A wide range of settings are available in CSF configuration file. We have already discussed a lot of topics related with CSF. Here I am discussing about email alert setup for unauthorized Login Failures and Port Scanning. Click here for disable Lfd excessive resource usage alert details. In CSF predefined emails are stored under the location ‘/usr/local/csf/tpl/‘. Some sample email templates are,

[email protected] [/usr/local/csf/tpl]# ll
-rw------- 1 root root  124 Apr  2 13:59 accounttracking.txt
-rw------- 1 root root  181 Apr  2 13:59 alert.txt
-rw------- 1 root root  192 Apr  2 13:59 connectiontracking.txt
-rw------- 1 root root   76 Apr  2 13:59 consolealert.txt
-rw------- 1 root root  136 Apr  2 13:59 cpanelalert.txt
-rw------- 1 root root  129 Apr  2 13:59 exploitalert.txt
-rw------- 1 root root  151 Apr  2 13:59 filealert.txt
-rw------- 1 root root  132 Apr  2 13:59 forkbombalert.txt
-rw------- 1 root root  374 Apr  2 13:59 integrityalert.txt
-rw------- 1 root root 1042 Apr  2 13:59 loadalert.txt

As I discussed previously, the service “lfd” with csf will check log files periodically and block IP address if it found any multiple login failure or something like that.

1. How to enable/disable Login Failures email alert ?

You can manage its by changing the value of the directive LF_EMAIL_ALERT in CSF configuration file.
Open the CSF configuration file using your favorite editor and edit the value of LF_EMAIL_ALERT as pasted below.

[email protected] [~]# vi /etc/csf/csf.conf

1 – To enable
0 – To disable

2. How to enable/disable Port Scanning email alert ?

Similarly use the directive PS_EMAIL_ALERT to manage Port scanning email alerts.

[email protected] [~]# vi /etc/csf/csf.conf

1 – To enable
0 – To disable

Then restart the CSF

csf -r

That’s it 🙂


Related Links
CSF commands for Unix/Linux servers
How to find whether the IP address is blacklisted or not in CSF
Process tracking with the help of csf
Easy way to Enable/Disable CSF