Config File Description
Imunify360 config file is available on the following location after installation:
/etc/sysconfig/imunify360/imunify360.config
In the config file it is possible to set up Imunify360 configuration. The following options are available:
| AUTO_WHITELIST: | |
|---|---|
| timeout: 1440 | # set in minutes how long to keep automatically whitelisted IP |
| after_unblock_timeout: 1440 | # set in minutes for how long IP will be added to the WhiteList after it passes Imunify360 CAPTCHA |
| DOS: | |
| enabled: false | # allows to enable (true) or disable (false) DOS detection |
| interval: 30 | # interval in seconds between DoS detection system activation |
| default_limit: 250 | # maximum default limit of connections from remote IP to local port before DoS protection will be triggered. Cannot be set lower than 100 |
| port_limits: | # allows to set limits per local port |
| 80: 150 | # limit on port 80 is set to 150 connections |
| INCIDENT_LOGGING: | |
| min_log_level: 4 | # minimum severity level for incidents displayed in UI. Please find the levels description here |
| num_days: 100 | # incidents older than num_days are automatically deleted |
| limit: 100000 | # how many incidents should be stored in Imunify360 log file |
| ui_autorefresh_timeout: 10 | # set auto refresh time for incidents in user interface |
| MOD_SEC_BLOCK_BY_SEVERITY: | |
| enable: true | # allows to enable or disable option that moves IPs to Gray List if the ModSecurity rule is triggered |
| max_incidents: 2 | # set a number of repeats of the ModSecurity incident from the same IP for adding it to Gray List |
| denied_num_limit: 2 | # set a number of repeats of the ModSecurity incidents that got Access Denied error from the same IP for adding it to Gray List |
| check_period: 120 | # set a period in seconds during which incident from the same IP will be recorded as a repeat |
| severity_limit: 2 | # set a level of severity for DOS detection sensitivity. Read more about severity levels |
| MOD_SEC_BLOCK_BY_CUSTOM_RULE: | # this section allows to add custom configuration for blocking by ModSecurity incidents |
| 33332: | # set ModSecurity rule ID |
| check_period: 120 | # set a period in seconds during which incident from the same IP will be recorded as a repeat |
| max_incidents: 10 | # set a number of repeats of the ModSecurity incident from the same IP for adding it to Gray List |
| MALWARE_SCANNING: | |
| try_restore_from_backup_first: false | # allows to enable (true) or disable (false) automatic malicious file restore from backup if a clean copy exists, otherwise default_action is applied |
| default_action: quarantine | # default action on malicious file detected. Available options:
|
| notify_on_detect: false | # allows to enable (true) or disable (false) email notification if file is detected as infected |
| enable_scan_inotify: false | # enable (true) or disable (false) real-time scanning for modified files using inotify library |
| enable_scan_pure_ftpd: true | # enable (true) or disable (false) real-time scanning for files uploaded through PureFTPd |
| enable_scan_modsec: true | # enable (true) or disable (false) real-time scanning of all the files that were uploaded via http/https. Note that it requires ModSecurity to be installed |
| CAPTCHA: | |
| cert_refresh_timeout: 3600 | # set in seconds how often SSL certificate will be refreshed |
| ERROR_REPORTING: | |
| enable: true | # automatically report errors to imunify360 team |
| SEND_ADDITIONAL_DATA: | |
| enable: true | # send anonymized data from query string/post parameters and cookies. |
| NETWORK_INTERFACE: | # manages for what network interfaces Imunify360 rules will be applied |
| eth_device: null | # by default, Imunify360 will auto-configure iptables to filter all traffic. If you want iptables rules to be applied to a specific NIC only, list them here (e.g. eth1) |
| eth6_device: null | # it is the same as eth_device, but configures ip6tables to use specific device |
| eth_device_skip: [] | # if you don't want iptables\ip6tables rules to be applied to specific NICs, list them here (e.g [eth1, eth2]) |
| BACKUP_RESTORE: | |
| max_days_in_backup: 90 | # restore from backup files that are not older than max_days_in_backup |
| cl_backup_allowed: true | # show CloudLinux Backup in the list of available backup system (true) or hide it (false) |
| CAPTCHA_DOS: | |
| enabled: true | # enable (true) or disable (false) CAPTCHA Dos protection |
| time_frame: 21600 | # set a period in seconds during which requests to CAPTCHA from the same IP will be recorded as repeated |
| max_count: 100 | # set the maximum number of repeated CAPTCHA requests after which IP is moved to the CAPTCHA Dos list without an ability to request CAPTCHA again |
| timeout: 864000 | # set in seconds the time on which to add the IP in CAPTCHA Dos list without an ability to request CAPTCHA again |
| BLOCKED_PORTS: | |
| default_mode: allowed | # defines the default state of ports which is not explicitly set by user (denied by default or allowed by default). Currently only allowed is supported |
| WEBSHIELD: | |
| known_proxies_support: true | # enable CDN support, treat IPs behind CDN as any other IPs |
