CSF ignore list skips some ignore exclusions

Asked Jun 05 '15 at 14:57

Active Jun 05 '15 at 14:57

Viewed 67 times

I have try to prevent sending Suspicious File Alert emails which contain:

File:   /tmp/netatop-0.5/netatop.init 
Reason: Script, starts with #!

File:   /tmp/netatop-0.5/mkversion
Reason: Script, starts with #!

by adding

exe:/tmp/netatop-0.5/netatop.init
exe:/tmp/netatop-0.5/mkversion

to the csf.pignore file but somehow those two lines are not getting excluded from the alert emails.

Any clue what is going on?

asked Jun 05 '15 at 14:57

JackTheKnife

This _is_ suspicious. You should not have stuff running out of /tmp. – Michael Hampton Jun 05 '15 at 19:39
Those files were unpacked there and executed from that folder that is why running from /tmp. Nothing suspicious. – JackTheKnife Jun 08 '15 at 14:47
Then you should find whatever unpacked and executed files in /tmp and have it stop doing that. – Michael Hampton Jun 08 '15 at 15:48
Why should I stop them when those scripts are part of the `atop` command? – JackTheKnife Jun 08 '15 at 21:29

0 Answers0