Announcement

Collapse
No announcement yet.

ConfigServer Exploit Scanner on InterWorx

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • chirpy
    started a topic ConfigServer Exploit Scanner on InterWorx

    ConfigServer Exploit Scanner on InterWorx

    We’re pleased to announce that our ConfigServer Exploit Scanner application is now fully supported on the InterWorx control panel. This means that installation is now included (see the cxs FAQ for conditions). We've used our experience with porting the ConfigServer Firewall (csf) to InterWorx to fully integrate cxs within NodeWorx.

    cxs exploit scanning:
    • Actively scans all modified files within user accounts using the cxs Watch daemon regardless of how they were uploaded
    • PHP upload scripts (via a ModSecurity hook)
    • Perl upload scripts (via a ModSecurity hook)
    • CGI upload scripts (via a ModSecurity hook)
    • Any other web script type that utilises the HTML form ENCTYPE multipart/form-data (via a ModSecurity hook)
    The active scanning of files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. It can also prevent the uploading of PHP and perl shell scripts, commonly used to launch more malicious attacks and for sending spam.

    cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.

    More information is available on the product page:

    https://www.configserver.com/cp/cxs.html

    Note: We obtained permission from InterWorx to post this release announcement.

    Jonathan Michaelson
    (configserver.com)

  • d2d4j
    replied
    Hi Nico

    SOrry I meant to update but was waylaid sorry

    I think the below is how to install (centos) and disable on a per siteworx usage

    Many thanks

    John

    yum install mod_security mod_security_crs

    Mod Security Config File – /etc/httpd/conf.d/mod_security.conf
    •Debug Log – /var/log/httpd/modsec_debug.log
    •Audit log – /var/log/httpd/modsec_audit.log
    •Rules – /etc/httpd/modsecurity.d/activated_rules

    to disable at siteworx level - vhost file

    <IfModule security2_module>
    SecRuleEngine Off
    </IfModule>

    Leave a comment:


  • chirpy
    replied
    Hi John, thank you for the feedback.

    If you run into any difficulties, let us know as we do want to make it as painless as possible for people to install, without making too many assumptions on their installed environments.

    Jonathan

    Leave a comment:


  • d2d4j
    replied
    Hi chirpy

    Kudos to you

    I bought cxs and have it installed on a production server

    Works lovely from what I can see and tested using eicar test files

    The part I struggled with a little was clamd socket and clamav user changing to root from clamav. After a few tests, all seems fine but still have to test mail for clamav running/scanning.

    I would prefer cxs over maldet

    Mod security integrates very well and I’ll post how to install mod security into centos 6 and 7 later, as it needs installing for cxs to enable mod security. It does read as though cxs install mod security or did to me

    Kudos to you

    Many thanks

    John

    Leave a comment:

Working...
X