ConfigServer eXploit Scanner (cxs)
ConfigServer eXploit Scanner (CXS) is a tool from ConfigServer that performs active scanning of files as they are uploaded to the server. CXS also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). For more information please visit https://configserver.com/cp/cxs.html
Infected File Action
Choose what action(s) JetBackup will perform once CXS triggers an infection alert.
- Restore Infected File - JetBackup will restore the infected file from the most recent incremental account backup.
- Lock Account Last Backup - JetBackup locks the latest incremental account backup of the affected account.
Enabled for Watch
This will patch "/etc/cxs/cxswatch.sh" file enabling JetBackup hook point. We recommend creating a backup of that file before enabling.
Enabled for Daily Cron
This will patch "/etc/cxs/cxsdaily.sh" file enabling JetBackup hook point. We recommend creating a backup of that file before enabling.
Enabled for FTP
This will patch "/etc/cxs/cxsftp.sh" file enabling JetBackup hook point. We recommend creating a backup of that file before enabling.
Enabled for CGI
This will patch "/etc/cxs/cxscgi.sh" file enabling JetBackup hook point. We recommend creating a backup of that file before enabling.
Action Script
Specify the path of a custom script to enable JetBackup to trigger it once an action is successfully executed. JetBackup will then pass the following arguments to the specified script:
- [1] - The action that was executed (Backup Lock/Restore).
- [2] - The name of the infected cPanel account.
- [3] - The path of the infected file.
Here's a sample script that sends an email notification once the JetBackup Security Plugin executes a file restore/backup lock: