<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

Release Notes: Imunify360 v.5.11 beta

IM-beta-release

We’re pleased to announce a new beta version of Imunify360, version 5.11, is now available. The following features are new in the v5.11 beta release:

  • Proactive Defense improved performance
    This feature is the first in a series of tasks that will improve Proactive Defense’s performance.
  • Better Hyperscan
    After extensive analysis, we are changing the status of the Hyperscan feature. Proven stability led to the removal of its experimental status.
    We revised and improved our approach to the generation of the Hyperscan database. The new way is faster and more effective.
    We designed the means for Hyperscan technology to be used during real-time scan. This significantly decreases CPU consumption while scanning.
  • Improved CPU utilization on cleanup
    We took complex measures to enhance clean-up capabilities and minimize CPU utilization.
  • Added functionality for OSSEC events
    In this release we are rethinking the way we process OSSEC rules used for analysis. We also add to information integrity that the system collects.

This is what we’ve updated in version 5.11: 

Proactive Defense improved performance

We strive to deliver the best security solution to customers, while making sure that it consumes as little resources as possible. Thus, our goal is to achieve lower CPU and RAM resource usage as well as ensure shortest possible response time.

To reach that goal we optimized the way Proactive Defense processes PHP execution flow.  The signatures were reworked, and malicious sequences lookup was reworked to gain extra performance. Version 5.11 shows up to 35% faster response time in tests compared with the previous version of Proactive Defense. We are now taking one of several steps planned towards boosting performance of Proactive Defense. 

Better Hyperscan 

  • Since Hyperscan's release in Imunify360 version 5.8, we have kept a close eye on its performance. While it was experimental, it did prove to be stable, functioning as expected by providing substantially improved speed. The improvement gained 3-4x times acceleration. Taking this into account we decided to no longer consider it experimental.
    From v5.11 and above, Hyperscan is enabled by default for all new installations. The one exception is the low resource usage mode. Users who do not enable it will receive a dashboard recommendation call to enable Hyperscan.
  • Going forward, the Hyperscan database will be pre-built and delivered with every signature release. We will generate the database on our side and deliver it from the files server. This will allow the Hyperscan feature to become immediately effective after enabling, without any delay for signatures DB compilation. This frees up tons of CPU resources especially when Hyperscan runs on a full set of servers in the fleet.
  • Hyperscan is now employed as a part of a real-time scanner. The performance boost shown by Hyperscan on scheduled scans was so impressive that its implementation for real-time scans was just a question of time. This brought the challenge of adding new functionality while keeping RAM consumption even. We presented a solution to store an already deserialized Hyperscan database in a memory-mapped file in the system. So when there are two or more simultaneous scans, Hyperscan DB will be loaded into memory only once.

    To switch on/off the feature through the UI, tick/untick Enable Hyperscan in Settings → Malware → Enable Hyperscan.



To switch on the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": true}}'

To switch off the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": false}}'

 

Improved CPU utilization on cleanup

This improvement reduces the consumption of server resources, ensuring smoother functioning.

By changing our malware scanner algorithms we are making the scan process smarter. 

When a cleanup attempt happens repeatedly without success, it happens no more than four times in 24 hours. This avoids excessive server load and reduces the clutter of messages in the user interface in case of improper server configuration.

As a consequence of introducing this feature, we expect the user experience while working with the product to become better while overall CPU load will be reduced.

Added functionality for OSSEC events

In the previous versions of Imunify360 there was a lot of service information available for the users and admins that looked excessive. The information was designed for analytics only and caused questions from users periodically.

Thus we decided to rework the logging logic of Imunify360 agent. Starting from v5.11 there will be less OSSEC-related service messages in the UI on the Incidents tab. All service messages with noshow tag will be collected but not displayed in the UI. This action will allow us to keep getting information about system events allowing us to make better security decisions on a product side and allow the administrator to concentrate on important security events.

Additional information

Imunify360 v.5.11 includes 32 tasks and 9 bug fixes.

Internal records

Important tasks and issues linked to support tickets:

  • DEF-17669: Fix for the error “Could not perform merge”
  • DEF-17623: Fix for malware ignore filters
  • DEF-17693: Cagefs workaround for generic panel implemented
  • DEF-17700: AI-Bolit 31.1.1 release
  • DEF-17768: Fix for IPSetError on IPV6 enabled servers
  • DEF-17784: Fix for blacklisting country processing IPV6 enabled servers

Stay in touch

Please give our product team feedback on this version 5.11 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.5.11 beta, please follow the instructions in the documentation.

How to upgrade

To upgrade Imunify360 on CentOS/CloudLinux systems, run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 20.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/20.04/ focal main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Debian 9, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/debian-testing/9/ stretch main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Debian 10, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/debian-testing/10/ buster main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

Release Notes: Imunify360 v.5.11 beta

IM-beta-release

We’re pleased to announce a new beta version of Imunify360, version 5.11, is now available. The following features are new in the v5.11 beta release:

  • Proactive Defense improved performance
    This feature is the first in a series of tasks that will improve Proactive Defense’s performance.
  • Better Hyperscan
    After extensive analysis, we are changing the status of the Hyperscan feature. Proven stability led to the removal of its experimental status.
    We revised and improved our approach to the generation of the Hyperscan database. The new way is faster and more effective.
    We designed the means for Hyperscan technology to be used during real-time scan. This significantly decreases CPU consumption while scanning.
  • Improved CPU utilization on cleanup
    We took complex measures to enhance clean-up capabilities and minimize CPU utilization.
  • Added functionality for OSSEC events
    In this release we are rethinking the way we process OSSEC rules used for analysis. We also add to information integrity that the system collects.

This is what we’ve updated in version 5.11: 

Proactive Defense improved performance

We strive to deliver the best security solution to customers, while making sure that it consumes as little resources as possible. Thus, our goal is to achieve lower CPU and RAM resource usage as well as ensure shortest possible response time.

To reach that goal we optimized the way Proactive Defense processes PHP execution flow.  The signatures were reworked, and malicious sequences lookup was reworked to gain extra performance. Version 5.11 shows up to 35% faster response time in tests compared with the previous version of Proactive Defense. We are now taking one of several steps planned towards boosting performance of Proactive Defense. 

Better Hyperscan 

  • Since Hyperscan's release in Imunify360 version 5.8, we have kept a close eye on its performance. While it was experimental, it did prove to be stable, functioning as expected by providing substantially improved speed. The improvement gained 3-4x times acceleration. Taking this into account we decided to no longer consider it experimental.
    From v5.11 and above, Hyperscan is enabled by default for all new installations. The one exception is the low resource usage mode. Users who do not enable it will receive a dashboard recommendation call to enable Hyperscan.
  • Going forward, the Hyperscan database will be pre-built and delivered with every signature release. We will generate the database on our side and deliver it from the files server. This will allow the Hyperscan feature to become immediately effective after enabling, without any delay for signatures DB compilation. This frees up tons of CPU resources especially when Hyperscan runs on a full set of servers in the fleet.
  • Hyperscan is now employed as a part of a real-time scanner. The performance boost shown by Hyperscan on scheduled scans was so impressive that its implementation for real-time scans was just a question of time. This brought the challenge of adding new functionality while keeping RAM consumption even. We presented a solution to store an already deserialized Hyperscan database in a memory-mapped file in the system. So when there are two or more simultaneous scans, Hyperscan DB will be loaded into memory only once.

    To switch on/off the feature through the UI, tick/untick Enable Hyperscan in Settings → Malware → Enable Hyperscan.



To switch on the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": true}}'

To switch off the feature through the CLI, use the following command:

imunify360-agent config update '{"MALWARE_SCANNING": {"hyperscan": false}}'

 

Improved CPU utilization on cleanup

This improvement reduces the consumption of server resources, ensuring smoother functioning.

By changing our malware scanner algorithms we are making the scan process smarter. 

When a cleanup attempt happens repeatedly without success, it happens no more than four times in 24 hours. This avoids excessive server load and reduces the clutter of messages in the user interface in case of improper server configuration.

As a consequence of introducing this feature, we expect the user experience while working with the product to become better while overall CPU load will be reduced.

Added functionality for OSSEC events

In the previous versions of Imunify360 there was a lot of service information available for the users and admins that looked excessive. The information was designed for analytics only and caused questions from users periodically.

Thus we decided to rework the logging logic of Imunify360 agent. Starting from v5.11 there will be less OSSEC-related service messages in the UI on the Incidents tab. All service messages with noshow tag will be collected but not displayed in the UI. This action will allow us to keep getting information about system events allowing us to make better security decisions on a product side and allow the administrator to concentrate on important security events.

Additional information

Imunify360 v.5.11 includes 32 tasks and 9 bug fixes.

Internal records

Important tasks and issues linked to support tickets:

  • DEF-17669: Fix for the error “Could not perform merge”
  • DEF-17623: Fix for malware ignore filters
  • DEF-17693: Cagefs workaround for generic panel implemented
  • DEF-17700: AI-Bolit 31.1.1 release
  • DEF-17768: Fix for IPSetError on IPV6 enabled servers
  • DEF-17784: Fix for blacklisting country processing IPV6 enabled servers

Stay in touch

Please give our product team feedback on this version 5.11 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.5.11 beta, please follow the instructions in the documentation.

How to upgrade

To upgrade Imunify360 on CentOS/CloudLinux systems, run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 20.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/20.04/ focal main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Debian 9, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/debian-testing/9/ stretch main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Debian 10, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/debian-testing/10/ buster main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall
Subscribe to Imunify security Newsletter