Config File Description
ImunifyAV(+) config file is available on the following location after installation:
/etc/sysconfig/imunify360/imunify360.config
In the config file it is possible to set up ImunifyAV(+) configuration. The following options are available:
| MALWARE_SCANNING: | |
|---|---|
| max_signature_size_to_scan: 1048576 | # max file size to scan in the standard mode; value is set in bytes |
| max_cloudscan_size_to_scan: 10485760 | # max file size to scan in the cloud-assisted (by hashes) mode; value is set in bytes |
| max_mrs_upload_file: 10485760 | # max file size to upload to CloudLinux malware research service; value is set in bytes |
| detect_elf: False | # enable (True) or disable (False) (default value) binary (ELF) malware detection |
| sends_file_for_analysis: True | # send (True) (default value) or not (False) malicious and suspicious files to the Imunify team for analysis |
| cloud_assisted_scan: True | # speed up scans by check file hashes using cloud database |
| rapid_scan: True | # speeds up (True) (default value) ot not (False) repeated scans based on smart re-scan approach, local result caching and cloud-assisted scan. |
| rapid_scan_rescan_unchanging_files_frequency: null | # defines what part of all files will be rescanned during each scan. For example, if set 10 then 1/10 part of all files will be rescanned. The default value `null` - means "choose frequency based on scan schedule". E.g. month - 1, week - 5, day - 10. |
| hyperscan: True | # allows to use (True) the regex matching Hyperscan library in Malware Scanner to greatly improve the scanning speed. True is the default value. Hyperscan requires its own signatures set that will be downloaded from the files.imunify360.com and compiled locally. Platform requirements: * Hyperscan supports Debian, Ubuntu and CentOS/CloudLinux 7 and later. * SSE3 processor instructions support. It is quite common nowadays, but may be lacking in virtual environments or in some rather old servers. |
| crontabs: True | # enable (True) scan of the system and user crontab files for malicious jobs. The default value is True. | ERROR_REPORTING: |
| enable: True | # automatically report errors to the Imunify team |
| MALWARE_SCAN_INTENSITY: | |
| cpu: 2 | # intensity level for CPU consumption. Can be set from 1 to 7, default is 2 |
| io: 2 | # intensity level for file operations. Can be set from 1 to 7, default is 2 |
| ram: 2048 | # intensity level for RAM consumption. Minimum value is 1024, default is 2048 |
| MALWARE_SCAN_SCHEDULE: | |
| day_of_month: <next day after installation> | # when the background scan shall start, day of the month. Can be from 1 to 31, the default value is the <next day after installation>. |
| day_of_week: 0 | # when the background scan shall start, day of the week. Can be from 0 to 7 (0 for Sunday, 1 for Monday..., 7 for Sunday (again)), the default value is 0 |
| hour: 3 | # when the background scan shall start, hour. Can be from 0 to 23, the default value is 3 |
| interval: MONTH | # interval of scan. Supported values: strings `NONE` (no scan), `DAY`, `WEEK`, `MONTH`, the default value is `MONTH` |
| MALWARE_CLEANUP: | |
| trim_file_instead_of_removal: True | # do not remove infected file during cleanup but make the file zero-size (for malwares like web-shells) (True) (default value) |
| keep_original_files_days: 14 | # the original infected file is available for restore within the defined period. The default is 14 days. The minimum value is one day. |
| ADMIN_CONTACTS: | |
| emails: youremail@email.com | # your email to receive reports about critical issues, security alerts or system misconfigurations detected on your servers. |
| enable_icontact_notifications: True | # receive notifications about malicious activity detected (no more than once in 24h) and when malware scan was not performed for not more than once per week (once a week). Available for cPanel and cPanel-supported OSes. Default value is True. |
| PERMISSIONS: | |
| support_form: True | # show (True) (the default value) or hide (False) the Support icon in the ImunifyAV(+) UI. |
| user_ignore_list: True | # show (True) (the default value) or hide (False) the Ignore List tab for end-users in the ImunifyAV(+) UI. |
| allow_malware_scan: False | # enable (True) or disable (False) (the default value) “scan” action in the UI of the end-user. |
| upgrade_button: True | # enable (True - the default value) or disable (False) the Imunify upgrade button. |
| RESOURCE_MANAGEMENT: | |
| ram_limit: 500 | # set RAM consumption limit for ImunifyAV(+) in MB |
| io_limit: 2 | # set IO consumption limit for ImunifyAV(+) in MB |
| cpu_limit: 2 | # set CPU consumption limit for ImunifyAV(+) in MB. |
How to apply changes from CLI
In order to apply changes via command-line interface (CLI), you can use the following command:
imunify-antivirus config update '{"SECTION": {"parameter": value}}'
For example, if you want to set MALWARE_SCAN_INTENSITY.cpu = 5 from a command line, then you should execute the following command:
imunify-antivirus config update '{"MALWARE_SCAN_INTENSITY": {"cpu": 5}}'
Overridable config
Starting from ImunifyAV(+) v.5.8, we introduce the overridable config which provides the ability to provision default config for the whole fleet of Imunify servers and keep the ability for fine-tuning each particular server depending on its requirements.
Configs organization:
- A new directory for custom configs. The local overrides of the main config are put there:
/etc/sysconfig/imunify360/imunify360.config.d/ - The old config
/etc/sysconfig/imunify360/imunify360.configis now linked to theimunify360.config.d/90-local.config. It contains changes made through UI as well as through CLI. - Configs in that directory will override the
imunify360-base.configand each other in lexical order. First-level "sections" (likeFIREWALL) are merged, while second-level "options" (likeFIREWALL.TCP_IN_IPv4) are replaced completely.
This way you can keep your local customizations, but still be able to rollout the main config.
The CLI command to check the default configuration before merging with 90-local.config:
imunify-antivirus config show defaults
Here is an example of custom server configuration:
imunify360-base.configProvided by Imunify installation. Contains default recommended configuration | FIREWALL:TCP_IN_IPv4:- '20'- '8880'port_blocking_mode: ALLOW |
imunify360.config.d/50-common.configProvisioned by server owner to the fleet of servers. | FIREWALL:TCP_IN_IPv4:- '20'- '21'port_blocking_mode: DENY |
imunify360.config.d/90-local.configContains local customization per server individually. | FIREWALL:TCP_IN_IPv4:- '20'- '22'- '12345' |
The resulting (merged) configuration will look like this:
FIREWALL:
TCP_IN_IPv4:
- '20'
- '22'
- '12345'
port_blocking_mode: DENY
The mechanics is as follows: first-level "sections" - for example FIREWALL are merged, while second-level "options" - for example FIREWALL.TCP_IN_IPv4 are replaced completely.
Those who don’t need this type of overridable configs can continue using custom configurations in the /etc/sysconfig/imunify360/imunify360.config.
This feature is backward compatible.
