committing changes in /etc made by "bash i360deploy.sh --uninstall"

Package changes:

sysconfig/imunify360/auth.admin

@@ -1 +0,0 @@
-root

sysconfig/imunify360/custom_billing.config

@@ -1,4 +0,0 @@
-CUSTOM_BILLING:
-  upgrade_url: null
-  billing_notifications: true
-  ip_license: true

sysconfig/imunify360/generic/modsec2.imunify.conf

@@ -1,10 +0,0 @@
-# Imunify360 mod_security config patch
-<IfModule security2_module>
-  # The following two settings are needed for realtime scanning of uploaded files
-  SecRequestBodyAccess On
-  SecTmpSaveUploadedFiles On
-  SecResponseBodyLimitAction ProcessPartial
-  # Warning: custom SecTmpDir/SecUploadDir do not work with cPanel apache jailshell
-  SecTmpDir /var/imunify360/tmp_modsec
-  SecUploadDir /var/imunify360/tmp_modsec
-</IfModule>

sysconfig/imunify360/generic/nginx.modsec3.imunify.conf

@@ -1,10 +0,0 @@
-# Imunify360 mod_security config patch
-# The following two settings are needed for realtime scanning of uploaded files
-SecRequestBodyAccess On
-SecTmpSaveUploadedFiles On
-SecResponseBodyLimitAction ProcessPartial
-# Warning: custom SecTmpDir/SecUploadDir do not work with cPanel apache jailshell
-SecTmpDir /var/imunify360/tmp_modsec
-SecUploadDir /var/imunify360/tmp_modsec
-# used as work-around for DEF-14411
-SecUploadKeepFiles On

sysconfig/imunify360/imunify360-merged.config

@@ -1,195 +0,0 @@
-############################################################################
-# DO NOT MODIFY THIS FILE!!!                                               #
-# USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS  #
-############################################################################
-
-ADMIN_CONTACTS:
-  emails:
-  - bogdan@898.ro
-  enable_icontact_notifications: true
-AUTO_WHITELIST:
-  after_unblock_timeout: 1440
-  timeout: 1440
-BACKUP_RESTORE:
-  cl_backup_allowed: true
-  cl_on_premise_backup_allowed: false
-  max_days_in_backup: 90
-BLOCKED_PORTS:
-  default_mode: allowed
-CAPTCHA:
-  cert_refresh_timeout: 3600
-CAPTCHA_DOS:
-  enabled: true
-  max_count: 100
-  time_frame: 21600
-  timeout: 864000
-CSF_INTEGRATION:
-  catch_lfd_events: true
-DOS:
-  default_limit: 250
-  enabled: true
-  interval: 30
-  port_limits: {}
-ERROR_REPORTING:
-  enable: true
-FIREWALL:
-  TCP_IN_IPv4:
-  - '20'
-  - '21'
-  - '22'
-  - '25'
-  - '53'
-  - '80'
-  - '110'
-  - '443'
-  - '465'
-  - '587'
-  - '993'
-  - '995'
-  TCP_OUT_IPv4:
-  - '20'
-  - '21'
-  - '22'
-  - '25'
-  - '53'
-  - '80'
-  - '110'
-  - '113'
-  - '443'
-  - '587'
-  - '993'
-  - '995'
-  UDP_IN_IPv4:
-  - '20'
-  - '21'
-  - '53'
-  - '443'
-  UDP_OUT_IPv4:
-  - '20'
-  - '21'
-  - '53'
-  - '113'
-  - '123'
-  internal_use_remote_iplist: false
-  port_blocking_mode: ALLOW
-INCIDENT_LOGGING:
-  limit: 100000
-  min_log_level: 4
-  num_days: 100
-  ui_autorefresh_timeout: 10
-KERNELCARE:
-  edf: false
-LOGGER:
-  backup_count: 5
-  max_log_file_size: 62914560
-  syscall_monitor: false
-MALWARE_CLEANUP:
-  keep_original_files_days: 14
-  trim_file_instead_of_removal: true
-MALWARE_DATABASE_SCAN:
-  enable: true
-MALWARE_SCANNING:
-  cloud_assisted_scan: true
-  crontabs: false
-  default_action: cleanup
-  detect_elf: true
-  enable_scan_cpanel: true
-  enable_scan_inotify: true
-  enable_scan_modsec: true
-  enable_scan_pure_ftpd: true
-  hyperscan: true
-  max_cloudscan_size_to_scan: 10485760
-  max_mrs_upload_file: 10485760
-  max_signature_size_to_scan: 1048576
-  notify_on_detect: false
-  optimize_realtime_scan: true
-  rapid_scan: true
-  rapid_scan_rescan_unchanging_files_frequency: null
-  scan_modified_files: null
-  sends_file_for_analysis: true
-  try_restore_from_backup_first: false
-MALWARE_SCAN_INTENSITY:
-  cpu: 2
-  io: 1
-  ram: 2048
-  user_scan_cpu: 2
-  user_scan_io: 2
-  user_scan_ram: 1024
-MALWARE_SCAN_SCHEDULE:
-  day_of_month: 1
-  day_of_week: 0
-  hour: 3
-  interval: week
-MOD_SEC:
-  app_specific_ruleset: true
-  cms_account_compromise_prevention: true
-  prev_settings: ''
-  ruleset: MINIMAL
-MOD_SEC_BLOCK_BY_CUSTOM_RULE:
-  33332:
-    check_period: 120
-    max_incidents: 10
-  33339:
-    check_period: 120
-    max_incidents: 10
-MOD_SEC_BLOCK_BY_SEVERITY:
-  check_period: 120
-  denied_num_limit: 2
-  enable: true
-  max_incidents: 2
-  severity_limit: 2
-NETWORK_INTERFACE:
-  eth6_device: null
-  eth_device: null
-  eth_device_skip: []
-OSSEC:
-  active_response: true
-PAM:
-  enable: true
-  exim_dovecot_native: false
-  exim_dovecot_protection: true
-  ftp_protection: true
-PERMISSIONS:
-  advisor: true
-  allow_malware_scan: false
-  support_form: true
-  upgrade_button: true
-  user_ignore_list: false
-  user_override_malware_actions: false
-  user_override_proactive_defense: false
-PROACTIVE_DEFENCE:
-  blamer: true
-  mode: KILL
-  php_immunity: true
-RESOURCE_MANAGEMENT:
-  cpu_limit: 2
-  io_limit: 2
-  ram_limit: 500
-SECURE_SITE:
-  enable: false
-  purchase_page_url: https://secure.site
-SEND_ADDITIONAL_DATA:
-  enable: true
-SMTP_BLOCKING:
-  allow_groups:
-  - mail
-  allow_local: false
-  allow_users: []
-  enable: false
-  ports:
-  - 25
-  - 587
-  - 465
-  redirect: false
-STOP_MANAGING:
-  modsec_directives: false
-WEBSHIELD:
-  captcha_secret_key: ''
-  captcha_site_key: ''
-  enable: false
-  invisible_captcha: false
-  known_proxies_support: true
-  splash_screen: true
-WEB_SERVICES:
-  http_ports: []
-  https_ports: []

sysconfig/imunify360/imunify360.config.d/90-local.config

@@ -1 +0,0 @@
-../imunify360.config

sysconfig/imunify360/imunify360.config.defaults.example

@@ -1,196 +0,0 @@
-############################################################################
-# DO NOT MODIFY THIS FILE!!!                                               #
-# USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS  #
-# This is an example of default values only                                #
-# Changing this file will have no effect                                   #
-############################################################################
-
-ADMIN_CONTACTS:
-  emails: []
-  enable_icontact_notifications: true
-AUTO_WHITELIST:
-  after_unblock_timeout: 1440
-  timeout: 1440
-BACKUP_RESTORE:
-  cl_backup_allowed: true
-  cl_on_premise_backup_allowed: false
-  max_days_in_backup: 90
-BLOCKED_PORTS:
-  default_mode: allowed
-CAPTCHA:
-  cert_refresh_timeout: 3600
-CAPTCHA_DOS:
-  enabled: true
-  max_count: 100
-  time_frame: 21600
-  timeout: 864000
-CSF_INTEGRATION:
-  catch_lfd_events: false
-DOS:
-  default_limit: 250
-  enabled: true
-  interval: 30
-  port_limits: {}
-ERROR_REPORTING:
-  enable: true
-FIREWALL:
-  TCP_IN_IPv4:
-  - '20'
-  - '21'
-  - '22'
-  - '25'
-  - '53'
-  - '80'
-  - '110'
-  - '443'
-  - '465'
-  - '587'
-  - '993'
-  - '995'
-  TCP_OUT_IPv4:
-  - '20'
-  - '21'
-  - '22'
-  - '25'
-  - '53'
-  - '80'
-  - '110'
-  - '113'
-  - '443'
-  - '587'
-  - '993'
-  - '995'
-  UDP_IN_IPv4:
-  - '20'
-  - '21'
-  - '53'
-  - '443'
-  UDP_OUT_IPv4:
-  - '20'
-  - '21'
-  - '53'
-  - '113'
-  - '123'
-  internal_use_remote_iplist: false
-  port_blocking_mode: ALLOW
-INCIDENT_LOGGING:
-  limit: 100000
-  min_log_level: 4
-  num_days: 100
-  ui_autorefresh_timeout: 10
-KERNELCARE:
-  edf: false
-LOGGER:
-  backup_count: 5
-  max_log_file_size: 62914560
-  syscall_monitor: false
-MALWARE_CLEANUP:
-  keep_original_files_days: 14
-  trim_file_instead_of_removal: true
-MALWARE_DATABASE_SCAN:
-  enable: false
-MALWARE_SCANNING:
-  cloud_assisted_scan: true
-  crontabs: false
-  default_action: cleanup
-  detect_elf: true
-  enable_scan_cpanel: true
-  enable_scan_inotify: true
-  enable_scan_modsec: true
-  enable_scan_pure_ftpd: true
-  hyperscan: false
-  max_cloudscan_size_to_scan: 10485760
-  max_mrs_upload_file: 10485760
-  max_signature_size_to_scan: 1048576
-  notify_on_detect: false
-  optimize_realtime_scan: true
-  rapid_scan: true
-  rapid_scan_rescan_unchanging_files_frequency: null
-  scan_modified_files: null
-  sends_file_for_analysis: true
-  try_restore_from_backup_first: false
-MALWARE_SCAN_INTENSITY:
-  cpu: 2
-  io: 2
-  ram: 2048
-  user_scan_cpu: 2
-  user_scan_io: 2
-  user_scan_ram: 1024
-MALWARE_SCAN_SCHEDULE:
-  day_of_month: 1
-  day_of_week: 0
-  hour: 3
-  interval: week
-MOD_SEC:
-  app_specific_ruleset: true
-  cms_account_compromise_prevention: false
-  prev_settings: ''
-  ruleset: FULL
-MOD_SEC_BLOCK_BY_CUSTOM_RULE:
-  33332:
-    check_period: 120
-    max_incidents: 10
-  33339:
-    check_period: 120
-    max_incidents: 10
-MOD_SEC_BLOCK_BY_SEVERITY:
-  check_period: 120
-  denied_num_limit: 2
-  enable: true
-  max_incidents: 2
-  severity_limit: 2
-NETWORK_INTERFACE:
-  eth6_device: null
-  eth_device: null
-  eth_device_skip: []
-OSSEC:
-  active_response: false
-PAM:
-  enable: true
-  exim_dovecot_native: false
-  exim_dovecot_protection: true
-  ftp_protection: false
-PERMISSIONS:
-  advisor: true
-  allow_malware_scan: false
-  support_form: true
-  upgrade_button: true
-  user_ignore_list: false
-  user_override_malware_actions: false
-  user_override_proactive_defense: false
-PROACTIVE_DEFENCE:
-  blamer: true
-  mode: LOG
-  php_immunity: false
-RESOURCE_MANAGEMENT:
-  cpu_limit: 2
-  io_limit: 2
-  ram_limit: 500
-SECURE_SITE:
-  enable: false
-  purchase_page_url: https://secure.site
-SEND_ADDITIONAL_DATA:
-  enable: true
-SMTP_BLOCKING:
-  allow_groups:
-  - mail
-  allow_local: false
-  allow_users: []
-  enable: false
-  ports:
-  - 25
-  - 587
-  - 465
-  redirect: false
-STOP_MANAGING:
-  modsec_directives: false
-WEBSHIELD:
-  captcha_secret_key: ''
-  captcha_site_key: ''
-  enable: true
-  invisible_captcha: false
-  known_proxies_support: true
-  splash_screen: true
-WEB_SERVICES:
-  http_ports: []
-  https_ports: []

sysconfig/imunify360/imunify360.config.rpmsave

@@ -10,6 +10,10 @@ MALWARE_DATABASE_SCAN:
 MALWARE_SCAN_INTENSITY:
   cpu: 2
   io: 1
+MALWARE_SCAN_SCHEDULE:
+  day_of_month: 14
+  hour: 3
+  interval: month
 MOD_SEC:
   cms_account_compromise_prevention: true
   ruleset: MINIMAL

sysconfig/imunify360/malware-filters-admin-conf/ignored.txt

@@ -1,18 +0,0 @@
-# IMPORTANT: after making changes to this file, perform:
-#
-#     imunify360-agent malware rebuild patterns
-#
-# This file contains additional regular expression patterns specifying what
-# filesystem paths  should not be monitored by inotify/ fanotify realtime
-# scanner.
-# Patterns can be absolute:
-# /another/folder
-# or relative to basedirs supplied by hosting control panels:
-# +[^/]+/www/\.cache
-# This relative pattern will expand to ^/home/[^/]+/www/\.cache for cPanel, for
-# example.
-#
-# All patterns listed here have higher priority than stock watched and ignored
-# lists supplied with Imunify360.
-#
-# Custom ignore patterns have higher priority than custom watched patterns.

sysconfig/imunify360/malware-filters-admin-conf/pd-combined.txt

@@ -1 +0,0 @@
-/etc/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt

sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt

@@ -1,3 +0,0 @@
-L3Byb2M=
-L3N5cw==
-L3Vzci9zaGFyZS9jYWdlZnMtc2tlbGV0b24vcHJvYw==

sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin.txt

@@ -1 +0,0 @@
-^$

sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-internal.txt

@@ -1 +0,0 @@
-\.log(?:[.-]\d)?(?:\.gz)?$|\.ini$|\.socket$|\.sock$|/error_log$|^/usr/share/cagefs-skeleton(?:$|/)|^/tmp/lshttpd/.+?\.sock$|^/tmp/lshttpd/.+?\.rtreport[.0-9]*$|^/usr/local/apache/domlogs(?:$|/)|^/var/log/(?:apache2?|httpd)/domlogs(?:$|/)|^/etc/(?:apache2?|httpd)/logs/domlogs(?:$|/)|^/var/ossec(?:$|/)|^/(home[1-9]?|var/www|var/imunify360/tmp)/\.restore-infected/.*(?:$|/)|/template_\w{32}.css$|/cache/object/\w{1,10}/\w{1,10}/\w{1,10}/\w{32}\.php$|/wp-content/cache/object/\w{1,5}/\w{1,5}/\w{32}\.php$|/system/cache/templates_c/\w{1,40}\.php$|/assets/cache/rss/\w{1,60}$|/cache/minify/minify_\w{32}$|/cache/page/\w{32}\.php$|/cache/wp-cache-\d{32}\.php$|/cache/page/\w{32}\.php_expire$|/cache/page/\w{32}-cache-page-\w{32}\.php$|\w{32}-cache-com_content-\w{32}\.php$|\w{32}-cache-mod_custom-\w{32}\.php$|\w{32}-cache-mod_templates-\w{32}\.php$|\w{32}-cache-_system-\w{32}\.php$|/autoptimize/js/autoptimize_\w{32}\.js$|/files/templates_c/.{1,150}\.html\.php$|/uploads/javascript_global/.{1,150}\.js$|сore/cache/resource/web/resources/\d+\.cache\.php$|/assets/cache/docid_\d+_\w{32}\.pageCache\.php$|/t3-assets/dev/t3/.{1,150}-cache-\w{1,20}-.{1,150}\.php$|/t3-assets/js/js-\w{1,30}\.js$|/temp/cache/SC/.{1,100}/\.cache\..{1,100}\.php$|/tmp/sess\_\w{32}$|/assets/cache/docid\_.{1,100}\.pageCache\.php$|/stat/usage\_\w{1,100}\.html$|/stat/usage_\d+\.html$|/stat/site\_\w{1,100}\.html$|/gallery/item/list/\w{1,100}\.cache\.php$|/core/cache/registry/.{1,100}/ext-.{1,100}\.php$|/core/cache/resource/shk\_/\w{1,50}\.cache\.php$|/cache/\w{1,40}/\w+-cache-\w+-\w{32,40}\.php$|/hyper-cache/[^/]{1,50}/[^/]{1,50}/[^/]{1,50}/index\.html$|/application/logs/\d+/\d+/\d+\.php$|/session/sess_\w{32}$|/litespeed/(?:[uc]?css|js)/(?:\d/)?[0-9a-f]{3,32}\.(?:css|js)(?:\.tmp)?$|/cache/(?:db/)?(?:\d+/)*options/[0-9a-f]{3}/[0-9a-f]{3}/[0-9a-f]{32}\.php$|/cache/wp-rocket/.+\.html_(?:gzip|temp|gzip_temp)$|/cache(?:-off)?/autoptimize/(?:\d/)?(?:js/|css/)?autoptimize_\w+\.(?:js|css|img|php)$|/(?:et-cache/|cache/et/)(?:[0-9a-f]+|notfound)/et-.+\.css$|/plugins/elementor/assets/(?:css|js|lib|[^/]*shapes|svg-paths|images)/.+\.(?:css|js|svg|gif|png)$|/cache/(?:prod|dev)/smarty/compile/.{1,150}\.tpl(?:\.cache)?\.php$|/smarty/(?:compile|cache)/.*[0-9a-f]{2}/[0-9a-f]{2}/[0-9a-f]{2}/wrt[0-9a-f]{14}_\d{8}$|/cache/(?:pro[d_]|dev)/(?:annotations|doctrine)/\w{2}/\w{16,150}\.doctrinecache\.data$|/sessions/sess_[0-9a-f]{32}$|/cache/cachestore_file/default_application/\w+/.+\.(?:cache|temp)$|/cache/models/(?:model/)?\w+_cake_model_\w+$|/var/(?:page_)?cache/mage-tags/mage---\w+$|/wflogs/config\.tmp\.\w{6}$|/api/user_(?:message|logs)\.db$|/#sql[\w.-]+\.M[YA][DI]$|^/(?:dev/shm(?:/lsws)?|(?:var/)?tmp/lshttpd/swap)/[0-9a-f]/[0-9a-f]/[0-9a-f]{30}\.ls[bz]l?$|/media/catalog/product/cache/.+\.(?:jpe?g|gif|png)$|/cache/zend_cache---[\w-]+$|/images/\d{4}/\d{2}/\d{2}/[^/]+\.(?:jpe?g|gif)$|^/dev/shm/|/cache/cache(?:\.\w+)+\.\d{10}$|/\.wp-toolkit/tmp\.\w{10}$|/media/videos/tmb/[0-9a-f]+/[^/]+\.jpg$

sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt

@@ -1 +0,0 @@
-\.log(?:[.-]\d)?(?:\.gz)?$|\.ini$|\.socket$|\.sock$|/error_log$|^/usr/share/cagefs-skeleton(?:$|/)|^/tmp/lshttpd/.+?\.sock$|^/tmp/lshttpd/.+?\.rtreport[.0-9]*$|^/usr/local/apache/domlogs(?:$|/)|^/var/log/(?:apache2?|httpd)/domlogs(?:$|/)|^/etc/(?:apache2?|httpd)/logs/domlogs(?:$|/)|^/var/ossec(?:$|/)|^/(home[1-9]?|var/www|var/imunify360/tmp)/\.restore-infected/.*(?:$|/)|/template_\w{32}.css$|/cache/object/\w{1,10}/\w{1,10}/\w{1,10}/\w{32}\.php$|/wp-content/cache/object/\w{1,5}/\w{1,5}/\w{32}\.php$|/system/cache/templates_c/\w{1,40}\.php$|/assets/cache/rss/\w{1,60}$|/cache/minify/minify_\w{32}$|/cache/page/\w{32}\.php$|/cache/wp-cache-\d{32}\.php$|/cache/page/\w{32}\.php_expire$|/cache/page/\w{32}-cache-page-\w{32}\.php$|\w{32}-cache-com_content-\w{32}\.php$|\w{32}-cache-mod_custom-\w{32}\.php$|\w{32}-cache-mod_templates-\w{32}\.php$|\w{32}-cache-_system-\w{32}\.php$|/autoptimize/js/autoptimize_\w{32}\.js$|/files/templates_c/.{1,150}\.html\.php$|/uploads/javascript_global/.{1,150}\.js$|сore/cache/resource/web/resources/\d+\.cache\.php$|/assets/cache/docid_\d+_\w{32}\.pageCache\.php$|/t3-assets/dev/t3/.{1,150}-cache-\w{1,20}-.{1,150}\.php$|/t3-assets/js/js-\w{1,30}\.js$|/temp/cache/SC/.{1,100}/\.cache\..{1,100}\.php$|/tmp/sess\_\w{32}$|/assets/cache/docid\_.{1,100}\.pageCache\.php$|/stat/usage\_\w{1,100}\.html$|/stat/usage_\d+\.html$|/stat/site\_\w{1,100}\.html$|/gallery/item/list/\w{1,100}\.cache\.php$|/core/cache/registry/.{1,100}/ext-.{1,100}\.php$|/core/cache/resource/shk\_/\w{1,50}\.cache\.php$|/cache/\w{1,40}/\w+-cache-\w+-\w{32,40}\.php$|/hyper-cache/[^/]{1,50}/[^/]{1,50}/[^/]{1,50}/index\.html$|/application/logs/\d+/\d+/\d+\.php$|/session/sess_\w{32}$|/litespeed/(?:[uc]?css|js)/(?:\d/)?[0-9a-f]{3,32}\.(?:css|js)(?:\.tmp)?$|/cache/(?:db/)?(?:\d+/)*options/[0-9a-f]{3}/[0-9a-f]{3}/[0-9a-f]{32}\.php$|/cache/wp-rocket/.+\.html_(?:gzip|temp|gzip_temp)$|/cache(?:-off)?/autoptimize/(?:\d/)?(?:js/|css/)?autoptimize_\w+\.(?:js|css|img|php)$|/(?:et-cache/|cache/et/)(?:[0-9a-f]+|notfound)/et-.+\.css$|/plugins/elementor/assets/(?:css|js|lib|[^/]*shapes|svg-paths|images)/.+\.(?:css|js|svg|gif|png)$|/cache/(?:prod|dev)/smarty/compile/.{1,150}\.tpl(?:\.cache)?\.php$|/smarty/(?:compile|cache)/.*[0-9a-f]{2}/[0-9a-f]{2}/[0-9a-f]{2}/wrt[0-9a-f]{14}_\d{8}$|/cache/(?:pro[d_]|dev)/(?:annotations|doctrine)/\w{2}/\w{16,150}\.doctrinecache\.data$|/sessions/sess_[0-9a-f]{32}$|/cache/cachestore_file/default_application/\w+/.+\.(?:cache|temp)$|/cache/models/(?:model/)?\w+_cake_model_\w+$|/var/(?:page_)?cache/mage-tags/mage---\w+$|/wflogs/config\.tmp\.\w{6}$|/api/user_(?:message|logs)\.db$|/#sql[\w.-]+\.M[YA][DI]$|^/(?:dev/shm(?:/lsws)?|(?:var/)?tmp/lshttpd/swap)/[0-9a-f]/[0-9a-f]/[0-9a-f]{30}\.ls[bz]l?$|/media/catalog/product/cache/.+\.(?:jpe?g|gif|png)$|/cache/zend_cache---[\w-]+$|/images/\d{4}/\d{2}/\d{2}/[^/]+\.(?:jpe?g|gif)$|^/dev/shm/|/cache/cache(?:\.\w+)+\.\d{10}$|/\.wp-toolkit/tmp\.\w{10}$|/media/videos/tmb/[0-9a-f]+/[^/]+\.jpg$

sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-internal.txt

@@ -1,5 +0,0 @@
-/tmp
-/run/shm
-/dev/shm
-/dev/mqueue
-/var/tmp

sysconfig/imunify360/malware-filters-admin-conf/watched.txt

@@ -1,14 +0,0 @@
-# IMPORTANT: after making changes to this file, perform:
-#
-#     imunify360-agent malware rebuild patterns
-#
-# This file contains additional shell-like glob patterns specifying what file
-# system directories should be monitored by inotify/ fanotify realtime scanner.
-# Patterns can be absolute:
-# /another/folder
-# or relative to basedirs supplied by hosting control panels:
-# +*/www
-# This relative pattern will expand to /home/*/www for cPanel, for example.
-#
-# All patterns listed here have higher priority than stock watched and ignored
-# lists supplied with Imunify360.