Suspicious File Alert


#1

Hello

I receive thousands of emails with this error, I ask you in the forum, how can I disable these alerts?
Thanks to everyone who can help me.

Time: Sun May 15 12:53:11 2016 +0600
File: /tmp/jna--1985354563/jna8486010581425710636.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:09 2016 +0600
File: /tmp/jna--1985354563/jna8790674670710668148.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:09 2016 +0600
File: /tmp/jna--1985354563/jna8837891734422936483.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:09 2016 +0600
File: /tmp/jna--1985354563/jna5845177587408783061.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:08 2016 +0600
File: /tmp/jna--1985354563/jna6538664253834954398.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:08 2016 +0600
File: /tmp/jna--1985354563/jna1958655025076714726.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:09 2016 +0600
File: /tmp/jna--1985354563/jna812846043034190877.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:09 2016 +0600
File: /tmp/jna--1985354563/jna33340085169785177.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:08 2016 +0600
File: /tmp/jna--1985354563/jna6778802448684534223.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken

Time: Sun May 15 11:58:08 2016 +0600
File: /tmp/jna--1985354563/jna8223530575990750232.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (493:490)
Action: No action taken


(Mark Walkom) #2

ES is not generating these, perhaps some kind of AV is?


#3

Yes Suspicious File Alert generated by ConfigServer Security & Firewall - csf


(Trent) #4

I'm having the same problem. Nirjonadda did you find a way to prevent csf from creating these?


#5

Add this line exe:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.x86_64/jre/bin/java to your /etc/csf/csf.pignore files.


(system) #6