cPanel

How to Install / Uninstall ConfigServer eXploit Scanner (cxs)

1. Product installation:

wget http://download.configserver.com/cxsinstaller.tgz
        tar -xzf cxsinstaller.tgz
        Perl cxsinstaller.pl
        rm -fv cxsinstaller.*

2. You should now read the cxs documentation either through:

I. The UI
        2. # perldoc cxs
        3. # cxs –help

If you decide to use the cxs Watch daemon you can skip items 3 to 5. Instead, read the documentation under the cxs Watch Daemon section on using this method.

To install the required Perl module for the cxs Watch daemon on a cPanel server you can use:

    /scripts/perlinstaller Linux::Inotify2

3. You will want to modify the following files to suit your requirements after you have read the cxs documentation and studied the CLI option. These files can be changed at any time and contain the cxs commands and options you want
to use for scanning files as they are uploaded:

The pure-ftpd upload scanner script that runs cxs:
/etc/cxs/cxsftp.sh

The web script upload scanner script that runs cxs:
/etc/cxs/cxscgi.sh

4. Web script upload scanning is performed via mod_security. To enable this add the following two lines (be careful of line breaks) to your mod_security rules file (/usr/local/apache/conf/modsec2.user.conf on cPanel):

SecRequestBodyAccess On
        SecRule FILES_TMPNAMES “@inspectFile /etc/cxs/cxscgi.sh” \
                “log,auditlog,deny,severity:2,phase:2,t:none,id:’1010101′”
        SecTmpDir /tmp

If you allow the uploading of very large files, you may need to
increase the default mod_security allowable size of 128MB by using the SecRequestBodyLimit directive after SecRequestBodyAccess:

SecRequestBodyLimit 134217728

This value is in bytes (134217728 = 128MB). You might also want to create the temporary files in a directory other than /tmp using:

SecTmpDir /path/to/dir

Where /path/to/dir is a directory where the large files can be
temporarily stored and must be writable to by the nobody user

Then restart httpd

5. Pure-ftpd upload scanning requires you to edit the active pure-ftpd.conf (e.g. /etc/pure-ftpd.conf) and adding/modifying the line:

CallUploadScript yes

Note: Pure-ftpd must be compiled with –with-uploadscript option (usually done by default)

On Linux:
Then restart pure-ftpd and pure-uploadscript. The installation process adds a new service in /etc/init.d/pure-uploadscript which runs as a daemon and passes ftp uploads to /etc/cxs/cxsftp.sh

On FreeBSD:
Then add the following lines to /etc/rc.conf:

pureftpd_enable=”YES”
        pureftpd_upload_enable=”YES”
        pureftpd_uploadscript=”/etc/cxs/cxsftp.sh”

   Then restart pure-ftpd

6. ClamAV scanning requires a running clamd daemon. By default cxs will look for the clamd socket at /tmp/clamd and /var/clamd, if it is located elsewhere then you must use the –clamdsock option and pass the socket location in every cxs call (i.e. in cxsftp.sh, cxscgi.sh and the cxs CLI) or use a cxs.defaults file.

7. If you want automatic updates then use the following as an example:

ln -s /etc/cxs/cxsdaily.sh /etc/cron.daily/

8. You can test both Perl CGI and PHP upload checks by copying the files /etc/cxs/test.* to an empty test directory within a web site on the server (set the file permissions and ownership correctly).

First, upload a normal file to check the uploads work.

Then try uploading the exploit file from /etc/cxs/test/udp.pl which should trigger whatever settings you have configured in /etc/cxs/cxscgi.sh

You can also upload /etc/cxs/test/udp.pl via FTP which should trigger whatever settings you have configured in /etc/cxs/cxsftp.sh

NOTE: Remove the test scripts from the web site after testing as the test scripts are NOT secure.

9. See the RECOMMENDATIONS in the cxs POD documentation

Webmin Module Installation/Upgrade (not yet implemented)
==================================

To install or upgrade the cxs webmin module:

Install cxs as above
Install the cxs webmin module in:
  Webmin > Webmin Configuration > Webmin Modules >
  From local file > /etc/cxs/cxswebmin.tgz > Install Module

Uninstallation
==============

Reverse items 4, 5 and 7 above, then:

cd /etc/cxs
sh uninstall.sh
cd /root

Visit- Hostripples


Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.

Recent Posts

The Science Behind Social Media Posting Times

In today's digital landscape, timing is everything. Whether you're a social media manager, business owner, or content creator, the success…

7 days ago

Mastering Google Search Console: Tips for New Users

Are you a website owner? Maintaining the website is the prime concern for any website owner. Yes, it’s equally important…

1 week ago

A Comprehensive Guide to Changing and Protecting the WordPress Login URL

If you’ve planned to launch a WordPress website, you might get a question, “How do I log in to WordPress?”…

2 weeks ago

The Ultimate Showdown: Linux vs Windows for VPS Hosting

As the demand for virtual private servers (VPS) continues to grow, businesses and individuals are faced with a crucial decision:…

1 month ago

Questions to Ask Your Web Hosting Support Team

Web hosting is a large industry, as many other factors help any web hosting provider to form a company. The…

1 month ago