Archive | January, 2012

ConfigServer Exploit Scanner – external perl script to run upon detection of a match

One very useful option recently added to CXS is –script

For example, I am currently using something like:

/usr/sbin/cxs –report /var/log/cxs.scan –logfile /var/log/cxs.log –mail reports@myhost.co.uk –vir -I /etc/cxs/cxs.ignore –options mMOfSGChednWZDR –script /root/cxswatchscript.sh –xtra /etc/cxs/cxs.xtra -Z –sum -F 200000 -C /var/clamd -T 10 -B –allusers

the script defined above, /root/cxswatchscript.sh, receives 4 arguments from CXS

$1 = filename
$2 = option triggered
$3 = message reported
$4 = account name

Read More…

ConfigServer Exploit Scanner – Individual User Warning Email Script

Parse the CXS Log file for warnings, and email your customers with details of the Malware found in their accounts via a Perl script.

  • Got ConfigServer Exploit Scanner – CXS – installed on your cPanel/WHM server?
  • Doing a full server scan every now and then, and getting swamped with the reports?
  • Want a script that will trawl the reports, and email the cpanel users with their problems automatically?

Then you came to the right place! Read More…