Beta: Imunify360 4.9 released

We’re pleased to announce that a new beta version of Imunify360, version 4.9, is now available. The following features are new in the version 4.9 beta release:

• Support for CentOS 8 and CloudLinux OS 8
  The current platform versions of these operating systems are now supported in version 4.9.
  
• WebShield support for Stand-Alone installation
  Complete support of WebShield in stand-alone installations. Includes HTTPS traffic proxying and protection for SSL configured domains, the same feature set as for cPanel, Plesk and DirectAdmin.
  
• File change API support
  The Real-time scanner enables File Change Service/API support on CloudLinux OS 7, as well as an extended folder watchlist.
  
• Customized Google reCAPTCHA
  More reliable usage of the Google reCAPTCHA, with custom keys. Recommended for shared-hosting servers and the servers with high traffic websites..
  
• The Proactive Defense improvement: Forbid stand-alone malware execution
  Better integration between the Malware scanner and the Proactive Defense that prevents stand-alone malicious files from being executed. This provides better protection against malware drops such as web-shells, phish pages, backdoors, etc.
• Mass operations for IP management on the Incidents tab
  An enhanced UI that enables easy management of IP addresses: mass whitelisting/blacklisting with a couple of mouse-clicks.

Let’s review the details of these new features:

Support for CentOS 8 and CloudLinux OS 8

Starting from version 4.9, Imunify360 supports the current versions of the operating systems and hosting panels below. It can be installed in the following environments:

• CentOS 8 with Plesk
• CentOS 8 with DirectAdmin
• CentOS 8 as stand-alone
• CloudLinux OS 8 with DirectAdmin
• CloudLinux OS 8 as stand-alone

The Imunify360 installation process remains the same.

Note: Extension of supported cPanel and Plesk environments is scheduled for future releases.

Full-featured WebShield in the Stand-Alone installation

Imunify360 now supports stand-alone and custom hosting panel installations.

Greylisting and captcha are available, WebShield serves correct SSL certificates for hosted domains and prevents HTTPS attacks in version 4.9.

Note: the server must recognize WebShield as an internal proxy. For example, mod_remoteip for Apache must be installed and configured like this:

<IfModule remoteip_module>
	RemoteIPInternalProxy 127.0.0.1
	RemoteIPInternalProxy ::1
	RemoteIPHeader X-Real-IP
</IfModule>

Details on how to set up SSL certificates can be found in our blog post WebShield introduction for server administrators.

File Change Service/API support

In version 4.9, the file watcher for real-time scanning has been extended to support File Change API on CloudLinux OS 7. This improves the detection rate on systems with limited monitoring capability  because they don’t support fanotify.

CloudLinux File Change API is a kernel-level technology (a part of CloudLinux OS) that buffers the list of modified files in the kernel, then provides the list to the daemon or external application. Embedded caching reduces IOPS and CPU consumption during the real-time scanning process. Here are more details on how it works.

The changes introduced in version 4.9 are part of the Real-Time Scan, and are enabled by checking the "Optimize real-time scan" checkbox in the Settings:

Alternatively, it can be enabled via the MALWARE_SCANNING.optimize_realtime_scan config option.

Just run this command to enable it:

# imunify360-agent config update '{"MALWARE_SCANNING": {"optimize_realtime_scan": true}}'

Customized Google reCAPTCHA

Prior to version 4.9, Imunify360 used embedded reCAPTCHA keys to show Google reCAPTCHA challenge for Greylisted IP addresses. It did not require any settings changes to enable a captcha challenge. Due to the new upcoming policy of Google reCAPTCHA and rate limits we require to specify custom Google reCAPTCHA keys. We will continue supporting embedded keys for one more version.

Starting from v4.9, Imunify360 allows an admin to specify reCAPTCHA keys for the server. In further releases, we plan to completely remove embedded keys, and replace Google reCAPTCHA with Splash Screen for the installation without specified custom keys.

Follow this step by step guide to set up the Site key and the Secret key under the General tab in the Imunify360 settings.

Or, you can use the following CLI commands to apply the keys:

# imunify360-agent config update '{"WEBSHIELD": {"captcha_site_key": "6LdAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXq2e9xJ"}}'
# imunify360-agent config update '{"WEBSHIELD": {"captcha_secret_key": "6LdAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXvy11D"}}'

Proactive Defense improvement: Forbid standalone malware execution

In version 4.9, Proactive Defense and the Malware Scanner are more tightly integrated. Their internal logic prevents stand-alone malicious executables from running, which will significantly reduce the number of re-infections and new malware drops such as  web-shells, phish pages, and stand-alone backdoors. 

This protection is enabled by default, and doesn’t require any manual settings. Everything you need is to make sure you have enabled real-time protection and configured scheduled scans (at least once per week). Read more details on how to configure recommended protection settings in our blog posts:

• Enabling Real-Time Scanning
• Configure Malware Scanner for maximum speed and efficiency with 3 new settings

Mass operations with IP management

Version 4.9 also includes an often-requested UI enhancement, one that allows bulk processing of IP addresses. It minimizes the time required to perform mass IP actions such as:

• Moving IPs to the White List/Black List
• Deleting IPs from a list
• Moving IPs to a group

How To Install

To install the new Imunify360 v.4.9 beta, please follow the installation instructions.

How To Upgrade

CentOS/CloudLinux systems:

yum update imunify360-firewall --enablerepo=imunify360-testing

Ubuntu 16.04 systems:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

Ubuntu 18.04 systems:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

Additional information

Imunify360 v4.9 includes 84 tasks and 16 bug fixes.

Internal records

A list of an important tasks and issues linked to the support tickets:

• DEF-9279: Remove Acronis agent if it was installed by us. Do not ask in i360deploy.sh
• DEF-11268: KeyError: 'getpwuid(): uid not found: 100'
• DEF-11650: Typo in the UI PLESK in Imunify360 extension
• DEF-11860, DEF-11937: Security Bug in imunify360-agent reload-lists: insecure update
• DEF-12001: Delete malware hits/scans older than 30 days
• DEF-12011: Use language that is different from the Plesk default language
• DEF-12054: Blacklist is not in priority over whitelist.static
• DEF-12261: Automatically add /var/ossec/bin/ossec* to csf.pignore
• DEF-12294, DEF-12366: Imunify360 UI won't save changes to "Max Connections" & "Check delay" under Settings > General > DoS Protection
• DEF-12324: Show a warning and disable "SMTP Traffic Management" in UI if a similar feature is provided by hosting panel
• DEF-12548: Remove some experimental badges in UI
• DEF-12617: Proactive Defense: make separate rule for exclude list events and make it as log rule

Stay in touch

Please give our product team feedback on this Imunify360 version 4.9 beta release, or share your ideas and feature requests, via feedback@imunify360.com.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.