In this how to we are going to install ConfigServer eXploit Scanner (cxs) on a server with CentOS and DirectAdmin installed.
We need to install some prerequisites before we can install css, otherwise we’ll get errors like this:
Quote
Can’t locate Archive/Zip.pm in @INC (@INC contains: /etc/cxs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 41) line 2.
BEGIN failed–compilation aborted at (eval 41) line 2.
If you start cxswatch from command line, you’ll get this…
Quote
Starting cxswatch daemon:Can’t locate Linux/Inotify2.pm in @INC (@INC contains: /etc/cxs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /etc/cxs/cxswatch.pm line 8.
BEGIN failed–compilation aborted at /etc/cxs/cxswatch.pm line 8.
Install prerequisites:
yum install cpan cpan -i Archive::Zip cpan -i Archive::Tar wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -Uvh epel-release-6*.rpm yum install perl-Linux-Inotify2
Also make sure you have installed Mod_Security, “Install Mod_Security on a DirectAdmin box” for a step by step guide.
Next we are going to install ClamAV on our server. This can be done via the custom build script that is included in DirectAdmin, use this guide: http://help.directad...item.php?id=370
Download and install cxs:
wget http://www.configserver.com/free/cxsinstaller.tgz tar -xzf cxsinstaller.tgz perl cxsinstaller.pl rm -fv cxsinstaller.*
Now you have to determine what your cxs parameters will be. You can do this via your Admin panel, there’s a new option called “ConfigServer exploit Scanner”. When you determined the startup parameters, add it to /etc/cxs/cxswatch.sh. Example:
/usr/sbin/cxs --Wstart-Wmaxchild3--Wloglevel0--Wsleep3--report /var/log/cxs.scan --logfile /var/log/cxs.log --mail admin@roothelp.net --exploitscan --virusscan --nosversionscan -I /etc/cxs/cxs.ignore -Q /home/quarantine --options mMOfSGchdnwZRD --qoptions Mhv--summary -C /tmp/clamd.socket -T 5--allusers
And finally you can start cxswatch:
service cxswatch start