how to install CXS in cpanel

ConfigServer eXploit Scanner (cxs) is a tool which performs an active scanning of files as they are uploaded to the server. CXS Should only work on a cPanel/WHM server per the product’s requirements. However, you can still install it on a ‘clean’ CentOS machine as long as the required perl libraries are provided.

We’ve created an easy list of “copy & paste” actions for your convenience.

* The followed procedures  had been tested on a clean CentOS 7 Minimal install with “Development Tools” installed (yum group install “Development Tools”)

#Make sure we have epel
yum -y --nogpgcheck install epel-release
# Install perl dependencies
yum install -y --nogpgcheck perl-Archive-Extract  perl-Archive-Tar perl-Archive-Zip perl-libwww-perl perl-LWP-Protocol-https
yum install -y --nogpgcheck perl-Linux-Inotify2 --enablerepo=epel
## Install clamav scanner
yum install -y --nogpgcheck clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd --enablerepo=epel
## Configure clamav scanner
/bin/cp -f /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
sed -i '/^Example/d' /etc/clamd.d/clamd.conf
sed -i 's//root/g' /etc/clamd.d/clamd.conf
sed -i 's/clamd./clamd.d/g' /etc/clamd.d/clamd.conf
sed -i 's/#LocalSocket /LocalSocket /g' /etc/clamd.d/clamd.conf
sed -i 's/#LogFile /LogFile /g' /etc/clamd.d/clamd.conf
sed -i 's|#SelfCheck 600|SelfCheck 86400|g' /etc/clamd.d/clamd.conf
replace "/var/run/clamd.d/clamd.sock" "/var/run/clamav/clamd.sock" -- /etc/clamd.d/clamd.conf
/bin/cp -f /etc/freshclam.conf /etc/freshclam.conf.bak
sed -i '/^Example/d' /etc/freshclam.conf
cat << EOF > /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
Description = freshclam scanner
After =
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
replace "@" "" -- /usr/lib/systemd/system/clamd@scan.service
cat << EOF > /usr/lib/systemd/system/clamd.service
Description = clamd scanner daemon
After =
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = false
cd /usr/lib/systemd/system
systemctl enable clamd.service
systemctl enable clamd@scan.service
systemctl start clamd.service
systemctl start clamd@scan.service
# disable default freshclam cron and run update nightly
rm -f /etc/cron.d/clamav-update
echo "0 6 * * * /usr/bin/freshclam > /dev/null 2>&1" >> /var/spool/cron/root
## Install CXS
cd /usr/local/src/
tar -xzf cxsinstaller.tgz
# Make sure updates are running on daily basis
ln -s /etc/cxs/ /etc/cron.daily/
systemctl start cxswatch
systemctl enable cxswatch