ConfigServer Services
Server Management Services from Way to The Web Ltd

Christmas Holiday

We will be closing our Store, Sales and Helpdesk from 17:30 Friday, 21st December 2018 to 09:00 Wednesday, 2nd January 2019. No orders, support requests or sales emails will be processed between those dates.

If you purchase a license or Service Package before the closing date and require installation, please be sure to leave at least 24 hours before then for the work to be done. Otherwise, any work will be scheduled for after this period.

How do I configure cxs to ignore a file or directory that I know is a false positive?

  Print
  • Saturday 17th June 2017 12:28

1. Create a file called /etc/cxs/cxs.ignore. It is a good idea to copy the file /etc/cxs/cxs.ignore.example to /etc/cxs/cxs.ignore so that you have a reference for correct syntax in your ignore file.

2. Add the following to the cxs command line for any scan that you want to use the ignore file:

--ignore /etc/cxs.cxs.ignore

So, for example, you may have this command line in cxswatch.sh:

/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp -Q /home/quarantine --qoptions Mv \ 
--mail root --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 300

Add the ignore setting:
/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp -Q /home/quarantine --qoptions Mv \ 
--ignore /etc/cxs.cxs.ignore --mail root --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 \
--Wrateignore 300

For cxswatch you must restart the cxswatch daemon any time you modify the file cxswatch.sh.

3. Finally, you must be sure to use the correct syntax and keyword for the file or directory you want to ignore. There is an explanation and examples for the different keywords that are available for the ignore file.

# You must use the following format:
#
# user: - ignore user
# file: - ignore file
# dir: - ignore directory
# sym: - ignore symlink
# script: - ignore web script (ModSecurity hook)
#
# puser: - regex of users to ignore
# pfile: - regex of files to ignore
# pdir: - regex of directories to ignore
# psym: - regex of symlinks to ignore
# pscript: - regex of web script to ignore (ModSecurity hook)
#
# The following do not apply to web script uploads via ModSecurity hook:
# hfile: - ignore file relative to a users homedir
# hdir: - ignore directory relative to a users homedir
# hsym: - ignore symlink relative to a users homedir
#
# match: - ignore regex pattern match
# md5sum: - ignore file md5sum
# fp: - ignore fingerprint match
#
# The following only apply to web and ftp script uploads:
# ip: - ignore uploads from IP address
#


Related Articles

Self-Hosted Help Desk Software by SupportPal.

Login

 
Forgot password?
Register now