Config File Description

Imunify360 config file is available on the following location after installation:

/etc/sysconfig/imunify360/imunify360.config

In the config file it is possible to set up Imunify360 configuration. The following options are available:

AUTO_WHITELIST:
timeout: 1440# set in minutes how long to keep automatically whitelisted IP
after_unblock_timeout: 1440 # set in minutes for how long IP will be added to the WhiteList after it passes Imunify360 CAPTCHA
DOS:
enabled: false# allows to enable (true) or disable (false) DOS detection
interval: 30# interval in seconds between DoS detection system activation
default_limit: 250# maximum default limit of connections from remote IP to local port before DoS protection will be triggered. Cannot be set lower than 100
port_limits: # allows to set limits per local port
80: 150 # limit on port 80 is set to 150 connections
INCIDENT_LOGGING:
min_log_level: 4# minimum severity level for incidents displayed in UI. Please find the levels description here
num_days: 100# incidents older than num_days are automatically deleted
limit: 100000# how many incidents should be stored in Imunify360 log file
ui_autorefresh_timeout: 10# set auto refresh time for incidents in user interface
MOD_SEC_BLOCK_BY_SEVERITY:
enable: true# allows to enable or disable option that moves IPs to Gray List if the ModSecurity rule is triggered
max_incidents: 2# set a number of repeats of the ModSecurity incident from the same IP for adding it to Gray List
denied_num_limit: 2 # set a number of repeats of the ModSecurity incidents that got Access Denied error from the same IP for adding it to Gray List
check_period: 120 # set a period in seconds during which incident from the same IP will be recorded as a repeat
severity_limit: 2 # set a level of severity for DOS detection sensitivity. Read more about severity levels
MOD_SEC_BLOCK_BY_CUSTOM_RULE:# this section allows to add custom configuration for blocking by ModSecurity incidents
33332: # set ModSecurity rule ID
check_period: 120 # set a period in seconds during which incident from the same IP will be recorded as a repeat
max_incidents: 10 # set a number of repeats of the ModSecurity incident from the same IP for adding it to Gray List
MALWARE_SCANNING:
try_restore_from_backup_first: false # allows to enable (true) or disable (false) automatic malicious file restore from backup if a clean copy exists, otherwise default_action is applied
default_action: quarantine # default action on malicious file detected.
Available options:
  • quarantine – do not delete and move to quarantine
  • notify – do not delete and send email notification
  • delete – delete malicious file
notify_on_detect: false # allows to enable (true) or disable (false) email notification if file is detected as infected
enable_scan_inotify: false # enable (true) or disable (false) real-time scanning for modified files using inotify library
enable_scan_pure_ftpd: true # enable (true) or disable (false) real-time scanning for files uploaded through PureFTPd
enable_scan_modsec: true # enable (true) or disable (false) real-time scanning of all the files that were uploaded via http/https. Note that it requires ModSecurity to be installed
CAPTCHA:
cert_refresh_timeout: 3600 # set in seconds how often SSL certificate will be refreshed
ERROR_REPORTING:
enable: true # automatically report errors to imunify360 team
SEND_ADDITIONAL_DATA:
enable: true # send anonymized data from query string/post parameters and cookies.
NETWORK_INTERFACE: # manages for what network interfaces Imunify360 rules will be applied
eth_device: null # by default, Imunify360 will auto-configure iptables to filter all traffic. If you want iptables rules to be applied to a specific NIC only, list them here (e.g. eth1)
eth6_device: null # it is the same as eth_device, but configures ip6tables to use specific device
eth_device_skip: [] # if you don't want iptables\ip6tables rules to be applied to specific NICs, list them here (e.g [eth1, eth2])
BACKUP_RESTORE:
max_days_in_backup: 90 # restore from backup files that are not older than max_days_in_backup
cl_backup_allowed: true # show CloudLinux Backup in the list of available backup system (true) or hide it (false)
CAPTCHA_DOS:
enabled: true # enable (true) or disable (false) CAPTCHA Dos protection
time_frame: 21600 # set a period in seconds during which requests to CAPTCHA from the same IP will be recorded as repeated
max_count: 100 # set the maximum number of repeated CAPTCHA requests after which IP is moved to the CAPTCHA Dos list without an ability to request CAPTCHA again
timeout: 864000 # set in seconds the time on which to add the IP in CAPTCHA Dos list without an ability to request CAPTCHA again
BLOCKED_PORTS:
default_mode: allowed # defines the default state of ports which is not explicitly set by user (denied by default or allowed by default). Currently only allowed is supported
WEBSHIELD:
known_proxies_support: true # enable CDN support, treat IPs behind CDN as any other IPs