(5 votes, average: 4.20 out of 5)
Loading...It’s very useful to have csf/lfd (lfd is a component of csf) email you alerts when something happens on your server, eg an ip address is blocked because of too many failed login attempts.
Firstly you need to edit the file /etc/csf/csf.conf and add your email address beside the entry
LF_ALERT_TO
LF_ALERT_TO and LF_ALERT_FROM
LF_ALERT_TO = "name@website.com"
To send an Email alert if an IP us blocked change LF_EMAIL_ALERT to 1 by default it will be 1
# Send an email alert if an IP address is blocked by one of the [*] triggers
LF_EMAIL_ALERT = "1"
Send an alert if log file flooding is detected which causes lfd to skip log
LOGFLOOD_ALERT = "0"
Send an email alert if anyone logs in successfully using SSH
LF_SSH_EMAIL_ALERT = "1"
Send an email alert if anyone accesses WHM/cPanel via an account listed
LF_CPANEL_ALERT = "1"
Send an alert email if more than LF_SCRIPT_LIMIT lines appear change to
LF_SCRIPT_ALERT = "0"
Send an email alert if an account exceeds LT_POP3D/LT_IMAPD logins per hour
LT_EMAIL_ALERT = "1"
How to enable/disable Port Scanning email alert ?
Similarly use the directive PS_EMAIL_ALERT to manage Port scanning email alerts.
root@test [~]# vi /etc/csf/csf.conf
—-
PS_EMAIL_ALERT = 1/0
