cPGuard Lite command line
cpgcli is the command line tool included with cPGuard. cPGuard Lite provides a number of helpful commands that enables you to use and configure cPGuard Lite even without a user interface.
Command syntax
cpgcli command --optionsTo view a list of all available cpgcli commands, you may use the cpgcli --help command. Every command also has a “help” screen which displays and describes the command’s available options and variable. To view a help information, add --help option to the command
cpgcli scanner --helpExecuting most of the commands without any options will give you the current status or values for that particular feature
Manage cPGuard License
# license command
To apply and manage cPGuard license on a server you can use the license command. Use one of the options mentioned below with the command to apply, renew or remove license from a server.
--status |
Display the status of license on the server |
--key LICENSE-KEY |
Apply a new cPGuard license |
--renew |
Renew localy stored license information |
--remove |
Remove cPGuard license from server |
Example usage
cpgcli license --key 8rs-gkijdjslnckduedasoManage scanner engine
# scanner command
This command offers a convenient way for managing the automatic background virus scanner, allowing users to enable or disable its functionality, check its current operational status, and even restart the scanner if needed. This virus scanner operates behind the scenes to safeguard the system from potential threats.
| Options | |
--enable |
Enable automatic background virus scan for directories listed in the watchlist |
--disable |
Disable automatic background virus scan |
--restart |
Rebuild watchlist and restart the automatic scanner service |
Watchlist is a list of directories that cPGuard monitors for file changes. You can view and manage the watchlist with the watch command mentioned below
Example usage
cpgcli scanner --enable# cleanup command
Automatic file cleanup is a pivotal component designed to mitigate the impact of malware by automatically removing malicious code from infected files therby preventing your website or application from being broken or taken down. On identifying a feasible file, it can either be replaced from our CDN (core files of popular CMS, plugins, and themes), or be cleaned by our cleanup engine, leaving behind a sanitized version of the file.
| Options | |
--enable |
Enable file cleanup |
--disable |
Disable file cleanup |
# dailyscan command
The daily scan feature is designed to enhance the efficiency and effectiveness of malware detection by specifically targeting files under the watchlist that have been modified within the last 24 hours. By focusing on recently altered files, this optimizes scanning processes and ensures that the system remains protected against potential threats that may have been introduced recently but were skipped by cPGuard for any reason.
| Options | |
--enable |
Schedule daily scan to run at midnight every day |
--disable |
Disable daily scan feature |
# weeklyscan command
The weekly scan feature is engineered to leave no stone unturned. It ensures the detection of malware threats that might otherwise remain hidden. By scanning (or re-scanning) only files under the watchlist that were modified in the last week, this feature optimizes the scanning process, saving time and system resources while ensuring that any newly introduced malicious content is promptly detected.
| Options | |
--enable |
Schedule weekly scan to run at midnight every day |
--disable |
Disable daily scan feature |
# watch command
View the list of directories under surveillance by the automated file scanner of cPGuard, and adjust the list by including or removing additional directories as needed.
| Options | |
--add |
Add a directory to watchlist |
--remove |
Remove a directory from watchlist |
--list |
View a list of additional directories added to the watchlist |
--all |
View list of all directories in the watchlist ( raw list is available at /etc/cpguard/watchlist.txt ) |
# file-action command
With this command, you can set the action the scanner engine should execute upon encountering infected files.
| Options | |
--virus action |
Set action for “Virus Files” |
--suspicious action |
Set action for “Suspicious Files” |
--binary action |
Set action for “Binary Files” |
Use one of the following actions : email, disable or quarantine
# whitelist command
Whitelisting a file involves adding the file to a trusted list, exempting it from being flagged as a potential threat during scans.
| Options | |
--user --list |
View all whitelisted users |
--user --add user |
Add user(s) to scanner whitelist |
--user --remove user |
Delete user(s) from scanner whitelist |
--file --list |
View all whitelisted files/paths |
--file --add filename |
Add file(s) to scanner whitelist |
--file --remove filename |
Delete file(s) from scanner whitelist |
You can enter multiple users/filenames to whitelist by seperating values by comma or space
# blacklist command
Blacklisting a file makes the scanner treat it as suspicious or potentially harmful, causing the scanner to take specific actions when encountering it.
| Options | |
--file --list |
Schedule weekly scan to run at midnight every day |
--file --add filename |
Disable daily scan feature |
--file --remove filename |
Schedule weekly scan to run at midnight every day |
Manually scaning directories
# scan command
Whitelisting a file involves adding the file to a trusted list, exempting it from being flagged as a potential threat during scans.
| Options to start scan | |
--all |
Scan all directories monitored by cPGuard. To see the list, run cpgcli watch --all |
--path directory-path |
Scan the given directory |
--daily |
Scan files in watchlist that are modified in last 24 hours |
--weekly |
Scan files in watchlist that are modified in last 7 days |
--virus-action action |
Perform the opted action on virus file found during the scan |
--suspicious-action action |
Perform the opted action on suspicious file found during the scan |
--binary-action action |
Perform the opted action on binary file found during the scan |
You need not specify an action unless required. If unspecified, the main/default actions already set using
cpgcli file-actionwill be used. Action can be one of the following : email, disable or quarantine
Example usage
cpgcli scan --all --virus-action email --binary-action disablecpgcli scan --path /home/user/public_html --suspicious-action email| Options to view results | |
--list |
View manual scan list |
--watch |
View a list of queued or active scans |
--result ID |
View results of a specific scan |
--result ID --export filepath |
Export results as a CSV file |
--stop ID |
Stop scan a specific ID |
--delete ID |
Delete a scan having the ID |
View and take actions on scanner logs/results
# scanner-logs command
This command helps you access and analyze detailed scanner log entries, including identified threats, scan results, timestamps, and any actions taken on files. You can filter log entries based on various criteria, aiding in the prompt identification of potential security breaches.
| Options | |
--user user |
Filter results by user |
--file 'filename or path' |
Filter results by file name or path |
--from 'time from' |
Filter results after time |
--to 'time to' |
Filter results before time |
--signature 'signature' |
Filter results by signature |
--export path |
Export as CSV to path |
Example usage
cpgcli scanner-logs --log-id 54845cpgcli scanner-logs --signature '{HEX}Something' --file 'index.php'cpgcli scanner-logs --from '-24 hours' --to 'now'cpgcli scanner-logs --from '01-08-2023' --user 'client1'cpgcli scanner-logs --export '/root/scanner-logs.csv' --from '-7 days'You may use simple human readable formats for options that filter logs based on time. Check the examples for a few usable types
# log-action command
Automatic file cleanup is a pivotal component designed to mitigate the impact of malware by automatically removing malicious code from infected files therby preventing your website or application from being broken or taken down. On identifying a feasible file, it can either be replaced from our CDN (core files of popular CMS, plugins, and themes), or be cleaned by our cleanup engine, leaving behind a sanitized version of the file.
| Options – Actions | |
--restore |
Restore a file to original location |
--quarantine |
Move file to Quarantine |
--delete |
Delete infected file |
--disable |
Disable infected file |
| Options to select logs | |
--user user |
Select logs by user |
--file 'filename or path' |
Select logs by file name or path |
--from 'time from' |
Select logs logs after time |
--to 'time to' |
Select logs logs before time |
--signature 'signature' |
Select logs by signature |
--scan-id ID |
Select logs by manual scan ID |
--log-id ID |
Select log by log ID(s) |
You have to provide atleast one filter for
log-action. Multiple log ID’s can be seperated using a comma or space
Example usage
cpgcli log-action --restore --log-id 54845cpgcli log-action --delete --signature'{HEX}Something' --file 'index.php'cpgcli log-action --quarantine --from '-24 hours' --to 'now'cpgcli log-action --disable --from '01-08-2023' --to '03-08-2023'IP reputation checks
# ip-reputation command
IP Reputation check feature conducts queries multiple DNSBL databases, which maintain lists of IP addresses that have been reported for malicious behavior or have shown a history of suspicious activities. A blacklisted IP address can imply that a client acount might be associated with spam, malware distribution, or other illicit activities.
| Options | |
--enable |
Enable automatic IP reputation checks |
--disable |
Disable automatic IP reputation checks |
--check IP |
Check given IP and display live result |
--result |
View Automatic IP reputation check results |
--result IP |
View reputation result of a specific IP |
--add-ip IP |
Add IP to reputation monitoring |
--remove-ip IP |
Remove IP from reputation monitoring |
--list-hosts |
Display list of active DNSBL hosts |
--list-hosts --available |
Display list of all available hosts (curated by cPGuard) |
--add-host hostname |
Enable an available host or Add a custom DNSBL host |
--remove-host hostname |
Remove or disable a host from the list |
Configure email notifications
# notification command
Use the command to set up notification email alerts, ensuring timely communication of critical events, updates, and system status.
| Options | |
--primary-email email |
Set primary email to recieve email notifications |
--secondary-email email |
Set secondary email to recieve email notifications |
--enable |
Enable all notifications |
--disable |
Disable all notifications |
--enable type1, type2 |
Enable specified notificaition types |
--disable type1, type2 |
Disable specified notificaition types |
--method |
View current notification method |
--method local |
Use local relay for sending notification emails |
--method smtp |
Use SMTP for sending notification emails |
Supported types are virus, suspicious, binary, iprep, daily_report which stands for nofications on detection Virus files, Suspicious files, Binary file, IP reputation blacklist and Daily report
You will be prompted for SMTP configuration on choosing method smtp
Manage IP whitelist
# ip command
This command lets you define a list of trusted IP addresses, ensuring that cPGuard does not block any request from these IP addresses.
| Options | |
--allow IP1 IP2.. |
Add IP(s) to cPGuard whitelist |
--remove IP1 IP2.. |
Delete IP(s) from cPGuard whitelist |
--check IP |
Check if an IP is whitelisted in cPGuard |
Report a file for review
# report command
The command facilitates the submission of false positive or suspicious files to us for review. Users can include contextual information regarding the file’s source, suspected activity, and potential impact as a description.
| Options | |
--false-positive filepath |
Report a file as false positive |
--virus filepath |
Report a malicious file which was not identified by cPGuard |
--desc 'description' |
Add an optional description |
Export and import settings
# config command
The command facilitates the submission of false positive or suspicious files to us for review. Users can include contextual information regarding the file’s source, suspected activity, and potential impact as a description.
| Options | |
--export filename |
Export cPGuard configuration to a file |
--import 'filename or url' |
Import configuration from a settings file |
Exported settings can be imported on another server for a common or easy setup across servers.
OPSSHIELD support access
# support-access command
By using this command, you can grant server access to our qualified support personnel, facilitating efficient troubleshooting and issue resolution. The --grant command adds our ssh key to the root users ssh authorized_keys file.
| Options | |
--grant |
Grant server access to support |
--revoke |
Revoke server access to support |
--status |
Get current status of OPSSHIELD support access |
You may still have to manually whitelist IP addresses of our support servers on your network/firewall
cPGuard software update
# update command
You can use this command to check the availability of software updates and to update cPGuard software manually. This comes in handy when there are updates with important bug fixes or critical new features that you want applied immidiately on your server.
| Options | |
--export filename |
Export cPGuard configuration to a file. |
--import 'filename or url' |
Import configuration from a settings file. |
cPGuard checks for availability of updates at regular intervals and updates itself automatically.
In conclusion, this comprehensive help document hopes to provide detailed insights into the myriad command-line options available within our software, enabling you to easily manage various aspects cPGuard installed on your server.
We value user feedback and actively encourage you to communicate your suggestions, ideas, and needs for new features or improvements to our command-line functionalities.