Config File Description

Navigation:  »No topics above this level«

Config File Description

Previous pageReturn to chapter overviewNext page

Imunify360 config file is available on the following location after installation:

 

/etc/sysconfig/imunify360/imunify360.config

 

In the config file it is possible to set up Imunify360 configuration. The following options are available:

 

AUTO_WHITELIST:

 

timeout: 1440

# set in minutes how long to keep automatically whitelisted IP

after_unblock_timeout: 1440

# set in minutes for how long IP will be added to the WhiteList after it passes Imunify360 CAPTCHA

 

DOS:

 

enabled: false

# allows to enable (true) or disable (false) DOS detection

timeout: 30

# set in minutes how often DOS detection should be launched

max_connections: 250

# set the maximum simultaneous connections before IP will be blocked

 

INCIDENT_LOGGING:

 

min_log_level: 4

# minimum severity level for incidents displayed in UI. Please find the levels description here

num_days: 100

# incidents older than num_days are automatically deleted

limit: 100000

# how many incidents should be stored in Imunify360 log file

ui_autorefresh_timeout: 10

# set auto refresh time for incidents in user interface

 

 

MOD_SEC_BLOCK_BY_SEVERITY:

 

enable: true

# allows to enable or disable option that moves IPs to GrayList if the ModSecurity rule is triggered

max_incidents: 2

# set a number of repeats of the ModSecurity incident from the same IP for adding it to GrayList

denied_num_limit: 2

# set a number of repeats of the ModSecurity incidents that got Access Denied error from the same IP for adding it to GrayList

check_period: 120

# set a period in seconds during which incident from the same IP will be recorded as a repeat

severity_limit: 2

# set a level of severity for DOS detection sensitivity. Read more here about severity levels

 

MOD_SEC_BLOCK_BY_CUSTOM_RULE:         # this section allows to add custom configuration for blocking by ModSecurity incidents

 

33332:

# set ModSecurity rule ID

check_period: 120

# set a period in seconds during which incident from the same IP will be recorded as a repeat

max_incidents: 10

# set a number of repeats of the ModSecurity incident from the same IP for adding it to GrayList

 

MALWARE_SCANNING:

 

try_restore_from_backup_first: false

# allows to enable (true) or disable (false) automatic malicious file restore from backup if a clean copy exists, otherwise default_action is applied

default_action: quarantine

# default action on malicious file detected. Available options: quarantine - do not delete and move to quarantine, notify - do not delete and send email notification, delete - delete malicious file

notify_on_detect: false

#  allows to enable (true) or disable (false) email notification if file is detected as infected

enable_scan_inotify: false

# enable (true) or disable (false) real-time scanning for modified files using inotify library

enable_scan_pure_ftpd: true

# enable (true) or disable (false) real-time scanning for files uploaded through PureFTPd

enable_scan_modsec: true

#  enable (true) or disable (false) real-time scanning of all the files that were uploaded via http/https. Note it requires ModSecurity to be installed

 

CAPTCHA:

 

cert_refresh_timeout: 3600

# set in seconds how often SSL certificate will be refreshed

 

 

ERROR_REPORTING:

enable: true

# automatically report errors to imunify360 team

 

SEND_ADDITIONAL_DATA:

enable: true

# send anonymized data from query string/post parameters, and cookies.

 

NETWORK_INTERFACE:                   # manages for what network interfaces Imunify360 rules will be applied

 

eth_device: null

# by default, Imunify360 will auto-configure iptables to filter all traffic. If you want iptables rules to be applied to a specific NIC only, list them here (e.g. eth1)

eth6_device: null

# it is the same as eth_device, but configures ip6tables to use specific device

eth_device_skip: []

# if you don't want iptables\ip6tables rules to be applied to specific NICs, list them here (e.g [eth1, eth2]).

 

BACKUP_RESTORE:

max_days_in_backup: 90

# restore from backup files that are not older than max_days_in_backup

cl_backup_allowed: true

# show CloudLinux Backup in the list of available backup system (true) or hide it (false)

 


 

CAPTCHA_DOS:

enabled: true

# enable (true) or disable (false) CAPTCHA Dos protection

time_frame: 21600

# set a period in seconds during which requests to CAPTCHA from the same IP will be recorded as repeated

max_count: 100

# set the maximum number of repeated CAPTCHA requests after which IP is moved to the CAPTCHA Dos list without an ability to request CAPTCHA again

timeout: 864000

# set in seconds the time on which to add the IP in CAPTCHA Dos list without an ability to request CAPTCHA again

 

BLOCKED_PORTS:

default_mode: allowed

# defines the default state of ports which is not explicitly set by user (denied by default or allowed by default). Currently only allowed is supported