Announcement

Collapse
No announcement yet.

ConfigServer Exploit Scanner on InterWorx

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ConfigServer Exploit Scanner on InterWorx

    We’re pleased to announce that our ConfigServer Exploit Scanner application is now fully supported on the InterWorx control panel. This means that installation is now included (see the cxs FAQ for conditions). We've used our experience with porting the ConfigServer Firewall (csf) to InterWorx to fully integrate cxs within NodeWorx.

    cxs exploit scanning:
    • Actively scans all modified files within user accounts using the cxs Watch daemon regardless of how they were uploaded
    • PHP upload scripts (via a ModSecurity hook)
    • Perl upload scripts (via a ModSecurity hook)
    • CGI upload scripts (via a ModSecurity hook)
    • Any other web script type that utilises the HTML form ENCTYPE multipart/form-data (via a ModSecurity hook)
    The active scanning of files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. It can also prevent the uploading of PHP and perl shell scripts, commonly used to launch more malicious attacks and for sending spam.

    cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.

    More information is available on the product page:

    https://www.configserver.com/cp/cxs.html

    Note: We obtained permission from InterWorx to post this release announcement.

    Jonathan Michaelson
    (configserver.com)

  • #2
    Hi chirpy

    Kudos to you

    I bought cxs and have it installed on a production server

    Works lovely from what I can see and tested using eicar test files

    The part I struggled with a little was clamd socket and clamav user changing to root from clamav. After a few tests, all seems fine but still have to test mail for clamav running/scanning.

    I would prefer cxs over maldet

    Mod security integrates very well and I’ll post how to install mod security into centos 6 and 7 later, as it needs installing for cxs to enable mod security. It does read as though cxs install mod security or did to me

    Kudos to you

    Many thanks

    John

    Comment


    • #3
      Hi John, thank you for the feedback.

      If you run into any difficulties, let us know as we do want to make it as painless as possible for people to install, without making too many assumptions on their installed environments.

      Jonathan

      Comment


      • #4
        Hi Nico

        SOrry I meant to update but was waylaid sorry

        I think the below is how to install (centos) and disable on a per siteworx usage

        Many thanks

        John

        yum install mod_security mod_security_crs

        Mod Security Config File – /etc/httpd/conf.d/mod_security.conf
        •Debug Log – /var/log/httpd/modsec_debug.log
        •Audit log – /var/log/httpd/modsec_audit.log
        •Rules – /etc/httpd/modsecurity.d/activated_rules

        to disable at siteworx level - vhost file

        <IfModule security2_module>
        SecRuleEngine Off
        </IfModule>

        Comment

        Working...
        X