Command-line Interface

Navigation:  »No topics above this level«

Command-line Interface

Previous pageReturn to chapter overviewNext page

For access to Imunify360 agent features from command-line interface, use the following command:

 

imunify360-agent

 

Optional arguments:

 

-h, --help

Returns the help message

--remote-addr [IP_address]

IP address for adding it to the whitelist

--console-log-level [ERROR,WARNING,INFO,DEBUG] 

Level of logging input to the console

 

Basic usage:

 

imunify360-agent [command] [--option1] [--option2]...

 

Available commands:

 

 blacklist           Return/Edit IP blacklist

       blocked-port        Return/Edit list of blocked ports

       check-domains       Send domain list check

       clean               Clean the incidents

       checkdb             Check database integrity

       cpanel              Commands for cPanel plugin manipulation

       disable-3rdparty    Make Imunify360 the primary IDS

       doctor              Collect info about system and send it to CloudLinux

       features            Manage available features for Imunify360

       get                 Returns list of incidents

       graylist            Return/Edit IP gray list

 import              Import data

       infected-domains    Returns infected domain list

       migratedb           Check and repair database if it is corrupted.

       list-3rdparty       Check if another IDS is running

       register            Registration the agent

       rstatus             Query the server to check if the license is valid

       rules               Allows user to manage disabled rules

       unregister          Unregistration the agent

       version             Show version

       whitelist           Return/Edit IP white list

 

 

Optional arguments for the commands:

 

-h, --help

Shows this help message.

 

--json     

Returns data in JSON format.

 

--by-country-code [country_code]

Filters output by country code. Requires valid country code as argument. Find valid country codes here in column ISO ALPHA-2 CODE.

 

--by-abuser-ip [ip_address]

Filters output by abuser's IP or by subnet in CIDR notation. Example: --by-abuser-ip 1.2.3.0/24.

 

--by-list

Can be: any, gray (Gray List), white (White List), black (Black List). Filters output based on the list type. Example: --by-list black.

 

--limit 

limits the output with specified number of incidents. Must be a number greater than zero. By default, equals 100.

 

--offset

Offset for pagination. By default, equals 0.

 

--to

Allows to set the end of the period for filter. Format is a timestamp.

 

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Blacklist

 

This command allows to view or edit actual IPs in the blacklist.

 

Usage:

 

imunify360-agent blacklist [subject] [command] <value> [--option]

 

subject is a positional argument and can be:

 

country

Allows to manipulate with countries in the Black List.

ip

Allows to manipulate with IPs in the Black List.

 

command is a second positional argument and can be:

 

add

add item(-s) to Black List

delete

remove item(-s) from Black List

move

move item(-s) to Black List

edit

edit comment on item in the Black List

list

list items(-s) in Black List

 

value is an item to manipulate with. It can be IP itself or a country code (find necessary country codes here in CIDR notation in the column ISO ALPHA-2 CODE).

 

option can be one or few of the optional arguments specified above and one more:

 

--comment

allows to add comment to the item

 

Examples:

 

The following commands add IP 1.2.3.4 to the Black List with a comment “one bad IP”:

 

imunify360-agent blacklist ip add 1.2.3.4 --comment “one bad ip”

 

The following command returns a list of IPs in the Black List which are from Bolivia:

 

imunify360-agent blacklist --by-country-code BO

 

 

Blocked ports

 

This command allows to view or edit ports, IP and protocols in the list of blocked ports.

 

Usage:

 

imunify360-agent blocked-port [command] <value> [--option]

 

command is a first positional argument and can be:

 

add

add item(-s) to blocked ports

delete

remove item(-s) from blocked ports

edit

edit comment on item in the blocked ports

list

list items(-s) in blocked ports

 

value is an item to manipulate with. value is ‘:’ separated pair of port number and protocol: 5432:tcp, 28:udp

 

option can be one or few of the optional arguments specified above and some more:

 

--comment

allows to add comment to the item

--ips

allows to add IP addresses to ignore list of the blocked port (port won’t be blocked for this IP addresses).

 

Examples:

 

The following command blocks port 5555 for tcp connections with a comment “Some comment”:

 

imunify360-agent blocked-port add 5555:tcp --comment “Some comment”

 

Check-domains

 

Allows to send domains list to check on Imunify360 central server. This command requires cPanel. After domains checked, the results is available via command infected-domains. Please note that the server requires some time for checking and the results may not be ready immediately.

 

Usage:

 

imunify360-agent check-domains [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

return data in JSON format

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Clean

 

Clean the incident list.

 

Usage:

 

imunify360-agent clean [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--days

Cleanups incidents from database, if there are more than specified days quantity. Example: --days 5. This option will cause deletion of all incidents that are older than 5 days from today.

--limit

Leaves only limited number of the incidents in the database and deletes the others. Example: --limit 5000. This option will leave only 5000 new incidents and delete the others.

 

Checkdb

 

Checks database integrity. In case database is corrupt, then this command saves backup copy of the database at /var/imunify360 and tries to restore integrity of the original database. Note that if this command cannot restore database integrity, then it will destroy the original broken database. Use migratedb command to create new clean database.

 

Usage:

 

imunify360-agent checkdb [-h]

 

Optional arguments:

 

-h, --help

Show this help message.

 

 

cPanel

 

Command for manipulating Imunify360 plugin for cPanel.

 

Usage:

 

imunify360-agent cpanel [command]

 

Command is positional arguments and can be :

 

enable-plugin

Enable Imunify360 cPanel plugin (if cPanel is detected on the server).

disable-plugin

Disable Imunify360 cPanel plugin.

install-vendors

Install ModSecurity vendors (if cPanel is detected on the server). This command will install Imunify360 vendor and Comodo WAF if there are no conflicts with other installed vendors.

uninstall-vendors

Uninstall ModSecurity vendors.

 

Disable-3rdparty

 

Command for disabling 3rd party IDS (currently they are cPHulk and fail2ban) and make Imunify360 agent the primary IDS.

 

Usage:

 

imunify360-agent disable-3rdparty [-h]

 

Optional arguments:

 

-h, --help

Show this help message.

 

Doctor

 

Collecting information about Imunify360 state, generating the report and sending it to Imunify360 Support Team. This command can be used in case of any troubles or issues with Imunify360. This command will generate a key to be sent to Imunify360 Support Team. With that key Imunify360 Support Team can help with any problem as fast as possible.

 

Usage:

 

imunify360-agent doctor [-h]

 

Optional arguments:

 

-h, --help

Show this help message.

 

Features

 

Allows to enable or disable additional CloudLinux software included in Imunify360 for free. The following software is available:

 

KernelCare

 

HardenedPHP

 

Usage:

 

imunify360-agent features [-h] [command] <feature name>

 

command is a positional arguments and can be :

 

install

allows to enable software

remove

allows to disable software

status

allows to check the status of the software

list

allows to list all available software

 

Optional arguments:

 

-h, --help

Show this help message.

 

Example:

 

imunify360-agent features status kernelcare

 

Get

 

The command returns the lists of incidents.

 

Usage:

 

imunify360-agent get [--required argument] [--optional argument]...

 

One of these arguments is required:

 

--period [period]

timeframe, allows to specify the amount of time starting from the current day. Should be greater than (or equal to) 1 minute. Can be specified in format:

<int>m - minutes, example --period 30m

<int>h - hours, example --period 4h

<int>d - days, example --period 7d

today - for today, example --period today

yesterday - for yesterday, example --period yesterday

For example, --period 5d will return a list of incidents for 5 days.

 

--since [timestamp]

Allows to set start time to filter the list of incidents by period.

 

Example:

 

The following command shows the incidents (in JSON format) for recent 1 hour, filtered by country code UA and filtered by Black List IPs:

 

imunify360-agent get --period 1h --by-country-code UA --by-list black --json

 

Graylist

 

This command allows to view or edit actual IP blacklist.

 

Usage:

 

imunify360-agent graylist ip [command] [--optional argument]

 

Available commands:

 

delete

Allows to remove IP from Gray List.

list

Allows to list IPs in Gray List.

 

Optional arguments:

 

-h, --help

Show this help message.

 

Optional arguments for list:

 

--json

Returns data in JSON format.

--by-country-code [country_code]

Filters output by country code. Requires valid country code as argument. Find valid country codes  in CIDR notation in column ISO ALPHA-2 CODE.

--by-abuser-ip [ip_address]

Filters output by abuser's IP or by subnet in CIDR notation. Example: --by-abuser-ip 1.2.3.0/24

--limit 

Limits the output with specified number of IPs. Must be a number greater than zero. By default, equals 100.

--offset

Offset for pagination. By default, equals 0.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Example:

 

The following command will remove IP 1.2.3.4 from the Gray List:

 

imunify360-agent graylist ip delete 1.2.3.4

 

Import

 

This command allows to import Black and White lists from the other 3rd party IDS (only CSF supported at the moment) to Imunify360 database.

Note. If CSF is enabled, then it is not necessary to run the command because Imunify360 is integrated with CSF.

 

Usage:

 

imunify360-agent import [-h] {wblist} ...

 

Positional arguments:

 

wblist

Import white/black list from other IDS.

  

Optional arguments:

 

-h, --help

Show this help message.

 

Example:

 

The following command will import Black and White lists from the 3rd party IDS:

 

imunify360-agent import

 

Infected-domains

 

Allows to retrieve infected domains list.

 

Usage:

 

imunify360-agent infected-domains [-h] [--optional arguments]

 

Optional arguments for list:

 

--json

Returns data in JSON format.

--limit 

Limits the output with the specified number of domains. Must be a number greater than zero. By default, equals 100.

--offset

Offset for pagination. By default, equals 0.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

List-3rdparty

 

Allows to check if another IDS is running on the server.

 

Usage:

 

imunify360-agent list-3rdparty [--optional arguments]

 

Optional arguments:

 

--help, -h

Show this help message.

--json

Returns data in JSON format.

--pretty-print

Allows to return data in pretty view.

 

Migratedb

 

Allows to create clean database if it was corrupted. Note: use checkdb to check database health.

 

Usage:

 

Imunify360-agent migratedb [-h]

 

Optional arguments:

 

--help, -h

Show this help message.

 

Register

 

Allows to register and activate Imunify360. You can use it in case if Imunify360 was not activated during installation process or in case if activation key of the Imunify360 was changed for any reason. If you do not know what is an activation key or have any problem with it then, please, read Installation guide or contact our support team.

 

Usage:

 

imunify360-agent register [--optional arguments] [KEY]

 

Activation key is a positional arguments:

 

KEY

Register with activation key.

   

If you will use this command without the KEY argument, then it will try to register and activate current activation key.

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Example:

 

The following command will register and activate Imunify360 with the provided activation key:

 

imunify360-agent register IM250sdfkKK245kJHIL

 

Rstatus

 

Allows to check if Imunify360 server license is valid.

 

Usage:

 

imunify360-agent rstatus [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Rules

 

This command allows user to manage rules disabled for firewall plugins Imunify360 uses.

 

Usage:

 

imunify360-agent rules [command] [--option] <value> [--option] <value>

 

Command is a positional argument and can be:

 

disable

Add a new rule to the disabled rules list.

enable

Remove a rule from the disabled rules list.

list-disabled

Display the list of the disabled rules.

 

Option can be:

 

--id

ID number of the rule provided by the firewall plugin.

--plugin

Firewall plugin name. Can be one of the following:

modsec for ModSecurity;

ossec for OSSEC.

--name

Name of the added rule or details of the rule from ModSecurity or OSSEC.

 

Example 1:

The following command adds a rule with id 42 and name ‘Rule name’ for the ModSecurity rules to the disabled rules list:

 

imunify360-agent rules disable --id 42 --plugin modsec --name 'Rule name'

 

Example 2:

The following command removes a rule with id 42 for the ModSecurity rules from the disabled rules list:

 

imunify360-agent rules enable --id 42 --plugin modsec

 

Example 3:

The following command displays the list of disabled rules:

 

imunify360-agent rules list-disabled

 

The list is displayed as follows:

 

{'plugin': 'modsec', 'id': '214920', 'domains': ['captchatest.com'], 'name': 'Imported from config'}

{'plugin': 'modsec', 'id': '42', 'domains': None, 'name': 'Rule name'}

{'plugin': 'ossec', 'id': '1003', 'domains': None, 'name': 'Imported from config'}

{'plugin': 'ossec', 'id': '2502', 'domains': None, 'name': 'User missed the password more than one time'}

 

Where

plugin — is a firewall plugin name (modsec for ModSecurity and ossec for OSSEC);

id — is id number of the rule provided by the firewall plugin;

domains — the list of the domains for which the rule is disabled (None means all domains)*.

name — rule description or details of the rule from ModSecurity or OSSEC.

 

*Note. Domains are specified only for ModSecurity rules. For OSSEC rules it is always applies to all domains.

 

Unregister

 

Allows to unregister and disable Imunify360 on the server. Note that to remove Imunify360 from the server it needs to be uninstalled.

 

Usage:

 

imunify360-agent unregister [--optional arguments]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Version

 

Allows to view the actual Imunify360 version installed on the server.

 

Usage:

 

imunify360-agent version [-h] [--json]

 

Optional arguments:

 

-h, --help

Show this help message.

--json

Return data in JSON format.

--verbose, -v

Allows to return data in good-looking view if option --json is used.

 

Submit false positive or false negative to Imunify360 team for analysis

 

To submit file as false positive (if Imunify360 considers file as a malicious but it actually doesn’t) you can use the following command:

 

imunify360-agent malware submit -t fp <file>

 

To submit file as false negative (if Imunify360 considers file as a non-malicious but it actually does) you can use the following command:

 

imunify360-agent malware submit -t fn <file>

 

Whitelist

 

This command allows to view or edit actual IPs in the Whitelist.

 

Usage:

 

imunify360-agent whitelist [subject] [command] <value> [--option]

 

subject is a positional argument and can be:

 

country

Allows to manipulate with countries in the White List.

ip

Allows to manipulate with IPs in the White List.

 

command is a second positional argument and can be:

 

add

Add item (-s) to the White List.

delete

Remove item (-s) from the White List.

move

Move item (-s) to the White List.

edit

Edit comment on the item in the White List.

list

List items (-s) in the White List.

 

value is an item to manipulate with. It can be IP itself or a country code (find the necessary country codes in CIDR notation in ISO ALPHA-2 CODE column)

 

option can be one or few of the optional arguments from the table above and one more:

 

--comment

Allows to add a comment to the item.

--full-access

Only for move and edit commands. Allows to grant full access to the IP or subnet ignoring the rules in Blocked ports.

--no-full-access

Only for move and edit commands. Allows to remove full access of the IP or subnet.

 

Examples:

 

The following commands adds IP 1.2.3.4 to the White List with a comment “one bad ip”:

 

imunify360-agent whitelist ip add 1.2.3.4 --comment “one good ip”

 

The following command returns a list of IPs in the White List which are from Bolivia:

 

imunify360-agent whitelist --by-country-code BO