How to install SiteWALL Webshell agent on your webserver.

How to install SiteWALL Webshell agent on your webserver.


What is Webshell?

A Webshell is a malicious script used by attackers to gain remote access and control over a compromised web server. Typically written in web scripting languages such as PHP, ASP, or Perl, Webshells are uploaded to a web-accessible directory on a server, often through vulnerabilities in web applications or poor configuration.

What is SiteWALL Webshell detection agent?
The Webshell agent detects webshells, preventing backdoors and malware.

Why do you need to install SiteWALL Webshell agent? 
Webshell can be dropped by hacker on your webserver either from Internet or Intranet. Webshell can accidentally be uploaded by the developer along with the new code. Webshell agent when install will monitor and detect Webshells as and when they are uploaded on your webserver.
 

How to enable Webshell Detection in SiteWALL WAF?

Enabling Webshell Detection in SiteWALL is a 2-step process.
1. Webshell Configuration
2. Installation of the SiteWALL Webshell agent.

Step 1 Webshell Configuration.

1. Login to SiteWALL Management Portal.
2. Click on Configuration --> Applications
3. Then click on Edit Application icon in the Application Management Section for which you want to enable the Webshell.



4. After clicking 'Edit Application',  you will be directed to the SSL Configuration page. From there, click the Security Module icon to navigate directly to the section.


5. Toggle the Webshell switch to ON for enabling Webshell. Set the notification group as required. Enter your website folder path in "Website Server Path" field for your web server (e.g., /public_html/<your_website_name_path>) and Click on Update Application to complete the configuration.


6.  After clicking Update Application the page will redirected to Application List where you can see the added Application with selective details.

Step 2 Installation of SiteWALL Webshell agent. 

SiteWALL provides separate Webshell agent packages for Windows and Linux. Please download the appropriate package from the SiteWALL Management Portal by navigating to Webshell --> Linux Agent or Windows Agent.



A] Installation of Webshell agent on Linux Server.

  1. Access home directory on your server using command 
    cd /home

  2. Copy the downloaded agent.zip to this directory.

  3. Extract the package file by running the following command as root user.
    unzip ws-linux.zip

     

            4. Set permission to the binary by using the following command.

              chmod +x sitewallws

     
            
           5. Execute the following command to complete the installation. 

             ./sitewallws -n

              

       

            6. Verify whether the script ran successfully using the below command:
               more sitewallbin-<date>.log

           7. Set up a daily cron to run the agent to update in the night between 12 AM to Noon. Edit your crontab by executing the below command.
                  vim /etc/crontab



            8. Add the following line in the crontab. 
                  0 1 * * * root cd /sitewall && ./sitewallws -u >> cronlogs-sitewallws.txt 2>&1


        



     9. Verify whether the script ran successfully using the below command:
               more sitewallbin-<date>.log


B] Installation of Webshell agent on Windows Server

  1. Create a directory on your webserver in C: drive as sitewall .

  2. Copy the downloaded agent.zip file to the C: Directory.


            3. Extract the ZIP file. Save the content of the file inside a directory on the server: /sitewall






4. The following three files will be extracted:




      5. Run Command Prompt as Administrator. Go to C:/sitewall directory.

     6. Install the agent by executing the command sitewallws.exe 1

     7. Verify the generated logs.

Setup daily tasks to run the agent to update in the night between 12 AM to Noon.  Go to control panel >> search Administrative tools >> Click on Schedule Tasks.

      8. Click on "Create Task" 



      9. On General tab >> Select "Run whether user is logged in or not," and Select configure for "Select your current web server" as shown below. 



      10. On trigger tab set the following configuration:
            a) Select 'Begin the task' as On a schedule.
            b) On Setting select "Daily" radio button
            c) Select start date: as current day date.
            d)  Select time as : 01:00:00 AM.
            e) Recur every: 1 days.



      11. Click on Actions Tab and then Click on "New":


      12. Set the "Action" as "Start a Program".
            a) Type "cmd" in Program/script.
            b) Set Add arguments as:   /c ""C:\sitewall\sitewallws.exe" 2 >> "C:\sitewall\debuglog.txt" 2>&1"
            c) Set Start in as C:\sitewall\.
            d) Click on OK.



      13. Click on Condition Tab. Deselect all options for Power. Click on Ok.


 

      14. The scheduled task will be visible as shown below:



15. When the scheduled task runs, verify the generated logs.