STICKY rules for CXS.XTRA regs.

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
dedicados
Junior Member
Posts: 1
Joined: 10 Jan 2023, 06:37

Re: STICKY rules for CXS.XTRA regs.

Post by dedicados »

thank you.

i have an issue with a miner on my server, and i wanted to know if this add is correct.

this was the executable:
/root/moneroocean/xmrig --config=/root/moneroocean/config.json

and i added it to CXS.xtra as:

regall:quarantine:moneroocean
file:xmrig

thanks
Sarah
Moderator
Posts: 896
Joined: 09 Dec 2006, 22:49

Re: STICKY rules for CXS.XTRA regs.

Post by Sarah »

If this is a script or application that you did not put on your server, and it is actually located in the root directory as per your post, then it is not a cxs issue because it's an indication your server may be root compromised. Cxs is not designed to scan for rootkits or root compromises, there are other tools for that. Cxs is designed to scan normal user accounts for exploits.

If the executable file xmrig is in a user account web directory rather than in /root/, and you want cxs to detect and quarantine it, then you should be able to use this line in cxs.xtra:

Code: Select all

file:quarantine:xmrig
Regards,

Sarah
Configserver.com
Post Reply