cxswatch disable world writable dirs

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
chrismfz
Junior Member
Posts: 20
Joined: 04 Feb 2010, 20:55

cxswatch disable world writable dirs

Post by chrismfz »

I got users with scripts that are chmoding themselves as 777.
Others uploading them this way.
Anyway for whatever reason, there are directories with 777 permissions.

I don't really care, cagefs does the work well. But what concerns me is cxswatch.
I may get ~500 mails per day per server that is 4000 mails in a day only
for warnings about world writable directories.

HOW I can stop cxswatch from informing me about these directories ?
Really stop it. I got a filter to thrash them but that's not the solution.
Servers sending thousands of mails, mails in queue every day, raping the server just because of this.

This for example is only for today until now for one server:
(618 mails in 12 hours from 1 server)
http://infected.gr/writeable.png
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: cxswatch disable world writable dirs

Post by ForumAdmin »

The best thing to do would be to fix whatever script is creating world writable diretories, as there is an inherent security risk in these directories. If you can't do that and want to stop these alerts there are two options:

1. Configure cxs to not scan for world writable directories by specifying "--options -w" in your cxs command line in the cxswatch.sh script. This will configure cxswatch to scan for all the normal default file types except for world writable directories. You may want to set up a scheduled scan (if you do not have one already) that includes the w option to check for world writable directories periodically.

2. Use an ignore file to configure cxswatch to ignore the directory or directories containing these world-writable directories. See the documentation for the --ignore option and the file /etc/cxs/cxs.ignore.example for more information.
Post Reply