Disabling Configure Server Firewall & lfd false alarm on litespeed and lsphp processes

ConfigServer Security & Firewall (csf) with Login Failure Daemon (lfd) is “A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.”1) This comes pre-installed on our cPanel servers and has many useful features to assist you with detecting events which might be indicative of security issues in your server.

LiteSpeed works with CSF & LFD without any problem. However you will need to sure to add lshttpd and lsphp processes to lfd ignore list to avoid false alarms.

You may see the following false alarms if you have been excluded lshttpd and lsphp from lfd.

To avoid such false alarms, you will need to grasp the command from the alarts and add it to end of /etc/csf/csf.pignore, then restart csf/lfd. 

pexe:/usr/local/lsws/bin/lshttpd.*
pexe:/opt/cpanel/ea-php.*/root/usr/bin/lsphp

  • Admin
  • Last modified: 2019/05/06 13:45
  • by Jackson Zhang