CXS guide for Directadmin

[vahid07]

I thing you didn't install ModSecurity or it is disabled.
pls check /usr/local/directadmin/custombuild/options.conf
do you have modsecurity=yes ??

yes. it active . as i say before i use comodo WAF . you can see attached screenshots.

 

[vahid07]

I thing you didn't install ModSecurity or it is disabled.
pls check /usr/local/directadmin/custombuild/options.conf
do you have modsecurity=yes ??

Hi again

i say this issue to CSX support team and they checked my server and say this :

The problem is that modsecurity is not enabled or configured correctly on the server. We do not offer a service to configure or fix modsecurity.

If you run the command below:

httpd -M

You should see among the modules listed the following:

security2_module (shared)

This does not appear on your server.

You need to fix modsecurity before you can enable cxs modsecurity scanning on your server.

so is there any idea about it?

 

[factor]

What web server are you using?

What does

cd /usr/local/directadmin/custombuild
./build options

show?

If you are using Nginx you cannot use Comodo.

 

[nasha]

Hi,
Cant' install perl-Linux-Inotify2 on centos 8

[root@server custombuild]# sudo dnf --disablerepo="*" --enablerepo="epel" list available | grep 'perl-Linux-Inotify2'
perl-Linux-Inotify2.x86_64                         2.1-6.el8                              epel
[root@server custombuild]# sudo yum info perl-Linux-Inotify2
Last metadata expiration check: 1:00:58 ago on Wed 16 Dec 2020 11:23:12 PM +0330.
Available Packages
Name         : perl-Linux-Inotify2
Version      : 2.1
Release      : 6.el8
Architecture : x86_64
Size         : 32 k
Source       : perl-Linux-Inotify2-2.1-6.el8.src.rpm
Repository   : epel
Summary      : Scalable directory/file change notification
URL          : https://metacpan.org/release/Linux-Inotify2
License      : GPL+ or Artistic
Description  : This module implements an interface to the Linux 2.6.13+ Inotify
             : file/directory change notification system. It has a number of advantages over
             : the Linux::Inotify module:
             :    - it is portable (Linux::Inotify only works on x86)
             :    - the equivalent of full name works correctly
             :    - it is better documented
             :    - it has callback-style interface, which is better suited for integration.

[root@server custombuild]# sudo yum install perl-Linux-Inotify2
Last metadata expiration check: 1:01:44 ago on Wed 16 Dec 2020 11:23:12 PM +0330.
Error:
 Problem: conflicting requests
  - nothing provides perl(common::sense) needed by perl-Linux-Inotify2-2.1-6.el8.x86_64
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

 

[Ohm J]

Hi,
Cant' install perl-Linux-Inotify2 on centos 8

[root@server custombuild]# sudo dnf --disablerepo="*" --enablerepo="epel" list available | grep 'perl-Linux-Inotify2'
perl-Linux-Inotify2.x86_64                         2.1-6.el8                              epel
[root@server custombuild]# sudo yum info perl-Linux-Inotify2
Last metadata expiration check: 1:00:58 ago on Wed 16 Dec 2020 11:23:12 PM +0330.
Available Packages
Name         : perl-Linux-Inotify2
Version      : 2.1
Release      : 6.el8
Architecture : x86_64
Size         : 32 k
Source       : perl-Linux-Inotify2-2.1-6.el8.src.rpm
Repository   : epel
Summary      : Scalable directory/file change notification
URL          : https://metacpan.org/release/Linux-Inotify2
License      : GPL+ or Artistic
Description  : This module implements an interface to the Linux 2.6.13+ Inotify
             : file/directory change notification system. It has a number of advantages over
             : the Linux::Inotify module:
             :    - it is portable (Linux::Inotify only works on x86)
             :    - the equivalent of full name works correctly
             :    - it is better documented
             :    - it has callback-style interface, which is better suited for integration.

[root@server custombuild]# sudo yum install perl-Linux-Inotify2
Last metadata expiration check: 1:01:44 ago on Wed 16 Dec 2020 11:23:12 PM +0330.
Error:
Problem: conflicting requests
  - nothing provides perl(common::sense) needed by perl-Linux-Inotify2-2.1-6.el8.x86_64
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

perl(common::sense) is in powertools

https://centos.pkgs.org/8/centos-powertools-x86_64/perl-common-sense-3.7.4-8.el8.x86_64.rpm.html

 

[Richard G]

Yep, check that. Latest Centos 8 update willl disable the Powertools repo if it was enabled. So you have to enable it again.

 

[hostingpangeran]

I initially thought that installing the csx script directly turned out to be an error. then read your posts on this forum and it works
Thank you very much

 

[Richard G]

You're welcome.

 

[juststar]

ConfigServer eXploit Scanner (cxs) – ConfigServer Services

www.configserver.com

Hello there,
I am thinking of buying this product. But it says that the latest version has centos 7.9 support. what should I do? Should I go back to centos 7 version?
Does your CXS work with Centos stream 8?

 

[Active8]

According there requirement it supports:

DirectAdmin - latest versions fully supported (Supported OS's: RHEL v7 to v9, CentOS v7, CloudLinux v7/8/9, AlmaLinux v8/9, Debian v11+, Ubuntu v20.04+)

 

[sahostking]

I think clamd paths have changed and configs reset. Check yours as we noticed on all our servers /etc/clamd.conf does not exist anymore, freshclam.conf was empty and the following file the replacement:

/etc/clamd.d/scan.conf

 

[Richard G]

In our case there was a new freshclam.conf which was not empty but everything was default.
The /etc/clamd.d/scan.conf is a replacement for clamd.conf indeed.

 

[zmicier0k]

I have Directadmin version 1.678 installed on CloudLinux 9.5.
ClamAV version 1.0.8.
cxs: v13.09.
When I running the scanning of some of public_html version I recieved such errors:
# Clamd Error for [SCAN /home/username/domains/domain.com/public_html/wp-cron.php : /home/username/domains/domain.com/public_html/wp-cron.php: File path check failure: Permission denied. ERROR
Clamd has been configured to run as clamscan user in /etc/clamd.d/scan.conf:

User clamscan
LocalSocket /run/clamd.scan/clamd.sock
LocalSocketGroup virusgroup
LocalSocketMode 660
FixStaleSocket yes

The virusgroup group included 2 users:

virusgroup:x:978:clamupdate,clamscan

Can someone help me?

 

[zmicier0k]

After I change
User clamscan
to
User root
And commented out
LocalSocketGroup virusgroup
LocalSocketMode 660
FixStaleSocket yes
The scanning start working.

 

[Richard G]

Good you found the cause. Clamd needs to be root indeed.
I don't know if the other things need to be changed too. I only change to root.