File: //var/tmp/csf/csf.pignore
# #
# @app ConfigServer Firewall & Security (CSF)
# Login Failure Daemon (LFD)
# @website https://configserver.dev
# @docs https://docs.configserver.dev
# @download https://download.configserver.dev
# @repo https://github.com/Aetherinox/csf-firewall
# @copyright Copyright (C) 2025-2026 Aetherinox
# Copyright (C) 2006-2025 Jonathan Michaelson
# Copyright (C) 2006-2025 Way to the Web Ltd.
# @license GPLv3
# @updated 09.26.2025
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <https://www.gnu.org/licenses>.
# #
# #
# The following is a list of executables (exe) command lines (cmd) and
# usernames (user) that lfd process tracking will ignore.
#
# You must use the following format:
# exe:/full/path/to/file
# user:username
# cmd:command line
#
# Or, perl regular expression matching (regex):
# pexe:/full/path/to/file as a perl regex[*]
# puser:username as a perl regex[*]
# pcmd:command line as a perl regex[*]
#
# [*] You must remember to escape characters correctly when using regex's, e.g.:
# pexe:/home/.*/public_html/cgi-bin/script\.cgi
# puser:bob\d.*
# pcmd:/home/.*/command\s\to\smatch\s\.pl\s.*
#
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt
# #
exe:/bin/dbus-daemon
exe:/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
exe:/usr/bin/lsmd
exe:/usr/bin/postgres
exe:/usr/bin/spamc
exe:/usr/lib/courier-imap/bin/imapd
exe:/usr/lib/courier-imap/bin/pop3d
exe:/usr/lib/polkit-1/polkitd
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/auth
exe:/usr/libexec/dovecot/dict
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/lmtp
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/quota-status
exe:/usr/libexec/dovecot/stats
exe:/usr/libexec/dovecot/imap-hibernate
exe:/usr/libexec/gam_server
exe:/usr/libexec/hald-addon-acpi
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/libexec/mysqld
exe:/usr/local/apache/bin/httpd
exe:/usr/local/cpanel/3rdparty/bin/analog
exe:/usr/local/cpanel/3rdparty/bin/english/webalizer
exe:/usr/local/cpanel/3rdparty/bin/imapd
exe:/usr/local/cpanel/3rdparty/bin/php
exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english
exe:/usr/local/cpanel/3rdparty/php/54/bin/php-cgi
exe:/usr/local/cpanel/3rdparty/php/56/bin/php-cgi
exe:/usr/local/cpanel/3rdparty/php/56/sbin/php-fpm
exe:/usr/local/cpanel/3rdparty/php/54/sbin/php-fpm
exe:/usr/local/cpanel/3rdparty/sbin/mydns
exe:/usr/local/cpanel/3rdparty/sbin/p0f
exe:/usr/local/cpanel/bin/cppop
exe:/usr/local/cpanel/bin/cppop-ssl
exe:/usr/local/cpanel/bin/cpuwatch
exe:/usr/local/cpanel/bin/cpwrap
exe:/usr/local/cpanel/bin/logrunner
exe:/usr/local/cpanel/bin/pkgacct
exe:/usr/local/cpanel/cpanel
exe:/usr/local/cpanel/cpdavd
exe:/usr/local/cpanel/cpsrvd
exe:/usr/local/cpanel/cpsrvd-ssl
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/urchin/bin/urchinwebd
exe:/usr/sbin/chronyd
exe:/usr/sbin/exim
exe:/usr/sbin/exim
exe:/usr/sbin/hald
exe:/usr/sbin/httpd
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/sbin/named
exe:/usr/sbin/nscd
exe:/usr/sbin/nsd
exe:/usr/sbin/ntpd
exe:/usr/sbin/proftpd
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/sshd
exe:/var/cpanel/3rdparty/bin/php
exe:/usr/sbin/pdns_server
exe:/usr/local/cpanel/bin/autossl_check
exe:/usr/local/cpanel/bin/whm_xfer_download-ssl
pexe:^/usr/lib/jvm/java-.*/jre/bin/java$
exe:/usr/libexec/dovecot/indexer-worker
exe:/usr/libexec/dovecot/indexer
pexe:/usr/local/cpanel/3rdparty/bin/git.*
pexe:/usr/local/cpanel/3rdparty/libexec/git-core/git.*
exe:/usr/sbin/imunify-notifier
exe:/usr/bin/sw-engine
exe:/usr/sbin/sw-engine-fpm
exe:/usr/sbin/sw-cp-serverd
exe:/sbin/rngd
exe:/usr/sbin/mariadbd
exe:/usr/sbin/atd
exe:/usr/lib/systemd/systemd-timesyncd
exe:/usr/lib/systemd/systemd-networkd
exe:/usr/sbin/rsyslogd
exe:/usr/lib/apt/methods/http
exe:/usr/sbin/rngd
exe:/usr/lib/systemd/systemd-resolved
exe:/usr/sbin/uuidd
exe:/usr/bin/dbus-broker-launch
exe:/usr/bin/dbus-broker
exe:/usr/local/cpanel/3rdparty/wp-toolkit/bin/wpt-panopticon
# #
# Some additional entries that you might want to ignore on cPanel servers.
# However, be aware of the security implications under "Process Tracking" in
# the csf readme.txt when using these:
# #
#cmd:/bin/sh /usr/bin/mysqld_safe
#cmd:/bin/sh /usr/bin/mysqld_safe --basedir=/usr
#cmd:spamd child
#pcmd:/usr/local/cpanel/3rdparty/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner.*
#pcmd:/usr/local/cpanel/3rdparty/bin/python /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl.*
#pcmd:/usr/bin/python.? /usr/local/cpanel/3rdparty/mailman/bin/qrunner.*
#pcmd:/usr/bin/python.? /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl.*
#pcmd:/usr/bin/perl /usr/local/cpanel/3rdparty/bin/awstats\.pl.*
#pcmd:/usr/bin/perl /usr/local/cpanel/base/awstats\.pl.*
#pcmd:cpanellogd - (http|ftp) logs for .*
#pcmd:ubic-guardian ubic-periodic.*
#pcmd:perl /usr/local/cpanel/3rdparty/perl/\d+/bin/ubic-periodic.*
#pcmd:MailScanner:.*
#pexe:/opt/cpanel/ea-php\d+/root/usr/bin/lsphp
#pexe:/opt/cpanel/ea-php\d+/root/usr/bin/lsphp.cagefs
#pexe:/opt/cpanel/ea-php\d+/root/usr/bin/php
#pexe:/opt/cpanel/ea-php\d+/root/usr/bin/php.cagefs
#pexe:/opt/cpanel/ea-php\d+/root/usr/sbin/php-fpm