Command-line Interface

Command-line Interface

Navigation:  »No topics above this level«

Command-line Interface

Previous pageReturn to chapter overviewNext page

For access to Imunify360 agent features from command-line interface, use the following command:

 

imunify360-agent

 

Optional arguments:

 

-h, --help

Returns the help message

--remote-addr [IP_address]

IP address for adding it to the whitelist

--console-log-level [ERROR,WARNING,INFO,DEBUG] 

Level of logging input to the console

 

Basic usage:

 

imunify360-agent [command] [--option1] [--option2]...

 

Available commands:

       3rdparty            Make Imunify360 the primary IDS

       blacklist           Return/Edit IP blacklist

       blocked-port        Return/Edit list of blocked ports

       check-domains       Send domain list check

       clean               Clean the incidents

       checkdb             Check database integrity

       doctor              Collect info about system and send it to CloudLinux

       features            Manage available features for Imunify360

       get                 Returns list of incidents

       graylist            Return/Edit IP gray list

       import              Import data

       infected-domains    Returns infected domain list

       malware             Allows to manage malware options

       migratedb           Check and repair database if it is corrupted

       plugins             Command for manipulating Imunify360 plugin

       register            Registration the agent

       rstatus             Query the server to check if the license is valid

       rules               Allows user to manage disabled rules

       unregister          Unregistration the agent

       vendors             Command for manipulating Imunify360 vendors

       version             Show version

       whitelist           Return/Edit operator for IP and domain white list

 

 

Optional arguments for the commands:

 

-h, --help

Shows this help message.

 

--json     

Returns data in JSON format.

 

--by-country-code [country_code]

Filters output by country code. Requires valid country code as argument.
Find valid country codes here in column ISO ALPHA-2 CODE.

 

--by-ip [ip_address]

Filters output by abuser's IP or by subnet in CIDR notation.
Example: --by-ip 1.2.3.0/24.

 

--by-list

Can be: any, gray (Gray List), white (White List), black (Black List). Filters output based on the list type.
Example: --by-list black.

 

--limit 

limits the output with specified number of incidents. Must be a number greater than zero. By default, equals 100.

 

--offset

Offset for pagination. By default, equals 0.

 

--to

Allows to set the end of the period for filter. Format is a timestamp.

 

--manual-only

Show only IP’s that have been added manually.

--no-manual-only

Show IP’s that have been added both automatically and manually.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

3rdparty

 

Command for disabling 3rd party IDS (currently they are cPHulk and fail2ban) and make Imunify360 agent the primary IDS.

 

Usage:

 

imunify360-agent 3rdparty [-h]

 

Command is a positional argument and can be:

 

conflicts

Show conflicts with other software.

list

List other IDS that might be running concurrently with Imunify360.

 

Optional arguments:

 

-h, --help

Show this help message.

 

Blacklist

 

This command allows to view or edit actual IPs in the blacklist.

 

Usage:

 

imunify360-agent blacklist [subject] [command] <value> [--option]

 

subject is a positional argument and can be:

 

country

Allows to manipulate with countries in the Black List.

ip

Allows to manipulate with IPs in the Black List.

 

command is a second positional argument and can be:

 

add

add item(-s) to Black List

delete

remove item(-s) from Black List

move

move item(-s) to Black List

edit

edit comment on item in the Black List

list

list items(-s) in Black List

 

 

Please note that by default list command outputs only first 100 items in the list as if it was run as blacklist ip list --limit 100.

To check whether specific IP address is in the list, you can run the following command:

 

blacklist ip list --by-ip 12.34.56.78

 

where 12.34.56.78 is that specific IP address.

 

value is an item to manipulate with. It can be IP itself or a country code (find necessary country codes here in CIDR notation in the column ISO ALPHA-2 CODE).

 

option can be one or few of the optional arguments specified above and one more:

 

--comment

allows to add comment to the item

 

Examples:

 

The following commands add IP 1.2.3.4 to the Black List with a comment “one bad IP”:

 

imunify360-agent blacklist ip add 1.2.3.4 --comment “one bad ip”

 

The following command returns a list of IPs in the Black List which are from Bolivia:

 

imunify360-agent blacklist --by-country-code BO

 

 

Blocked ports

 

This command allows to view or edit ports, IPs, and protocols in the list of blocked ports.

 

Usage:

 

imunify360-agent blocked-port [command] <value> [--option]

 

command is a first positional argument and can be:

 

add

add item(-s) to blocked ports

delete

remove item(-s) from blocked ports

edit

edit comment on item in the blocked ports

list

list items(-s) in blocked ports

 

value is an item to manipulate with. value is ‘:’ separated pair of port number and protocol: 5432:tcp, 28:udp

 

option can be one or few of the optional arguments specified above and some more:

 

--comment

allows to add comment to the item

--ips

allows to add IP addresses to ignore list of the blocked port (port won’t be blocked for this IP addresses).

 

Example:

 

The following command blocks port 5555 for tcp connections with a comment “Some comment”:

 

imunify360-agent blocked-port add 5555:tcp --comment “Some comment”

 

Check-domains

 

Allows to send domains list to check on Imunify360 central server. This command requires cPanel. After domains checked, the results is available via command infected-domains. Please note that the server requires some time for checking and the results may not be ready immediately.

 

Usage:

 

imunify360-agent check-domains [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

return data in JSON format

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Clean

 

Clean the incident list.

 

Usage:

 

imunify360-agent clean [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--days

Cleanups incidents from database, if there are more than specified days quantity. Example: --days 5.
This option will cause deletion of all incidents that are older than 5 days from today.

--limit

Leaves only limited number of the incidents in the database and deletes the others.
Example: --limit 5000. This option will leave only 5000 new incidents and delete the others.

 

Checkdb

 

Checks database integrity. In case database is corrupt, then this command saves backup copy of the database at /var/imunify360 and tries to restore integrity of the original database. Note that if this command cannot restore database integrity, then it will destroy the original broken database. Use migratedb command to create new clean database.

 

Usage:

 

imunify360-agent checkdb [-h]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

 

Doctor

 

Collecting information about Imunify360 state, generating the report and sending it to Imunify360 Support Team. This command can be used in case of any troubles or issues with Imunify360. This command will generate a key to be sent to Imunify360 Support Team. With that key Imunify360 Support Team can help with any problem as fast as possible.

 

Usage:

 

imunify360-agent doctor [-h]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Features

 

Allows to enable or disable additional CloudLinux software included in Imunify360 for free. The following software is available:

 

KernelCare

HardenedPHP

Nginx Captcha

Invisible Captcha

 

Usage:

 

imunify360-agent features [-h] [command] <feature name>

 

command is a positional arguments and can be :

 

install

allows to enable software

remove

allows to disable software

status

allows to check the status of the software

list

allows to list all available software

 

Optional arguments:

 

-h, --help

Show this help message.

 

Examples:

 

1.The following command checks if KernelCare is installed:

 

imunify360-agent features status kernelcare

 

2.The following command installs Nginx CAPTCHA:

 

imunify360-agent features install nginx-captcha

 

3.The following command uninstalls Nginx CAPTCHA:

 

imunify360-agent features remove nginx-captcha

 

 

Get

 

The command returns the lists of incidents.

 

Usage:

 

imunify360-agent get [--required argument] [--optional argument]...

 

Option can be one or few of the optional arguments listed above and one more.

 

--period [period]

timeframe, allows to specify the amount of time starting from the current day. Should be greater than (or equal to) 1 minute. Can be specified in format:

<int>m - minutes, example --period 30m

<int>h - hours, example --period 4h

<int>d - days, example --period 7d

today - for today, example --period today

yesterday - for yesterday, example --period yesterday

For example, --period 5d will return a list of incidents for 5 days.

 

--since [timestamp]

Allows to set start time to filter the list of incidents by period.

--to [timestamp]

Allows to set finish time to filter the list of incidents by period.

--severity

Allows to set severity to filter the list of incidents.

 

Example:

 

The following command shows the incidents (in JSON format) for recent 1 hour, filtered by country code UA and filtered by Black List IPs:

 

imunify360-agent get --period 1h --by-country-code UA --by-list black --json

 

Graylist

 

This command allows to view or edit actual IP blacklist.

 

Usage:

 

imunify360-agent graylist ip [command] [--optional argument]

 

Available commands:

 

delete

Allows to remove IP from Gray List.

list

Allows to list IPs in Gray List.

 

Optional arguments:

 

-h, --help

Show this help message.

 

Optional arguments for list:

 

--json

Returns data in JSON format.

--by-country-code [country_code]

Filters output by country code. Requires valid country code as argument.
Find valid country codes  in CIDR notation in column ISO ALPHA-2 CODE.

--by-ip [ip_address]

Filters output by abuser's IP or by subnet in CIDR notation.
Example: --by-ip 1.2.3.0/24

--limit 

Limits the output with specified number of IPs. Must be a number greater than zero.
By default, equals 100.

--offset

Offset for pagination. By default, equals 0.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Please note that by default list command outputs only first 100 items in the list as if it was run as graylist ip list --limit 100.

To check whether specific IP address is in the list, you can run the following command:

 

graylist ip list --by-ip 12.34.56.78

 

where 12.34.56.78 is that specific IP address.

 

Example:

 

The following command will remove IP 1.2.3.4 from the Gray List:

 

imunify360-agent graylist ip delete 1.2.3.4

 

Import

 

This command allows to import Black and White lists from the other 3rd party IDS (only CSF supported at the moment) to Imunify360 database.

Note. If CSF is enabled, then it is not necessary to run the command because Imunify360 is integrated with CSF.

 

Usage:

 

imunify360-agent import [-h] {blocked-ports, wblist} ...

 

Positional arguments:

 

blocked-ports        

Import blocked-ports from other IDS.

wblist

Import white/black list from other IDS.

  

Optional arguments:

 

-h, --help

Show this help message.

 

Example:

 

The following command will import Black and White lists from the 3rd party IDS:

 

imunify360-agent import wblist

 

Infected-domains

 

Allows to retrieve infected domains list.

 

Usage:

 

imunify360-agent infected-domains [-h] [--optional arguments]

 

Optional arguments for list:

 

--json

Returns data in JSON format.

--limit 

Limits the output with the specified number of domains.
Must be a number greater than zero. By default, equals 100.

--offset

Offset for pagination. By default, equals 0.

--verbose, -v

Allows to return data in a good-looking view if option --json is used.

 

Malware

 

Allows to manage malware options.

 

Usage:

 

imunify360-agent malware [-h] [--optional arguments]

 

Available commands:

 

dashboard indicators

Show indicators for dashboard.

ignore 

Allows to add, delete or show files which will not be scanned.

malicious

Allows to manage malicious files.

on-demand

Allows to manage on-demand scanner.

read

Allows to read malware files.

suspicious

Allows to manage suspicious files.

 

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Returns data in JSON format.

--limit 

Limits the output with the specified number of domains.
Must be a number greater than zero. By default, equals 100.

--offset

Offset for pagination. By default, equals 0.

--verbose, -v

Allows to return data in a good-looking view if option --json is used.

--since SINCE

Start date.

--to TO

End date.

--user USER

Returns results for a chosen user.

 

Command is a second positional argument for ignore and can be:

 

add

Add a file or files divided by space to the ignore list.

delete

Delete an ignored file or files divided by space from the list.

list 

Show a list of ignored files.

 

Command is a second positional argument for malicious and can be:

 

delete

Delete malicious file or files divided by space.

list

Show a list of malicious files.

move-to-ignore 

Move a file or files divided by space to the ignore list.

quarantine-malicious

Allows to add malicious files to quarantine.

restore-from-backup

Restore source files from backup.

restore-from-quarantine

Restore files from quarantine.

 

Command is a second positional argument for on-demand and can be:

 

start

Start on-demand scanner for the path specified after the start command,
for example: imunify360-agent malware on-demand start --path /home/<username>/public_html/

list

Returns a list of all on-demand scanner session results.

status

Show current status for on-demand scanner.

stop

Stop current scanning.

 

Command is a second positional argument for suspicious and can be:

 

delete

Delete suspicious file or files divided by space.

list

Show a list of suspicious files.

move-to-ignore

Move suspicious files divided by space to the ignore list.

move-to-quarantine

Move suspicious files divided by space to the quarantine

 

Migratedb

 

Allows to create clean database if it was corrupted. Note: use checkdb to check database health.

 

Usage:

 

Imunify360-agent migratedb [-h]

 

Optional arguments:

 

--help, -h

Show this help message.

 

 

Plugins

 

Command for manipulating Imunify360 plugins.

 

Usage:

 

imunify360-agent [command]

 

Command is a positional argument and can be:

 

enable-plugin

Enable Imunify360 plugin.

disable-plugin

Disable Imunify360 plugin.

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Return data in good-looking view if option --json is used.

 

 

Register

 

Allows to register and activate Imunify360. You can use it in case if Imunify360 was not activated during installation process or in case if activation key of the Imunify360 was changed for any reason. If you do not know what is an activation key or have any problem with it then, please, read Installation guide or contact our support team.

 

Usage:

 

imunify360-agent register [--optional arguments] [KEY]

 

Activation key is a positional argument:

 

KEY

Register with activation key (use IPL to register by IP).

   

If you will use this command without the KEY argument, then it will try to register and activate current activation key.

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Example 1:

 

The following command will register and activate Imunify360 with the provided activation key:

 

imunify360-agent register IM250sdfkKK245kJHIL

 

Example 2:

 

If you have an IP-based license, you can use IPL argument to register and activate Imunify360:

 

imunify360-agent register IPL

 

Rstatus

 

Allows to check if Imunify360 server license is valid.

 

Usage:

 

imunify360-agent rstatus [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Rules

 

This command allows user to manage rules disabled for firewall plugins Imunify360 uses.

 

Usage:

 

imunify360-agent rules [command] [--option] <value> [--option] <value>

 

Command is a positional argument and can be:

 

disable

Add a new rule to the disabled rules list.

enable

Remove a rule from the disabled rules list.

list-disabled

Display the list of the disabled rules.

 

Option can be:

 

--id

ID number of the rule provided by the firewall plugin.

--plugin

Firewall plugin name. Can be one of the following:

modsec for ModSecurity;

ossec for OSSEC.

--name

Name of the added rule or details of the rule from ModSecurity or OSSEC.

 

Example 1:

The following command adds a rule with id 42 and name ‘Rule name’ for the ModSecurity rules to the disabled rules list:

 

imunify360-agent rules disable --id 42 --plugin modsec --name 'Rule name'

 

Example 2:

The following command removes a rule with id 42 for the ModSecurity rules from the disabled rules list:

 

imunify360-agent rules enable --id 42 --plugin modsec

 

Example 3:

The following command displays the list of disabled rules:

 

imunify360-agent rules list-disabled

 

The list is displayed as follows:

 

{'plugin': 'modsec', 'id': '214920', 'domains': ['captchatest.com'], 'name': 'Imported from config'}

{'plugin': 'modsec', 'id': '42', 'domains': None, 'name': 'Rule name'}

{'plugin': 'ossec', 'id': '1003', 'domains': None, 'name': 'Imported from config'}

{'plugin': 'ossec', 'id': '2502', 'domains': None, 'name': 'User missed the password more than one time'}

 

Where

plugin — is a firewall plugin name (modsec for ModSecurity and ossec for OSSEC);

id — is id number of the rule provided by the firewall plugin;

domains — the list of the domains for which the rule is disabled (None means all domains)*.

name — rule description or details of the rule from ModSecurity or OSSEC.

 

*Note. Domains are specified only for ModSecurity rules. For OSSEC rules it is always applies to all domains.

 

Unregister

 

Allows to unregister and disable Imunify360 on the server. Note that to remove Imunify360 from the server it needs to be uninstalled.

 

Usage:

 

imunify360-agent unregister [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Vendors

 

Command for manipulating Imunify360 vendors.

 

Usage:

 

imunify360-agent [command]

 

Command is a positional argument and can be:

 

install-vendors

install ModSecurity vendors. This command will install Imunify360 vendor and Comodo WAF if there are no conflicts with other installed vendors.

uninstall-vendors

uninstall ModSecurity vendors.

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Return data in good-looking view if option --json is used.

 

Version

 

Allows to view the actual Imunify360 version installed on the server.

 

Usage:

 

imunify360-agent version [-h] [--json]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Submit false positive or false negative to Imunify360 team for analysis

 

To submit file as false positive (if Imunify360 considers file as a malicious but it actually doesn’t) you can use the following command:

 

imunify360-agent submit false-positive <file>

 

To submit file as false negative (if Imunify360 considers file as a non-malicious but it actually does) you can use the following command:

 

imunify360-agent submit false-negative <file>

 

Optional arguments:

 

--to

Email to send.

--sender

User email.

-h, --help

Show this help message

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Whitelist

 

This command allows to view or edit actual IPs and domains in the Whitelist.

 

Usage:

 

imunify360-agent whitelist [subject] [command] <value> [--option]

 

subject is a positional argument and can be:

 

ip

Allows to manipulate with IPs in the White List.

domain

Allows to manipulate with domains in the White List.

 

command is a second positional argument and can be:

 

add

Add item (-s) to the White List.

delete

Remove item (-s) from the White List.

move

Move item (-s) to the White List.

edit

Edit comment on the item in the White List.

list

List items (-s) in the White List.

 

Please note that by default list command outputs only first 100 items in the list as if it was run as whitelist ip list --limit 100.

To check whether specific IP address is in the list, you can run the following command:

 

whitelist ip list --by-ip 12.34.56.78

 

where 12.34.56.78 is that specific IP address.

 

value is an item to manipulate with. It can be IP itself or a country code (find the necessary country codes in CIDR notation in ISO ALPHA-2 CODE column), or a domain name.

 

option can be one or few of the optional arguments from the table above and one more:

 

--comment

Allows to add a comment to the item.

--full-access

Only for move and edit commands. Allows to grant full access to the IP or subnet ignoring the rules in Blocked ports.

--no-full-access

Only for move and edit commands. Allows to remove full access of the IP or subnet.

 

Examples:

 

The following commands adds IP 1.2.3.4 to the White List with a comment “one bad ip”:

 

imunify360-agent whitelist ip add 1.2.3.4 --comment “one good ip”

 

The following command returns a list of IPs in the White List which are from Bolivia:

 

imunify360-agent whitelist --by-country-code BO

 

The following command adds domain with a name example.com to the White List:

 

imunify360-agent whitelist domain add example.com

 

The following command checks domains in the White List:

 

imunify360-agent whitelist domain list