4

I repeatedly receive a "Suspicious Process" notice from lfd. I'm 100% positive that the PHP script triggering this warning is safe. I wrote it myself and it makes some cross server calls that must look suspicious to csf.

Now I know how to whitelist various executables and command lines in csf, however due to my setup it appears that csf recognises this script simply as PHP with no unique command line:

Executable:
/usr/bin/php

Command Line (often faked in exploits):
/usr/bin/php

Obviously I could whitelist this with something like "exe:/usr/bin/php" in the csf.pignore file but this would whitelist all other PHP scripts as well.

Is there a way that I can whitelist this specific script (taking into account that the command line is simply "/usr/bin/php" as well) without white-listing the all PHP scripts? Or is there another way around this?

Luke Franklin
  • 151
  • 1
  • 5

1 Answers1

4

You can whitelist your PHP script by adding fullpath in below file, or you can also add user to ignore files in ownership of a particular user.

/etc/csf/csf.fignore