ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

STICKY rules for CXS.XTRA regs.

https://forum.configserver.com/viewtopic.php?t=3134

Page 8 of 8

Re: STICKY rules for CXS.XTRA regs.

Posted: 10 Jan 2023, 06:41
by dedicados
thank you.

i have an issue with a miner on my server, and i wanted to know if this add is correct.

this was the executable:
/root/moneroocean/xmrig --config=/root/moneroocean/config.json

and i added it to CXS.xtra as:

regall:quarantine:moneroocean
file:xmrig

thanks

Re: STICKY rules for CXS.XTRA regs.

Posted: 10 Jan 2023, 08:41
by Sarah
If this is a script or application that you did not put on your server, and it is actually located in the root directory as per your post, then it is not a cxs issue because it's an indication your server may be root compromised. Cxs is not designed to scan for rootkits or root compromises, there are other tools for that. Cxs is designed to scan normal user accounts for exploits.

If the executable file xmrig is in a user account web directory rather than in /root/, and you want cxs to detect and quarantine it, then you should be able to use this line in cxs.xtra:

Code: Select all

file:quarantine:xmrig
Regards,

Sarah
Configserver.com
All times are UTC+01:00
Page 8 of 8

Powered by phpBB® Forum Software © phpBB Limited