcmd:command line as a perl regex[*]
#
# [*]You must remember to escape characters correctly when using regex's, e.g.:
# pexe:/home/.*/public_html/cgi-bin/script\.cgi
# puser:bob\d.*
# pcmd:/home/.*/command\s\to\smatch\s\.pl\s.*
#
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt

exe:/bin/dbus-daemon
exe:/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/bin/lsmd
exe:/usr/lib/courier-imap/bin/imapd
exe:/usr/lib/courier-imap/bin/pop3d
exe:/usr/lib/polkit-1/polkitd
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/mysqld
exe:/usr/local/apache/bin/httpd
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/sbin/chronyd
exe:/usr/sbin/exim
exe:/usr/sbin/exim4
exe:/usr/sbin/named
exe:/usr/sbin/nscd
exe:/usr/sbin/ntpd
exe:/usr/sbin/ntpd
exe:/usr/sbin/proftpd
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/sshd
user:zabbix # zero raportów dla tego usera
user:joomla # wszystko co uruchomi nie jest śledzone

I np. jak user wordpress uruchomi skrypt w php to przyjdzie Ci w raport. Aby tego uniknąć należy dopisać 

exe:/usr/bin/php
exe:/usr/bin/php-fpm
×