ConfigServer Exploit Scanner on InterWorx

We?re pleased to announce that our ConfigServer Exploit Scanner application is now fully supported on the InterWorx control panel. This means that installation is now included (see the cxs FAQ for conditions). We’ve used our experience with porting the ConfigServer Firewall (csf) to InterWorx to fully integrate cxs within NodeWorx.

cxs exploit scanning:

  • Actively scans all modified files within user accounts using the cxs Watch daemon regardless of how they were uploaded
  • PHP upload scripts (via a ModSecurity hook)
  • Perl upload scripts (via a ModSecurity hook)
  • CGI upload scripts (via a ModSecurity hook)
  • Any other web script type that utilises the HTML form ENCTYPE multipart/form-data (via a ModSecurity hook)
The active scanning of files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. It can also prevent the uploading of PHP and perl shell scripts, commonly used to launch more malicious attacks and for sending spam.

cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.

More information is available on the product page:

https://www.configserver.com/cp/cxs.html

Note: We obtained permission from InterWorx to post this release announcement.

Jonathan Michaelson
(configserver.com)

Hi chirpy

Kudos to you

I bought cxs and have it installed on a production server

Works lovely from what I can see and tested using eicar test files

The part I struggled with a little was clamd socket and clamav user changing to root from clamav. After a few tests, all seems fine but still have to test mail for clamav running/scanning.

I would prefer cxs over maldet

Mod security integrates very well and I?ll post how to install mod security into centos 6 and 7 later, as it needs installing for cxs to enable mod security. It does read as though cxs install mod security or did to me

Kudos to you

Many thanks

John

Hi John, thank you for the feedback.

If you run into any difficulties, let us know as we do want to make it as painless as possible for people to install, without making too many assumptions on their installed environments.

Jonathan

Hi Nico

SOrry I meant to update but was waylaid sorry

I think the below is how to install (centos) and disable on a per siteworx usage

Many thanks

John

yum install mod_security mod_security_crs

Mod Security Config File ? /etc/httpd/conf.d/mod_security.conf
?Debug Log ? /var/log/httpd/modsec_debug.log
?Audit log ? /var/log/httpd/modsec_audit.log
?Rules ? /etc/httpd/modsecurity.d/activated_rules

to disable at siteworx level - vhost file

<IfModule security2_module>
SecRuleEngine Off
</IfModule>