How Can We Help?
< All Topics
Print

cPGuard Lite command line

cpgcli is the command line tool included with cPGuard. cPGuard Lite provides a number of helpful commands that enables you to use and configure cPGuard Lite even without a user interface.

Command syntax

cpgcli command --options

To view a list of all available cpgcli commands, you may use the cpgcli --help command. Every command also has a “help” screen which displays and describes the command’s available options and variable. To view a help information, add  --help option to the command

cpgcli scanner --help

Executing most of the commands without any options will give you the current status or values for that particular feature

Manage cPGuard License

# license command

To apply and manage cPGuard license on a server you can use  the license command. Use one of the options mentioned below with the command to apply, renew or remove license from a server.

--status
Display the status of license on the server
--key LICENSE-KEY
Apply a new cPGuard license
--renew
Renew localy stored license information
--remove
Remove cPGuard license from server

 
Example usage

cpgcli license --key 8rs-gkijdjslnckduedaso

Manage scanner engine

# scanner command

This command offers a convenient way for managing the automatic background virus scanner, allowing users to enable or disable its functionality, check its current operational status, and even restart the scanner if needed. This virus scanner operates behind the scenes to safeguard the system from potential threats.

Options
--enable
Enable automatic background virus scan for directories listed in the watchlist
--disable
Disable automatic background virus scan
--restart
Rebuild watchlist and restart the automatic scanner service

Watchlist is a list of directories that cPGuard monitors for file changes. You can view and manage the watchlist with the watch command mentioned below

Example usage

cpgcli scanner --enable

# cleanup command

Automatic file cleanup is a pivotal component designed to mitigate the impact of malware by automatically removing malicious code from infected files therby preventing your website or application from being broken or taken down. On identifying a feasible file, it can either be replaced from our CDN (core files of popular CMS, plugins, and themes), or be cleaned by our cleanup engine, leaving behind a sanitized version of the file.

Options
--enable
Enable file cleanup
--disable
Disable file cleanup

# dailyscan command

The daily scan feature is designed to enhance the efficiency and effectiveness of malware detection by specifically targeting files under the watchlist that have been modified within the last 24 hours. By focusing on recently altered files, this optimizes scanning processes and ensures that the system remains protected against potential threats that may have been introduced recently but were skipped by cPGuard for any reason.

Options
--enable
Schedule daily scan to run at midnight every day
--disable
Disable daily scan feature

# weeklyscan command

The weekly scan feature is engineered to leave no stone unturned. It ensures the detection of malware threats that might otherwise remain hidden. By scanning (or re-scanning) only files under the watchlist that were modified in the last week, this feature optimizes the scanning process, saving time and system resources while ensuring that any newly introduced malicious content is promptly detected.

Options
--enable
Schedule weekly scan to run at midnight every day
--disable
Disable daily scan feature

# watch command

View the list of directories under surveillance by the automated file scanner of cPGuard, and adjust the list by including or removing additional directories as needed.

Options
--add
Add a directory to watchlist
--remove
Remove a directory from watchlist
--list
View a list of additional directories added to the watchlist
--all
View list of all directories in the watchlist ( raw list is available at /etc/cpguard/watchlist.txt )

# file-action command

With this command, you can set the action the scanner engine should execute upon encountering infected files.

Options
--virus action
Set action for “Virus Files”
--suspicious action
Set action for “Suspicious Files”
--binary action
Set action for “Binary Files”

Use one of the following actions : email, disable or quarantine

# whitelist command

Whitelisting a file involves adding the file to a trusted list, exempting it from being flagged as a potential threat during scans.

Options
--user --list
View all whitelisted users
--user --add user
Add user(s) to scanner whitelist 
--user --remove user
Delete user(s) from scanner whitelist
--file --list
View all whitelisted files/paths
--file --add filename
Add file(s) to scanner whitelist
--file --remove filename
Delete file(s) from scanner whitelist

You can enter multiple users/filenames to whitelist by seperating values by comma or space

# blacklist command

Blacklisting a file makes the scanner treat it as suspicious or potentially harmful, causing the scanner to take specific actions when encountering it.

Options
--file --list
Schedule weekly scan to run at midnight every day
--file --add filename
Disable daily scan feature
--file --remove filename
Schedule weekly scan to run at midnight every day

Manually scaning directories

# scan command

Whitelisting a file involves adding the file to a trusted list, exempting it from being flagged as a potential threat during scans.

Options to start scan
--all
Scan all directories monitored by cPGuard. To see the list, run cpgcli watch --all
--path directory-path
Scan the given directory
--daily
Scan files in watchlist that are modified in last 24 hours
--weekly
Scan files in watchlist that are modified in last 7 days
--virus-action action
Perform the opted action on virus file found during the scan
--suspicious-action action
Perform the opted action on suspicious file found during the scan
--binary-action action
Perform the opted action on binary file found during the scan

You need not specify an action unless required. If unspecified, the main/default actions already set using cpgcli file-action will be used. Action can be one of the following : email, disable or quarantine

Example usage

cpgcli scan --all --virus-action email --binary-action disable
cpgcli scan --path /home/user/public_html --suspicious-action email
Options to view results
--list
View manual scan list
--watch
View a list of queued or active scans
--result ID
View results of a specific scan
--result ID --export filepath
Export results as a CSV file
--stop ID
Stop scan a specific ID
--delete ID
Delete a scan having the ID

View and take actions on scanner logs/results

# scanner-logs command

This command helps you access and analyze detailed scanner log entries, including identified threats, scan results, timestamps, and any actions taken on files. You can filter log entries based on various criteria, aiding in the prompt identification of potential security breaches.

Options
--user user
Filter results by user
--file 'filename or path'
Filter results by file name or path
--from 'time from'
Filter results after time
--to 'time to'
Filter results before time
--signature 'signature'
Filter results by signature
--export path
Export as CSV to path

 
Example usage

cpgcli scanner-logs --log-id 54845
cpgcli scanner-logs --signature '{HEX}Something' --file 'index.php'
cpgcli scanner-logs --from '-24 hours' --to 'now'
cpgcli scanner-logs --from '01-08-2023' --user 'client1'
cpgcli scanner-logs --export '/root/scanner-logs.csv' --from '-7 days'

You may use simple human readable formats for options that filter logs based on time. Check the examples for a few usable types

# log-action command

Automatic file cleanup is a pivotal component designed to mitigate the impact of malware by automatically removing malicious code from infected files therby preventing your website or application from being broken or taken down. On identifying a feasible file, it can either be replaced from our CDN (core files of popular CMS, plugins, and themes), or be cleaned by our cleanup engine, leaving behind a sanitized version of the file.

Options – Actions
--restore
Restore a file to original location
--quarantine
Move file to Quarantine
--delete
Delete infected file
--disable
Disable infected file
Options to select logs
--user user
Select logs by user
--file 'filename or path'
Select logs by file name or path
--from 'time from'
Select logs logs after time
--to 'time to'
Select logs logs before time
--signature 'signature'
Select logs by signature
--scan-id ID
Select logs by manual scan ID
--log-id ID
Select log by log ID(s)

You have to provide atleast one filter for log-action. Multiple log ID’s can be seperated using a comma or space

 Example usage 

cpgcli log-action --restore --log-id 54845
cpgcli log-action --delete --signature'{HEX}Something' --file 'index.php'
cpgcli log-action --quarantine --from '-24 hours' --to 'now'
cpgcli log-action --disable --from '01-08-2023' --to '03-08-2023'

IP reputation checks

# ip-reputation command

IP Reputation check feature conducts queries multiple DNSBL databases, which maintain lists of IP addresses that have been reported for malicious behavior or have shown a history of suspicious activities. A blacklisted IP address can imply that a client acount might be associated with spam, malware distribution, or other illicit activities.

Options
--enable
Enable automatic IP reputation checks
--disable
Disable automatic IP reputation checks
--check IP
Check given IP and display live result
--result
View Automatic IP reputation check results
--result IP
View reputation result of a specific IP
--add-ip IP
Add IP to reputation monitoring
--remove-ip IP
Remove IP from reputation monitoring
--list-hosts
Display list of active DNSBL hosts
--list-hosts --available
Display list of all available hosts (curated by cPGuard)
--add-host hostname
Enable an available host or Add a custom DNSBL host
--remove-host hostname
Remove or disable a host from the list

Configure email notifications

# notification command

Use the command to set up notification email alerts, ensuring timely communication of critical events, updates, and system status.

Options
--primary-email email
Set primary email to recieve email notifications
--secondary-email email
Set secondary email to recieve email notifications
--enable
Enable all notifications
--disable
Disable all notifications
--enable type1, type2
Enable specified notificaition types
--disable type1, type2
Disable specified notificaition types
--method
View current notification method
--method local
Use local relay for sending notification emails
--method smtp
Use SMTP for sending notification emails

Supported types are virus, suspicious, binary, iprep, daily_report which stands for nofications on detection Virus files, Suspicious files, Binary file, IP reputation blacklist and Daily report

You will be prompted for SMTP configuration on choosing method smtp 

Manage IP whitelist

# ip command

This command lets you define a list of trusted IP addresses, ensuring that cPGuard does not block any request from these IP addresses.

Options
--allow IP1 IP2..
Add IP(s) to cPGuard whitelist
--remove IP1 IP2..
Delete IP(s) from cPGuard whitelist
--check IP
Check if an IP is whitelisted in cPGuard

Report a file for review

# report command

The command facilitates the submission of false positive or suspicious files to us for review. Users can include contextual information regarding the file’s source, suspected activity, and potential impact as a description.

Options
--false-positive filepath
Report a file as false positive
--virus filepath
Report a malicious file which was not identified by cPGuard
--desc 'description'
Add an optional description

Export and import settings

# config command

The command facilitates the submission of false positive or suspicious files to us for review. Users can include contextual information regarding the file’s source, suspected activity, and potential impact as a description.

Options
--export filename
Export cPGuard configuration to a file
--import 'filename or url'
Import configuration from a settings file

Exported settings can be imported on another server for a common or easy setup across servers.

OPSSHIELD support access

# support-access command

By using this command, you can grant server access to our qualified support personnel, facilitating efficient troubleshooting and issue resolution. The --grant command adds our ssh key to the root users ssh authorized_keys file.

Options
--grant
Grant server access to support
--revoke
Revoke server access to support
--status
Get current status of OPSSHIELD support access

You may still have to manually whitelist IP addresses of our support servers on your network/firewall 

cPGuard software update

# update command

You can use this command to check the availability of software updates and to update cPGuard software manually. This comes in handy when there are updates with important bug fixes or critical new features that you want applied immidiately on your server.

Options
--export filename
Export cPGuard configuration to a file. 
--import 'filename or url'
Import configuration from a settings file.

cPGuard checks for availability of updates at regular intervals and updates itself automatically. 

In conclusion, this comprehensive help document hopes to provide detailed insights into the myriad command-line options available within our software, enabling you to easily manage various aspects cPGuard installed on your server.

We value user feedback and actively encourage you to communicate your suggestions, ideas, and needs for new features or improvements to our command-line functionalities.

Was this article helpful?
4.8 out of 5 stars

2 ratings

5 Stars 50%
4 Stars 50%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents