Process Tracking. This option enables tracking of user and nobody processes and examines them for suspicious executable or open network ports. Its purpose is to identify potential exploit processes that are running on the server, even if they are obfuscated to appear as system services. If a suspicious process is found an alert email is sent with relevant information. It is then the responsibility of the recipient to investigate the process further as the script takes no further action. Important Process Tracking directive of CSF. Here I am explaining all of the directive with its default values. You can alter all of it with your own requirements. 1. PT_LIMIT = “60″