How to install SiteWALL Webshell agent on your webserver.

How to install SiteWALL Webshell agent on your webserver.



What is Webshell?

A Webshell is a malicious script used by attackers to gain remote access and control over a compromised web server. Typically written in web scripting languages such as PHP, ASP, or Perl, Webshells are uploaded to a web-accessible directory on a server, often through vulnerabilities in web applications or poor configuration.

What is SiteWALL Webshell detection agent?
The Webshell agent detects webshells, preventing backdoors and malware.

Why do you need to install SiteWALL Webshell agent? 
Webshell can be dropped by hacker on your webserver either from Internet or Intranet. Webshell can accidentally be uploaded by the developer along with the new code. Webshell agent when install will monitor and detect Webshells as and when they are uploaded on your webserver.
 

How to enable Webshell Detection in SiteWALL WAF?

Enabling Webshell Detection in SiteWALL is a 2-step process.
1. Webshell Configuration
2. Installation of the SiteWALL Webshell agent.

Step 1 Webshell Configuration.

1. Login to SiteWALL Management Portal.
2. Click on Configuration --> Applications
3. Then click on Edit Application icon in the Application Management Section for which you want to enable the Webshell.


4. After clicking 'Edit Application', you will be directed to the SSL Configuration page. From there, click the Security Module icon to navigate directly to the section.



5. Toggle the Webshell switch to ON for enabling Webshell. Set the notification group as required. Enter your website folder path in "Website Server Path" field for your web server (e.g., /public_html/<your_website_name_path>) and Click on Update Application to complete the configuration.


6.  After clicking Update Application the page will redirected to Application List where you can see the added Application with selective details. Enabling this will change the status of Webshell from red to orange.




Step 2 Downloading the SiteWALL Webshell agent. 

SiteWALL provides separate Webshell agent packages for Windows and Linux. Please download the appropriate package from the SiteWALL Management Portal by navigating to Webshell --> Linux Agent or Windows Agent.


Step 3 Installation of SiteWALL Webshell agent. 

A] Installation of Webshell agent on Linux Server.

  1. Login to the server and move to the home directory using the command below:
    Command: cd /home

  2. Copy the downloaded ws-linux.zip to this directory.

  3. View the downloaded ws-linux.zip .
    Command : ls ws-linux.zip

     

  4. Run the following command as the root user to extract the package:
    Command : unzip ws-linux.zip
     


  5. Provide execute permission to the binary file using the following command:
    Command : chmod +x sitewallws

    6.       
          

  6. Execute the agent using the following command:  
    Command : ./sitewallws -n

      

  7.  The status of the webshell should turn green after successful installation and execution of Webshell Agent.



  8. Set up a daily cron job to run the agent automatically at night. Edit the crontab file using the following command:
    Command     vim /etc/crontab 

             
      9.            
  9. Add the following line in the crontab.
    Command :  0 1 * * * root cd /sitewall && ./sitewallws -u >> cronlogs-sitewallws.txt 2>&1

    Note : the job runs daily at 1:00 AM by default, but you can adjust the second field (hour) in the cron expression to change the run time according to your requirement.
    For example:
    0 1 * * * → runs daily at 1:00 AM
    0 12 * * * → runs daily at 12:00 Afternoon
    0 14 * * * → runs daily at 2:00 PM
                   


B] Installation of Webshell agent on Windows Server

  1. Create a directory on your webserver in C: drive as sitewall .




  2. Copy the downloaded Webshell_agent.zip file to the C: Directory.



  3. Extract the ZIP file. Save the content of the file inside a directory on the server: c:\sitewall







  4. The following three files will be extracted:



  5. Run Command Prompt as Administrator. Go to C:/sitewall directory.




  6. Install the agent by executing the command sitewallws.exe 1




  7. The status of the webshell should turn green after successful installation and execution of Webshell Agent.


  8. Set up daily tasks to automatically run the agent at night. To configure this, open the Control Panel and search for “Task Scheduler.




  9. Click On "Create Tasks..."




  10. In the General tab, enter the name as “Sitewall Webshell task”. Then select “Run whether user is logged in or not”, and in the “Configure for” dropdown, choose your current web server, as shown below.



  11. Click on Trigger Tab and click on "New".




  12. On trigger tab set the following configuration
                      a) Select 'Begin the task' as On a schedule.
                      b) On Setting select "Daily" radio button
                      c) Select start date: as current day date.
                      d)Set the time to 01:00:00 AM. (Note: You may adjust the time as needed.)
                      e) Recur every: 1 days.




  13. Click on Actions Tab and then Click on "New":




  14. Set the "Action" as "Start a Program".
                     a) Type "cmd" in Program/script.
                     b) Set Add arguments as:   /c ""C:\sitewall\sitewallws.exe" 2 >> "C:\sitewall\debuglog.txt" 2>&1"
                     c) Set Start in as C:\sitewall\.
                     d) Click on OK.




  15. Click on Condition Tab. Deselect all options for Power. Click on Ok.



  16. The scheduled task will be visible as shown below: