The issue was that old/stale tmp files are not getting cleaned by tmpwatch. This is because CSF/LFD regularly reads all tmp files scanning for trojans and other exploits, thus changing the ‘last access’ time so tmpwatch wouldn’t delete anything.
I wrote a script to manually clean out session that are over 7 days old. Other files will linger like sockets, and a few others, but the space consumed is negligible.
#!/bin/sh # Clean out /tmp manually since CSF+LFD breaks tmpwatch. find /tmp -mtime +7 -name *sess_* -type f -print0 | xargs -0 rm find /tmp -mtime +7 -name php* -type f -print0 | xargs -0 rm
I set it up as a bash script and set up a daily cron:
0 0 * * * /root/cleantmp.sh > /dev/null 2>&1