Lfd on Server: Suspicious File Alert

I have got many suspiction on CSF notfication can any one help in this or how can I exclode this files

Time:   Sat Jul 24 20:25:39 2021 +0200
File:   /tmp/systemd-private-07b3a323be3d4e5e9196051704fa4e9b-elasticsearch.service-HBYEvX/tmp/elasticsearch-6945169774004527476/jna7818653641099336736.tmp
Reason: Linux Binary
Owner:  elasticsearch:elasticsearch (989:978)
Action: No action taken

Can you add some more context of what a Lfd and a CSF is? This does not sound at all like anything Elasticsearch specific.

Where do you want to exclude this file from and why do you think that this is a problem? The JNA library within Elasticsearch needs to create a tmp file each time it is starting.


I need to Exclode this files from CSF I try may way but still got this susbiction massages so I need to exclode it from CSF I but this in



and /etc/csf/csf.fignore


but dosn't exclode it from CSF Susbiction so can you help in this ?

So this looks more like a CSF issue than an Elasticsearch problem then? You might be lucky and someone knows/recognizes CSF (which you still have not explained here, so I have no idea to be honest), but you are probably better off to ask in the product specific forum of CSF than here.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.