Intrusion Exploit
Server: LiteSpeed
System: Linux cisadane.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: lenf4658 (1805)
PHP: 8.4.19
Disabled: NONE
$ pwd: /usr/lib/netdata/conf.d/health.d/
Upload Files
File: //usr/lib/netdata/conf.d/health.d/tcp_resets.conf
# you can disable an alarm notification by setting the 'to' line to: silent

# -----------------------------------------------------------------------------
# tcp resets this host sends

      alarm: 1m_ip_tcp_resets_sent
         on: ip.tcphandshake
      class: Errors
       type: System
  component: Network
host labels: _os=linux
     lookup: average -1m at -10s unaligned absolute of OutRsts
      units: tcp resets/s
      every: 10s
       info: average number of sent TCP RESETS over the last minute

      alarm: 10s_ip_tcp_resets_sent
         on: ip.tcphandshake
      class: Errors
       type: System
  component: Network
host labels: _os=linux
     lookup: average -10s unaligned absolute of OutRsts
      units: tcp resets/s
      every: 10s
       warn: $netdata.uptime.uptime > (1 * 60) AND $this > ((($1m_ip_tcp_resets_sent < 5)?(5):($1m_ip_tcp_resets_sent)) * (($status >= $WARNING)  ? (1) : (10)))
      delay: up 20s down 60m multiplier 1.2 max 2h
    options: no-clear-notification
    summary: System TCP outbound resets
       info: Average number of sent TCP RESETS over the last 10 seconds. \
             This can indicate a port scan, \
             or that a service running on this host has crashed. \
             Netdata will not send a clear notification for this alarm.
         to: silent

# -----------------------------------------------------------------------------
# tcp resets this host receives

      alarm: 1m_ip_tcp_resets_received
         on: ip.tcphandshake
      class: Errors
       type: System
  component: Network
host labels: _os=linux freebsd
     lookup: average -1m at -10s unaligned absolute of AttemptFails
      units: tcp resets/s
      every: 10s
       info: average number of received TCP RESETS over the last minute

      alarm: 10s_ip_tcp_resets_received
         on: ip.tcphandshake
      class: Errors
       type: System
  component: Network
host labels: _os=linux freebsd
     lookup: average -10s unaligned absolute of AttemptFails
      units: tcp resets/s
      every: 10s
       warn: $netdata.uptime.uptime > (1 * 60) AND $this > ((($1m_ip_tcp_resets_received < 5)?(5):($1m_ip_tcp_resets_received)) * (($status >= $WARNING)  ? (1) : (10)))
      delay: up 20s down 60m multiplier 1.2 max 2h
    options: no-clear-notification
    summary: System TCP inbound resets
       info: average number of received TCP RESETS over the last 10 seconds. \
             This can be an indication that a service this host needs has crashed. \
             Netdata will not send a clear notification for this alarm.
         to: silent
@ Telegram