cPGuard Lite Admin Notes
About cPGuard and its CLI
cPGuard Lite is a security software for website anti-malware scanning and includes other options like IPDB ( a distributed and proactive firewall ) , IP reputation monitoring, etc. It has UI integration with control panels like cPanel, DirectAdmin, Interworx, etc and has a very strong CLI ( /usr/bin/cpgcli ) that makes it powerful and capable to run on any web server with a supported OS platform.
Using the CLI utility of cPGuard, you can quickly replace the conventional ClamAV and Maldet scanners with cPGuard to scan websites. cPGuard anti-malware scanner is more powerful and quick to scan website files ( specifically PHP based websites ) compared to ClamAV and Maldet. The CLI allows automation of the configuration, mass deployments, scheduled jobs, and easy management of cPGuard.
There are a few terminologies, configurations, and procedures that you may need to be familiar to start with managing cPGuard Lite on your servers.
What is a watchlist?
The term watchlist refers to the list of directories that is monitored by the cPGuard automatic scanner for file changes and uploads. This list is physically located at /etc/cpguard/watchlist.txt. We should list all website document roots or the root directory of all the websites ( like /var/www/html ) in this list to ensure that all websites are secured through cPGuard scanner.
Please note that you cannot manage this list by manual entry. The list is automatically generated for the supported control panels and for standalone servers, it is generated using “web_server_conf” or “domain_list” configuration parameter in the standalone configuration file /opt/cpguard/cpguard.ini. You can also view and manage the list using the CLI ( /usr/bin/cpgcli ) using the watch command and its options as given below.
watch View and manage list of direcrtories monitored by cPGuard automatic scanner
Options:
--all Show all directories in the watch list
--list Show all custom/additional directories added by the user
--add directory-path Add custom directory to the list
--remove directory-path Remove a directory from the list
cPGuard Lite Standalone installation
The cPGuard Lite standalone installation is pretty simple and the same as regular Lite installation. The additional steps come during the configuration where you need to input the following values in the configuration wizard or manually do it later.
Webserver name
—————-
;The Server which has virtual hosts configuration
;[Allowed options apache/nginx/litespeed/openlitespeed]
web_server =;Webserver configuration
;————————
;The file having domain name and document root declarations
;Examples
;/etc/apache2/sites-enabled/*.conf,
;/home/*/apache.conf,
;/etc/apache2/apache2.conf;
;/etc/nginx/nginx.conf
web_server_conf =;Domain, Document-root & User source
;————————————
;Used for creating watchlist for automatic scanning, domain list, for various whitelists etc
;If empty, cPGuard will attempt to use `web_server_conf` for building the list
;Path to a JSON file (extension should be .json) or an executable script that generates JSON
;Enter ‘auto’ to automatically identify panel and use premade script if available
;The JSON should be in the following format:
;[
; {
; “domain”: “example.com”,
; “docroot”: “/home/username/public_html/”,
; “user”: “username”
; },
; {
; “domain”: “subdomain.example.com”,
; “docroot”: “/home/username/subdomain/”,
; “user”: “username”
; }
;]
domain_list =
You may also add additional custom directories to the watchlist for automatic virus scanning, using “/usr/bin/cpgcli watch –add dir -path” command which is mentioned above