ConfigServer Security & Firewall (CSF) is great, but the email alerts can certainly be a little overwhelming so here’s a very quick, dirty copy + paste to disable the most of the common email alerts sent out by CSF.
Now depending what you’re hosting, you might want to keep some of these alerts enabled, but some of them are just unnecessary. For example, any server with a public-facing IP address will be port-scanned and have its SSH port brute-forced. In an ideal world we’d have SSH locked down via access-lists with the port closed to public but it’s not always achievable. In this case not many people need to know if an IP address was blocked 5 times for failing to login to their SSH service so long as adequate steps have been taken to protect the service.
You should definitely read the csf.conf file in-depth for further explanation of what each one of these parameters does within CSF but we’ll go ahead and assume you know what these do and that you don’t particularly want the email notifications!
Go ahead and open up SSH to your server. These commands should be run as root.
First you’ll want to make a backup of the your /etc/csf/csf.conf file just in case anything goes wrong or stops working.
cp /etc/csf/csf.conf /etc/csf/csf.conf-bak
Next up just paste the following into your SSH terminal.
sed -i 's/LOGFLOOD_ALERT = "[0-9]*"/LOGFLOOD_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/LF_PERMBLOCK_ALERT = "[0-9]*"/LF_PERMBLOCK_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/LF_NETBLOCK_ALERT = "[0-9]*"/LF_NETBLOCK_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/LF_EMAIL_ALERT = "[0-9]*"/LF_EMAIL_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/LF_SSH_EMAIL_ALERT = "[0-9]*"/LF_SSH_EMAIL_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/LF_SU_EMAIL_ALERT = "[0-9]*"/LF_SU_EMAIL_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/LT_EMAIL_ALERT = "[0-9]*"/LT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/RT_RELAY_ALERT = "[0-9]*"/RT_RELAY_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/RT_AUTHRELAY_ALERT = "[0-9]*"/RT_AUTHRELAY_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/RT_LOCALRELAY_ALERT = "[0-9]*"/RT_LOCALRELAY_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/RT_LOCALHOSTRELAY_ALERT = "[0-9]*"/RT_LOCALHOSTRELAY_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/CT_EMAIL_ALERT = "[0-9]*"/CT_EMAIL_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/PT_USERKILL_ALERT = "[0-9]*"/PT_USERKILL_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/PS_EMAIL_ALERT = "[0-9]*"/PS_EMAIL_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/AT_ALERT = "[0-9]*"/AT_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/AT_ALERT = "[0-9]*"/AT_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/AT_ALERT = "[0-9]*"/AT_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/PORTKNOCKING_ALERT = "[0-9]*"/PORTKNOCKING_ALERT = "0"/' /etc/csf/csf.conf
sed -i 's/LF_DIRWATCH = "[0-9]*"/LF_DIRWATCH = "0"/' /etc/csf/csf.conf
sed -i 's/PT_LOAD = "[0-9]*"/PT_LOAD = "0"/' /etc/csf/csf.conf
sed -i 's/PT_LIMIT = "[0-9]*"/PT_LIMIT = "0"/' /etc/csf/csf.conf
sed -i 's/PT_USERPROC = "[0-9]*"/PT_USERPROC = "0"/' /etc/csf/csf.conf
sed -i 's/PT_USERMEM = "[0-9]*"/PT_USERMEM = "0"/' /etc/csf/csf.conf
sed -i 's/PT_USERTIME = "[0-9]*"/PT_USERTIME = "0"/' /etc/csf/csf.conf
And restart ConfigServer Security & Firewall to apply the changes.
csf -ra
We use “-ra” to restart both CSF service and the related LFD service.
Enjoy the substantially less email spam 🙂
For more guides related to WHM please see here.