committing changes in /etc made by "bash i360deploy.sh --key IMUNX4Nv23rDqdjndBH"

Package changes:
2023-02-09 14:52:03 +02:00
parent 4911d0453d
commit 54c4e5b173
56 changed files with 695496 additions and 11 deletions
--- a/sysconfig/imunify360/auth.admin
+++ b/sysconfig/imunify360/auth.admin
@@ -0,0 +1 @@
+root
--- a/sysconfig/imunify360/generic/global_disabled_rules.conf
+++ b/sysconfig/imunify360/generic/global_disabled_rules.conf
--- a/sysconfig/imunify360/generic/imunify-plugin.zip
+++ b/sysconfig/imunify360/generic/imunify-plugin.zip
--- a/sysconfig/imunify360/generic/modsec.conf
+++ b/sysconfig/imunify360/generic/modsec.conf
--- a/sysconfig/imunify360/generic/modsec.conf.d/empty.conf
+++ b/sysconfig/imunify360/generic/modsec.conf.d/empty.conf
--- a/sysconfig/imunify360/generic/modsec2.imunify.conf
+++ b/sysconfig/imunify360/generic/modsec2.imunify.conf
@@ -0,0 +1,10 @@
+# Imunify360 mod_security config patch
+<IfModule security2_module>
+  # The following two settings are needed for realtime scanning of uploaded files
+  SecRequestBodyAccess On
+  SecTmpSaveUploadedFiles On
+  SecResponseBodyLimitAction ProcessPartial
+  # Warning: custom SecTmpDir/SecUploadDir do not work with cPanel apache jailshell
+  SecTmpDir /var/imunify360/tmp_modsec
+  SecUploadDir /var/imunify360/tmp_modsec
+</IfModule>
--- a/sysconfig/imunify360/generic/nginx.modsec3.imunify.conf
+++ b/sysconfig/imunify360/generic/nginx.modsec3.imunify.conf
@@ -0,0 +1,10 @@
+# Imunify360 mod_security config patch
+# The following two settings are needed for realtime scanning of uploaded files
+SecRequestBodyAccess On
+SecTmpSaveUploadedFiles On
+SecResponseBodyLimitAction ProcessPartial
+# Warning: custom SecTmpDir/SecUploadDir do not work with cPanel apache jailshell
+SecTmpDir /var/imunify360/tmp_modsec
+SecUploadDir /var/imunify360/tmp_modsec
+# used as work-around for DEF-14411
+SecUploadKeepFiles On
--- a/sysconfig/imunify360/imunify360-merged.config
+++ b/sysconfig/imunify360/imunify360-merged.config
@@ -81,7 +81,7 @@ KERNELCARE:
 LOGGER:
  backup_count: 5
  max_log_file_size: 62914560
-  syscall_monitor: false
+  syscall_monitor: true
 MALWARE_CLEANUP:
  keep_original_files_days: 14
  trim_file_instead_of_removal: true
@@ -96,7 +96,7 @@ MALWARE_SCANNING:
  enable_scan_inotify: true
  enable_scan_modsec: true
  enable_scan_pure_ftpd: true
-  hyperscan: false
+  hyperscan: true
  max_cloudscan_size_to_scan: 10485760
  max_mrs_upload_file: 10485760
  max_signature_size_to_scan: 1048576
@@ -158,8 +158,8 @@ PERMISSIONS:
  user_override_proactive_defense: false
 PROACTIVE_DEFENCE:
  blamer: true
-  mode: LOG
-  php_immunity: false
+  mode: KILL
+  php_immunity: true
 RESOURCE_MANAGEMENT:
  cpu_limit: 2
  io_limit: 2
--- a/sysconfig/imunify360/malware-filters-admin-conf/pd-combined.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/pd-combined.txt
@@ -0,0 +1 @@
+/etc/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt
--- a/sysconfig/imunify360/malware-filters-admin-conf/processed/basedirs-list.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/processed/basedirs-list.txt
--- a/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt
@@ -0,0 +1,3 @@
+L3Byb2M=
+L3N5cw==
+L3Vzci9zaGFyZS9jYWdlZnMtc2tlbGV0b24vcHJvYw==
--- a/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin.txt
@@ -0,0 +1 @@
+^$
--- a/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-internal.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-internal.txt
@@ -0,0 +1 @@
+\.log(?:[.-]\d)?(?:\.gz)?$|\.ini$|\.socket$|\.sock$|/error_log$|^/usr/share/cagefs-skeleton(?:$|/)|^/tmp/lshttpd/.+?\.sock$|^/tmp/lshttpd/.+?\.rtreport[.0-9]*$|^/usr/local/apache/domlogs(?:$|/)|^/var/log/(?:apache2?|httpd)/domlogs(?:$|/)|^/etc/(?:apache2?|httpd)/logs/domlogs(?:$|/)|^/var/ossec(?:$|/)|^/(home[1-9]?|var/www|var/imunify360/tmp)/\.restore-infected/.*(?:$|/)|/template_\w{32}.css$|/cache/object/\w{1,10}/\w{1,10}/\w{1,10}/\w{32}\.php$|/wp-content/cache/object/\w{1,5}/\w{1,5}/\w{32}\.php$|/system/cache/templates_c/\w{1,40}\.php$|/assets/cache/rss/\w{1,60}$|/cache/minify/minify_\w{32}$|/cache/page/\w{32}\.php$|/cache/wp-cache-\d{32}\.php$|/cache/page/\w{32}\.php_expire$|/cache/page/\w{32}-cache-page-\w{32}\.php$|\w{32}-cache-com_content-\w{32}\.php$|\w{32}-cache-mod_custom-\w{32}\.php$|\w{32}-cache-mod_templates-\w{32}\.php$|\w{32}-cache-_system-\w{32}\.php$|/autoptimize/js/autoptimize_\w{32}\.js$|/files/templates_c/.{1,150}\.html\.php$|/uploads/javascript_global/.{1,150}\.js$|сore/cache/resource/web/resources/\d+\.cache\.php$|/assets/cache/docid_\d+_\w{32}\.pageCache\.php$|/t3-assets/dev/t3/.{1,150}-cache-\w{1,20}-.{1,150}\.php$|/t3-assets/js/js-\w{1,30}\.js$|/temp/cache/SC/.{1,100}/\.cache\..{1,100}\.php$|/tmp/sess\_\w{32}$|/assets/cache/docid\_.{1,100}\.pageCache\.php$|/stat/usage\_\w{1,100}\.html$|/stat/usage_\d+\.html$|/stat/site\_\w{1,100}\.html$|/gallery/item/list/\w{1,100}\.cache\.php$|/core/cache/registry/.{1,100}/ext-.{1,100}\.php$|/core/cache/resource/shk\_/\w{1,50}\.cache\.php$|/cache/\w{1,40}/\w+-cache-\w+-\w{32,40}\.php$|/hyper-cache/[^/]{1,50}/[^/]{1,50}/[^/]{1,50}/index\.html$|/application/logs/\d+/\d+/\d+\.php$|/session/sess_\w{32}$|/litespeed/(?:[uc]?css|js)/(?:\d/)?[0-9a-f]{3,32}\.(?:css|js)(?:\.tmp)?$|/cache/(?:db/)?(?:\d+/)*options/[0-9a-f]{3}/[0-9a-f]{3}/[0-9a-f]{32}\.php$|/cache/wp-rocket/.+\.html_(?:gzip|temp|gzip_temp)$|/cache(?:-off)?/autoptimize/(?:\d/)?(?:js/|css/)?autoptimize_\w+\.(?:js|css|img|php)$|/(?:et-cache/|cache/et/)(?:[0-9a-f]+|notfound)/et-.+\.css$|/plugins/elementor/assets/(?:css|js|lib|[^/]*shapes|svg-paths|images)/.+\.(?:css|js|svg|gif|png)$|/cache/(?:prod|dev)/smarty/compile/.{1,150}\.tpl(?:\.cache)?\.php$|/smarty/(?:compile|cache)/.*[0-9a-f]{2}/[0-9a-f]{2}/[0-9a-f]{2}/wrt[0-9a-f]{14}_\d{8}$|/cache/(?:pro[d_]|dev)/(?:annotations|doctrine)/\w{2}/\w{16,150}\.doctrinecache\.data$|/sessions/sess_[0-9a-f]{32}$|/cache/cachestore_file/default_application/\w+/.+\.(?:cache|temp)$|/cache/models/(?:model/)?\w+_cake_model_\w+$|/var/(?:page_)?cache/mage-tags/mage---\w+$|/wflogs/config\.tmp\.\w{6}$|/api/user_(?:message|logs)\.db$|/#sql[\w.-]+\.M[YA][DI]$|^/(?:dev/shm(?:/lsws)?|(?:var/)?tmp/lshttpd/swap)/[0-9a-f]/[0-9a-f]/[0-9a-f]{30}\.ls[bz]l?$|/media/catalog/product/cache/.+\.(?:jpe?g|gif|png)$|/cache/zend_cache---[\w-]+$|/images/\d{4}/\d{2}/\d{2}/[^/]+\.(?:jpe?g|gif)$|^/dev/shm/|/cache/cache(?:\.\w+)+\.\d{10}$|/\.wp-toolkit/tmp\.\w{10}$|/media/videos/tmb/[0-9a-f]+/[^/]+\.jpg$
--- a/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt
@@ -0,0 +1 @@
+\.log(?:[.-]\d)?(?:\.gz)?$|\.ini$|\.socket$|\.sock$|/error_log$|^/usr/share/cagefs-skeleton(?:$|/)|^/tmp/lshttpd/.+?\.sock$|^/tmp/lshttpd/.+?\.rtreport[.0-9]*$|^/usr/local/apache/domlogs(?:$|/)|^/var/log/(?:apache2?|httpd)/domlogs(?:$|/)|^/etc/(?:apache2?|httpd)/logs/domlogs(?:$|/)|^/var/ossec(?:$|/)|^/(home[1-9]?|var/www|var/imunify360/tmp)/\.restore-infected/.*(?:$|/)|/template_\w{32}.css$|/cache/object/\w{1,10}/\w{1,10}/\w{1,10}/\w{32}\.php$|/wp-content/cache/object/\w{1,5}/\w{1,5}/\w{32}\.php$|/system/cache/templates_c/\w{1,40}\.php$|/assets/cache/rss/\w{1,60}$|/cache/minify/minify_\w{32}$|/cache/page/\w{32}\.php$|/cache/wp-cache-\d{32}\.php$|/cache/page/\w{32}\.php_expire$|/cache/page/\w{32}-cache-page-\w{32}\.php$|\w{32}-cache-com_content-\w{32}\.php$|\w{32}-cache-mod_custom-\w{32}\.php$|\w{32}-cache-mod_templates-\w{32}\.php$|\w{32}-cache-_system-\w{32}\.php$|/autoptimize/js/autoptimize_\w{32}\.js$|/files/templates_c/.{1,150}\.html\.php$|/uploads/javascript_global/.{1,150}\.js$|сore/cache/resource/web/resources/\d+\.cache\.php$|/assets/cache/docid_\d+_\w{32}\.pageCache\.php$|/t3-assets/dev/t3/.{1,150}-cache-\w{1,20}-.{1,150}\.php$|/t3-assets/js/js-\w{1,30}\.js$|/temp/cache/SC/.{1,100}/\.cache\..{1,100}\.php$|/tmp/sess\_\w{32}$|/assets/cache/docid\_.{1,100}\.pageCache\.php$|/stat/usage\_\w{1,100}\.html$|/stat/usage_\d+\.html$|/stat/site\_\w{1,100}\.html$|/gallery/item/list/\w{1,100}\.cache\.php$|/core/cache/registry/.{1,100}/ext-.{1,100}\.php$|/core/cache/resource/shk\_/\w{1,50}\.cache\.php$|/cache/\w{1,40}/\w+-cache-\w+-\w{32,40}\.php$|/hyper-cache/[^/]{1,50}/[^/]{1,50}/[^/]{1,50}/index\.html$|/application/logs/\d+/\d+/\d+\.php$|/session/sess_\w{32}$|/litespeed/(?:[uc]?css|js)/(?:\d/)?[0-9a-f]{3,32}\.(?:css|js)(?:\.tmp)?$|/cache/(?:db/)?(?:\d+/)*options/[0-9a-f]{3}/[0-9a-f]{3}/[0-9a-f]{32}\.php$|/cache/wp-rocket/.+\.html_(?:gzip|temp|gzip_temp)$|/cache(?:-off)?/autoptimize/(?:\d/)?(?:js/|css/)?autoptimize_\w+\.(?:js|css|img|php)$|/(?:et-cache/|cache/et/)(?:[0-9a-f]+|notfound)/et-.+\.css$|/plugins/elementor/assets/(?:css|js|lib|[^/]*shapes|svg-paths|images)/.+\.(?:css|js|svg|gif|png)$|/cache/(?:prod|dev)/smarty/compile/.{1,150}\.tpl(?:\.cache)?\.php$|/smarty/(?:compile|cache)/.*[0-9a-f]{2}/[0-9a-f]{2}/[0-9a-f]{2}/wrt[0-9a-f]{14}_\d{8}$|/cache/(?:pro[d_]|dev)/(?:annotations|doctrine)/\w{2}/\w{16,150}\.doctrinecache\.data$|/sessions/sess_[0-9a-f]{32}$|/cache/cachestore_file/default_application/\w+/.+\.(?:cache|temp)$|/cache/models/(?:model/)?\w+_cake_model_\w+$|/var/(?:page_)?cache/mage-tags/mage---\w+$|/wflogs/config\.tmp\.\w{6}$|/api/user_(?:message|logs)\.db$|/#sql[\w.-]+\.M[YA][DI]$|^/(?:dev/shm(?:/lsws)?|(?:var/)?tmp/lshttpd/swap)/[0-9a-f]/[0-9a-f]/[0-9a-f]{30}\.ls[bz]l?$|/media/catalog/product/cache/.+\.(?:jpe?g|gif|png)$|/cache/zend_cache---[\w-]+$|/images/\d{4}/\d{2}/\d{2}/[^/]+\.(?:jpe?g|gif)$|^/dev/shm/|/cache/cache(?:\.\w+)+\.\d{10}$|/\.wp-toolkit/tmp\.\w{10}$|/media/videos/tmb/[0-9a-f]+/[^/]+\.jpg$
--- a/sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-admin.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-admin.txt
--- a/sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-internal.txt
+++ b/sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-internal.txt
@@ -0,0 +1,5 @@
+/tmp
+/run/shm
+/dev/shm
+/dev/mqueue
+/var/tmp
--- a/sysconfig/imunify360/panel-name.txt
+++ b/sysconfig/imunify360/panel-name.txt
@@ -0,0 +1 @@
+generic panel
				`@@ -0,0 +1 @@`
				`/etc/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt`
				`@@ -0,0 +1 @@`
				\.log(?:[.-]\d)?(?:\.gz)?$\|\.ini$\|\.socket$\|\.sock$\|/error_log$\|^/usr/share/cagefs-skeleton(?:$\|/)\|^/tmp/lshttpd/.+?\.sock$\|^/tmp/lshttpd/.+?\.rtreport[.0-9]$\|^/usr/local/apache/domlogs(?:$\|/)\|^/var/log/(?:apache2?\|httpd)/domlogs(?:$\|/)\|^/etc/(?:apache2?\|httpd)/logs/domlogs(?:$\|/)\|^/var/ossec(?:$\|/)\|^/(home[1-9]?\|var/www\|var/imunify360/tmp)/\.restore-infected/.(?:$\|/)\|/template_\w{32}.css$\|/cache/object/\w{1,10}/\w{1,10}/\w{1,10}/\w{32}\.php$\|/wp-content/cache/object/\w{1,5}/\w{1,5}/\w{32}\.php$\|/system/cache/templates_c/\w{1,40}\.php$\|/assets/cache/rss/\w{1,60}$\|/cache/minify/minify_\w{32}$\|/cache/page/\w{32}\.php$\|/cache/wp-cache-\d{32}\.php$\|/cache/page/\w{32}\.php_expire$\|/cache/page/\w{32}-cache-page-\w{32}\.php$\|\w{32}-cache-com_content-\w{32}\.php$\|\w{32}-cache-mod_custom-\w{32}\.php$\|\w{32}-cache-mod_templates-\w{32}\.php$\|\w{32}-cache-_system-\w{32}\.php$\|/autoptimize/js/autoptimize_\w{32}\.js$\|/files/templates_c/.{1,150}\.html\.php$\|/uploads/javascript_global/.{1,150}\.js$\|сore/cache/resource/web/resources/\d+\.cache\.php$\|/assets/cache/docid_\d+_\w{32}\.pageCache\.php$\|/t3-assets/dev/t3/.{1,150}-cache-\w{1,20}-.{1,150}\.php$\|/t3-assets/js/js-\w{1,30}\.js$\|/temp/cache/SC/.{1,100}/\.cache\..{1,100}\.php$\|/tmp/sess\_\w{32}$\|/assets/cache/docid\_.{1,100}\.pageCache\.php$\|/stat/usage\_\w{1,100}\.html$\|/stat/usage_\d+\.html$\|/stat/site\_\w{1,100}\.html$\|/gallery/item/list/\w{1,100}\.cache\.php$\|/core/cache/registry/.{1,100}/ext-.{1,100}\.php$\|/core/cache/resource/shk\_/\w{1,50}\.cache\.php$\|/cache/\w{1,40}/\w+-cache-\w+-\w{32,40}\.php$\|/hyper-cache/[^/]{1,50}/[^/]{1,50}/[^/]{1,50}/index\.html$\|/application/logs/\d+/\d+/\d+\.php$\|/session/sess_\w{32}$\|/litespeed/(?:[uc]?css\|js)/(?:\d/)?[0-9a-f]{3,32}\.(?:css\|js)(?:\.tmp)?$\|/cache/(?:db/)?(?:\d+/)options/[0-9a-f]{3}/[0-9a-f]{3}/[0-9a-f]{32}\.php$\|/cache/wp-rocket/.+\.html_(?:gzip\|temp\|gzip_temp)$\|/cache(?:-off)?/autoptimize/(?:\d/)?(?:js/\|css/)?autoptimize_\w+\.(?:js\|css\|img\|php)$\|/(?:et-cache/\|cache/et/)(?:[0-9a-f]+\|notfound)/et-.+\.css$\|/plugins/elementor/assets/(?:css\|js\|lib\|[^/]shapes\|svg-paths\|images)/.+\.(?:css\|js\|svg\|gif\|png)$\|/cache/(?:prod\|dev)/smarty/compile/.{1,150}\.tpl(?:\.cache)?\.php$\|/smarty/(?:compile\|cache)/.*[0-9a-f]{2}/[0-9a-f]{2}/[0-9a-f]{2}/wrt[0-9a-f]{14}_\d{8}$\|/cache/(?:pro[d_]\|dev)/(?:annotations\|doctrine)/\w{2}/\w{16,150}\.doctrinecache\.data$\|/sessions/sess_[0-9a-f]{32}$\|/cache/cachestore_file/default_application/\w+/.+\.(?:cache\|temp)$\|/cache/models/(?:model/)?\w+_cake_model_\w+$\|/var/(?:page_)?cache/mage-tags/mage---\w+$\|/wflogs/config\.tmp\.\w{6}$\|/api/user_(?:message\|logs)\.db$\|/#sql[\w.-]+\.M[YA][DI]$\|^/(?:dev/shm(?:/lsws)?\|(?:var/)?tmp/lshttpd/swap)/[0-9a-f]/[0-9a-f]/[0-9a-f]{30}\.ls[bz]l?$\|/media/catalog/product/cache/.+\.(?:jpe?g\|gif\|png)$\|/cache/zend_cache---[\w-]+$\|/images/\d{4}/\d{2}/\d{2}/[^/]+\.(?:jpe?g\|gif)$\|^/dev/shm/\|/cache/cache(?:\.\w+)+\.\d{10}$\|/\.wp-toolkit/tmp\.\w{10}$\|/media/videos/tmb/[0-9a-f]+/[^/]+\.jpg$