STICKY rules for CXS.XTRA regs.

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
dedicados
Junior Member
Posts: 1
Joined: 10 Jan 2023, 06:37

Re: STICKY rules for CXS.XTRA regs.

Post by dedicados »

thank you.

i have an issue with a miner on my server, and i wanted to know if this add is correct.

this was the executable:
/root/moneroocean/xmrig --config=/root/moneroocean/config.json

and i added it to CXS.xtra as:

regall:quarantine:moneroocean
file:xmrig

thanks
Top
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: STICKY rules for CXS.XTRA regs.

Post by Sarah »

If this is a script or application that you did not put on your server, and it is actually located in the root directory as per your post, then it is not a cxs issue because it's an indication your server may be root compromised. Cxs is not designed to scan for rootkits or root compromises, there are other tools for that. Cxs is designed to scan normal user accounts for exploits.

If the executable file xmrig is in a user account web directory rather than in /root/, and you want cxs to detect and quarantine it, then you should be able to use this line in cxs.xtra:

Code: Select all

file:quarantine:xmrig
Regards,

Sarah
Configserver.com
Top
Post Reply

Return to “General Discussion (cxs)”