<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Sep 29, 2022 2:25:22 PM
Yelena Gerassimenko
Yelena Gerassimenko
Yelena Gerassimenko is a product manager who facilitates Imunify 360 growth at CloudLinux, Inc. With 12 years of experience in an industry, Yelena is a cybersecurity enthusiast, always interested in discovering new and better ways to secure your servers

Release Notes: Imunify360 v.6.7

IM360-major-release

We’re pleased to announce a new version of Imunify360. Version 6.7 is now available. The following features are new in the v6.7 release:

  • Dovecot native brute force protection
    Our new brute force protection module for Dovecot employs defensive advantages of PAM and also works seamlessly in cases where the PAM is inapplicable.

  • High-water mark stats
    With this release, we’ve added a special daemon that allows for better monitoring of resource consumption in Imunify360.

  • Malware scanner performance improvement
    An enhancement to Imunify360 malware scanner performance is available with this release.

  • UI Changes:
    Improved firewall interface. We added a more informative message to direct admins to the Cloud IP list, whenever the IP that has been searched for in the Firewall tab is actually found in the Cloud IP list.
    Jupiter theme for cPanel adopted. We adopted a popular Jupiter theme for cPanel to properly reflect our product icons.

Dovecot native brute force protection

Since the release of the PAM-protection feature in v4.5 this feature has been well-appreciated by the majority of our customers. In this release, we will update anti-brute force protection by releasing the Dovecot native brute force protection module to improve stability and resolve issues that standard PAM caused in some cases. There were situations when login with enabled PAM would produce log messages like these:

Jun 9 14:45:04 Hostl6 dovecot: auth-worker(31382): Error: pam(user@example.org,<IP>,<SESSION>): Multiple password values not supported
Jun 9 14:45:10 Hostl6 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<user@example.org>, method=PLAIN, rip=<IP>, lip=<IP>, TLS, session=<SESSION>

This happened due to the specificity of PAM’s architecture and the way it processes such cases. We decided to develop a completely new native module for Dovecot with brute force protection functionality. With the new module, Dovecot will not produce any more error messages similar to shown above.

Since the module is fresh from the development bench, we release it in experimental mode – disabled by default for now. This will be changed to “enabled by default” state in later releases once we collect the feedback on the module’s performance. Please stay tuned for updates.

Now two options can be used to control how brute force protection works for Dovecot:

Condition Behavior
PAM.exim_dovecot_protection PAM.exim_dovecot_native
false
any
 Dovecot protection disabled
true
false
 Dovecot protection enabled (default)
  • PAM-based module
true
true
 Dovecot protection enabled
  • Native module ON

 

The following commands can be used to control the Dovecot native module:

Enable:

# imunify360-agent config update '{"PAM": {"exim_dovecot_native": true}}'

Disable (default):

# imunify360-agent config update '{"PAM": {"exim_dovecot_native": false}}'

High-water mark stats

In Imunify360 version 6.7, we implemented a daemon that will collect high-water mark statistics for any component of the product. The stats data will be arranged to reflect resource consumption for each Imunify360 component independently. 

Having this data at our disposal, we will be able to better understand which components can be optimized in terms of CPU usage, memory utilization, and I/O operations. The information collected will allow us to track how each product change affects server resources and to thoroughly assess how effective “in the wild” optimizations are that we made earlier in the product. Rest assured, no personal data will be collected, and only performance stats will be gathered.

This feature is tied to Unified Access Logger and works as its part, therefore, should you want to switch the stats collection off, a following set of CLI commands to disable Unified Access Logger should be used:

# systemctl mask imunify360-unified-access-logger
# systemctl stop imunify360-unified-access-logger
# systemctl disable imunify360-unified-access-logger

Malware scanner performance improvement

We took another step forward in pursuing our long-term goal of improving malware scanner performance – now the solution will run about two times faster than before. 

In this release, we implemented an entire set of deep code optimizations. Each of these will significantly improve performance and the speedup effect will add up. For example, we minimized the number of system calls and optimized the way signatures are compared with the file’s content in order to minimize the number of operations. After this release, not only will the performance scans run faster, but the processing load on the servers will be further reduced. 

No adjustments are needed to benefit from this upgrade – the optimization will work out-of-the-box, without a need to tune or enable it.

UI changes 

Improved firewall messaging

Earlier, we had a rather basic message in our Firewall tab that was shown whenever searches by local IP lists gave no matching results. Now, the administrators will be alerted to check the Cloud IP list when a result matching the search criteria is found there

UI adopted for cPanel Jupiter theme

Since the Jupiter theme for cPanel is used widely, we made sure that our product’s icons meld smoothly into the interface. A matching style is now represented in the layout

Internal records

Please see the detailed description of the product changes we made in version 6.7 through our publicly available changelog for Imunify360.

Stay in touch

Please give our product team feedback on this version 6.7 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via the Support Portal.

How to install

To install the new Imunify360 v.6.7, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 6.7 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 6.7 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Release Notes: Imunify360 v.6.7

Sep 29, 2022 2:25:22 PM
Yelena Gerassimenko Yelena Gerassimenko

IM360-major-release

We’re pleased to announce a new version of Imunify360. Version 6.7 is now available. The following features are new in the v6.7 release:

  • Dovecot native brute force protection
    Our new brute force protection module for Dovecot employs defensive advantages of PAM and also works seamlessly in cases where the PAM is inapplicable.

  • High-water mark stats
    With this release, we’ve added a special daemon that allows for better monitoring of resource consumption in Imunify360.

  • Malware scanner performance improvement
    An enhancement to Imunify360 malware scanner performance is available with this release.

  • UI Changes:
    Improved firewall interface. We added a more informative message to direct admins to the Cloud IP list, whenever the IP that has been searched for in the Firewall tab is actually found in the Cloud IP list.
    Jupiter theme for cPanel adopted. We adopted a popular Jupiter theme for cPanel to properly reflect our product icons.

Dovecot native brute force protection

Since the release of the PAM-protection feature in v4.5 this feature has been well-appreciated by the majority of our customers. In this release, we will update anti-brute force protection by releasing the Dovecot native brute force protection module to improve stability and resolve issues that standard PAM caused in some cases. There were situations when login with enabled PAM would produce log messages like these:

Jun 9 14:45:04 Hostl6 dovecot: auth-worker(31382): Error: pam(user@example.org,<IP>,<SESSION>): Multiple password values not supported
Jun 9 14:45:10 Hostl6 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<user@example.org>, method=PLAIN, rip=<IP>, lip=<IP>, TLS, session=<SESSION>

This happened due to the specificity of PAM’s architecture and the way it processes such cases. We decided to develop a completely new native module for Dovecot with brute force protection functionality. With the new module, Dovecot will not produce any more error messages similar to shown above.

Since the module is fresh from the development bench, we release it in experimental mode – disabled by default for now. This will be changed to “enabled by default” state in later releases once we collect the feedback on the module’s performance. Please stay tuned for updates.

Now two options can be used to control how brute force protection works for Dovecot:

Condition Behavior
PAM.exim_dovecot_protection PAM.exim_dovecot_native
false
any
 Dovecot protection disabled
true
false
 Dovecot protection enabled (default)
  • PAM-based module
true
true
 Dovecot protection enabled
  • Native module ON

 

The following commands can be used to control the Dovecot native module:

Enable:

# imunify360-agent config update '{"PAM": {"exim_dovecot_native": true}}'

Disable (default):

# imunify360-agent config update '{"PAM": {"exim_dovecot_native": false}}'

High-water mark stats

In Imunify360 version 6.7, we implemented a daemon that will collect high-water mark statistics for any component of the product. The stats data will be arranged to reflect resource consumption for each Imunify360 component independently. 

Having this data at our disposal, we will be able to better understand which components can be optimized in terms of CPU usage, memory utilization, and I/O operations. The information collected will allow us to track how each product change affects server resources and to thoroughly assess how effective “in the wild” optimizations are that we made earlier in the product. Rest assured, no personal data will be collected, and only performance stats will be gathered.

This feature is tied to Unified Access Logger and works as its part, therefore, should you want to switch the stats collection off, a following set of CLI commands to disable Unified Access Logger should be used:

# systemctl mask imunify360-unified-access-logger
# systemctl stop imunify360-unified-access-logger
# systemctl disable imunify360-unified-access-logger

Malware scanner performance improvement

We took another step forward in pursuing our long-term goal of improving malware scanner performance – now the solution will run about two times faster than before. 

In this release, we implemented an entire set of deep code optimizations. Each of these will significantly improve performance and the speedup effect will add up. For example, we minimized the number of system calls and optimized the way signatures are compared with the file’s content in order to minimize the number of operations. After this release, not only will the performance scans run faster, but the processing load on the servers will be further reduced. 

No adjustments are needed to benefit from this upgrade – the optimization will work out-of-the-box, without a need to tune or enable it.

UI changes 

Improved firewall messaging

Earlier, we had a rather basic message in our Firewall tab that was shown whenever searches by local IP lists gave no matching results. Now, the administrators will be alerted to check the Cloud IP list when a result matching the search criteria is found there

UI adopted for cPanel Jupiter theme

Since the Jupiter theme for cPanel is used widely, we made sure that our product’s icons meld smoothly into the interface. A matching style is now represented in the layout

Internal records

Please see the detailed description of the product changes we made in version 6.7 through our publicly available changelog for Imunify360.

Stay in touch

Please give our product team feedback on this version 6.7 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via the Support Portal.

How to install

To install the new Imunify360 v.6.7, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 6.7 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 6.7 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.