ConfigServer Firewall LFD Breaks tmpwatch on Linux servers

Posted on by Randy

The issue was that old/stale tmp files are not getting cleaned by tmpwatch. This is because CSF/LFD regularly reads all tmp files scanning for trojans and other exploits, thus changing the ‘last access’ time so tmpwatch wouldn’t delete anything.

I wrote a script to manually clean out session that are over 7 days old. Other files will linger like sockets, and a few others, but the space consumed is negligible.

#!/bin/sh
# Clean out /tmp manually since CSF+LFD breaks tmpwatch.
find /tmp -mtime +7 -name *sess_* -type f -print0 | xargs -0 rm
find /tmp -mtime +7 -name php* -type f -print0 | xargs -0 rm

I set it up as a bash script and set up a daily cron:

0 0 * * * /root/cleantmp.sh > /dev/null 2>&1

No Comments.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Anti-Spam Quiz: