Issue
Realtime scanning is enabled and after some time it becomes disabled, even enabling it implicitly it does become disabled by built-in im360 agent routines.
Message from UI:
"Inotify scans are disabled because running cxswatch daemon was detected "
Environment
- Imunify360
- cxswatch
-
Reproduced on CentOS (might happen on other OS)
- Reproduced on cPanel (might happen on other panels)
Cause
- The cxswatch is enabled and running, it conflicts with Imunify360 real-time routines.
- The cxswatch after being manually stopped/disabled just becomes up and running after some time due to an internal server start-up routine, so after disabling the cxswatch service make sure to fully hard-disable it by additionally removing any system service scripts and symlinks leftovers.
Solution
The cxswatch needs to be either uninstalled or fully disabled.
1. Stop/Disable service:
# systemctl stop cxswatch
# systemctl disable cxswatch
2. Mask service, the service to prevent it from being run by other services:
# systemctl mask cxswatch
To back it again, unmask it with the following command:
# systemctl unmask cxswatch
3. There are some cases where has been noticed that the cxswatch just starts even disabled after a while, so check if there's any leftover that can start the service automatically by other internal server routines
$ ls -la /etc/cxs/cxswatch.sh
-rwx------ 1 root root 968 Apr 7 05:55 /etc/cxs/cxswatch.sh*
The systemd startup routine is calling this script, so remove the permission bit
# chmod 0000 /etc/cxs/cxswatch.sh
To revert the changes, just run:
# chmod 0700 /etc/cxs/cxswatch.sh
It will no longer be started up for builtin auto enable/start routines:
May 26 15:14:09 XXX systemd[1]: Starting ConfigServer cxs Watch Daemon...
May 26 15:14:09 XXX systemd[21343]: Failed at step EXEC spawning /etc/cxs/cxswatch.sh: Permission denied
Finally, enabled and check if the enable_scan_inotify is activated:
# imunify360-agent config update '{"MALWARE_SCANNING": {"enable_scan_inotify": true}}'
# imunify360-agent config show -v --json| grep inotify
"enable_scan_inotify": true,
Comments
0 comments
Please sign in to leave a comment.