New cxs v4.01

Changes:

  • Introducing a new Quarantine system. This new version creates a more secure method of quarantining suspicious files in cxs. It removes the need for a directory with 1777 permissions. It also makes the layout and maintenance of the quarantine directory much simpler
  • Automatically rename old quarantine directory to [dir].(timestamp) and create new quarantine structure. An email is sent to root with a reminder to remove the old directory
  • Any pre v4 old quarantine directory can still be viewed and restored from through the UI if required, though this functionality (for old quarantine directories) will be removed in the future
  • New option –qcreate. This option is used to create a new quarantine directory structure. It will rename any pre-existing directory to [name].(timestamp)
  • New option –qclean [days]. This option is used to clean a quarantine directory specificed with –quarantine [dir], retaining the last [days] worth of files
  • New option –qrestore [file]. This option is used to restore a quarantine file via the CLI to the original file location (v4 quarantined files only)
  • New option –qview [file]. This option is used to view a quarantined file via the CLI
  • Modified cxs UI to cater for new quarantine layout and provide some additional information on quarantined files
  • Added new file /etc/cxs/cxsdaily.sh as an example file to symlink from /etc/cron.daily/ to perform daily tasks and added to RECOMMENDATIONS in the docs
  • Modified cxs Watch scanning to automatically scan newly created directories for exploits to help overcome an issue where files are created before a new directory is watched
  • Support for running cxs through suhosin has been removed
  • Fixed issue with –defapache [user]
  • Modified recommendations on file ownership and permissions when using –logfile [file]
  • HTTP::Tiny upgraded to v0.037
  • POD documentation tidy
  • Exploit fingerprint definitions database additions