ConfigServer eXploit Scanner (cxs) installation on CentOS and DirectAdmin پرینت

In this how to we are going to install ConfigServer eXploit Scanner (cxs) on a server with CentOS and DirectAdmin installed.

We need to install some prerequisites before we can install css, otherwise we’ll get errors like this:

Quote

Can’t locate Archive/Zip.pm in @INC (@INC contains: /etc/cxs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 41) line 2.
BEGIN failed–compilation aborted at (eval 41) line 2.

 

If you start cxswatch from command line, you’ll get this…

Quote

Starting cxswatch daemon:Can’t locate Linux/Inotify2.pm in @INC (@INC contains: /etc/cxs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /etc/cxs/cxswatch.pm line 8.
BEGIN failed–compilation aborted at /etc/cxs/cxswatch.pm line 8.

 

Install prerequisites:

yum install cpan
cpan -i Archive::Zip
cpan -i Archive::Tar
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6*.rpm
yum install perl-Linux-Inotify2

Also make sure you have installed Mod_Security, “Install Mod_Security on a DirectAdmin box” for a step by step guide.

Next we are going to install ClamAV on our server. This can be done via the custom build script that is included in DirectAdmin, use this guide: http://help.directad...item.php?id=370

Download and install cxs:

wget http://www.configserver.com/free/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
perl cxsinstaller.pl
rm -fv cxsinstaller.*

Now you have to determine what your cxs parameters will be. You can do this via your Admin panel, there’s a new option called “ConfigServer exploit Scanner”. When you determined the startup parameters, add it to /etc/cxs/cxswatch.sh. Example:

/usr/sbin/cxs --Wstart-Wmaxchild3--Wloglevel0--Wsleep3--report /var/log/cxs.scan --logfile /var/log/cxs.log --mail admin@roothelp.net --exploitscan --virusscan --nosversionscan -I /etc/cxs/cxs.ignore -Q /home/quarantine --options mMOfSGchdnwZRD --qoptions Mhv--summary -C /tmp/clamd.socket -T 5--allusers

And finally you can start cxswatch:

service cxswatch start