Imunify360 Blog

Security Made Easy with Imunify360: How to Use Imunify360 to Make Your Admin’s Life Better

Written by Vladimir Markevich | Feb 22, 2024 2:00:00 PM

Securing a server requires the right configurations, but securing a server that protects your data and all other customers hosted on the server is much more complex. Without the right tools, a hosting provider would need several technicians to handle customer tickets, analyze the problem, and remediate cybersecurity issues. Imunify360 monitors, stops, and remediates many common exploits, saving server administrators time and owners' money. In this article you will discover the following:

  1. What is Imunify360?
  2. What Makes Security Easy with Imunify360?
    1. Configure Imunify360 with the CLI from Your Terminal
    2. Imunify360 Overridable Config
    3. Dashboard That Works Out-of-the-Box
    4. Whitelist, Graylist, and Blacklist IP Addresses
    5. Default Settings and Security Recommendations
    6. CMS Updates are No Longer a Concern
    7. Patch Management and Updates Without Reboots
    8. Automate Security and Updates
    9. Super Cool Support Team
    10. Create Plugins and Tools By Integrating the API
    11. Imunify Hooks
  3. Make Your Server Administrator Life Easier with Imunify360
  4. Recommended articles

What is Imunify360?

Imunify360 is a multi-layer, full monitoring and scanning security solution for Linux-based servers. It detects and stops the majority of common web attacks that target shared hosting servers, websites running content management systems (CMS) such as WordPress or Joomla, and web-based applications. With Imunify360, server administrators can automatically stop brute-force attacks, malware uploads, malicious code injection, and many other attacks that could affect customer sites and the server itself.

Most host servers include a control panel for site owners, and Imunify360 integrates with the popular applications such as cPanel, Plesk and DirectAdmin. It allows site owners and server administrators to monitor malicious activity and identify potential threats.Imunify360 will automatically clean code injection, saving server administrators time spent on fighting with malware.

 

What Makes Security Easy with Imunify360?

Imunify360 was created with shared hosting in mind, and engineers built it to stop attacks automatically to reduce server administrator overhead, making their lives easier. As you might already know, shared hosts see a tremendous amount of cybersecurity attacks - not only on the individual server, but on all its hosted customer sites. Protecting and monitoring customer websites is a full-time job, and it can be costly for hosting providers to constantly remediate hacked websites on a server. Imunify360 makes monitoring, stopping, and remediating attacks on customer sites much easier, faster, and frees up time for technical staff to focus on other issues.

Imunify360 has a set of features, and we’ll cover some of the common ones to help you understand how the application will make monitoring server activity easier.

 

Configure Imunify360 with the CLI from Your Terminal

Imunify360 has a command-line interface (CLI) that can be used from an administrator terminal. The CLI makes it easy to configure the system and review current configurations. There are several CLI options available in Imunify360.

For example, you can see the current configurations for Imunify360 by typing the following command:

 

imunify360-agent config show

 

This command just shows the current configurations from the /etc/sysconfig/imunify360/imunify360.config file, you can also update configurations using the imunify360-agent config update command. The Imunify360 documentation shows you all the available config file options that you can update from the CLI.

For example, suppose that you want to update the malware scan intensity setting for CPU spikes. The following CLI command would make updates to the server’s configurations:

 

imunify360-agent config update '{"MALWARE_SCAN_INTENSITY": {"cpu": 5}}'

 

Imunify360 Overridable Config

For hosters with a fleet of servers across data centers and locations, Imunify360 provides an easy way to manage configs that could be propagated across all servers or just a segment of the network. The overridable config feature lets administrators fine tune settings and keep them consistent across all servers at the same time. Administrators can build a set of configurations that span all servers or customize each one based on the services it provides, location, or the control panel used.

To create custom configurations, you first need to create a new directory for the configuration file. You can then create a custom configuration file with specific overrides for each Imunify360 feature. The name you give a configuration file will determine if it is the base configuration, provisioned by the administrator, or it contains settings for servers individually. Here are three examples:

  • imunify360-base.config: This is the file name for Imunify360’s default configurations.
  • imunify360.config.d/50-common.config: A configuration file provisioned to a fleet of servers.
  • imunify360.config.d/90-local.config: An individual server configuration file.

You can view the default configuration file to see the format for each setting. The following is an example of a firewall setting that blocks ports 20 and 21, which are common FTP ports:

FIREWALL:

TCP_IN_IPv4:

- '20'

- '21'

port_blocking_mode: DENY

 

The Imunify360 documentation explains how to create these files and the format for the custom configurations. When you set up custom overridable configurations, make sure that you are familiar how Imunify360 merges configs.

 

Dashboard That Works Out-of-the-Box

One benefit of Imunify360 is that it runs out-of-the-box, and administrators can get the current status of the server from a dashboard available in the main menu. The centralized dashboard in CLN lets you see all events and incidents that took place on the server. Administrators can review anomalies with every site hosted on the server in real-time. The reporting close to real-time gives administrators updates so that they can react quickly before malware causes server-wide issues and affects other hosted sites.

In-application dashboard integrated with the Imunify360 scanner. When the scanner finds malware, reports show results to administrators. Whether you have cPanel, Plesk, DirectAdmin, or a standalone server without a control panel, the Imunify360 reports let administrators know when malicious activity is targeting the hosting server.

To view the dashboard, click “Dashboard” in Imunify360, and choose the reports and filters to drill down to the incidents and notifications relevant to specific sites, servers, and locations.

 

Whitelist, Graylist, and Blacklist IP Addresses

In a brute-force attack, a threat actor runs scripts that will automatically attempt authentication on accounts. The accounts could be the server administrator account or a site administrator account for the hosted CMS such as WordPress or Joomla. Imunify360 detects brute-force attacks and will stop them, but administrators can also configure detection to automatically allow or block IP addresses.

Dynamic graylists are beneficial for automatically blocking brute-force attacks, but administrators can also manually configure whitelist or blacklists to work alongside graylists. A whitelisted IP will be given access to the server, so these IP addresses should be chosen carefully. A blacklisted IP will be blocked regardless if it’s legitimate traffic.

Administrators should review any whitelisted IP addresses to ensure that they should truly be in the list. You can use the following command to see the current IP whitelist:

 

imunify360-agent whitelist ip list

 

The Imunify360 documentation shows you how to whitelist and blacklist IP addresses based on IP, country code, and domain. Using the command-line interface (CLI) to blacklist or whitelist IP addresses is useful if you only have a few to add, but you might already have a long list of addresses to blacklist or whitelist. Imunify360 supports importing from an external text file.

To use an external list, you must have a text file located in the following directory for a whitelist:

 

/etc/imunify360/whitelist/*.txt

 

The blacklist directory is:

 

/etc/imunify360/blacklist/*.txt

 

For more information about how to format these files or to reload them after updating the lists, see the Imunify360 documentation.

 

Default Settings and Security Recommendations

Imunify360 functions out of the box with minimal configuration effort, which reduces overhead for administrators so that they do not need to spend much time testing and deploying it. The default settings are optimized for cybersecurity defense and to stop malware from being uploaded.

A few defaults that are turned on by default make Imunify360 an effective security solution out-of-the-box:

  • Real-time scanner that monitors server activity, including HTTP and FTP file uploads
  • RapidScan option.
  • Cloud-assisted Scan.
  • Automatic malware clean up
  • The background scanner is turned on and runs every month.
  • WebShield and Blamer are enabled by default for protecting web applications.

The default resource usage configuration lets Imunify360 run in the background and do not affect performance of running users’ applications.

 

CMS Updates are No Longer a Concern

One area where Imunify360 excels the most is in its protection of CMS-based sites such as WordPress. WordPress and other CMS software powers a large portion of the Internet, so it’s a primary target for attackers. Attackers use scripts that scan a large group of sites to find common vulnerabilities and exploit them within seconds. 

The WordPress application core is usually secure, but the plugins added to sites leave vulnerabilities due to poorly structured code, backdoors, or unmaintained and outdated software. Some plugins with millions of installations have vulnerabilities in them that can be exploited, and if these sites are hosted on your servers, it could pose a threat to local resources and other customer sites.

Most people who run their sites on a CMS do not know how to properly secure it. Imunify360 is a completely automated tool that monitors and protects CMS-based sites out-of-the-box. After it’s deployed to a server, administrators can rely on virtual patching to secure outdated applications and keep users’ files consistent.

Outdated WordPress sites are another severe vulnerability. Site owners might not be fully aware of the danger of leaving WordPress and its plugins unpatched. Imunify360 takes care of this issue by doing a virtual patching and leaving WordPress site intact to ensure the secure version of the code is always running on all hosted websites.

 

Patch Management and Updates Without Reboots

Server administrators know that rebooting servers can cause unwanted downtime, so maintenance must be planned. With Imunify360, administrators get Secure Kernel powered by KernelCare, which is a patch management system that updates your Linux kernel and hosting applications without rebooting the server. 

When new CVEs are released, any affected software including the Linux operating system should be patched. Once a vulnerability is common knowledge, attackers would write scripts to scan and exploit a system still running outdated software. Administrators will often postpone patches until they can be tested and deployed at a given change control date. By delaying patches, it leaves an open window of opportunity for attackers to exploit a known vulnerability.

With automatic patching, Linux server administrators no longer need to worry about change control and patching. Patching is done automatically including updates to the Linux kernel. KernelCare is a rebootless patching solution, so no customers experience downtime on their sites.

 

Automate Security and Updates

The Imunify360 team understands that server technicians and administrators have limited time, but malware and exploits can take extensive time to analyze and remediate. Imunify360 is built to automate many of the steps involved with scanning and remediating malware. It’s built with a threat intelligence approach to help administrators proactively stop attacks without much manual overhead.

Thanks to the PHP Immunity feature any PHP infection could be stopped. Any well-known or zero-day threat could be stopped with the same outstanding performance. It prevents malicious PHP scripts from executing on the server, which is what many CMS-based sites run. The web application firewall (WAF) and antivirus software acts just as the final layer of the security.

Control panel integration means Imunify360 does not need any additional configuration steps and works out-of-the-box. The default security protection contains necessary settings to stop malware instantly, so administrators don’t need extensive time to configure Imunify360 after installation. 

 

Super Cool Support Team

The Imunify360 team prides itself on its product. We aim to build effective security solutions for shared host providers and VPS owners. The Imunify360 solution was built by the team at CloudLinux, so we know the importance of security for the Linux operating system. The CloudLinux team makes the most secure and stable operating system for host providers, and we understand the importance of security and the ways to protect host servers as well as the sites that rely on them.

 

Create Plugins and Tools By Integrating the API

For organizations that want to create backend plugins or modules that work with Imunify360, you can create them by adding your custom code to the backup_backends folder and define functions based on the API. The API can be used to customize backups and integrate into common control panels (e.g., DirectAdmin). With the Imunify360 API, you can build modules that automate functionality to save administrators time and ensure backups and scans happen regularly based on your own code.

 

Imunify Hooks 

Hooks are a new addition to Imunify360 that gives host administrators more control over the way our product helps them combat malware. For example, a web host might use hooks to send an email notifying a customer when malware is found on their site. Instead of manually sending an email after reviewing reports, a web host administrator can use Imunify360 hooks to send an email when an alert is triggered from malware detection.

To create a hook, you build a custom script in any language you prefer (e.g., bash, PHP, Python, etc.) and register it using the command line or just set it up via GUI. To better understand hooks, see our example of a PHP script that executes when malware is found and suspends a cPanel user when more than three infected files are found.

 

Make Your Server Administrator Life Easier with Imunify360

Because Imunify360 works straight out of the box after deployment, administrators can reduce much of the overhead required for cybersecurity and malware analysis. You can get started with Imunify360 today and find out what it can do for your shared hosting or VPS servers.

Take your web hosting security to the next level with Imunify360 security suite. Imunify360 is a complete security suite with all components working together to keep your servers safe and running while you could focus on other business tasks. Imunify360 is a synergy of Antivirus for Linux Server, Firewall, WAF, PHP Security Layer, Patch Management, Domain Reputation with easy UI and advanced automation. Try Imunify360 free for 14 days and see results in just one week.

 

Recommended Articles