Perfectly Install CXS - ConfigServer eXploit Scanner in CWP- Control Web Panel

[Sandeep B.]

In this tutorial we’ll learn how you can install CXS in CWP -Control Web Panel wiht below simple steps. CSX is paid Program and you need license to install and use it :

ConfigServer eXploit Scanner (cxs) is a server malware, exploit and antivirus scanner that performs active scanning of files as they are uploaded to the server

• For dedicated or virtual servers – protects all domains, IP addresses and users on the server
• Active (realtime), manual, and scheduled scanning can be performed
• Scans for suspected exploits, viruses, suspicious resources
• Quarantine or delete suspicious files
• Provides an easy to use interface within the root or admin control panel. 
• Licensed on a per server basis, no limit on users or accounts. 
• One time purchase price, includes software updates for the life of the product. No monthly fees.

Buy the license here : LINK

Install CXS in CWP steps :

STEP 1 :

cd /usr/src
yum install perl-Linux-Inotify2 -y
rm -f cxs*
wget https://download.configserver.com/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
chattr -i -R /usr/local/cwpsrv/htdocs/admin/
perl cxsinstaller.pl 1.1.1.1
rm -fv cxsinstaller.*

** replace the 1.1.1.1 with your licensed server IP

STEP 2 :
Now got wo cwp admin dashboard and navigate :

CWP.admin > Configserver Scripts >> ConfigServer Exploit Scanner >> cxs Command Wizard

Choose all default settings and save it

after run this command to use custom CLAM AV :

sed -i '$ a clamdsock=/var/run/clamd.amavisd/clamd.sock' /etc/cxs/cxs.defaults

Then Restart CXS service :

service cxswatch restart

STEP 3 :
Make Directory Permission to 755 :

in order to scanner to work you need to change the DIRECORY permission to 755, to do this all at once for all users run the below command:

chmod 755 /home/*/public_html

If you’ve domain/subdomains directory outside of public_html run below command to fix permission :

chmod 755 /home/*/*

Also you can create custom cron job to run every 15 minutes to fix the permission for new added users or domain/subdomain

Add this cron job :

*/15 * * * * /usr/bin/chmod 755 /home/*/*

 

[Mah1973]

Wow , first time to know that cxs is not working on half of my servers !!!!!

Just tested it with fake virus and if the permissions is not 755 cxs is just not working !.

Thank you man for this great tip.

But I'm afraid that running

chmod 755 /home/*/*

will break some functions for my users ?

I guess it's much safer approach to run this instead ?

find /home/*/ -maxdepth 1 -type d -exec chmod 755 {} \;

let me know what do you think ?

[Mah1973]

I ended up using cwp api to fix the permissions. Much safer and low footprint on the cpu / rams.

I created 2 scripts to accomplish the task for all users on the server. Here is a one line command to create the 2 scripts along with required permissions and code.

echo -e '#!/bin/bash\n\n# Path to the script that lists the usernames\nUSERS_SCRIPT="/root/myscripts/list_users_only"\n\n# CWP API command to fix permissions for a user\nFIX_PERMS_COMMAND="/scripts/cwp_api account fix_perms"\n\n# Loop through each username and fix permissions\nwhile read -r username; do\n    echo "Fixing permissions for user: $username"\n    $FIX_PERMS_COMMAND $username\ndone < <($USERS_SCRIPT)\n\necho "Permissions fixed for all users"' > fix_permissions_allusers.sh && echo -e '#!/bin/sh\n#\n##################################\n# CentOS Web Panel SCRIPT'\''s\n###################################\n\nmysql root_cwp -B -N -s -e "SELECT username FROM user" | while read -r line\ndo\n  echo "$line"\ndone' > list_users_only && chmod +x fix_permissions_allusers.sh list_users_only

Don't forget to create the folder myscripts first.

mkdir /root/myscripts && cd /root/myscripts

then fire the one line command I shared to create the scripts.

You can simply run it using :

./fix_permissions_allusers.sh

or create cron every hour

10 * * * * /root/myscripts/fix_permissions_allusers.sh