KNOWNHOST WIKI

User Tools

Site Tools


security:csf-lfd:csf-notifications-false-positives

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
security:csf-lfd:csf-notifications-false-positives [2019/06/06 16:53]
Jonathan K. W. [Conclusion]
security:csf-lfd:csf-notifications-false-positives [2019/06/06 16:53] (current)
Jonathan K. W. [Conclusion]
Line 357: Line 357:
 Your firewall is a piece of software that must be configured to work accordingly. The approach taken with CSF/LFD is essentially a whitelist approach. You whitelist allowed processes, and then it sends warnings regarding any other processes that are found running and not on the whitelist (listed in the process ignore file). So, if you have recently installed a new service or daemon, and then receive an alert about this process that you know is legitimate, you may be able to safely whitelist it. If the process is one that you do not recognize, have it investigated. ​ Your firewall is a piece of software that must be configured to work accordingly. The approach taken with CSF/LFD is essentially a whitelist approach. You whitelist allowed processes, and then it sends warnings regarding any other processes that are found running and not on the whitelist (listed in the process ignore file). So, if you have recently installed a new service or daemon, and then receive an alert about this process that you know is legitimate, you may be able to safely whitelist it. If the process is one that you do not recognize, have it investigated. ​
  
-Honestly, it is best to have your server support investigate any that you receive because it is common for malware to name itself after normally legitimate processes to try to hide itself. For this reason, if you receive an alert that you are not 100% sure about, ask us! An example would be a malicious perl process running as /​usr/​bin/​http. If you are just now starting to receive alerts, but Apache has been running on your server for months, then this would definitely be something to inquire support about. Remember, KnownHost is here to help! +Honestly, it is best to have your server support investigate any that you receive because it is common for malware to name itself after normally legitimate processes to try to hide itself. For this reason, if you receive an alert that you are not 100% sure about, ask us! An example would be a malicious perl process running as /​usr/​bin/​http. If you are just now starting to receive alerts, but Apache has been running on your server for months, then this would definitely be something to inquire support about. ​ 
 + 
 +Remember, KnownHost is here to help! 
  
security/csf-lfd/csf-notifications-false-positives.txt · Last modified: 2019/06/06 16:53 by Jonathan K. W.