Control Web Panel (CWP) Pro (formerly known as CentOS Web Panel) has many security plugin options available for installation. If you’re a CWPpro admin user, you can install and manage these integrations right from the dashboard – allowing you to scan for malicious software on your system.
Below we’ll quick walk you through the security plugin options you have with CWPpro.
CWP free version users can use these tools but must install and manage them entirely from the terminal.
- Control Web Panel Malware Scanners
- CWP Server Auditing Tools
Control Web Panel Malware Scanners
These security solutions primarily detect and quarantine malware on your system to prevent cyber attacks.
Linux Malware Detect (LMD), also known as Maldet, is a malware scanner that uses HEX patterns and MD5 hashes to detect compromised data. Some Linux system administrators use Maldet and ClamAV together for access to additional virus databases.
Select Maldet Scan from the sidebar. Then select a CWP user from the drop-down menu (check the box to also search background processes) and Scan User.
Advanced users can do manual scans from the terminal:
maldet --scan-all /path-to-folder
Rootkit Hunter, also known simply as Rkhunter, searches for rootkits, backdoors and other exploits by comparing SHA-1 hashes against online databases. Rkhunter checks for suspicious permissions, hidden files, and modifications to kernel modules.
Select Rkhunter Scan from the sidebar. Once installed you’ll have buttons to scan your system or update your malware databases.
You can run Rkhunter from your terminal with the following command:
PHP Defender, located in the Security Center with ClamAV, uses the Snuffleupagus PHP module to harden PHP code and mitigate various bug classes, including code injection, cookie stealing, and remote code execution. All of this is done without you having to edit raw PHP code.
After selecting Security Center from the sidebar, choose Custom Installation if you wish to only install the PHP module for specific PHP versions. “Defender mode” is basically the level of security applied. Basic is fine and you can easily change this later.
CWP Server Auditing Tools
The following are passive scanners that provide information to help you better understand your cybersecurity posture, which is useful for vulnerability assessments and regulation compliance audits.
Lynis, by CISOfy, does a system security assessment to provide various ways you can harden your system for best security practices and regulation compliance.
Select Lynis Scan from the sidebar. Minutes after clicking Scan, you’ll have recommendations for hardening like:
- Kernel configuration and processes
- User and file permissions
- System directories
- Network security
- Memory usage
- Shell access and more
The terminal command equivalent for running Lynis is:
sudo lynis audit system
A symbolic link, or “soft link,” is a file that points to another file, similar to a shortcut on your PC desktop. Just as you might use desktop shortcuts to quickly access programs deep in system folders, malicious users can gain unauthorized access to your system to do the same with your private data. The Symlink Scan module locates symlinks on your system.
Select Symlink Scan from the sidebar. Select a CWP user from the drop-down menu and Scan User. Select View to review any found symlinks.
Advanced users can get similar results in the CWP terminal emulator with the following command:
find . -type l -ls