Jetserver – The Lazy Admin Blog
Home  /  CentOS  /  Install CXS on clean CentOS

Install CXS on clean CentOS

elialum April 12, 2016 Leave a Comment

ConfigServer eXploit Scanner (cxs) is a tool which performs an active scanning of files as they are uploaded to the server. CXS Should only work on a cPanel/WHM server per the product’s requirements. However, you can still install it on a ‘clean’ CentOS machine as long as the required perl libraries are provided.

We’ve created an easy list of “copy & paste” actions for your convenience.

* The followed procedures  had been tested on a clean CentOS 7 Minimal install with “Development Tools” installed (yum group install “Development Tools”)

#Make sure we have epel
yum -y --nogpgcheck install epel-release
 
# Install perl dependencies
yum install -y --nogpgcheck perl-Archive-Extract  perl-Archive-Tar perl-Archive-Zip perl-libwww-perl perl-LWP-Protocol-https
yum install -y --nogpgcheck perl-Linux-Inotify2 --enablerepo=epel
 
## Install clamav scanner
yum install -y --nogpgcheck clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd --enablerepo=epel
 
## Configure clamav scanner
/bin/cp -f /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
sed -i '/^Example/d' /etc/clamd.d/clamd.conf
sed -i 's//root/g' /etc/clamd.d/clamd.conf
sed -i 's/clamd./clamd.d/g' /etc/clamd.d/clamd.conf
sed -i 's/#LocalSocket /LocalSocket /g' /etc/clamd.d/clamd.conf
sed -i 's/#LogFile /LogFile /g' /etc/clamd.d/clamd.conf
sed -i 's|#SelfCheck 600|SelfCheck 86400|g' /etc/clamd.d/clamd.conf
replace "/var/run/clamd.d/clamd.sock" "/var/run/clamav/clamd.sock" -- /etc/clamd.d/clamd.conf
/bin/cp -f /etc/freshclam.conf /etc/freshclam.conf.bak
sed -i '/^Example/d' /etc/freshclam.conf
 
cat << EOF > /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
 
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
 
[Install]
WantedBy=multi-user.target
EOF
 
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
 
mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
replace "@" "" -- /usr/lib/systemd/system/clamd@scan.service
 
cat << EOF > /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
 
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = false
 
[Install]
WantedBy=multi-user.target
EOF
 
cd /usr/lib/systemd/system
systemctl enable clamd.service
systemctl enable clamd@scan.service
systemctl start clamd.service
systemctl start clamd@scan.service
 
# disable default freshclam cron and run update nightly
rm -f /etc/cron.d/clamav-update
echo "0 6 * * * /usr/bin/freshclam > /dev/null 2>&1" >> /var/spool/cron/root
 
## Install CXS
 
cd /usr/local/src/
wget https://download.configserver.com/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
perl cxsinstaller.pl
 
 
# Make sure updates are running on daily basis
ln -s /etc/cxs/cxsdaily.sh /etc/cron.daily/cxsdaily.sh
 
systemctl start cxswatch
systemctl enable cxswatch

That’s all 🙂

Eli.

Tags: CentOS, cPanel, CXS, WHM
Next Article

About Author

elialum

Related Posts

  • cPanel :: Safely restore an account after enabling NGiNX

    cPanel :: Safely restore an account after enabling NGiNX

    May 23, 2019
  • Jetbackup :: Better safe then sorry

    Jetbackup :: Better safe then sorry

    January 20, 2019
  • cPanel – Preventing users from downloading / restoring accounts

    cPanel – Preventing users from downloading / restoring accounts

    September 16, 2018

Leave a Reply

Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search Our Blog

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Filter by Categories
Apache
CentOS
CloudLinux
cPanel
ESXI
iSCSI
JetBackup
Litespeed
MySQL
NGINX
Reduxio
SSL
Uncategorized
VMware
Wordpress
XEN

Tags

apache aspx backup CentOS cloudlinux cPanel CXS freetds google htaccess iscsi JetBackup Libmodsecurity litespeed modsec modsecurity mssql MySQL netapp nginx odbc php php.ini phpselector VMFS WHM xenserver

Popular Posts

  • Allow a cPanel server to run a VHOST from multiple IP addresses April 3, 2018
  • How To Install & Configure a Galera Cluster with MySQL on Centos 7 February 6, 2018
  • Libmodsecurity installation April 14, 2016
  • JetBackup Cheat Sheet :: Automatically Acknowledge Alerts November 15, 2018

Recent Posts

  • Building your own private cloud April 20, 2021
  • Dealing with aggressive bot scanners September 14, 2020
  • Litespeed Geo Location Redirect September 14, 2020
  • JetBackup :: Restore on steroids ! August 21, 2020

Recent Comments

  • Khan on Allow a cPanel server to run a VHOST from multiple IP addresses
  • Khan on Allow a cPanel server to run a VHOST from multiple IP addresses
  • Oleg Drabkin on Allow a cPanel server to run a VHOST from multiple IP addresses
  • Khan on Allow a cPanel server to run a VHOST from multiple IP addresses
  • Daniel on How To Install & Configure a Galera Cluster with MySQL on Centos 7
אחסון אתרים | JetApps