I repeatedly receive a "Suspicious Process" notice from lfd. I'm 100% positive that the PHP script triggering this warning is safe. I wrote it myself and it makes some cross server calls that must look suspicious to csf.
Now I know how to whitelist various executables and command lines in csf, however due to my setup it appears that csf recognises this script simply as PHP with no unique command line:
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php
Obviously I could whitelist this with something like "exe:/usr/bin/php" in the csf.pignore file but this would whitelist all other PHP scripts as well.
Is there a way that I can whitelist this specific script (taking into account that the command line is simply "/usr/bin/php" as well) without white-listing the all PHP scripts? Or is there another way around this?