patstan wrote:erldcrtz wrote:
take note when you install CSF you have to make some changes in csf configuration for log directories if not LFD is going to be useless in some services....
Could you explain the exact changes that we need to make?
Thank you!
edit /etc/csf/csf.conf
starting from around line 1962 at the very bottom change the following according to your OS ... look where your OS is keeping its proper log files .. .restart LFD and CSF
I suggest reading this for more information:
http://configserver.com/free/csf/readme.txt
and also add your email in the config so you will receive reports from csf
(this is for CentOS 6.5)
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/secure"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
edit csf.pignore (process ignore) csf and lfd will ignore the following process so you will not received too many unecessary reports
add the following ... (this is for CentOS 6.5)
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/sbin/httpd
exe:/usr/sbin/nginx
exe:/usr/libexec/mysqld
exe:/usr/local/vesta/php/sbin/vesta-php
exe:/usr/libexec/dovecot/anvil
exe:/usr/bin/memcached
exe:/usr/local/vesta/nginx/sbin/vesta-nginx
cmd:dovecot/anvil
exe:/usr/sbin/exim
exe:/usr/sbin/vsftpd
exe:/usr/sbin/httpd.worker
exe:/usr/bin/php-cgi
exe:/usr/sbin/hald
exe:/usr/libexec/hald-addon-acpi