Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
From:
Fixed a SECURITY BUG in Quarantine file restore which could result in root privilege escalation. The destination restore file must not now exist before restoring will work. Our thanks to Jeff Petersen for reporting this issue
All cxs users should upgrade to this release immediately
From:
Further SECURITY improvements to Quarantine functionality
After some extensive testing we've discovered a feature in ModSecurity where a cxs scan can report a seemingly non-existent script on a server which is being exploited.
The symptoms:
Web upload script user: nobody (99)
Web upload script owner: ()
Web upload script: /home/user/public_html/store/admin
Remote IP: 1.2.3.4
Deleted: No
Quarantined: No
To enable file upload scanning for web scripts, ModSecurity needs to have the option SecRequestBodyAccess enabled (as explained in the install document).
This option configures whether request bodies will be buffered and processed by ModSecurity.
You will need to ensure that other any ModSecurity rules that you have have been correctly written to deal with POST_PAYLOADS. If they have not, then...
When you run cxs you will invariably encounter false-positives that trigger one or more of the scanning options.
We do not recommend that you simply stop using the option that triggers, rather it would be better to simply ignore the false-positive files using an ignore file as per the documentation.
The best way to generate the ignore file is to create it first, e.g.:
touch...
Perhaps someone might be able to point me in the right direction, as I seem to be getting nowhere with this. I encountered this issue where, cxswatch is unable to scan files in /tmp folder. In logs, I can see the following error:
ModSecurity: Exec: Execution failed while reading output: /etc/cxs/cxscgi.sh (End of file found)
Hi.
One of my servers is reporting:
/var/log/cxswatch.log:
May 10 03:02:00 server1 cxswatch : Inotify Event Queue Overflow - some activity for [] [] has been lost, you might want to ignore this resource or increase /proc/sys/fs/inotify/max_queued_events
May 10 03:08:24 server1 cxswatch : Inotify Event Queue Overflow - some activity for [] [] has been lost, you might want to ignore this resource...
Inotify Event Queue Overflow - some activity for [] [] has been lost, you might want to ignore this resource or increase /proc/sys/fs/inotify/max_queued_events
Hi.
I created an MD5SUM for index.html file and add it to cxs.ignore but CXS continues to show:
WARNING: '.../public_html/wp-content/uploads/ast-block-templates-json/index.html' scanned 6 times in the last 30 seconds, you might want to ignore this resource
I don't want to ignore the route nor the file name but I want to ignore the MD5SUM, Any idea?
I'm getting a version check that's telling me the versions of the RSForms mod_rsform and mod_rsform_list are old. It seems to be looking for version at least 3.3.3, but the current version of the module is 3.1.0, according to the RS Joomla site:
RSForm! Pro Module 3.1.0
With this module you can publish your form into a module (template position).
I have a problem for about a month. Before everything was running ok but for about a month cxs daily and weekly scans didn't ignore the directories that are written in the cxs.ignore file.
The directories i am having trouble are directadmins user logs directories that are found at /home/ /domains/ /logs
I have 2 line related for this in the cxs.ignore file:
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum