Suspicious processes when running nginx+php5-fpm+ Mysql

Post Reply
tfetfe
Junior Member
Posts: 4
Joined: 03 Jan 2013, 09:36

Suspicious processes when running nginx+php5-fpm+ Mysql

Post by tfetfe »

Hello,

I am running LFD/CSF on three servers and on all servers I have the same problem since the first day when I set-up the server and installed LFD/CSF.

I am running nginx + php5-fpm + MySQL and lfd.log file is full of warnings:

Code: Select all

Jan  3 00:21:57 pro1646 lfd[31599]: *Suspicious Process* PID:30238 User:www-data Uptime:7300 secs EXE:/usr/sbin/php5-fpm CMD:php-fpm: pool www
Jan  3 03:21:01 pro1646 lfd[833]: *Suspicious Process* PID:1296 User:mysql Uptime:18814003 secs EXE:/usr/sbin/mysqld CMD:/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/$
Jan  3 03:21:01 pro1646 lfd[833]: *Suspicious Process* PID:25999 User:www-data Uptime:7237713 secs EXE:/usr/sbin/nginx CMD:nginx: worker process

Code: Select all

One of the servers runs Postfix and on this server are more warnings:
Jan  2 20:05:52 pro1646 lfd[27291]: *Excessive Processes* User:postfix Kill:0 Process Count:13
Jan  2 20:17:53 pro1646 lfd[27587]: *User Processing* PID:1713 Kill:0 User:postfix Time:18788613 EXE:/usr/lib/postfix/qmgr CMD:qmgr -l -t fifo -u
How do I get rid of these warnings? I want to get important warnings to my email address but it's not possible because emails are coming non-stop...

Thanks.

Thanks.
tfetfe
Junior Member
Posts: 4
Joined: 03 Jan 2013, 09:36

Re: Suspicious processes when running nginx+php5-fpm+ Mysql

Post by tfetfe »

I founf answer.
It's necessary to add the following lines to csf.ignore.file

Code: Select all

exe:/usr/sbin/php5-fpm
exe:/usr/sbin/nginx
exe:/usr/sbin/mysqld
Post Reply