cPGuard Lite command line
cpgcli is the command line interface included with cPGuard. cPGuard lite provides a number of helpful commands that enables you to use and configure cPGuard lite even without a user interface. To view a list of all available cpgcli commands, you may use the cpgcli --help command:
Usage
Manual scan
To start a scan against a directory and watch the result, use the following command and options.
Starting a scan
command : scan
cpgcli command --optionsView scans and results
To view a list of scans, monitor its progress and view the results of a scan
cpgcli scan --list |
List the latest manual scans |
cpgcli scan --watch |
Watch the progress/status of active/pending scans |
cpgcli scan --result SCAN-ID |
View the result of scan scan-id from the list above |
Scanner Logs
View the logs of automatic bacgroud scanner. You can view specific logs/files by using the filter options and export as csv file with these options. The complete raw logs are also available at /opt/cpguard/logs/scanner_logs
cpgcli scanner_logs |
View latest scanner log entries |
cpgcli scanner_logs --export path |
Export the scanner logs as csv. (can be used with filter options) |
cpgcli scanner_logs --[filter] |
Filter scanner log results |
Available filters
--file string |
Filter results by file name/path |
--user username |
Show files belonging to a user |
--signature virus-signature |
Filter results by signature |
--from time |
Filter logs by specifying a start and/or end time. Time can be given in various simpler formats like ‘-2 hours’ or as ‘2023-08-03 12:12:00’ etc |
--to time |
Examples
cpgcli scanner-logs --file="index.php"
cpgcli scanner-logs --from="2 days ago" --to="now"
cpgcli scanner-logs --export="file path" --from="-24 hours"
cpgcli scanner-logs --export="file path" --from="01-08-2023" --to="03-08-2023"Take actions on the log entries
Use the following command to restore/quarantine/delete the files in the scanner log entries. Use the above mentioned filters to target/filter the logs to be taken action on. Atleast one filter has to be applied
cpgcli log-action --restore filter(s) |
Restore file(s) to original location |
cpgcli log-action --quarantine filter(s) |
Move file(s) to quarantine |
cpgcli log-action --delete filter(s) |
Delete file(s) |
Available filters
--file string |
Filter results by file name/path |
--user username |
Show files belonging to a user |
--signature virus-signature |
Filter results by signature |
--from time |
Filter logs by specifying a start and/or end time. Time can be given in various simpler formats like ‘-2 hours’ or as ‘2023-08-03 12:12:00’ etc |
--to time |
|
--log-id LOG-ID |
Select a single scanner log with the log id. Useful for performing log-action |
| –scan-id SCAN-ID | Select logs by manual scan ID to perform action on a manual scan report |
Examples
cpgcli log-action --restore --file="index.php"
cpgcli log-action --quarantine --file=/home/wordpress/malware/filebox.php"
cpgcli log-action --quarantine --user="linuxuser" --from="2023-08-02"
cpgcli log-action --delete --from="-24 hours" --to="now"Actions are performed on applicable files only. Example, If a file is already in quarantine the log entry will be skipped during a quarantine operation
Modify Settings
Enable/disable Scanner engine
You can enable, disable or restart the scanner background service using the following command and options
cpgcli scanner --enable |
Enable automatic background scan for directories listed in the watchlist |
cpgcli scanner --disable |
Disable automatic background scan for directories listed in the watchlist |
cpgcli scanner --restart |
Rebuild watchlist and restart the automatic scanner service |
File actions
Using the below options you can change the actions performed by the automatic scanner when an infected file is detected. This is the default action performed for manual scans as well, unless a custom action is specified when you start a manual scan.
cpgcli file-action --virus option |
Set virus file action |
cpgcli file-action --suspicious option |
Set suspicios file action |
cpgcli file-action --binary option |
Set binary file action |
Allowed options are email, disable or quarantine
email : Email the detected file details to the contact email address
disable : Set the file permission to 000
quarantine: Move teh file from the original file to the quarantine location ( /etc/cpguard/quarantine )
Automatic file cleanup
Autoclean feature of cPGuard removed the infected code injected into your valid php and js files there by .
cpgcli cleanup --enable |
Enable automatic cleanup of supported files |
cpgcli cleanup --disable |
Disable automatic cleanup of supported files |
Manage scanner watchlist
You can add/delete additional directories to the cPGuard background scanner watchlist
cpgcli watch --add |
Add a directory to watchlist |
cpgcli watch --remove |
Remove a directory from watchlist |
cpgcli watch --list |
View a list of additional directories added to the watchlist |
cpgcli watch --all |
View list of all directories in the watchlist ( raw list is available at /etc/cpguard/watchlist.txt ) |
User Whitelist
The user whitelist option is useful when you wish to exclude a user from the automatic and scheduled scans for certain reasons.
cpgcli whitelist-user --list |
View whitelisted users list |
cpgcli whitelist-user --add username |
Add a username to the scanner whitelist ( make sure to replace “username” with actual username ) |
cpgcli whitelist-user --remove username |
Remove a user from the scanner whitelist ( make sure to replace “username” with actual username ) |
File Whitelist in the scanner
In cPGuard, there are multiple options to whitelist certain entities from the scanner reports. You can
Whitelist a file name
Whitelist a file path ( specific cases )
Whitelist the relative file path
cpgcli whitelist --list |
View whitelisted files list |
cpgcli whitelist --add file name/full path/relative path |
Add file(s) to cPGuard whitelist. You can add relative path as well |
cpgcli whitelist --remove file name/full path/relative path |
Remove the entry from scanner whitelist |
Daily and weekly scan
Daily and weekly scan option is used to schedule a daily or weekly scan on files that were created/modified in the last 24 hours (or week) within the watchlist directories. To check the list of directories in watchlist, please use the command “cpgcli watch –all”
cpgcli dailyscan --enable |
Enable automatic daily scan |
cpgcli dailyscan --disable |
Disable automatic daily scan |
cpgcli weeklyscan --enable |
Enable automatic weekly scan |
cpgcli weeklyscan --disable |
Disable automatic weekly scan |
Report a file
Report uncaught virus files or false positives for analysis
cpgcli report --virus file_path |
Report a virus file |
cpgcli report --false-positive file_path |
Report a false positive file |
IP Reputation Check
Automatic IP reputation checks will run daily DNSBL checks of your public IPs. This will help to ensure the status of your IPs across various spam filters and helps to verify the email delivery. You will get an email alert when the IP is listed in any RBL.
cpgcli ip-reputation --enable |
Enable IP reputation monitoring |
cpgcli ip-reputation --disable |
Disable IP reputation monitoring |
IPDB
The IPDB distributed firewall module is a system-level firewall that can block many of the attacks before it reaches your application servers.
cpgcli ipdb --enable |
Enable IPDB integration |
cpgcli ipdb --disable |
Disable IPDB integration |
cpgcli ipdb --restart |
Restart IPDB integration |
cpgcli ipdb --reload |
Reload IPDB blocklist |
cpgcli ipdb --check-ip IP-ADDRESS |
Check if an IP exists in the IPDB list |
cpgcli ipdb --stats |
Display a simple chart of IPDB blocks |
cpgcli ipdb --log-enable |
Enable logging IPDB entries |
cpgcli ipdb --log-disable |
Disable logging IPDB entries |
Manage cPGuard IP whitelist
Add/Remove IP addresses to the cPGuard global IP whitelist. You can also check if an IP is already whitelisted
cpgcli ip --allow IP-Address |
Add IP to whitelist |
cpgcli ip --remove IP-Address |
Remove IP from whitelist |
cpgcli ip --check IP-Address |
Check if an IP is whitelisted |
Notification
You can manage various notification settings using this option
cpgcli notification --enable |
Enable all notifications |
cpgcli notification --enable options |
Enable listed notifications (options) |
cpgcli notification --disable |
Disable all notifications |
cpgcli notification --disable options |
Disable listed notifications (options) |
cpgcli notification --primary-email email |
Update primary notification email address |
cpgcli notification --secondary-email email |
Update secondary notification email address |
Allowed options are scanner, daily_report, iprep, suspicious, binary
Export/Import configuration
The configuration export and import function is helpful when you wish to copy the configuration from one server to another. So this will be useful in mass deployment and avoid manual configuration per server.
cpgcli config --export filepath |
Export cPGuard settings to a file. If file name is not provided, file created in the working directory |
cpgcli config --import filepath |
Import settings file. You can specify an url for automation and easily settinging up multiple servers |
Update
Check and perform cPGuard software updates. (Software update is automatic and you can try the manual updates only when needed)
cpgcli update --check |
Check if a newer version is available |
cpgcli update --start |
Manually update cPGuard to latest version |
Standalone configuration
Setup and manage server/control panel related settings used for integration to the control panel (This is different from cPGuard settings above which are used to manage the working of cPGuard)
cpgcli standalone-conf --update |
Read settings from /opt/cpguard/cpguard.ini and update standalone settings |
cpgcli standalone-conf --wizard |
Use interactive wizard to update standalone configuration |