ConfigServer Services HelpDesk
Server Management Services from Way to The Web Ltd
ConfigServer Home Page

How do I configure cxs to ignore a file or directory that I know is a false positive?

Support Portal  »  Knowledgebase  »  Viewing Article

  • Saturday 17th June 2017 12:28

1. Create a file called /etc/cxs/cxs.ignore. It is a good idea to copy the file /etc/cxs/cxs.ignore.example to /etc/cxs/cxs.ignore so that you have a reference for correct syntax in your ignore file.

2. Add the following to the cxs command line for any scan that you want to use the ignore file:

--ignore /etc/cxs/cxs.ignore

So, for example, you may have this command line in

/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp -Q /home/quarantine --qoptions Mv \ 
--mail root --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 300

Add the ignore setting:
/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp -Q /home/quarantine --qoptions Mv \ 
--ignore /etc/cxs.cxs.ignore --mail root --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 \
--Wrateignore 300

For cxswatch you must restart the cxswatch daemon any time you modify the file

3. Finally, you must be sure to use the correct syntax and keyword for the file or directory you want to ignore. There is an explanation and examples for the different keywords that are available for the ignore file.

# You must use the following format:
# user:    - ignore user
# file:    - ignore file
# dir:     - ignore directory
# sym:     - ignore symlink
# script:  - ignore web script (ModSecurity hook)
# puser:   - regex of users to ignore
# pfile:   - regex of files to ignore
# pdir:    - regex of directories to ignore
# psym:    - regex of symlinks to ignore
# pscript: - regex of web script to ignore (ModSecurity hook)
# The following do not apply to web script uploads via ModSecurity hook:
# hfile:   - ignore file relative to a users homedir
# hdir:    - ignore directory relative to a users homedir
# hsym:    - ignore symlink relative to a users homedir
# match:   - ignore regex pattern match
# md5sum:  - ignore file md5sum
# fp:      - ignore fingerprint match
# The following only apply to web and ftp script uploads:
# ip:      - ignore uploads from IP address

Share via

Related Articles

Self-Hosted Help Desk Software by SupportPal
© ConfigServer Services