Skip to main content

Run ConfigServer eXploit Scanner CXS inside CloudLinux LVE

Comments

3 comments

  • fuzzylogic
    Manual is here... WHM " Home " Plugins " ConfigServer eXploit Scanner " Documentation --options OLfmMCh$ The dollar sign ($) is not a valid option, delete it. That is not making it slow. Always make sure your commands run from the terminal as root before moving them to a cron job. To see what's going on loose the --quiet and the --nosummary To test in a reasonable amount of time limit the scan to one user; add --user username so... root@server [/]#/usr/sbin/cxs --report /var/log/cxsreports/scanweekly.log --www --mail root --virusscan --ignore /etc/cxs/cxs.ignore --options OLfmM --user username
    If you see dollar signs ($) in the output, ..............f........$.........#..............$......... It means that clamscan is not running or not found at the default locations. If your quarantine directory is not found that will also be in the report. In my tests this scan took 143 seconds to scan an account with a WordPress install with about 8000 files. If the last command is working now try... root@server [/]#/usr/sbin/cxs --report /var/log/cxsreports/scanweekly.log --www --mail root --virusscan --ignore /etc/cxs/cxs.ignore --options OLfmM --user username --ctime 25
    Note the --ctime 25 In my tests this took 10 seconds With the resources just gained you might want to try losing the --www so that the whole user account directory is scanned. In my tests this took 20 seconds In WHM " Home " Plugins " ConfigServer eXploit Scanner " Documentation From the RECOMMENDATIONS section... 4. Create a daily and weekly cron job to scan all user accounts e.g. create /etc/cron.d/cxs-cron and add: @daily root /usr/sbin/cxs --report /var/log/cxsreports/scan.log --www --mail root --virusscan --quarantine /home/quarantine --qoptions Mv --ignore /etc/cxs/cxs.ignore --options OLfmMChexdDZRrP --ctime 25 --all
    @weekly root /usr/sbin/cxs --report /var/log/cxsreports/scan.log --www --mail root --virusscan --quarantine /home/quarantine --qoptions Mv --ignore /etc/cxs/cxs.ignore --options OLfmMChexdDZRrP --all
    To speed up the @weekly you could add --ctime=169 so that only new files are scanned. Using the --ctime option the matched file will only be reported the first time it is found. It won't be scanned again unless it changes.
    0
  • actihost
    Hello! @fuzzylogic, thanks for your reply! I see that adding "$" is wrong but the weird thing is that ConfigServer support team itself installed and configured all the thing as part as their CloudLinux LVE wrapper so I can get more control over it.
    0
  • cPanelLauren
    Thank you @fuzzylogic for the information on this. @actihost I'd suggest contacting ConfigServer for further information on their plugin this isn't something that is provided or supported by cPanel.
    0

Please sign in to leave a comment.