<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Sep 29, 2021 10:38:36 AM
Yelena Gerassimenko
Yelena Gerassimenko
Yelena Gerassimenko is a product manager who facilitates Imunify 360 growth at CloudLinux, Inc. With 12 years of experience in an industry, Yelena is a cybersecurity enthusiast, always interested in discovering new and better ways to secure your servers

Release Notes: Imunify360 v.5.11

IM-major-release

We’re pleased to announce a new version of Imunify360, version 5.11, is now available. The following features are new in the v5.11 release:

  • Proactive Defense improved performance
    This feature is the first in a series of tasks that will improve Proactive Defense’s performance.
  • Better Hyperscan
    After extensive analysis, we are changing the status of the Hyperscan feature. Proven stability led to the removal of its experimental status.
    We revised and improved our approach to the generation of the Hyperscan database. The new way is faster and more effective.
    We designed the means for Hyperscan technology to be used during real-time scan. This significantly decreases CPU consumption while scanning.
  • Improved CPU utilization on cleanup
    We took complex measures to enhance clean-up capabilities and minimize CPU utilization.
  • Added functionality for OSSEC events
    In this release we are rethinking the way we process OSSEC rules used for analysis. We also add to information integrity that the system collects.

This is what we’ve updated in version 5.11: 

Proactive Defense improved performance

We strive to deliver the best security solution to customers, while making sure that it consumes as little resources as possible. Thus, our goal is to achieve lower CPU and RAM resource usage as well as ensure shortest possible response time.

To reach that goal we optimized the way Proactive Defense processes PHP execution flow.  The signatures were reworked, and malicious sequences lookup was reworked to gain extra performance. Version 5.11 shows up to 35% faster response time in tests compared with the previous version of Proactive Defense. We are now taking one of several steps planned towards boosting performance of Proactive Defense. 

Better Hyperscan 

  • Since Hyperscan's release in Imunify360 version 5.8, we have kept a close eye on its performance. While it was experimental, it did prove to be stable, functioning as expected by providing substantially improved speed. The improvement gained 3-4x times acceleration. Taking this into account we decided to no longer consider it experimental.
    From v5.11 and above, Hyperscan is enabled by default for all new installations. The one exception is the low resource usage mode. Users who do not enable it will receive a dashboard recommendation call to enable Hyperscan.
  • Going forward, the Hyperscan database will be pre-built and delivered with every signature release. We will generate the database on our side and deliver it from the files server. This will allow the Hyperscan feature to become immediately effective after enabling, without any delay for signatures DB compilation. This frees up tons of CPU resources especially when Hyperscan runs on a full set of servers in the fleet.
  • Hyperscan is now employed as a part of a real-time scanner. The performance boost shown by Hyperscan on scheduled scans was so impressive that its implementation for real-time scans was just a question of time. This brought the challenge of adding new functionality while keeping RAM consumption even. We presented a solution to store an already deserialized Hyperscan database in a memory-mapped file in the system. So when there are two or more simultaneous scans, Hyperscan DB will be loaded into memory only once.

    To switch on/off the feature through the UI, tick/untick Enable Hyperscan in Settings → Malware → Enable Hyperscan.



To switch on the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": true}}'

To switch off the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": false}}'

 

Improved CPU utilization on cleanup

This improvement reduces the consumption of server resources, ensuring smoother functioning.

By changing our malware scanner algorithms we are making the scan process smarter. 

When a cleanup attempt happens repeatedly without success, it happens no more than four times in 24 hours. This avoids excessive server load and reduces the clutter of messages in the user interface in case of improper server configuration.

As a consequence of introducing this feature, we expect the user experience while working with the product to become better while overall CPU load will be reduced.

Added functionality for OSSEC events

In the previous versions of Imunify360 there was a lot of service information available for the users and admins that looked excessive. The information was designed for analytics only and caused questions from users periodically.

Thus we decided to rework the logging logic of Imunify360 agent. Starting from v5.11 there will be less OSSEC-related service messages in the UI on the Incidents tab. All service messages with noshow tag will be collected but not displayed in the UI. This action will allow us to keep getting information about system events allowing us to make better security decisions on a product side and allow the administrator to concentrate on important security events.

Additional information

Imunify360 v.5.11 includes 32 tasks and 9 bug fixes.

Internal records

Important tasks and issues linked to support tickets:

  • DEF-17669: Fix for the error “Could not perform merge”
  • DEF-17623: Fix for malware ignore filters
  • DEF-17693: Cagefs workaround for generic panel implemented
  • DEF-17700: AI-Bolit 31.1.1 release
  • DEF-17768: Fix for IPSetError on IPV6 enabled servers
  • DEF-17784: Fix for blacklisting country processing IPV6 enabled servers

Stay in touch

Please give our product team feedback on this version 5.11 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.5.11, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 5.11 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 5.11 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Release Notes: Imunify360 v.5.11

Sep 29, 2021 10:38:36 AM
Yelena Gerassimenko Yelena Gerassimenko

IM-major-release

We’re pleased to announce a new version of Imunify360, version 5.11, is now available. The following features are new in the v5.11 release:

  • Proactive Defense improved performance
    This feature is the first in a series of tasks that will improve Proactive Defense’s performance.
  • Better Hyperscan
    After extensive analysis, we are changing the status of the Hyperscan feature. Proven stability led to the removal of its experimental status.
    We revised and improved our approach to the generation of the Hyperscan database. The new way is faster and more effective.
    We designed the means for Hyperscan technology to be used during real-time scan. This significantly decreases CPU consumption while scanning.
  • Improved CPU utilization on cleanup
    We took complex measures to enhance clean-up capabilities and minimize CPU utilization.
  • Added functionality for OSSEC events
    In this release we are rethinking the way we process OSSEC rules used for analysis. We also add to information integrity that the system collects.

This is what we’ve updated in version 5.11: 

Proactive Defense improved performance

We strive to deliver the best security solution to customers, while making sure that it consumes as little resources as possible. Thus, our goal is to achieve lower CPU and RAM resource usage as well as ensure shortest possible response time.

To reach that goal we optimized the way Proactive Defense processes PHP execution flow.  The signatures were reworked, and malicious sequences lookup was reworked to gain extra performance. Version 5.11 shows up to 35% faster response time in tests compared with the previous version of Proactive Defense. We are now taking one of several steps planned towards boosting performance of Proactive Defense. 

Better Hyperscan 

  • Since Hyperscan's release in Imunify360 version 5.8, we have kept a close eye on its performance. While it was experimental, it did prove to be stable, functioning as expected by providing substantially improved speed. The improvement gained 3-4x times acceleration. Taking this into account we decided to no longer consider it experimental.
    From v5.11 and above, Hyperscan is enabled by default for all new installations. The one exception is the low resource usage mode. Users who do not enable it will receive a dashboard recommendation call to enable Hyperscan.
  • Going forward, the Hyperscan database will be pre-built and delivered with every signature release. We will generate the database on our side and deliver it from the files server. This will allow the Hyperscan feature to become immediately effective after enabling, without any delay for signatures DB compilation. This frees up tons of CPU resources especially when Hyperscan runs on a full set of servers in the fleet.
  • Hyperscan is now employed as a part of a real-time scanner. The performance boost shown by Hyperscan on scheduled scans was so impressive that its implementation for real-time scans was just a question of time. This brought the challenge of adding new functionality while keeping RAM consumption even. We presented a solution to store an already deserialized Hyperscan database in a memory-mapped file in the system. So when there are two or more simultaneous scans, Hyperscan DB will be loaded into memory only once.

    To switch on/off the feature through the UI, tick/untick Enable Hyperscan in Settings → Malware → Enable Hyperscan.



To switch on the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": true}}'

To switch off the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": false}}'

 

Improved CPU utilization on cleanup

This improvement reduces the consumption of server resources, ensuring smoother functioning.

By changing our malware scanner algorithms we are making the scan process smarter. 

When a cleanup attempt happens repeatedly without success, it happens no more than four times in 24 hours. This avoids excessive server load and reduces the clutter of messages in the user interface in case of improper server configuration.

As a consequence of introducing this feature, we expect the user experience while working with the product to become better while overall CPU load will be reduced.

Added functionality for OSSEC events

In the previous versions of Imunify360 there was a lot of service information available for the users and admins that looked excessive. The information was designed for analytics only and caused questions from users periodically.

Thus we decided to rework the logging logic of Imunify360 agent. Starting from v5.11 there will be less OSSEC-related service messages in the UI on the Incidents tab. All service messages with noshow tag will be collected but not displayed in the UI. This action will allow us to keep getting information about system events allowing us to make better security decisions on a product side and allow the administrator to concentrate on important security events.

Additional information

Imunify360 v.5.11 includes 32 tasks and 9 bug fixes.

Internal records

Important tasks and issues linked to support tickets:

  • DEF-17669: Fix for the error “Could not perform merge”
  • DEF-17623: Fix for malware ignore filters
  • DEF-17693: Cagefs workaround for generic panel implemented
  • DEF-17700: AI-Bolit 31.1.1 release
  • DEF-17768: Fix for IPSetError on IPV6 enabled servers
  • DEF-17784: Fix for blacklisting country processing IPV6 enabled servers

Stay in touch

Please give our product team feedback on this version 5.11 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.5.11, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 5.11 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 5.11 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.