CXS guide for Directadmin

[bdacus01]

This guide is for CentOS 7 and CXS 11
You must have a License from the vendor for this product. I am not affiliated with csf.

ConfigServer eXploit Scanner (cxs) – ConfigServer Services

www.configserver.com

You may want the EPEL repo installed. This guide does not cover that if you need it.

You must have Clamav in options.conf and installed.

cd /usr/local/directadmin/custombuild
./build set clamav yes
./build clamav

Once you have clamav installed

Go setup the clamd.conf

nano /etc/clamd.conf

Find and set the below fields.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /run/clamd.socket

# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
LocalSocketGroup clamav

# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
LocalSocketMode 660

# Remove stale socket after unclean shutdown.
# Default: yes
FixStaleSocket yes

Save

systemctl restart clamd

You can use the below cmd to look for it. It took about a min or so for it to show.

find / -name "*clamd*"

looking for /run/clamd.socket

You will need to have the epel repo installed.

yum install sqlite perl-DBI perl-DBD-SQLite perl-Archive-Tar perl-IO-Zlib perl-Archive-Zip perl-libwww-perl perl-Compress-Zlib perl-LWP-Protocol-https perl-Linux-Inotify2 -y    
wget https://download.configserver.com/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
perl cxsinstaller.pl
rm -fv cxsinstaller.*
echo clamdsock=/run/clamd.socket >> /etc/cxs/cxs.defaults

Now head over to DA login as admin
Go to the Plugins Section.

You should see CXS installed

Once you go thought the wizard and set your answers to the questions.

You should be presented with the CXS screen.

Troubleshooting:

If you get the big red message about Clam not being installed

Check you set the socket in /etc/cxs/cxs.defaults

Should be clamdsock=/run/clamd.socket

If it in there and still red check the /etc/clamd.conf

Make sure you saved and uncommented like above.

Hope this helps. If you find errors about perl module post back. I think I got them all but not totally sure.

 

[urgido]

Hi
Excellent guide.

I succesful installed, I got the following error:
No package perl-Linux-Inotify2 available.

THe problem is that I am unable to get on admin GUI.
Can you give me a clue?

Regards
==
Dependecy solved by epel-release

 

[bdacus01]

Hi
Excellent guide.

I succesful installed, I got the following error:
No package perl-Linux-Inotify2 available.

THe problem is that I am unable to get on admin GUI.
Can you give me a clue?

Regards
==
Dependecy solved by epel-release

Great. And yes you need epel

 

[urgido]

Do you know how I can get cxs on directadmin GUI? I don't have a problem using cxs on ssh but it's more easily through DA.

Thanks

 

[bdacus01]

Do you know how I can get cxs on directadmin GUI? I don't have a problem using cxs on ssh but it's more easily through DA.

Thanks

If you followed my guide it’s there in admin plug-in section

 

[pkwebhost]

This guide is for CentOS 7 and CXS 11
You must have a License from the vendor for this product. I am not affiliated with csf.
https://www.configserver.com/cp/cxs.html


You must have Clamav in options.conf and installed.

[SIZE=2][FONT=arial]cd /usr/local/directadmin/custombuild[/FONT][/SIZE]
[SIZE=2][FONT=arial]./build set clamav yes[/FONT][/SIZE]
[SIZE=2][FONT=arial]./build clamav[/FONT][/SIZE]

Once you have clamav installed


Go setup the clamd.conf

[SIZE=2][FONT=arial]nano /etc/clamd.conf[/FONT][/SIZE]

Find and set the below fields.

[SIZE=2][FONT=arial]# Path to a local socket file the daemon will listen on.[/FONT][/SIZE]
[SIZE=2][FONT=arial]# Default: disabled (must be specified by a user)[/FONT][/SIZE]
[SIZE=2][FONT=arial]LocalSocket /run/clamd.socket[/FONT][/SIZE]
[SIZE=2][FONT=arial]
[/FONT][/SIZE]
[SIZE=2][FONT=arial]# Sets the group ownership on the unix socket.[/FONT][/SIZE]
[SIZE=2][FONT=arial]# Default: disabled (the primary group of the user running clamd)[/FONT][/SIZE]
[SIZE=2][FONT=arial]LocalSocketGroup clamav[/FONT][/SIZE]
[SIZE=2][FONT=arial]
[/FONT][/SIZE]
[SIZE=2][FONT=arial]# Sets the permissions on the unix socket to the specified mode.[/FONT][/SIZE]
[SIZE=2][FONT=arial]# Default: disabled (socket is world accessible)[/FONT][/SIZE]
[SIZE=2][FONT=arial]LocalSocketMode 660[/FONT][/SIZE]
[SIZE=2][FONT=arial]
[/FONT][/SIZE]
[SIZE=2][FONT=arial]# Remove stale socket after unclean shutdown.[/FONT][/SIZE]
[SIZE=2][FONT=arial]# Default: yes[/FONT][/SIZE]
[SIZE=2][FONT=arial]FixStaleSocket yes[/FONT][/SIZE]

Save

[SIZE=2][FONT=arial]systemctl restart clamd[/FONT][/SIZE]

You can use the below cmd to look for it. It took about a min or so for it to show.

[SIZE=2][FONT=arial]find / -name "*clamd*”[/FONT][/SIZE]

looking for /run/clamd.soket


You will need to have the epel repo installed.

[SIZE=2][FONT=arial]yum install sqlite perl-DBI perl-DBD-SQLite perl-Archive-Tar perl-IO-Zlib perl-Archive-Zip perl-libwww-perl perl-Compress-Zlib perl-LWP-Protocol-https perl-Linux-Inotify2 -y     [/FONT][/SIZE]
[SIZE=2][FONT=arial]wget https://download.configserver.com/cxsinstaller.tgz[/FONT][/SIZE]
[SIZE=2][FONT=arial]tar -xzf cxsinstaller.tgz[/FONT][/SIZE]
[SIZE=2][FONT=arial]perl cxsinstaller.pl[/FONT][/SIZE]
[SIZE=2][FONT=arial]rm -fv cxsinstaller.*[/FONT][/SIZE]
[SIZE=2][FONT=arial]echo clamdsock=/run/clamd.socket >> /etc/cxs/cxs.defaults[/FONT][/SIZE]

Now head over to DA login as admin
Go to the Plugins Section.

You should see CXS installed


Once you go thought the wizard and set you answers to the questions.


You should be presented with the CXS screen.

Troubleshooting:


If you get the big red message about Clam not being installed


Check you set the socket in /etc/cxs/cxs.defaults

Should be clamdsock=/run/clamd.socket


If it in there and still red check the /etc/clamd.conf


Make sure you saved and uncommented like above.


Hope this helps. If you find errors about perl module post back. I think I got them all but not totally sure.

This step dead

just follow these step

yum install dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-Archive-Tar.noarch perl-Archive-Zip.noarch perl-Linux-Inotify2 perl-Compress-Zlib sqlite perl-DBI perl-DBD-SQLite

The clamd process must run as root and create a unix socket. To do this,
edit /etc/clamd.conf and set:

User root
LocalSocket /tmp/clamd.socket


wget download.configserver.com/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
perl cxsinstaller.pl

 

[kebirhost]

Hello,

Error:
ClamAV socket [/tmp/clamd.socket] not found

You must install ClamAV (Clamavconnector on cPanel) or ensure clamd is running to use this product correctly
If the clamd socket is not automatically detected, and to clear this message, you must set clamdsock=/path/to/socket in /etc/cxs/cxs.defaults to the live socket location,




Thanks,
Melih

 

[pkwebhost]

Hello,

Error:
ClamAV socket [/tmp/clamd.socket] not found

You must install ClamAV (Clamavconnector on cPanel) or ensure clamd is running to use this product correctly
If the clamd socket is not automatically detected, and to clear this message, you must set clamdsock=/path/to/socket in /etc/cxs/cxs.defaults to the live socket location,




Thanks,
Melih

Check you set the socket in /etc/cxs/cxs.defaults

Should be clamdsock=/run/clamd.socket

 

[kebirhost]

Hello,

Yes but you wrote this:
The clamd process must run as root and create a unix socket. To do this,
edit /etc/clamd.conf and set:

User root
LocalSocket /tmp/clamd.socket


wget download.configserver.com/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
perl cxsinstaller.pl


on the post.

Melih

 

[winisend]

Hi,

Great guide, just a few typos to make copy-pasting easier:

looking for /run/clamd.soket -> /run/clamd.socket

find / -name "*clamd*” -> "*clamd*"

You may also consider adding epel-release to yum list, other than that it's a really helpful guide.

 

[bdacus01]

Thanks typos corrected.

 

[kebirhost]

Hello,

How can i fix this isssue?

# Clamd Error for [SCAN /tmp/cxs_H4D4oa3NhWxmkvD5PlqqCa7bEus.1]: /tmp/cxs_H4D4oa3NhWxmkvD5PlqqCa7bEus.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_T3EpkoQWHi7XGpSqmiHhxZsv6HR.1]: /tmp/cxs_T3EpkoQWHi7XGpSqmiHhxZsv6HR.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_aW7vXr0R3Ham1H0Jtq4OXzmoMLm.1]: /tmp/cxs_aW7vXr0R3Ham1H0Jtq4OXzmoMLm.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_w7gPwagZ5y8vbDGfWZz.1]: /tmp/cxs_w7gPwagZ5y8vbDGfWZz.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_8WXsVAJmBzwdGxQgtP.1]: /tmp/cxs_8WXsVAJmBzwdGxQgtP.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_4urE3Qmm9IapOIJ7Mr0y.1]: /tmp/cxs_4urE3Qmm9IapOIJ7Mr0y.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_a5AHzMYVTYPYiohQvL6e8.1]: /tmp/cxs_a5AHzMYVTYPYiohQvL6e8.1: lstat() failed: No such file or directory. ERROR


Thanks,
Melih

 

[bdacus01]

Hello,

How can i fix this issue?

# Clamd Error for [SCAN /tmp/cxs_H4D4oa3NhWxmkvD5PlqqCa7bEus.1]: /tmp/cxs_H4D4oa3NhWxmkvD5PlqqCa7bEus.1: lstat() failed: No such file or directory. ERROR

Thanks,
Melih

Hey Melih
Do you get these errors during the Install process? OR after you have configured everything? Also if you have a license to CXS you might try their forum. They support directadmin as Beta now. https://forum.configserver.com/viewforum.php?f=26

 

[kebirhost]

Hello,

I installed according to your suggestions. There is no issue on this process but after scanning, i think clamav does not scan.

Thanks,
Melih

 

[bdacus01]

in the wizards did you set all of the options you wanted like in Virus scanning?

 

[Hostmavi]

Hello,

How can i fix this isssue?

# Clamd Error for [SCAN /tmp/cxs_H4D4oa3NhWxmkvD5PlqqCa7bEus.1]: /tmp/cxs_H4D4oa3NhWxmkvD5PlqqCa7bEus.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_T3EpkoQWHi7XGpSqmiHhxZsv6HR.1]: /tmp/cxs_T3EpkoQWHi7XGpSqmiHhxZsv6HR.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_aW7vXr0R3Ham1H0Jtq4OXzmoMLm.1]: /tmp/cxs_aW7vXr0R3Ham1H0Jtq4OXzmoMLm.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_w7gPwagZ5y8vbDGfWZz.1]: /tmp/cxs_w7gPwagZ5y8vbDGfWZz.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_8WXsVAJmBzwdGxQgtP.1]: /tmp/cxs_8WXsVAJmBzwdGxQgtP.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_4urE3Qmm9IapOIJ7Mr0y.1]: /tmp/cxs_4urE3Qmm9IapOIJ7Mr0y.1: lstat() failed: No such file or directory. ERROR

# Clamd Error for [SCAN /tmp/cxs_a5AHzMYVTYPYiohQvL6e8.1]: /tmp/cxs_a5AHzMYVTYPYiohQvL6e8.1: lstat() failed: No such file or directory. ERROR


Thanks,
Melih

1. check your out put

 cat   /etc/systemd/system/httpd.service

if you have

PrivateTmp=true

edit the file

/etc/systemd/system/httpd.service

change

PrivateTmp= true

to

PrivateTmp=false

and restart apache

service httpd restart

this should fix your issue

 

[vahid07]

Hi

Thank you for this guide. i installed it and its work correctly.

whatever about "cxs ModSecurity Scanning" . i use comodo waf plugin . i enabled "cxs ModSecurity Scanning" . but im not sure it work correctly.

result of this command :

curl -F "[email protected]/etc/cxs/test/testexploit.php" 127.0.0.1

is:

<html>Apache is functioning normally</html>

can you please guide about it too?

 

[Hostmavi]

Hi

Thank you for this guide. i installed it and its work correctly.

whatever about "cxs ModSecurity Scanning" . i use comodo waf plugin . i enabled "cxs ModSecurity Scanning" . but im not sure it work correctly.

result of this command :

curl -F "[email protected]/etc/cxs/test/testexploit.php" 127.0.0.1

is:

<html>Apache is functioning normally</html>

can you please guide about it too?

if you run command and cxs works(running) you should get this
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>406 Not Acceptable</title>
</head><body>
<h1>Not Acceptable</h1>
<p>An appropriate

pls check if the cxs runs whit commands
ps -aux |grep cxswatch
or
service cxswatch status

you can start the cxs whit this command
service cxswatch start

 

[vahid07]

if you run command and cxs works(running) you should get this
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>406 Not Acceptable</title>
</head><body>
<h1>Not Acceptable</h1>
<p>An appropriate

pls check if the cxs runs whit commands
ps -aux |grep cxswatch
or
service cxswatch status

you can start the cxs whit this command
service cxswatch start

CSX is active:

[[email protected] ~]# service cxswatch status Redirecting to /bin/systemctl status cxswatch.service ● cxswatch.service - ConfigServer cxs Watch Daemon Loaded: loaded (/usr/lib/systemd/system/cxswatch.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2020-04-11 21:35:57 +0430; 23h ago Process: 23559 ExecStart=/etc/cxs/cxswatch.sh (code=exited, status=0/SUCCESS) Main PID: 23561 (cxswatch) CGroup: /system.slice/cxswatch.service ├─23561 cxswatch ├─23562 cxswatch - sleeping ├─23563 cxswatch - sleeping └─23564 cxswatch - sleeping Apr 11 21:35:57 da.domain.org systemd[1]: Starting ConfigServer cxs Watch Daemon... Apr 11 21:35:57 da.domain.org cxswatch.sh[23559]: cxs Watch daemon starting - logging to /var/log/cxswatch.log Apr 11 21:35:57 da.domain.org systemd[1]: Started ConfigServer cxs Watch Daemon.

but message after run that command is :

<html>Apache is functioning normally</html>

 

[Hostmavi]

I thing you didn't install ModSecurity or it is disabled.
pls check /usr/local/directadmin/custombuild/options.conf
do you have modsecurity=yes ??