Run ConfigServer eXploit Scanner CXS inside CloudLinux LVE
Hello, I notice that with the default installation of ConfigServer eXploit Scanner CXS my server starts to running slow during the cron scans, I tried to add a lve_suwrapper in /etc/cron.d/cxs-cron but it seems that the scans are not working anymore:
@daily lve_suwrapper 101 root /usr/sbin/cxs --report /var/log/cxsreports/scandaily.log --quiet --nosummary --www --mail root --virusscan --ignore /etc/cxs/cxs.ignore --options OLfmMCh$
@weekly lve_suwrapper 101 root /usr/sbin/cxs --report /var/log/cxsreports/scanweekly.log --quiet --nosummary --www --mail root --virusscan --ignore /etc/cxs/cxs.ignore --options OLfmM$
Maybe im doing something wrong? Thanks
-
Manual is here... WHM " Home " Plugins " ConfigServer eXploit Scanner " Documentation --options OLfmMCh$ The dollar sign ($) is not a valid option, delete it. That is not making it slow. Always make sure your commands run from the terminal as root before moving them to a cron job. To see what's going on loose the --quiet and the --nosummary To test in a reasonable amount of time limit the scan to one user; add --user username so... root@server [/]#/usr/sbin/cxs --report /var/log/cxsreports/scanweekly.log --www --mail root --virusscan --ignore /etc/cxs/cxs.ignore --options OLfmM --user username
If you see dollar signs ($) in the output, ..............f........$.........#..............$......... It means that clamscan is not running or not found at the default locations. If your quarantine directory is not found that will also be in the report. In my tests this scan took 143 seconds to scan an account with a WordPress install with about 8000 files. If the last command is working now try...root@server [/]#/usr/sbin/cxs --report /var/log/cxsreports/scanweekly.log --www --mail root --virusscan --ignore /etc/cxs/cxs.ignore --options OLfmM --user username --ctime 25
Note the --ctime 25 In my tests this took 10 seconds With the resources just gained you might want to try losing the --www so that the whole user account directory is scanned. In my tests this took 20 seconds In WHM " Home " Plugins " ConfigServer eXploit Scanner " Documentation From the RECOMMENDATIONS section... 4. Create a daily and weekly cron job to scan all user accounts e.g. create /etc/cron.d/cxs-cron and add:@daily root /usr/sbin/cxs --report /var/log/cxsreports/scan.log --www --mail root --virusscan --quarantine /home/quarantine --qoptions Mv --ignore /etc/cxs/cxs.ignore --options OLfmMChexdDZRrP --ctime 25 --all
@weekly root /usr/sbin/cxs --report /var/log/cxsreports/scan.log --www --mail root --virusscan --quarantine /home/quarantine --qoptions Mv --ignore /etc/cxs/cxs.ignore --options OLfmMChexdDZRrP --all
To speed up the @weekly you could add --ctime=169 so that only new files are scanned. Using the --ctime option the matched file will only be reported the first time it is found. It won't be scanned again unless it changes.0 -
Hello! @fuzzylogic, thanks for your reply! I see that adding "$" is wrong but the weird thing is that ConfigServer support team itself installed and configured all the thing as part as their CloudLinux LVE wrapper so I can get more control over it. 0 -
Thank you @fuzzylogic for the information on this. @actihost I'd suggest contacting ConfigServer for further information on their plugin this isn't something that is provided or supported by cPanel. 0
Please sign in to leave a comment.
Comments
3 comments