<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Dec 12, 2024 1:21:41 PM
Vitalii Rudnykh
Vitalii Rudnykh
Senior Malware Analyst / Security Researcher

Hash-Based Ignore Lists: New Feature in Imunify360

Hash-Based Ignore Lists: New Feature in Imunify360

We're excited to announce a significant enhancement to Imunify360's capabilities - management of ignore lists based on file hashes. This feature is designed to streamline security management across large server deployments.

For large organizations looking to maintain consistency and avoid the hassle of managing different ignore lists across their server fleet, this centralized solution is the perfect fit.

What's New?

Instead of relying solely on file paths, you can now create ignore lists using SHA256 file hashes. This means that specific files can be safely excluded from malware scanning regardless of their location on the server, as long as their content matches the specified hash.

How It Works

The system uses a file located at /etc/imunify360/malware-ignore-hashes.txt. The format is straightforward - one SHA256 hash per line, with optional comments for better organization. For example:

# PHP file managers
f157c3ede78333087829cdd211c55822e635d6c419606c3675bc8201b556bc9f                                         # Adminer
dcfd0433dc46bd82ec5aa7c9998b4ae7087731a45d3a443e3724da7aabe1e4c5

Also, you can control the visibility of path-based ignore list UI management using a simple configuration option:

imunify360-agent config update '{"PERMISSIONS": {"allow_local_malware_ignore_list_management": true}}'

 

The allow_local_malware_ignore_list_management parameter accepts two values:

  • true (default): All path-based ignore list management pages are visible in the UI
  • false: Hides all path-based ignore list management pages from the UI

Key Benefits:

  • Content-Based Verification: Exclusions are based on exact file content rather than locations.
  • Better Security: Prevents malicious files from bypassing scanning by simply matching a path pattern.
  • Easy Distribution: The hash list can be easily distributed across multiple servers using standard configuration management tools like rsync, Puppet, or Chef.
  • Compatibility: Works alongside existing path-based ignore lists for maximum flexibility.

Usage in Large Server Deployments

For environments managing multiple servers, this feature enables a more standardized approach to handling ignore lists. The hash-based configuration file can be easily distributed and synchronized across your server fleet using your preferred configuration management tools.

Getting Started

To implement the new hash-based ignore list:

  1. Create or edit the file /etc/imunify360/malware-ignore-hashes.txt
  2. Add SHA256 hashes of files you want to exclude from scanning
  3. Use comments to maintain clear documentation of your exclusions
  4. Optionally configure the UI to hide path-based ignore list management
  5. Deploy the configuration across your servers using your preferred management tools

For detailed implementation guidance and best practices, please refer to our technical documentation or contact our support team.

Hash-Based Ignore Lists: New Feature in Imunify360

Dec 12, 2024 1:21:41 PM
Vitalii Rudnykh Vitalii Rudnykh

Hash-Based Ignore Lists: New Feature in Imunify360

We're excited to announce a significant enhancement to Imunify360's capabilities - management of ignore lists based on file hashes. This feature is designed to streamline security management across large server deployments.

For large organizations looking to maintain consistency and avoid the hassle of managing different ignore lists across their server fleet, this centralized solution is the perfect fit.

What's New?

Instead of relying solely on file paths, you can now create ignore lists using SHA256 file hashes. This means that specific files can be safely excluded from malware scanning regardless of their location on the server, as long as their content matches the specified hash.

How It Works

The system uses a file located at /etc/imunify360/malware-ignore-hashes.txt. The format is straightforward - one SHA256 hash per line, with optional comments for better organization. For example:

# PHP file managers
f157c3ede78333087829cdd211c55822e635d6c419606c3675bc8201b556bc9f                                         # Adminer
dcfd0433dc46bd82ec5aa7c9998b4ae7087731a45d3a443e3724da7aabe1e4c5

Also, you can control the visibility of path-based ignore list UI management using a simple configuration option:

imunify360-agent config update '{"PERMISSIONS": {"allow_local_malware_ignore_list_management": true}}'

 

The allow_local_malware_ignore_list_management parameter accepts two values:

  • true (default): All path-based ignore list management pages are visible in the UI
  • false: Hides all path-based ignore list management pages from the UI

Key Benefits:

  • Content-Based Verification: Exclusions are based on exact file content rather than locations.
  • Better Security: Prevents malicious files from bypassing scanning by simply matching a path pattern.
  • Easy Distribution: The hash list can be easily distributed across multiple servers using standard configuration management tools like rsync, Puppet, or Chef.
  • Compatibility: Works alongside existing path-based ignore lists for maximum flexibility.

Usage in Large Server Deployments

For environments managing multiple servers, this feature enables a more standardized approach to handling ignore lists. The hash-based configuration file can be easily distributed and synchronized across your server fleet using your preferred configuration management tools.

Getting Started

To implement the new hash-based ignore list:

  1. Create or edit the file /etc/imunify360/malware-ignore-hashes.txt
  2. Add SHA256 hashes of files you want to exclude from scanning
  3. Use comments to maintain clear documentation of your exclusions
  4. Optionally configure the UI to hide path-based ignore list management
  5. Deploy the configuration across your servers using your preferred management tools

For detailed implementation guidance and best practices, please refer to our technical documentation or contact our support team.
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.