ConfigServer Services HelpDesk
Server Management Services from Way to The Web Ltd
ConfigServer Home Page

Store Closure for Short Break

We will be closing our Store, Email and Helpdesk from 09:00 GMT Wednesday, 30 November 2022 to 09:00 GMT Wednesday, 7 December 2022. No orders, support requests or sales emails will be processed between those dates.

If you purchase a license or Service Package before the closing date and require installation, please be sure to leave at least 24 hours before then for the work to be done. Otherwise, any work will be scheduled for after this period.

There was a problem loading the comments.

How do I configure cxs to ignore a file or directory that I know is a false positive?

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
  • Saturday 17th June 2017 12:28

1. Create a file called /etc/cxs/cxs.ignore. It is a good idea to copy the file /etc/cxs/cxs.ignore.example to /etc/cxs/cxs.ignore so that you have a reference for correct syntax in your ignore file.

2. Add the following to the cxs command line for any scan that you want to use the ignore file:

--ignore /etc/cxs/cxs.ignore

So, for example, you may have this command line in cxswatch.sh:

/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp -Q /home/quarantine --qoptions Mv \ 
--mail root --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 300

Add the ignore setting:
/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp -Q /home/quarantine --qoptions Mv \ 
--ignore /etc/cxs.cxs.ignore --mail root --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 \
--Wrateignore 300

For cxswatch you must restart the cxswatch daemon any time you modify the file cxswatch.sh.

3. Finally, you must be sure to use the correct syntax and keyword for the file or directory you want to ignore. There is an explanation and examples for the different keywords that are available for the ignore file.

# You must use the following format:
#
# user:    - ignore user
# file:    - ignore file
# dir:     - ignore directory
# sym:     - ignore symlink
# script:  - ignore web script (ModSecurity hook)
#
# puser:   - regex of users to ignore
# pfile:   - regex of files to ignore
# pdir:    - regex of directories to ignore
# psym:    - regex of symlinks to ignore
# pscript: - regex of web script to ignore (ModSecurity hook)
#
# The following do not apply to web script uploads via ModSecurity hook:
# hfile:   - ignore file relative to a users homedir
# hdir:    - ignore directory relative to a users homedir
# hsym:    - ignore symlink relative to a users homedir
#
# match:   - ignore regex pattern match
# md5sum:  - ignore file md5sum
# fp:      - ignore fingerprint match
#
# The following only apply to web and ftp script uploads:
# ip:      - ignore uploads from IP address
#

Share via

Related Articles


Self-Hosted Help Desk Software by SupportPal
© ConfigServer Services