bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

committing changes in /etc made by "bash i360deploy.sh --uninstall"

Browse Source 
Package changes:
This commit is contained in:
Bogdan Stoica
2023-02-13 12:13:05 +02:00
parent df88f452e8
commit bfb4916e2b
111 changed files with 17 additions and 2057 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
.etckeeper
View File

@@ -13,7 +13,10 @@ mkdir -p './X11/xorg.conf.d'
mkdir -p './ansible/roles' mkdir -p './ansible/roles'
mkdir -p './authselect/custom' mkdir -p './authselect/custom'
mkdir -p './binfmt.d' mkdir -p './binfmt.d'
mkdir -p './cagefs/conf.d'
mkdir -p './cagefs/exclude'
mkdir -p './chkconfig.d' mkdir -p './chkconfig.d'
mkdir -p './cl.selector/php.extensions.d'
mkdir -p './cron.weekly' mkdir -p './cron.weekly'
mkdir -p './crypto-policies/policies/modules' mkdir -p './crypto-policies/policies/modules'
mkdir -p './cxs/newusers' mkdir -p './cxs/newusers'
@@ -37,10 +40,7 @@ mkdir -p './glances'
mkdir -p './glvnd/egl_vendor.d' mkdir -p './glvnd/egl_vendor.d'
mkdir -p './gnupg' mkdir -p './gnupg'
mkdir -p './groff/site-font' mkdir -p './groff/site-font'
mkdir -p './imunify360-webshield/webshield-backend.conf.d' mkdir -p './imunify360-webshield/ssl_certs'
mkdir -p './imunify360-webshield/webshield-captcha.conf.d'
mkdir -p './imunify360-webshield/webshield-server.conf.d'
mkdir -p './imunify360-webshield/webshield-splashscreen.conf.d'
mkdir -p './incron.d' mkdir -p './incron.d'
mkdir -p './java/security/security.d' mkdir -p './java/security/security.d'
mkdir -p './jvm' mkdir -p './jvm'
@@ -107,6 +107,7 @@ mkdir -p './sssd/conf.d'
mkdir -p './sssd/pki' mkdir -p './sssd/pki'
mkdir -p './subversion' mkdir -p './subversion'
mkdir -p './sysconfig/console' mkdir -p './sysconfig/console'
mkdir -p './sysconfig/imunify360/malware-filters-admin-conf'
mkdir -p './sysconfig/modules' mkdir -p './sysconfig/modules'
mkdir -p './sysconfig/rhn/allowed-actions/configfiles' mkdir -p './sysconfig/rhn/allowed-actions/configfiles'
mkdir -p './sysconfig/rhn/allowed-actions/script' mkdir -p './sysconfig/rhn/allowed-actions/script'
@@ -116,6 +117,7 @@ mkdir -p './systemd/system/php-fpm.service.d'
mkdir -p './terminfo' mkdir -p './terminfo'
mkdir -p './tuned/recommend.d' mkdir -p './tuned/recommend.d'
mkdir -p './udev/hwdb.d' mkdir -p './udev/hwdb.d'
mkdir -p './wafd_imunify'
mkdir -p './xdg/QtProject' mkdir -p './xdg/QtProject'
maybe chmod 0755 '.' maybe chmod 0755 '.'
maybe chmod 0700 '.etckeeper' maybe chmod 0700 '.etckeeper'
@@ -267,11 +269,7 @@ maybe chmod 0644 'bindresvport.blacklist'
maybe chmod 0755 'binfmt.d' maybe chmod 0755 'binfmt.d'
maybe chmod 0755 'cagefs' maybe chmod 0755 'cagefs'
maybe chmod 0755 'cagefs/conf.d' maybe chmod 0755 'cagefs/conf.d'
maybe chmod 0600 'cagefs/conf.d/ai-bolit.cfg'
maybe chmod 0600 'cagefs/conf.d/pd-i360.cfg'
maybe chmod 0600 'cagefs/conf.d/phpi360.cfg'
maybe chmod 0755 'cagefs/exclude' maybe chmod 0755 'cagefs/exclude'
maybe chmod 0600 'cagefs/exclude/imunify360'
maybe chmod 0644 'cczerc' maybe chmod 0644 'cczerc'
maybe chmod 0755 'chkconfig.d' maybe chmod 0755 'chkconfig.d'
maybe chmod 0644 'chrony.conf' maybe chmod 0644 'chrony.conf'
@@ -280,9 +278,7 @@ maybe chgrp 'chrony' 'chrony.keys'
maybe chmod 0640 'chrony.keys' maybe chmod 0640 'chrony.keys'
maybe chmod 0755 'cifs-utils' maybe chmod 0755 'cifs-utils'
maybe chmod 0755 'cl.selector' maybe chmod 0755 'cl.selector'
maybe chmod 0644 'cl.selector/php.extensions.conflicts'
maybe chmod 0755 'cl.selector/php.extensions.d' maybe chmod 0755 'cl.selector/php.extensions.d'
maybe chmod 0644 'cl.selector/php.extensions.d/i360.cfg'
maybe chmod 0644 'cl.selector/selector.conf' maybe chmod 0644 'cl.selector/selector.conf'
maybe chown 'amavis' 'clamav-unofficial-sigs' maybe chown 'amavis' 'clamav-unofficial-sigs'
maybe chgrp 'amavis' 'clamav-unofficial-sigs' maybe chgrp 'amavis' 'clamav-unofficial-sigs'
@@ -322,8 +318,6 @@ maybe chgrp 'amavis' 'clamd.d/scan.conf.rpmsave'
maybe chmod 0644 'clamd.d/scan.conf.rpmsave' maybe chmod 0644 'clamd.d/scan.conf.rpmsave'
maybe chmod 0755 'cloud' maybe chmod 0755 'cloud'
maybe chmod 0644 'cloud/cloud.cfg.rpmsave' maybe chmod 0644 'cloud/cloud.cfg.rpmsave'
maybe chmod 0755 'cloudlinux-backup'
maybe chmod 0644 'cloudlinux-backup/mysql_freeze.config'
maybe chmod 0755 'cockpit' maybe chmod 0755 'cockpit'
maybe chmod 0755 'cockpit/ws-certs.d' maybe chmod 0755 'cockpit/ws-certs.d'
maybe chmod 0644 'cockpit/ws-certs.d/0-self-signed-ca.pem' maybe chmod 0644 'cockpit/ws-certs.d/0-self-signed-ca.pem'
@@ -337,24 +331,13 @@ maybe chmod 0644 'cron.d/0hourly'
maybe chmod 0644 'cron.d/clamav-unofficial-sigs' maybe chmod 0644 'cron.d/clamav-unofficial-sigs'
maybe chmod 0644 'cron.d/csf-cron' maybe chmod 0644 'cron.d/csf-cron'
maybe chmod 0600 'cron.d/csf_update' maybe chmod 0600 'cron.d/csf_update'
maybe chmod 0644 'cron.d/imunify-antivirus'
maybe chmod 0644 'cron.d/imunify-notifier'
maybe chmod 0644 'cron.d/imunify360'
maybe chmod 0644 'cron.d/imunify360-webshield-check'
maybe chmod 0600 'cron.d/imunify_scan_schedule'
maybe chmod 0644 'cron.d/lfd-cron' maybe chmod 0644 'cron.d/lfd-cron'
maybe chmod 0644 'cron.d/maldet_pub' maybe chmod 0644 'cron.d/maldet_pub'
maybe chmod 0644 'cron.d/shrinker-cron'
maybe chmod 0600 'cron.d/waf_configurator'
maybe chmod 0755 'cron.daily' maybe chmod 0755 'cron.daily'
maybe chmod 0755 'cron.daily/cloudlinux-backup-utils'
maybe chmod 0700 'cron.daily/csget' maybe chmod 0700 'cron.daily/csget'
maybe chmod 0755 'cron.daily/etckeeper' maybe chmod 0755 'cron.daily/etckeeper'
maybe chmod 0755 'cron.daily/imunify-antivirus.cron'
maybe chmod 0755 'cron.daily/imunify360.cron'
maybe chmod 0755 'cron.daily/logrotate' maybe chmod 0755 'cron.daily/logrotate'
maybe chmod 0755 'cron.daily/maldet' maybe chmod 0755 'cron.daily/maldet'
maybe chmod 0755 'cron.daily/ossec_logs_cleaner'
maybe chmod 0755 'cron.daily/rkhunter' maybe chmod 0755 'cron.daily/rkhunter'
maybe chmod 0644 'cron.deny' maybe chmod 0644 'cron.deny'
maybe chmod 0755 'cron.hourly' maybe chmod 0755 'cron.hourly'
@@ -412,7 +395,6 @@ maybe chmod 0600 'csf/disabled'
maybe chmod 0600 'csf/disabled/csfpost.sh' maybe chmod 0600 'csf/disabled/csfpost.sh'
maybe chmod 0600 'csf/disabled/csfpre.sh' maybe chmod 0600 'csf/disabled/csfpre.sh'
maybe chmod 0600 'csf/downloadservers' maybe chmod 0600 'csf/downloadservers'
maybe chmod 0644 'csf/imunify_allow.conf'
maybe chmod 0600 'csf/install.txt' maybe chmod 0600 'csf/install.txt'
maybe chmod 0600 'csf/license.txt' maybe chmod 0600 'csf/license.txt'
maybe chmod 0600 'csf/messenger' maybe chmod 0600 'csf/messenger'
@@ -1031,56 +1013,23 @@ maybe chmod 0644 'httpd/conf.modules.d/README'
maybe chmod 0644 'httpd/conf/httpd.conf' maybe chmod 0644 'httpd/conf/httpd.conf'
maybe chmod 0644 'httpd/conf/magic' maybe chmod 0644 'httpd/conf/magic'
maybe chmod 0644 'idmapd.conf' maybe chmod 0644 'idmapd.conf'
maybe chmod 0755 'imunify-auditd-log-reader'
maybe chmod 0644 'imunify-auditd-log-reader/config.yaml'
maybe chmod 0755 'imunify-realtime-av'
maybe chmod 0644 'imunify-realtime-av/config.yaml'
maybe chmod 0755 'imunify360' maybe chmod 0755 'imunify360'
maybe chmod 0755 'imunify360-webshield' maybe chmod 0755 'imunify360-webshield'
maybe chmod 0644 'imunify360-webshield/agent-proxies.conf'
maybe chmod 0644 'imunify360-webshield/blocked_country_codes.conf'
maybe chmod 0755 'imunify360-webshield/captcha' maybe chmod 0755 'imunify360-webshield/captcha'
maybe chmod 0644 'imunify360-webshield/captcha.conf'
maybe chmod 0644 'imunify360-webshield/captcha/lang.conf' maybe chmod 0644 'imunify360-webshield/captcha/lang.conf'
maybe chmod 0660 'imunify360-webshield/common-proxies.conf' maybe chmod 0660 'imunify360-webshield/common-proxies.conf.rpmsave'
maybe chmod 0660 'imunify360-webshield/country_ips.conf' maybe chmod 0660 'imunify360-webshield/country_ips.conf.rpmsave'
maybe chmod 0644 'imunify360-webshield/custom-blacklisted.conf'
maybe chmod 0644 'imunify360-webshield/custom-whitelisted.conf'
maybe chmod 0644 'imunify360-webshield/fastcgi.conf'
maybe chmod 0644 'imunify360-webshield/fastcgi_params'
maybe chmod 0644 'imunify360-webshield/invisible-captcha.conf'
maybe chmod 0644 'imunify360-webshield/invisible-captcha.conf.tpl'
maybe chmod 0644 'imunify360-webshield/koi-utf'
maybe chmod 0644 'imunify360-webshield/koi-win'
maybe chmod 0644 'imunify360-webshield/mime.types'
maybe chmod 0644 'imunify360-webshield/ports.conf' maybe chmod 0644 'imunify360-webshield/ports.conf'
maybe chmod 0644 'imunify360-webshield/presets.cfg'
maybe chmod 0644 'imunify360-webshield/scgi_params'
maybe chmod 0755 'imunify360-webshield/splashscreen' maybe chmod 0755 'imunify360-webshield/splashscreen'
maybe chmod 0644 'imunify360-webshield/splashscreen-antibot.conf' maybe chmod 0644 'imunify360-webshield/splashscreen-antibot.conf.rpmsave'
maybe chmod 0644 'imunify360-webshield/splashscreen.conf'
maybe chmod 0644 'imunify360-webshield/splashscreen/lang.conf' maybe chmod 0644 'imunify360-webshield/splashscreen/lang.conf'
maybe chmod 0644 'imunify360-webshield/ssl.conf'
maybe chmod 0755 'imunify360-webshield/ssl_certs' maybe chmod 0755 'imunify360-webshield/ssl_certs'
maybe chmod 0600 'imunify360-webshield/ssl_certs/dummy.pem'
maybe chmod 0644 'imunify360-webshield/ssl_ports.conf' maybe chmod 0644 'imunify360-webshield/ssl_ports.conf'
maybe chmod 0644 'imunify360-webshield/unified_access_logger.conf'
maybe chmod 0644 'imunify360-webshield/uwsgi_params'
maybe chmod 0644 'imunify360-webshield/virtserver.conf'
maybe chmod 0755 'imunify360-webshield/webshield-backend.conf.d'
maybe chmod 0755 'imunify360-webshield/webshield-captcha.conf.d'
maybe chmod 0755 'imunify360-webshield/webshield-http.conf.d' maybe chmod 0755 'imunify360-webshield/webshield-http.conf.d'
maybe chmod 0660 'imunify360-webshield/webshield-http.conf.d/captchakeys.conf' maybe chmod 0660 'imunify360-webshield/webshield-http.conf.d/captchakeys.conf'
maybe chmod 0644 'imunify360-webshield/webshield-http.conf.d/resolver.conf' maybe chmod 0644 'imunify360-webshield/webshield-http.conf.d/resolver.conf'
maybe chmod 0660 'imunify360-webshield/webshield-http.conf.d/static-whitelist.conf' maybe chmod 0660 'imunify360-webshield/webshield-http.conf.d/static-whitelist.conf'
maybe chmod 0644 'imunify360-webshield/webshield-http.conf.d/wscheckdata.conf' maybe chmod 0644 'imunify360-webshield/webshield-http.conf.d/wscheckdata.conf'
maybe chmod 0755 'imunify360-webshield/webshield-server.conf.d'
maybe chmod 0755 'imunify360-webshield/webshield-splashscreen.conf.d'
maybe chmod 0644 'imunify360-webshield/webshield.conf'
maybe chmod 0644 'imunify360-webshield/whitelisted-domains.conf'
maybe chmod 0644 'imunify360-webshield/win-utf'
maybe chmod 0644 'imunify360-webshield/wscheck.conf'
maybe chmod 0600 'imunify360/unified-access-logger.conf'
maybe chmod 0755 'imunify360/user_config' maybe chmod 0755 'imunify360/user_config'
maybe chgrp '5yFVdI0o' 'imunify360/user_config/5yFVdI0o' maybe chgrp '5yFVdI0o' 'imunify360/user_config/5yFVdI0o'
maybe chmod 0750 'imunify360/user_config/5yFVdI0o' maybe chmod 0750 'imunify360/user_config/5yFVdI0o'
@@ -1228,7 +1177,6 @@ maybe chmod 0755 'krb5.conf.d'
maybe chmod 0644 'krb5.conf.d/kcm_default_ccache' maybe chmod 0644 'krb5.conf.d/kcm_default_ccache'
maybe chmod 0644 'ld.so.conf' maybe chmod 0644 'ld.so.conf'
maybe chmod 0755 'ld.so.conf.d' maybe chmod 0755 'ld.so.conf.d'
maybe chmod 0644 'ld.so.conf.d/alt-hyperscan.conf'
maybe chmod 0644 'ld.so.conf.d/bind-export-x86_64.conf' maybe chmod 0644 'ld.so.conf.d/bind-export-x86_64.conf'
maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-193.6.3.el8_2.x86_64.conf' maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-193.6.3.el8_2.x86_64.conf'
maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-372.13.1.el8_6.x86_64.conf' maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-372.13.1.el8_6.x86_64.conf'
@@ -3226,17 +3174,11 @@ maybe chmod 0644 'logrotate.d/aide'
maybe chmod 0644 'logrotate.d/btmp' maybe chmod 0644 'logrotate.d/btmp'
maybe chmod 0644 'logrotate.d/chrony' maybe chmod 0644 'logrotate.d/chrony'
maybe chmod 0644 'logrotate.d/clamav-unofficial-sigs' maybe chmod 0644 'logrotate.d/clamav-unofficial-sigs'
maybe chmod 0644 'logrotate.d/cloudlinux-backup-utils'
maybe chmod 0644 'logrotate.d/dnf' maybe chmod 0644 'logrotate.d/dnf'
maybe chmod 0640 'logrotate.d/fail2ban' maybe chmod 0640 'logrotate.d/fail2ban'
maybe chmod 0640 'logrotate.d/fail2ban.rpmsave' maybe chmod 0640 'logrotate.d/fail2ban.rpmsave'
maybe chmod 0644 'logrotate.d/firewalld' maybe chmod 0644 'logrotate.d/firewalld'
maybe chmod 0644 'logrotate.d/httpd' maybe chmod 0644 'logrotate.d/httpd'
maybe chmod 0644 'logrotate.d/imunify360'
maybe chmod 0644 'logrotate.d/imunify360-pam'
maybe chmod 0644 'logrotate.d/imunify360-unified-access-logger'
maybe chmod 0644 'logrotate.d/imunify360-wafd'
maybe chmod 0644 'logrotate.d/imunify360-webshield'
maybe chmod 0644 'logrotate.d/iptraf-ng' maybe chmod 0644 'logrotate.d/iptraf-ng'
maybe chmod 0644 'logrotate.d/kvm_stat' maybe chmod 0644 'logrotate.d/kvm_stat'
maybe chmod 0644 'logrotate.d/lfd' maybe chmod 0644 'logrotate.d/lfd'
@@ -3246,7 +3188,6 @@ maybe chgrp 'named' 'logrotate.d/named'
maybe chmod 0640 'logrotate.d/named' maybe chmod 0640 'logrotate.d/named'
maybe chmod 0644 'logrotate.d/netdata' maybe chmod 0644 'logrotate.d/netdata'
maybe chmod 0644 'logrotate.d/nginx' maybe chmod 0644 'logrotate.d/nginx'
maybe chmod 0644 'logrotate.d/ossec-hids'
maybe chmod 0644 'logrotate.d/php-fpm' maybe chmod 0644 'logrotate.d/php-fpm'
maybe chmod 0644 'logrotate.d/ppp' maybe chmod 0644 'logrotate.d/ppp'
maybe chmod 0644 'logrotate.d/privoxy' maybe chmod 0644 'logrotate.d/privoxy'
@@ -4806,8 +4747,6 @@ maybe chmod 0640 'nginx/uwsgi_params'
maybe chmod 0644 'npmrc' maybe chmod 0644 'npmrc'
maybe chmod 0755 'nrpe.d' maybe chmod 0755 'nrpe.d'
maybe chmod 0644 'nsswitch.conf' maybe chmod 0644 'nsswitch.conf'
maybe chmod 0644 'odbc.ini'
maybe chmod 0644 'odbcinst.ini'
maybe chmod 0755 'oddjob' maybe chmod 0755 'oddjob'
maybe chmod 0644 'oddjobd.conf' maybe chmod 0644 'oddjobd.conf'
maybe chmod 0755 'oddjobd.conf.d' maybe chmod 0755 'oddjobd.conf.d'
@@ -4878,10 +4817,7 @@ maybe chmod 0755 'openldap'
maybe chmod 0755 'openldap/certs' maybe chmod 0755 'openldap/certs'
maybe chmod 0644 'openldap/ldap.conf' maybe chmod 0644 'openldap/ldap.conf'
maybe chmod 0755 'opt' maybe chmod 0755 'opt'
maybe chmod 0600 'ossec-init.conf'
maybe chmod 0755 'pam.d' maybe chmod 0755 'pam.d'
maybe chmod 0660 'pam.d/.password-auth.i360patch'
maybe chmod 0660 'pam.d/.system-auth.i360patch'
maybe chmod 0644 'pam.d/atd' maybe chmod 0644 'pam.d/atd'
maybe chmod 0644 'pam.d/chfn' maybe chmod 0644 'pam.d/chfn'
maybe chmod 0644 'pam.d/chsh' maybe chmod 0644 'pam.d/chsh'
@@ -4889,8 +4825,6 @@ maybe chmod 0644 'pam.d/cockpit'
maybe chmod 0644 'pam.d/config-util' maybe chmod 0644 'pam.d/config-util'
maybe chmod 0644 'pam.d/crond' maybe chmod 0644 'pam.d/crond'
maybe chmod 0644 'pam.d/dovecot' maybe chmod 0644 'pam.d/dovecot'
maybe chmod 0644 'pam.d/dovecot_imunify'
maybe chmod 0644 'pam.d/dovecot_imunify_domainowner'
maybe chmod 0644 'pam.d/fingerprint-auth' maybe chmod 0644 'pam.d/fingerprint-auth'
maybe chmod 0644 'pam.d/login' maybe chmod 0644 'pam.d/login'
maybe chmod 0644 'pam.d/mock' maybe chmod 0644 'pam.d/mock'
@@ -4901,7 +4835,6 @@ maybe chmod 0644 'pam.d/password-auth.i360bak'
maybe chmod 0644 'pam.d/polkit-1' maybe chmod 0644 'pam.d/polkit-1'
maybe chmod 0644 'pam.d/postlogin' maybe chmod 0644 'pam.d/postlogin'
maybe chmod 0644 'pam.d/ppp' maybe chmod 0644 'pam.d/ppp'
maybe chmod 0644 'pam.d/proftpd_imunify'
maybe chmod 0644 'pam.d/remote' maybe chmod 0644 'pam.d/remote'
maybe chmod 0644 'pam.d/runuser' maybe chmod 0644 'pam.d/runuser'
maybe chmod 0644 'pam.d/runuser-l' maybe chmod 0644 'pam.d/runuser-l'
@@ -4923,8 +4856,6 @@ maybe chmod 0644 'pam.d/systemd-user'
maybe chmod 0644 'pam.d/vlock' maybe chmod 0644 'pam.d/vlock'
maybe chmod 0644 'pam.d/vmtoolsd' maybe chmod 0644 'pam.d/vmtoolsd'
maybe chmod 0644 'pam.d/vsftpd' maybe chmod 0644 'pam.d/vsftpd'
maybe chmod 0750 'pam_imunify'
maybe chmod 0600 'pam_imunify/i360.ini'
maybe chmod 0644 'papersize' maybe chmod 0644 'papersize'
maybe chmod 0644 'passwd' maybe chmod 0644 'passwd'
maybe chmod 0644 'passwd-' maybe chmod 0644 'passwd-'
@@ -5900,7 +5831,6 @@ maybe chmod 0644 'sudoers.d/nrpe'
maybe chmod 0640 'sudoers.d/smiti' maybe chmod 0640 'sudoers.d/smiti'
maybe chmod 0640 'sudoers.d/vampi' maybe chmod 0640 'sudoers.d/vampi'
maybe chmod 0755 'sysconfig' maybe chmod 0755 'sysconfig'
maybe chmod 0640 'sysconfig/aibolit-resident'
maybe chmod 0644 'sysconfig/anaconda' maybe chmod 0644 'sysconfig/anaconda'
maybe chmod 0644 'sysconfig/arpwatch' maybe chmod 0644 'sysconfig/arpwatch'
maybe chmod 0644 'sysconfig/atd' maybe chmod 0644 'sysconfig/atd'
@@ -5917,35 +5847,13 @@ maybe chmod 0644 'sysconfig/garb'
maybe chmod 0644 'sysconfig/htcacheclean' maybe chmod 0644 'sysconfig/htcacheclean'
maybe chmod 0750 'sysconfig/imunify360' maybe chmod 0750 'sysconfig/imunify360'
maybe chmod 0660 'sysconfig/imunify360/.imunify360.backup_config' maybe chmod 0660 'sysconfig/imunify360/.imunify360.backup_config'
maybe chmod 0600 'sysconfig/imunify360/auth.admin'
maybe chmod 0644 'sysconfig/imunify360/custom_billing.config'
maybe chmod 0755 'sysconfig/imunify360/generic' maybe chmod 0755 'sysconfig/imunify360/generic'
maybe chmod 0644 'sysconfig/imunify360/generic/global_disabled_rules.conf' maybe chmod 0660 'sysconfig/imunify360/generic/modsec.conf'
maybe chmod 0644 'sysconfig/imunify360/generic/imunify-plugin.zip'
maybe chmod 0644 'sysconfig/imunify360/generic/modsec.conf'
maybe chmod 0700 'sysconfig/imunify360/generic/modsec.conf.d'
maybe chmod 0644 'sysconfig/imunify360/generic/modsec.conf.d/empty.conf'
maybe chmod 0644 'sysconfig/imunify360/generic/modsec2.imunify.conf'
maybe chmod 0644 'sysconfig/imunify360/generic/nginx.modsec3.imunify.conf'
maybe chmod 0644 'sysconfig/imunify360/imunify360-merged.config'
maybe chmod 0600 'sysconfig/imunify360/imunify360.config'
maybe chmod 0700 'sysconfig/imunify360/imunify360.config.d' maybe chmod 0700 'sysconfig/imunify360/imunify360.config.d'
maybe chmod 0600 'sysconfig/imunify360/imunify360.config.d/10_on_first_install.config' maybe chmod 0600 'sysconfig/imunify360/imunify360.config.d/10_on_first_install.config'
maybe chmod 0600 'sysconfig/imunify360/imunify360.config.defaults.example' maybe chmod 0600 'sysconfig/imunify360/imunify360.config.rpmsave'
maybe chmod 0640 'sysconfig/imunify360/integration.conf' maybe chmod 0640 'sysconfig/imunify360/integration.conf'
maybe chmod 0755 'sysconfig/imunify360/malware-filters-admin-conf' maybe chmod 0755 'sysconfig/imunify360/malware-filters-admin-conf'
maybe chmod 0644 'sysconfig/imunify360/malware-filters-admin-conf/ignored.txt'
maybe chmod 0770 'sysconfig/imunify360/malware-filters-admin-conf/processed'
maybe chmod 0660 'sysconfig/imunify360/malware-filters-admin-conf/processed/basedirs-list.txt'
maybe chmod 0770 'sysconfig/imunify360/malware-filters-admin-conf/processed/ignored'
maybe chmod 0660 'sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt'
maybe chmod 0660 'sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin.txt'
maybe chmod 0660 'sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-internal.txt'
maybe chmod 0660 'sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt'
maybe chmod 0770 'sysconfig/imunify360/malware-filters-admin-conf/processed/watched'
maybe chmod 0660 'sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-admin.txt'
maybe chmod 0660 'sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-internal.txt'
maybe chmod 0644 'sysconfig/imunify360/malware-filters-admin-conf/watched.txt'
maybe chmod 0660 'sysconfig/imunify360/panel-name.txt' maybe chmod 0660 'sysconfig/imunify360/panel-name.txt'
maybe chmod 0600 'sysconfig/ip6tables-config' maybe chmod 0600 'sysconfig/ip6tables-config'
maybe chmod 0600 'sysconfig/iptables-config' maybe chmod 0600 'sysconfig/iptables-config'
@@ -6023,7 +5931,6 @@ maybe chmod 0644 'sysconfig/svnserve'
maybe chmod 0644 'sysctl.conf' maybe chmod 0644 'sysctl.conf'
maybe chmod 0644 'sysctl.conf.old-2020-10-20-17_37_02' maybe chmod 0644 'sysctl.conf.old-2020-10-20-17_37_02'
maybe chmod 0755 'sysctl.d' maybe chmod 0755 'sysctl.d'
maybe chmod 0644 'sysctl.d/90-webshield-ip-local-reserved.conf'
maybe chmod 0644 'system-fips' maybe chmod 0644 'system-fips'
maybe chmod 0644 'system-release-cpe' maybe chmod 0644 'system-release-cpe'
maybe chmod 0755 'systemd' maybe chmod 0755 'systemd'
@@ -6136,7 +6043,6 @@ maybe chmod 0744 'vsftpd/vsftpd_conf_migrate.sh'
maybe chmod 0755 'w3m' maybe chmod 0755 'w3m'
maybe chmod 0644 'w3m/config' maybe chmod 0644 'w3m/config'
maybe chmod 0755 'wafd_imunify' maybe chmod 0755 'wafd_imunify'
maybe chmod 0600 'wafd_imunify/i360.ini'
maybe chmod 0644 'wgetrc' maybe chmod 0644 'wgetrc'
maybe chmod 0644 'whois.conf' maybe chmod 0644 'whois.conf'
maybe chmod 0700 'wireguard' maybe chmod 0700 'wireguard'
@@ -6193,7 +6099,6 @@ maybe chmod 0644 'yum.repos.d/epel-testing.repo'
maybe chmod 0644 'yum.repos.d/epel.repo' maybe chmod 0644 'yum.repos.d/epel.repo'
maybe chmod 0644 'yum.repos.d/hashicorp.repo' maybe chmod 0644 'yum.repos.d/hashicorp.repo'
maybe chmod 0640 'yum.repos.d/immortal_immortal.repo' maybe chmod 0640 'yum.repos.d/immortal_immortal.repo'
maybe chmod 0644 'yum.repos.d/imunify-rollout.repo'
maybe chmod 0644 'yum.repos.d/imunify360-testing.repo' maybe chmod 0644 'yum.repos.d/imunify360-testing.repo'
maybe chmod 0644 'yum.repos.d/imunify360.repo' maybe chmod 0644 'yum.repos.d/imunify360.repo'
maybe chmod 0640 'yum.repos.d/kopia.repo' maybe chmod 0640 'yum.repos.d/kopia.repo'

3
cagefs/conf.d/ai-bolit.cfg
View File

@@ -1,3 +0,0 @@
[ai-bolit]
comment=AI-BOLIT
paths=/opt/ai-bolit/AIBOLIT-WHITELIST.db, /opt/ai-bolit/ai-bolit-hoster.php, /opt/ai-bolit/ai-bolit.php, /opt/ai-bolit/procu2.php

3
cagefs/conf.d/pd-i360.cfg
View File

@@ -1,3 +0,0 @@
[pd-i360]
comment=PD files
paths=/etc/ld.so.conf.d/alt-hyperscan.conf

3
cagefs/conf.d/phpi360.cfg
View File

@@ -1,3 +0,0 @@
[phpi360]
comment=PHP proactive defence
paths=/etc/sysconfig/imunify360/imunify360-merged.config

5
cagefs/exclude/imunify360
View File

@@ -1,5 +0,0 @@
imunify360-captcha
ossec
ossecr
ossecm
ossece

16
cl.selector/php.extensions.conflicts
View File

@@ -1,16 +0,0 @@
# This file contains php extensions mutual conflicts
eaccelerator, apc, xcache, xcache_3, apcu
apc, opcache
idn, intl
mysql, nd_mysql
mysqli, nd_mysqli
pdo_mysql, nd_pdo_mysql
ioncube_loader, ioncube_loader_4
ioncube_loader, ioncube_loader_5
ioncube_loader_5, ioncube_loader_4
imagick, gmagick
gmagick, magickwand
phalcon, phalcon3

2
cl.selector/php.extensions.d/i360.cfg
View File

@@ -1,2 +0,0 @@
[extensions]
hide_extensions=i360

4
cloudlinux-backup/mysql_freeze.config
View File

@@ -1,4 +0,0 @@
FREEZE_MYSQL_TIMEOUT=300
FREEZE_SNAPSHOT_TIMEOUT=600
FREEZE_LOCKFILE=/var/cloudlinux-backup-mysql-freeze.lock
FREEZE_LOGFILE=/var/log/cloudlinux-backup-mysql-freeze.log

7
cron.d/imunify-antivirus
View File

@@ -1,7 +0,0 @@
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
# Every Saturday at 1:25
25 1 * * 6 root tmpwatch 168 /var/imunify360/tmp
# Every 5 minutes. Ignore "ERROR: imunify360 service is running."
*/5 * * * * root imunify360-agent malware on-demand check-detached > /dev/null 2>&1 || :
17 4 * * * root /opt/alt/python38/share/imunify360/scripts/report-command-error /opt/alt/python38/share/imunify360/scripts/update_components_versions.py > /dev/null 2>&1

4
cron.d/imunify-notifier
View File

@@ -1,4 +0,0 @@
# CONTENT OF THIS FILE IS GENERATED AUTOMATICALLY, DO NOT EDIT
SHELL=/bin/bash
MAILTO=""
* * * * * root /usr/sbin/imunify-notifier -update-cron

8
cron.d/imunify360
View File

@@ -1,8 +0,0 @@
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
13 * * * * root /usr/sbin/imunify360-watchdog 1200 >/dev/null 2>&1
0 * * * * root /usr/sbin/imunify-realtime-av -cleanup >/dev/null 2>&1
# clean modsec tmp dir for the case when tmp files are stored permanently (see DEF-14411)
*/5 * * * * root /usr/libexec/imunify360-cgroup-process-wrapper --command tmpwatch --report-time --report-slice /Imunify.slice/Cron.slice/tmpreaper_tmp_modsec -- 5m /var/imunify360/tmp_modsec
# Every Saturday at 1:25
25 1 * * 6 root /usr/libexec/imunify360-cgroup-process-wrapper --command tmpwatch --report-time --report-slice /Imunify.slice/Cron.slice/tmpreaper_tmp -- 168 /var/imunify360/tmp

4
cron.d/imunify360-webshield-check
View File

@@ -1,4 +0,0 @@
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
*/5 * * * * root /usr/share/imunify360-webshield/webshield-watchdog &>/dev/null

2
cron.d/imunify_scan_schedule
View File

@@ -1,2 +0,0 @@
# DO NOT EDIT. AUTOMATICALLY GENERATED.
0 3 * * 0 root /usr/bin/imunify360-agent malware user scan --background >/dev/null 2>&1

1
cron.d/shrinker-cron
View File

@@ -1 +0,0 @@
17 3 * * * root /usr/bin/flock -n /var/run/shrinker.lock /opt/alt/python38/bin/python3 /opt/alt/modsec-sdbm-util/bin/shrinker.py > /dev/null

2
cron.d/waf_configurator
View File

@@ -1,2 +0,0 @@
# DO NOT EDIT. AUTOMATICALLY GENERATED BY IMUNIFY360.
51 4 * * * root /opt/alt/python38/share/imunify360/scripts/report-command-error /opt/alt/python38/share/imunify360/scripts/update_components_versions.py > /dev/null 2>&1

33
cron.daily/cloudlinux-backup-utils
View File

@@ -1,33 +0,0 @@
#!/bin/bash
LOG_FILE=${1:-/var/log/cloudlinux-backup-utils-cron.log}
log() {
echo "$(date -u): ${*}" >>"${LOG_FILE}"
}
refresh_token_if_present() {
backend=${1}
token_file=/var/restore_infected/${backend}_api_token.json
if [ -f "${token_file}" ]; then
log "${backend}: refreshing auth token"
out=$(/usr/bin/restore_infected "${backend}" extra refresh_token 2>&1)
exit_code=$?
if [ "${exit_code}" != "0" ]; then
log "${out}"
log "Token refresh failed"
echo "${out}"
echo "Token refresh failed"
return 1
fi
log "Auth token refreshed"
else
log "${backend}: not initialized, skipping..."
fi
}
refresh_token_if_present acronis
refresh_token_if_present r1soft

12
cron.daily/imunify-antivirus.cron
View File

@@ -1,12 +0,0 @@
#!/bin/bash
/usr/bin/imunify360-agent check-domains > /dev/null 2>&1 || true
/opt/alt/python38/share/imunify360/scripts/report-command-error \
/usr/bin/yum update \
imunify-antivirus \
ai-bolit \
imunify-notifier \
--assumeyes > /dev/null 2>&1
/usr/bin/imunify-antivirus version > /dev/null 2>&1

15
cron.daily/imunify360.cron
View File

@@ -1,15 +0,0 @@
#!/bin/bash
/usr/bin/imunify360-agent check-domains > /dev/null 2>&1
/opt/alt/python38/share/imunify360/scripts/report-command-error \
/usr/bin/yum update \
imunify360-firewall \
cloudlinux-backup-utils \
ai-bolit \
imunify360-php-i360 \
imunify-realtime-av \
imunify-auditd-log-reader \
imunify360-webshield-bundle \
imunify360-pam \
imunify-notifier \
imunify360-unified-access-logger \
--assumeyes > /dev/null 2>&1

7
cron.daily/ossec_logs_cleaner
View File

@@ -1,7 +0,0 @@
#!/bin/bash
# -delete option implicitly uses -depth, which traverse folders with DFS
# (beginning with folder's content, ending with folder itself)
# so, if old folder contains old files, "directory is not empty" error won't happen.
# Old folder may not be deleted only if contains recently modified files
find -H /var/ossec/logs/{alerts/*,archives/*,firewall/*} -mtime +2 -not -name alerts.json -delete >/dev/null 2>&1
exit 0

4
csf/csf.allow
View File

@@ -163,7 +163,3 @@ tcp:in:d=5666:s=194.63.143.34 # file.rocks
82.76.35.228 # Manually allowed: 82.76.35.228 (RO/Romania/Bucuresti/Bucharest/static-82-76-35-228.rdsnet.ro) - Wed Jan 18 09:03:34 2023 82.76.35.228 # Manually allowed: 82.76.35.228 (RO/Romania/Bucuresti/Bucharest/static-82-76-35-228.rdsnet.ro) - Wed Jan 18 09:03:34 2023
86.127.21.14 # Manually allowed: 86.127.21.14 (RO/Romania/Dolj/Craiova/86-127-21-14.rdsnet.ro) - Mon Jan 23 16:40:32 2023 86.127.21.14 # Manually allowed: 86.127.21.14 (RO/Romania/Dolj/Craiova/86-127-21-14.rdsnet.ro) - Mon Jan 23 16:40:32 2023
# csf_tool:
148.251.142.83 # imunify360 server - Thu Feb 9 14:49:32 2023
69.175.3.10 # files.imunify360.com server - Thu Feb 9 14:49:32 2023
Include /var/imunify360/files/whitelist/v2/imunify360.txt

4
csf/csf.conf
View File

@@ -139,7 +139,7 @@ LF_SPI = "1"
TCP_IN = "20,21,22,25,26,53,80,88,110,143,443,465,587,873,904,953,992,993,995,1723,1986,2082,2083,2086,2087,2095,2096,5080,5222,5269,5432,5665,5666,8000,8001,8080,8443,8800,8988,9080,9391,9443,9999,11898,52222,65534,1907:1909,40000:40100" TCP_IN = "20,21,22,25,26,53,80,88,110,143,443,465,587,873,904,953,992,993,995,1723,1986,2082,2083,2086,2087,2095,2096,5080,5222,5269,5432,5665,5666,8000,8001,8080,8443,8800,8988,9080,9391,9443,9999,11898,52222,65534,1907:1909,40000:40100"
# Allow outgoing TCP ports # Allow outgoing TCP ports
TCP_OUT = "8443,44445,55556,1:65535,7770:7800" TCP_OUT = ",1:65535"
# Allow incoming UDP ports # Allow incoming UDP ports
UDP_IN = "20,21,53,67,68,123,161,500,514,517,518,1027,1194,1514,1701,1981,4500,33434:33523" UDP_IN = "20,21,53,67,68,123,161,500,514,517,518,1027,1194,1514,1701,1981,4500,33434:33523"
@@ -680,7 +680,7 @@ LF_ALERT_SMTP = ""
# readme.txt for format details # readme.txt for format details
# #
# Leave this setting blank to disable # Leave this setting blank to disable
BLOCK_REPORT = "/opt/alt/python38/share/imunify360/scripts/lfd_block.py" BLOCK_REPORT = ""
# To also run an external script when a temporary block is unblocked. The # To also run an external script when a temporary block is unblocked. The
# following setting can be the full path of the external script which must be # following setting can be the full path of the external script which must be

3
csf/csf.pignore
View File

@@ -165,9 +165,6 @@ user:ossecr
user:ossecm user:ossecm
user:wazuh user:wazuh
exe:/var/ossec/bin/ossec-agentd exe:/var/ossec/bin/ossec-agentd
exe:/var/ossec/bin/ossec-analysisd
exe:/var/ossec/bin/ossec-monitord
exe:/var/ossec/bin/ossec-remoted
exe:/var/ossec/bin/ossec-syscheckd exe:/var/ossec/bin/ossec-syscheckd
exe:/var/ossec/bin/ossec-logcollector exe:/var/ossec/bin/ossec-logcollector
exe:/var/ossec/bin/wazuh-modulesd exe:/var/ossec/bin/wazuh-modulesd

2
csf/imunify_allow.conf
View File

@@ -1,2 +0,0 @@
148.251.142.83;imunify360 server
69.175.3.10;files.imunify360.com server

4
imunify-auditd-log-reader/config.yaml
View File

@@ -1,4 +0,0 @@
logging:
trace_logging: false
statistics:
report_period: 3h

5
imunify-realtime-av/config.yaml
View File

@@ -1,5 +0,0 @@
cleanup:
frequency: 60
age_cutoff: 600
statistics:
report_period: 3

3
imunify360-webshield/agent-proxies.conf
View File

@@ -1,3 +0,0 @@
# This file initially empty and
# supposed to have ip addresses
# generated by im360 agent

3
imunify360-webshield/blocked_country_codes.conf
View File

@@ -1,3 +0,0 @@
# Place two-letter country codes here to block these countries at the
# webshield level. For instance, to block China, add
# CN 1;

4
imunify360-webshield/captcha.conf
View File

@@ -1,4 +0,0 @@
map $cookie_locale$http_accept_language $captcha_lang {
default en;
include captcha/lang.conf;
}

0
imunify360-webshield/common-proxies.conf → imunify360-webshield/common-proxies.conf.rpmsave
View File

0
imunify360-webshield/country_ips.conf → imunify360-webshield/country_ips.conf.rpmsave
View File

0
imunify360-webshield/custom-blacklisted.conf
View File

0
imunify360-webshield/custom-whitelisted.conf
View File

26
imunify360-webshield/fastcgi.conf
View File

@@ -1,26 +0,0 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
imunify360-webshield/fastcgi_params
View File

@@ -1,25 +0,0 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

16
imunify360-webshield/invisible-captcha.conf
View File

@@ -1,16 +0,0 @@
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED.
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# Direct modifications to this cfile WILL be lost upon subsequent
# regeneration of this configuration file.
#
# To have your modifications retained, you should use
# /etc/sysconfig/imunify360/imunify360.config.d
# via UI, CLI or manually.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
set $invisible_captcha off;

16
imunify360-webshield/invisible-captcha.conf.tpl
View File

@@ -1,16 +0,0 @@
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED.
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# Direct modifications to this file WILL be lost upon subsequent
# regeneration of this configuration file.
#
# To have your modifications retained, you should use CLI command
# imunify360-agent features <install|remove> <feature>
# or activate/deactivate appropriate feature in UI.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
set $invisible_captcha {invisible_captcha_on_off};

109
imunify360-webshield/koi-utf
View File

@@ -1,109 +0,0 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
imunify360-webshield/koi-win
View File

@@ -1,103 +0,0 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

97
imunify360-webshield/mime.types
View File

@@ -1,97 +0,0 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

4
imunify360-webshield/presets.cfg
View File

@@ -1,4 +0,0 @@
# Global webshiled presets to be taken into account
# when config is being generated
# proxy_protocol = no

17
imunify360-webshield/scgi_params
View File

@@ -1,17 +0,0 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

0
imunify360-webshield/splashscreen-antibot.conf → imunify360-webshield/splashscreen-antibot.conf.rpmsave
View File

4
imunify360-webshield/splashscreen.conf
View File

@@ -1,4 +0,0 @@
map $http_accept_language $splashscreen_lang {
default en;
include splashscreen/lang.conf;
}

10
imunify360-webshield/ssl.conf
View File

@@ -1,10 +0,0 @@
# When enabled, WebShield will search for the first certificate
# in cache and return it for the requests without SNI.
# When disabled, default self-signed server certficate will be used.
lua_enable_ws_sslcache_search on;
# Default server certificate that will be used for requests without SNI.
# It is self-signed and is generated on installation/upgrade for 365 days
# so please note that it will expire after a year since the installation/upgrade.
ssl_certificate ssl_certs/dummy.pem;
ssl_certificate_key ssl_certs/dummy.pem;

82
imunify360-webshield/ssl_certs/dummy.pem
View File

@@ -1,82 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0zUnzvkF4U8er
7CaOaKzT3owW2NOLeh6vsn/WmDDysgtixgZ5iPFT+H/NPna4PsbuVVA5CS9AbNxr
nvWtkGfMZJDjny/+6PYoZEYoSK9sUKpHAD2HlSACbOxfmBtDMZqcjzdZ8+Io4/qP
3S8ap1rx7LfVqxR6BY1Rkp0FRmVJBviS0GYRl8u5ZQcRfDeNiRlF0AFZlyGRKqfR
GozrwWMZq5FyrBP+dExYNcfj52WzZMG/GQByDdH6yD6BV1OrG3hl9lCdij7foUo2
3YzbkFHFiESoPjdJyqlxjARcuFZpsGcdLDkrw7seGiLEmyyqeMDWjBVjTvmy2KwJ
A8hGSx4m85vzrJ5k1ST3nCQB/x/n3+wYyMu61mB5r/Z5sedYSQQm6lhm3+w0A8kh
iNhSrJLhCC1qQqHZINauRWXEA7XEFjpPt0kzUsic67u3SdwsgS8GrcY1Eet5h8gJ
zsEKe0MV7QZ2qVfdhwY2SISnodj2FJGobGAxMVNTMgV10eA7teU8Tn+oWKuR4pb6
BFbzp45lYTjIaFGN6uLdlGHBHc2PocOrHl8f+hew2IJRasa9Ae3GQFgmhCZdQVEK
YJMP/pgiuiK6WDg7ZmjpyvWQnXotPzKlu8VtcxnDaBA2JQIbvCTrzikeyILHI3V4
UF+icPaOUjz1CVHnuxbuWaB4efqI0QIDAQABAoICABniAaI5LFozdDQyfFqKtaMn
CtsCc1ZWRypT3WU1KFy2DFc5jhe7+QBSZMlXFdvOcOARqohfvjn026E0gms0bwed
pfhQA6j0ZLjnkfuWXDafXaEIccaFHK38NeKBffWilkWvYvcnqMq9yFLsESA5sRVN
FAwsj6PgQ5jX6k6lAz7vFoq99r6yAmIqClcAd1t1sv6Bho/yyMVlW9zddisR5kP4
gbvu0nXs5DkEifcgWzjRRcM7qwqo29SQ8hHGFJ48MoI2PtguwE13Y45zLQUJpgsn
NNz4+yU/M/6jUsSLRyOeM0TD3fNb89+dUjjfFgfZfZG5QB6VYb2uswIfXn5hppEj
TUS4XsY862pn/J+QQaOQ0ullhuu0EUz1xEHRkodpq8/cTFjhCCWeBQsuO9tJO2HY
lOUF8p5ajAhbrLYKpXATktiM+Gc+4gwfQT1OBX+5QpmhiqaMJA02aJ3GLggmVh0Q
6lwcqGT42Wat82BKKjHm433NeJrEBim2K6AoJWHkv2Y+lkFVl2O5IMH8a8C9APoj
SziV/wNfozNNlsmE+f705KAoCjAIswEkJ2I1pmm0pq3Hx6hhk1viYUaYoyr2Lbm1
QBr5U4xOv5uzT2Bi6ts9euua29MnQ1YA9G/SU+jLMyfEiqTvqpMi2upko2++SvsB
eITfoDrAqPNtHM+wAN25AoIBAQDf1rLCdbytO10FcHKT+5TSS70X9djn4fpZFqrm
HsSQf3G9GdZ7DAeROoeQNWt68uzRdh4JkiSBRRqarqngF14blaIiLM4x1kDDUa/g
xf+DFMur/JGYUfGXgXImxRaC0M7F6IY1qzfNrS5oKJSgSFPykghpcaHDrSVt2R0Z
Hj8vulrDEGFDqtof+DPnmP5VWRaO3K3kDddL2O0o5oKuTTVhE6l/ZlU6v+AyG0Qc
9Tfqk/rzaTp9ytY022baVNZ6O5AdvKmbnFYSXbmsWkvYScKydJDL1mQPrJkDZGYD
X1PgcEJ0Y2sKpVEnzBKZ9mPcG6MEUHwk0j3uOB9ebcDk1DJjAoIBAQDOx5l+7/5x
ilapgDg9+kD6IYaErXcbKWQGINCn+XJ7CUb93qXbpva+Vx95ug4TC8KNvTPOU7/V
Xd80C5aVCOeBvWVjUI9/Go10uVy6RMmmV0Xc8YdZOMqdHJ8Ac58nlwWHSh1yS9h/
RbmVGkDOFv09TSdhOOG05UWa/S/aYxVn2C0uwb0uafPUnbTjxn6a6Bxxnr1v63yX
w9efUqqM3+k1ZwOfPD3fE3CgDsxVmvcCfliTkMelVaX/mnLZFzdaGor/q9uLQtfl
NYYnzMY1W0BbIbOj7f/c8jvLQW4LKMfF/Lm7EF8lSyE/VI61bvbTbh7c+K/l1TkH
b1B68jDEHyQ7AoIBAH8yyF6M/W0LwO6oWdQSMR3YAFqvUFVlKxiZMwCWF2ltorqt
Bh7iVSKIOiUO1kcF6OGW17bkn23+UQH5o3s+jDHstDfrcjkL4b2cm++FVI+ur5bK
bgo69qj73Fx/vy0Tb40zd6Dj7VApy6dQ+DSlJV9A8RrKgfxqVky4BjsR3yJGKfGT
S1JispVcPFKttEnX2GPSr9Zary/g09RcOYLHSUAjJjzJcEF0a/jNWcWC7AWXlhHg
iGaXb2aWDzqe30qSsnDTlyZgjuDc9fglT9hXAhba+rV63V2y3Tj6QqZD86wk3v64
yElCbH3LD/8B7vlTky2Odx2Ng7ftmJXWlLj0hLUCggEBAJ5I7jfcEILraZFQpDzV
Lx4JwcYYXv88vONwBSk/6qFCJcS5xW6RrXlgiaiNgq6TpvcG6Pw84bC7rdtSL4+g
BE8tIspWZbHfKn86UUAI3e9mCQWrIXdr4LVJrnETELamhUXdtxLB+lTak8gOE6Nu
t6VQRR/IAgaOJq0QuKvMgxs9wMB075Ly6gJMQqbFUC7WFMfowoxEz9gAwzKjfghe
ck89rukanSYA5IqxKTsyZ3jSLI2xGxJ1sJ8rpFSH0Ag6H0K9VE6S+V7sjOg0eVlo
o6fe8Xs/+UcxahIZ4NnL+riUz7vhOWP70dR/rso1yd1pA1kVSNh/UqtdS1cBw9Ct
IfcCggEBAM9C185mVzmk69MnD76OjLcGaiy7OdyY0xK5odTaPa1s68bQPwpfL1IR
dbZ/WVMgNhduExvx7RONp+kvwFTxQH+OtFvceHCWc5SqQTp3aNWRoMN12gY9ZaDs
KG+1z8aTXfZyMPIgXIEYfatndjgXr25xcSYdNhGkU5x3NKw24Zzian+49KWw3zQb
bApd1bg48k8mehwUxxBWNMiTF2ie3lZj2IGEd45n19Da0s+maGWFGfj/ifFEVQ5x
C2zhMpkjvtJHtrkj6vk2NoPqyR6tL3N4iZyPmcywGFVCXsI8G2GIFEylAd+ZRATl
IrvSc7HIaJlEC4aimNEOx7DpS4Hta8A=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFDTCCAvWgAwIBAgIUHDCsyauLfsZpqTtczBwPUSsbQgswDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLemlyYS44OTgucm8wHhcNMjMwMjA5MTI0OTE5WhcNMjQw
MjA5MTI0OTE5WjAWMRQwEgYDVQQDDAt6aXJhLjg5OC5ybzCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALTNSfO+QXhTx6vsJo5orNPejBbY04t6Hq+yf9aY
MPKyC2LGBnmI8VP4f80+drg+xu5VUDkJL0Bs3Gue9a2QZ8xkkOOfL/7o9ihkRihI
r2xQqkcAPYeVIAJs7F+YG0MxmpyPN1nz4ijj+o/dLxqnWvHst9WrFHoFjVGSnQVG
ZUkG+JLQZhGXy7llBxF8N42JGUXQAVmXIZEqp9EajOvBYxmrkXKsE/50TFg1x+Pn
ZbNkwb8ZAHIN0frIPoFXU6sbeGX2UJ2KPt+hSjbdjNuQUcWIRKg+N0nKqXGMBFy4
VmmwZx0sOSvDux4aIsSbLKp4wNaMFWNO+bLYrAkDyEZLHibzm/OsnmTVJPecJAH/
H+ff7BjIy7rWYHmv9nmx51hJBCbqWGbf7DQDySGI2FKskuEILWpCodkg1q5FZcQD
tcQWOk+3STNSyJzru7dJ3CyBLwatxjUR63mHyAnOwQp7QxXtBnapV92HBjZIhKeh
2PYUkahsYDExU1MyBXXR4Du15TxOf6hYq5HilvoEVvOnjmVhOMhoUY3q4t2UYcEd
zY+hw6seXx/6F7DYglFqxr0B7cZAWCaEJl1BUQpgkw/+mCK6IrpYODtmaOnK9ZCd
ei0/MqW7xW1zGcNoEDYlAhu8JOvOKR7IgscjdXhQX6Jw9o5SPPUJUee7Fu5ZoHh5
+ojRAgMBAAGjUzBRMB0GA1UdDgQWBBRostY0giKZrdn0QZR/W2bUS22jgTAfBgNV
HSMEGDAWgBRostY0giKZrdn0QZR/W2bUS22jgTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBYrYi3P9wOx769eHdavaFCzXg/g1qbcNI2GbNj96Qk
+LKm/4/NUCUEngcMg0RsCrBfj00uDVhhBN/QmwOjmj5ZkKAd829WFY5RFUDrsNXP
pjfAMsSSJ7KXq7DyxCZeKx6jhpqq9uOxCS9jee9UNFpVOCpZXlNxIQD+pDXEKKh2
vrMF+xZi9Ao6rng/lMSRaaqqn3KOokn7FK7bPhqNbBrIZMpfEA11ZsS0moH4py3Q
emmKcNZv2d27CAm4X6K7tSmuH6wV/jjcQ6SxNUs6G6YXj1Eg5T9JcFpHDxtttfls
ftPzzVqt8rLm6/kAdQiNgFLq1dTKY30LhlYVGPOEst/1+ckAZxL6KOPSmsVWFPNG
4wuuE2IW/7HhmR9KQFjdVwnxg/p11/S9tw5/Ua0Or8BqwBZtzLWkRvXrcoLRotAW
SBLU1H3SGwdkLnDofzia2YFwH0k+IqSATAdmYt4kYqkmP+OeSw/YGVZPO1jurRVp
4/ncZ8ChUqz9qc5bpeAEiYU42jc2PeGhbQez67Mfo2VOj1rYXh7EfVdSoZdAGSr+
4FUFBv/H09KCenXD0U+ADvLW2G9XPxMlvMni+uUETES/AU/ehDP/qrwO6m6IPwbG
w60iRxQzzLBghKuXBdfz8zlmcHNKc55CXGvQNkUVSsqwPnTQeQlZFb2PHY1GyzOq
WQ==
-----END CERTIFICATE-----

2
imunify360-webshield/unified_access_logger.conf
View File

@@ -1,2 +0,0 @@
log_format ualog '$wsuserip|$webshield_verdict|$time_iso8601';
access_log syslog:server=unix:/var/run/imunify360-webshield-unified_access_logger.socket,tag=ualog ualog;

17
imunify360-webshield/uwsgi_params
View File

@@ -1,17 +0,0 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

110
imunify360-webshield/virtserver.conf
View File

@@ -1,110 +0,0 @@
lua_ssl_verify_depth 2;
lua_ssl_trusted_certificate /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem;
ssl_certificate_by_lua_file lua/ssl.lua;
set $proxy_part '';
if ($append_port) {
set $proxy_part :$proxy_port;
}
set $trust_ezoic 0;
rewrite_by_lua_file lua/accesscheck.lua;
location = /selfcheck {
allow 127.0.0.1;
allow ::1;
deny all;
content_by_lua_block {
ngx.status = ngx.HTTP_OK
ngx.header.content_type = "text/html; charset=utf-8"
local message = os.time(os.date("!*t"))
ngx.say(message)
return ngx.exit(ngx.HTTP_OK)
}
}
location = /captchacheck {
proxy_set_header Host $host$proxy_part;
proxy_set_header X-Real-IP $wsuserip;
proxy_bind $bind_target;
proxy_hide_header Upgrade;
proxy_http_version 1.1;
proxy_set_header Connection "";
if ($static_whitelisted) {
expires off;
proxy_pass $scheme://catchall;
}
access_by_lua_file lua/captchacheck.lua;
}
location = /ungraylistcheck {
content_by_lua_file lua/ungraylistcheck.lua;
}
location @to_static {
root html/captcha;
try_files $uri /a9bc224bd710f56d27affffddc764239b58c3faa0/shield.png;
}
location / {
access_by_lua_file lua/reqrouter.lua;
}
location @to_backend {
access_by_lua_block {
local xff = ngx.var.http_x_forwarded_for
if not xff or ngx.var.remote_proxy == "0" then
ngx.req.set_header("X-Forwarded-For", ngx.var.wsuserip)
else
ngx.req.set_header("X-Forwarded-For", xff .. ", " .. ngx.var.remote_addr)
end
}
proxy_set_header Host $host$proxy_part;
proxy_set_header X-Real-IP $wsuserip;
proxy_set_header X-Remote-IP $remote_addr;
proxy_hide_header Upgrade;
expires off;
proxy_http_version 1.1;
proxy_set_header Connection "";
include /etc/imunify360-webshield/webshield-backend.conf.d/*.conf;
proxy_bind $bind_target;
proxy_pass $scheme://catchall;
}
location @to_captcha {
include /etc/imunify360-webshield/invisible-captcha.conf;
root html/captcha;
default_type text/html;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
add_header cf-edge-cache no-cache;
add_header Expires 'Thu, 01 Jan 1970 00:00:01 GMT';
if_modified_since off;
expires off;
etag off;
keepalive_timeout 0;
include /etc/imunify360-webshield/webshield-captcha.conf.d/*.conf;
content_by_lua_file lua/captcha.lua;
}
location @to_splashscreen {
root html/splashscreen;
default_type text/html;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
add_header cf-edge-cache no-cache;
if_modified_since off;
expires off;
etag off;
keepalive_timeout 0;
include /etc/imunify360-webshield/webshield-splashscreen.conf.d/*.conf;
content_by_lua_file lua/splashscreen.lua;
}
location = /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f {
content_by_lua_file lua/wsidchk.lua;
}

159
imunify360-webshield/webshield.conf
View File

@@ -1,159 +0,0 @@
user imunify360-webshield;
worker_processes 1;
error_log /var/log/imunify360-webshield/error.log warn;
pid /var/run/imunify360-webshield.pid;
worker_rlimit_nofile 65536;
events {
worker_connections 65536;
multi_accept on;
}
http {
variables_hash_max_size 2048;
map_hash_max_size 4096;
map_hash_bucket_size 128;
# Make sure all clients' headers are passed
ignore_invalid_headers off;
# Allow upload of files of unlimited size
client_max_body_size 0;
include /etc/imunify360-webshield/mime.types;
default_type application/octet-stream;
# XFF:"ip" is to match nginx captcha access.log separately from
# other access logs
log_format main '$wsuserip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent $host "$http_referer" '
'"$http_user_agent" WL:"$domain_whitelisted" "$http_x_requested_with" '
'XFF:"$http_x_forwarded_for" CAPTCHA:"$wscaptcha" PEER:$remote_addr';
access_log /var/log/imunify360-webshield/access.log main;
include /etc/imunify360-webshield/unified_access_logger.conf;
sendfile on;
#tcp_nopush on;
keepalive_timeout 0;
#gzip on;
proxy_read_timeout 180s;
proxy_send_timeout 180s;
proxy_buffering off;
proxy_buffers 8 128k;
proxy_buffer_size 128k;
client_body_buffer_size 128k;
http2_max_field_size 8k;
include webshield-http.conf.d/*.conf;
include /etc/imunify360-webshield/wscheck.conf;
include /etc/imunify360-webshield/captcha.conf;
include /etc/imunify360-webshield/splashscreen.conf;
include /etc/imunify360-webshield/splashscreen-antibot.conf;
geo $remote_proxy {
default 0;
include /etc/imunify360-webshield/agent-proxies.conf;
include /etc/imunify360-webshield/common-proxies.conf;
}
map $host $domain_whitelisted {
default 0;
include /etc/imunify360-webshield/whitelisted-domains.conf;
}
map $server_addr $bind_target {
default 127.0.0.1;
"~^[a-fA-F0-9:\[\]]+$" ::1;
}
geo $wsuserip $remote_country_code {
default none;
include /etc/imunify360-webshield/country_ips.conf;
}
map $remote_country_code $remote_blocked_by_country {
default 0;
include /etc/imunify360-webshield/blocked_country_codes.conf;
}
geo $wsuserip $custom_whitelisted {
default 0;
include /etc/imunify360-webshield/custom-whitelisted.conf;
}
geo $wsuserip $custom_blacklisted {
default 0;
include /etc/imunify360-webshield/custom-blacklisted.conf;
}
lua_shared_dict domains_ips 1m;
lua_shared_dict splashscreen_sessions 1m;
lua_shared_dict captchapassed_clients 1m;
lua_shared_dict notfound_ssl_domains 1m;
lua_shared_dict ipset_check_cacher 1m;
init_by_lua_file lua/init.lua;
map $server_port $proxy_port {
default 80;
52223 443;
52224 80;
52227 2087;
52228 2086;
52229 2083;
52230 2082;
52231 2096;
52232 2095;
52233 8443;
52234 8880;
52235 2222;
}
map $proxy_port $append_port {
default 1;
80 0;
443 0;
}
upstream catchall {
server 127.0.0.1;
balancer_by_lua_block {
local balancer = require "ngx.balancer"
local host = ngx.var.server_addr
if host ~= nil and host:match(":") then
host = "[" .. host .. "]"
end
local port = ngx.var.proxy_port
local ok, err = balancer.set_current_peer(host, port)
if not ok then
ngx.log(ngx.ERR, "failed to set the current peer: ", err)
return ngx.exit(ngx.ERROR)
end
}
keepalive 32;
}
server_tokens off;
more_set_headers "Server: imunify360-webshield/1.18";
server {
server_name _;
ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
include /etc/imunify360-webshield/ports.conf;
include /etc/imunify360-webshield/ssl_ports.conf;
include /etc/imunify360-webshield/ssl.conf;
include /etc/imunify360-webshield/webshield-server.conf.d/*.conf;
include /etc/imunify360-webshield/virtserver.conf;
}
}

6
imunify360-webshield/whitelisted-domains.conf
View File

@@ -1,6 +0,0 @@
# White list for domains to disable the captcha check
# See http://nginx.org/ru/docs/http/ngx_http_map_module.html for syntax
# Use 1 to enable whitelisting and 0 to disable
# example.org 1; # enable whitelisting
# www.example.org 0; # temporary disable whitelisting

126
imunify360-webshield/win-utf
View File

@@ -1,126 +0,0 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A ; # single low-9 quotation mark
84 E2809E ; # double low-9 quotation mark
85 E280A6 ; # ellipsis
86 E280A0 ; # dagger
87 E280A1 ; # double dagger
88 E282AC ; # euro
89 E280B0 ; # per mille
91 E28098 ; # left single quotation mark
92 E28099 ; # right single quotation mark
93 E2809C ; # left double quotation mark
94 E2809D ; # right double quotation mark
95 E280A2 ; # bullet
96 E28093 ; # en dash
97 E28094 ; # em dash
99 E284A2 ; # trade mark sign
A0 C2A0 ; # &nbsp;
A1 D18E ; # capital Byelorussian short U
A2 D19E ; # small Byelorussian short u
A4 C2A4 ; # currency sign
A5 D290 ; # capital Ukrainian soft G
A6 C2A6 ; # borken bar
A7 C2A7 ; # section sign
A8 D081 ; # capital YO
A9 C2A9 ; # (C)
AA D084 ; # capital Ukrainian YE
AB C2AB ; # left-pointing double angle quotation mark
AC C2AC ; # not sign
AD C2AD ; # soft hypen
AE C2AE ; # (R)
AF D087 ; # capital Ukrainian YI
B0 C2B0 ; # &deg;
B1 C2B1 ; # plus-minus sign
B2 D086 ; # capital Ukrainian I
B3 D196 ; # small Ukrainian i
B4 D291 ; # small Ukrainian soft g
B5 C2B5 ; # micro sign
B6 C2B6 ; # pilcrow sign
B7 C2B7 ; # &middot;
B8 D191 ; # small yo
B9 E28496 ; # numero sign
BA D194 ; # small Ukrainian ye
BB C2BB ; # right-pointing double angle quotation mark
BF D197 ; # small Ukrainian yi
C0 D090 ; # capital A
C1 D091 ; # capital B
C2 D092 ; # capital V
C3 D093 ; # capital G
C4 D094 ; # capital D
C5 D095 ; # capital YE
C6 D096 ; # capital ZH
C7 D097 ; # capital Z
C8 D098 ; # capital I
C9 D099 ; # capital J
CA D09A ; # capital K
CB D09B ; # capital L
CC D09C ; # capital M
CD D09D ; # capital N
CE D09E ; # capital O
CF D09F ; # capital P
D0 D0A0 ; # capital R
D1 D0A1 ; # capital S
D2 D0A2 ; # capital T
D3 D0A3 ; # capital U
D4 D0A4 ; # capital F
D5 D0A5 ; # capital KH
D6 D0A6 ; # capital TS
D7 D0A7 ; # capital CH
D8 D0A8 ; # capital SH
D9 D0A9 ; # capital SHCH
DA D0AA ; # capital hard sign
DB D0AB ; # capital Y
DC D0AC ; # capital soft sign
DD D0AD ; # capital E
DE D0AE ; # capital YU
DF D0AF ; # capital YA
E0 D0B0 ; # small a
E1 D0B1 ; # small b
E2 D0B2 ; # small v
E3 D0B3 ; # small g
E4 D0B4 ; # small d
E5 D0B5 ; # small ye
E6 D0B6 ; # small zh
E7 D0B7 ; # small z
E8 D0B8 ; # small i
E9 D0B9 ; # small j
EA D0BA ; # small k
EB D0BB ; # small l
EC D0BC ; # small m
ED D0BD ; # small n
EE D0BE ; # small o
EF D0BF ; # small p
F0 D180 ; # small r
F1 D181 ; # small s
F2 D182 ; # small t
F3 D183 ; # small u
F4 D184 ; # small f
F5 D185 ; # small kh
F6 D186 ; # small ts
F7 D187 ; # small ch
F8 D188 ; # small sh
F9 D189 ; # small shch
FA D18A ; # small hard sign
FB D18B ; # small y
FC D18C ; # small soft sign
FD D18D ; # small e
FE D18E ; # small yu
FF D18F ; # small ya
}

14
imunify360-webshield/wscheck.conf
View File

@@ -1,14 +0,0 @@
# enable captcha check for CloudFlare (on|off, default is off)
cloudflare_captcha off;
# Use splashscreen as captcha for Chinese customers
wscheck_splashscreen_as_captcha off;
# Use these values for User ID hash
wscheck_session_key $remote_addr$http_user_agent;
# Search client address in the following places
wscheck_ipsearch cloudflare|$http_cf_connecting_ip cloudflare|$http_true_client_ip !cloudflare|$http_x_forwarded_for;
# Use this variable to check if client is a proxy
wscheck_proxy_var_name remote_proxy;

57
imunify360/unified-access-logger.conf
View File

@@ -1,57 +0,0 @@
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. INTERNAL USAGE ONLY.
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# Direct modifications to this file prohibited.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
groups:
ipv4: 36005
ipv6: 36005
rules:
# im360-whitelist:
# id: 1
# name: Accepted packets from whitelisted IP via iptables rules
# severity: 3
im360-blacklist:
id: 2
name: Dropped packets from blacklisted IP via iptables rules
severity: 6
im360-graylist:
id: 3
name: Dropped packets on non-web port from graylisted IP via iptables rules
severity: 6
im360-blocked-by-port:
id: 4
name: Dropped packets for blocked port via iptables rules
severity: 6
im360-whitelisted-country:
id: 5
name: Accepted packets from whitelisted country via iptables rules
severity: 3
im360-blacklisted-country:
id: 6
name: Dropped packets from blacklisted country via iptables rules
severity: 6
webshield_blacklisted:
id: 7
name: Dropped request from blacklisted IP via WebShield
severity: 6
webshield_blacklisted_country:
id: 8
severity: 6
name: Dropped request from blacklisted country via WebShield
webshield_graylisted_blocked:
id: 9
severity: 6
name: Dropped non-text/html request from graylisted IP via WebShield
im360-outgoing-blocked:
id: 10
severity: 6
name: Outgoing connection blocked
webshield_splashscreen:
id: 11
severity: 6
name: Shown splashscreen as request response for graylisted IP via WebShield

1
ld.so.conf.d/alt-hyperscan.conf
View File

@@ -1 +0,0 @@
/opt/alt/hyperscan54///lib64/

11
logrotate.d/cloudlinux-backup-utils
View File

@@ -1,11 +0,0 @@
/var/log/cloudlinux-backup-mysql-freeze.log
/var/log/cloudlinux-backup-utils-cron.log
/var/log/cloudlinux-backup-utils.log
{
rotate 3
maxsize 50M
compress
delaycompress
create 640 root root
missingok
}

17
logrotate.d/imunify360
View File

@@ -1,17 +0,0 @@
/var/log/imunify360/captcha.log {
# Keep 3 lotated files before removal
rotate 3
maxsize 50M
hourly
compress
delaycompress
nocreate
missingok
postrotate
if systemctl status imunify360-captcha > /dev/null ; then \
systemctl restart imunify360-captcha > /dev/null; \
fi;
endscript
}

9
logrotate.d/imunify360-pam
View File

@@ -1,9 +0,0 @@
/var/log/imunify360/pam.log {
missingok
notifempty
size 30k
create 0600 root root
postrotate
systemctl restart imunify360-pam > /dev/null
endscript
}

9
logrotate.d/imunify360-unified-access-logger
View File

@@ -1,9 +0,0 @@
/var/log/imunify360/imunify360-unified-access-logger/log.rotate {
missingok
notifempty
size 30k
create 0600 root root
postrotate
service imunify360-unified-access-logger restart
endscript
}

9
logrotate.d/imunify360-wafd
View File

@@ -1,9 +0,0 @@
/var/log/imunify360/wafd.log {
missingok
notifempty
size 30k
create 0600 root root
postrotate
service imunify360-wafd restart
endscript
}

15
logrotate.d/imunify360-webshield
View File

@@ -1,15 +0,0 @@
/var/log/imunify360-webshield/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 640 imunify360-webshield adm
sharedscripts
postrotate
if [ -f /var/run/imunify360-webshield.pid ]; then
kill -USR1 `cat /var/run/imunify360-webshield.pid`
fi
endscript
}

22
logrotate.d/ossec-hids
View File

@@ -1,22 +0,0 @@
/var/ossec/logs/active-responses.log {
missingok
notifempty
copytruncate
maxsize 100M
rotate 7
create 0664 ossec ossec
su ossec ossec
}
/var/ossec/logs/ossec.log {
missingok
notifempty
copytruncate
maxsize 100M
rotate 7
create 0664 ossec ossec
su ossec ossec
postrotate
/var/ossec/bin/ossec-control restart > /dev/null 2>/dev/null
endscript
}

0
odbc.ini
View File

42
odbcinst.ini
View File

@@ -1,42 +0,0 @@
# Example driver definitions
# Driver from the postgresql-odbc package
# Setup from the unixODBC package
[PostgreSQL]
Description = ODBC for PostgreSQL
Driver = /usr/lib/psqlodbcw.so
Setup = /usr/lib/libodbcpsqlS.so
Driver64 = /usr/lib64/psqlodbcw.so
Setup64 = /usr/lib64/libodbcpsqlS.so
FileUsage = 1
# Driver from the mysql-connector-odbc package
# Setup from the unixODBC package
[MySQL]
Description = ODBC for MySQL
Driver = /usr/lib/libmyodbc5.so
Setup = /usr/lib/libodbcmyS.so
Driver64 = /usr/lib64/libmyodbc5.so
Setup64 = /usr/lib64/libodbcmyS.so
FileUsage = 1
# Driver from the freetds-libs package
# Setup from the unixODBC package
[FreeTDS]
Description = Free Sybase & MS SQL Driver
Driver = /usr/lib/libtdsodbc.so
Setup = /usr/lib/libtdsS.so
Driver64 = /usr/lib64/libtdsodbc.so
Setup64 = /usr/lib64/libtdsS.so
Port = 1433
# Driver from the mariadb-connector-odbc package
# Setup from the unixODBC package
[MariaDB]
Description = ODBC for MariaDB
Driver = /usr/lib/libmaodbc.so
Driver64 = /usr/lib64/libmaodbc.so
FileUsage = 1

4
ossec-init.conf
View File

@@ -1,4 +0,0 @@
DIRECTORY="/var/ossec"
VERSION="3.1.0"
DATE="Wed Dec 28 14:52:06 UTC 2022"
TYPE="server"

8
pam.d/.password-auth.i360patch
View File

@@ -1,8 +0,0 @@
--- /etc/pam.d/password-auth 2021-08-26 19:12:51.778023053 +0300
+++ - 2023-02-09 14:51:46.796675536 +0200
@@ -1,3 +1,5 @@
auth required pam_env.so
+auth required pam_imunify.so check_only
auth sufficient pam_unix.so try_first_pass nullok
+auth required pam_imunify.so
auth required pam_deny.so

8
pam.d/.system-auth.i360patch
View File

@@ -1,8 +0,0 @@
--- /etc/pam.d/system-auth 2022-10-08 19:09:45.000000000 +0300
+++ - 2023-02-09 14:51:46.801236173 +0200
@@ -4,3 +4,5 @@
auth required pam_env.so
+auth required pam_imunify.so check_only
auth sufficient pam_unix.so try_first_pass nullok
+auth required pam_imunify.so
auth required pam_deny.so

7
pam.d/dovecot_imunify
View File

@@ -1,7 +0,0 @@
#%PAM-1.0
auth required pam_nologin.so
auth required pam_imunify.so check_only
auth sufficient pam_imunify.so
auth required pam_deny.so
account required pam_permit.so

7
pam.d/dovecot_imunify_domainowner
View File

@@ -1,7 +0,0 @@
#%PAM-1.0
auth required pam_nologin.so
auth required pam_imunify.so check_only
auth sufficient pam_imunify.so domain_owner_mail_pass
auth required pam_deny.so
account required pam_permit.so

2
pam.d/password-auth
View File

@@ -1,7 +1,5 @@
auth required pam_env.so auth required pam_env.so
auth required pam_imunify.so check_only
auth sufficient pam_unix.so try_first_pass nullok auth sufficient pam_unix.so try_first_pass nullok
auth required pam_imunify.so
auth required pam_deny.so auth required pam_deny.so
account required pam_unix.so account required pam_unix.so

11
pam.d/proftpd_imunify
View File

@@ -1,11 +0,0 @@
#%PAM-1.0
auth required pam_nologin.so
auth required pam_listfile.so item=user sense=deny file=/etc/proftpd/passwd.vhosts onerr=succeed
auth required pam_imunify.so check_only
auth optional pam_unix.so nullok try_first_pass
auth sufficient pam_imunify.so cpanel
auth required pam_deny.so
account required pam_permit.so
session required pam_permit.so

2
pam.d/system-auth
View File

@@ -2,9 +2,7 @@
# This file is auto-generated. # This file is auto-generated.
# User changes will be destroyed the next time authselect is run. # User changes will be destroyed the next time authselect is run.
auth required pam_env.so auth required pam_env.so
auth required pam_imunify.so check_only
auth sufficient pam_unix.so try_first_pass nullok auth sufficient pam_unix.so try_first_pass nullok
auth required pam_imunify.so
auth required pam_deny.so auth required pam_deny.so
account required pam_unix.so account required pam_unix.so

47
pam_imunify/i360.ini
View File

@@ -1,47 +0,0 @@
# Path to database
mod_db_path=/opt/i360_pam_imunify/db
# Path to UNIX socket
socket=/opt/i360_pam_imunify/pam_imunify360.sock
# Wait for service to start up to 120 seconds
socket_readycheck_timeout=120
# Log file path
# log=/var/log/imunify360/pam.log
# Sentry error reporting (must be an url or "off")
sentry=https://sentry.cloudlinux.com/sentry/i360-pam-imunify/
# RBL domains (separated with comma) and timeout (in seconds)
rbl=net-brute.rbl.imunify.com.
RBL_timeout=5
RBL_nameserver=ns1-rbl.imunify.com:53
USER_LOCK_TIMEOUT=5
USER_LOCK_ATTEMPTS=10
USER_LOCK_MINUTES=5
# for how long username / ip should timeout in minutes
USER_IP_LOCK_TIMEOUT=5
# of attempts after which username / ip should be locked
USER_IP_LOCK_ATTEMPTS=10
# period during which attempts should be accounted for
USER_IP_LOCK_MINUTES=5
# for how long username / ip pair shall be kept in whitelist after succesful login
# (default 20160 is 14 days)
USER_IP_LOCK_AUTOWHITELIST_TIMEOUT=20160
# for how long IP should timeout in minutes
IP_LOCK_TIMEOUT=5
# of attempts after which IP should be locked
IP_LOCK_ATTEMPTS=100
# period during which attempts should be accounted for
IP_LOCK_MINUTES=5
whitelisted_ips_path=/var/i360_pam_imunify/wl/ips.txt
# whitelisted_ips_include is comma separated path list
# where user ip list path goes the last
whitelisted_ips_include=/etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/rbl_whitelist,/etc/httpd/conf/modsecurity.d/rules/custom/rbl_whitelist,/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-litespeed/rbl_whitelist
whitelisted_users_path=/var/i360_pam_imunify/users/users.txt

1
sysconfig/aibolit-resident
View File

@@ -1 +0,0 @@
ARCHIVE_SCAN="--scan-archive"

1
sysconfig/imunify360/auth.admin
View File

@@ -1 +0,0 @@
root

4
sysconfig/imunify360/custom_billing.config
View File

@@ -1,4 +0,0 @@
CUSTOM_BILLING:
upgrade_url: null
billing_notifications: true
ip_license: true

0
sysconfig/imunify360/generic/global_disabled_rules.conf
View File

BIN
sysconfig/imunify360/generic/imunify-plugin.zip
View File

Binary file not shown.

0
sysconfig/imunify360/generic/modsec.conf.d/empty.conf
View File

10
sysconfig/imunify360/generic/modsec2.imunify.conf
View File

@@ -1,10 +0,0 @@
# Imunify360 mod_security config patch
<IfModule security2_module>
# The following two settings are needed for realtime scanning of uploaded files
SecRequestBodyAccess On
SecTmpSaveUploadedFiles On
SecResponseBodyLimitAction ProcessPartial
# Warning: custom SecTmpDir/SecUploadDir do not work with cPanel apache jailshell
SecTmpDir /var/imunify360/tmp_modsec
SecUploadDir /var/imunify360/tmp_modsec
</IfModule>

10
sysconfig/imunify360/generic/nginx.modsec3.imunify.conf
View File

@@ -1,10 +0,0 @@
# Imunify360 mod_security config patch
# The following two settings are needed for realtime scanning of uploaded files
SecRequestBodyAccess On
SecTmpSaveUploadedFiles On
SecResponseBodyLimitAction ProcessPartial
# Warning: custom SecTmpDir/SecUploadDir do not work with cPanel apache jailshell
SecTmpDir /var/imunify360/tmp_modsec
SecUploadDir /var/imunify360/tmp_modsec
# used as work-around for DEF-14411
SecUploadKeepFiles On

195
sysconfig/imunify360/imunify360-merged.config
View File

@@ -1,195 +0,0 @@
############################################################################
# DO NOT MODIFY THIS FILE!!! #
# USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS #
############################################################################
ADMIN_CONTACTS:
emails:
- bogdan@898.ro
enable_icontact_notifications: true
AUTO_WHITELIST:
after_unblock_timeout: 1440
timeout: 1440
BACKUP_RESTORE:
cl_backup_allowed: true
cl_on_premise_backup_allowed: false
max_days_in_backup: 90
BLOCKED_PORTS:
default_mode: allowed
CAPTCHA:
cert_refresh_timeout: 3600
CAPTCHA_DOS:
enabled: true
max_count: 100
time_frame: 21600
timeout: 864000
CSF_INTEGRATION:
catch_lfd_events: true
DOS:
default_limit: 250
enabled: true
interval: 30
port_limits: {}
ERROR_REPORTING:
enable: true
FIREWALL:
TCP_IN_IPv4:
- '20'
- '21'
- '22'
- '25'
- '53'
- '80'
- '110'
- '443'
- '465'
- '587'
- '993'
- '995'
TCP_OUT_IPv4:
- '20'
- '21'
- '22'
- '25'
- '53'
- '80'
- '110'
- '113'
- '443'
- '587'
- '993'
- '995'
UDP_IN_IPv4:
- '20'
- '21'
- '53'
- '443'
UDP_OUT_IPv4:
- '20'
- '21'
- '53'
- '113'
- '123'
internal_use_remote_iplist: false
port_blocking_mode: ALLOW
INCIDENT_LOGGING:
limit: 100000
min_log_level: 4
num_days: 100
ui_autorefresh_timeout: 10
KERNELCARE:
edf: false
LOGGER:
backup_count: 5
max_log_file_size: 62914560
syscall_monitor: false
MALWARE_CLEANUP:
keep_original_files_days: 14
trim_file_instead_of_removal: true
MALWARE_DATABASE_SCAN:
enable: true
MALWARE_SCANNING:
cloud_assisted_scan: true
crontabs: false
default_action: cleanup
detect_elf: true
enable_scan_cpanel: true
enable_scan_inotify: true
enable_scan_modsec: true
enable_scan_pure_ftpd: true
hyperscan: true
max_cloudscan_size_to_scan: 10485760
max_mrs_upload_file: 10485760
max_signature_size_to_scan: 1048576
notify_on_detect: false
optimize_realtime_scan: true
rapid_scan: true
rapid_scan_rescan_unchanging_files_frequency: null
scan_modified_files: null
sends_file_for_analysis: true
try_restore_from_backup_first: false
MALWARE_SCAN_INTENSITY:
cpu: 2
io: 1
ram: 2048
user_scan_cpu: 2
user_scan_io: 2
user_scan_ram: 1024
MALWARE_SCAN_SCHEDULE:
day_of_month: 1
day_of_week: 0
hour: 3
interval: week
MOD_SEC:
app_specific_ruleset: true
cms_account_compromise_prevention: true
prev_settings: ''
ruleset: MINIMAL
MOD_SEC_BLOCK_BY_CUSTOM_RULE:
33332:
check_period: 120
max_incidents: 10
33339:
check_period: 120
max_incidents: 10
MOD_SEC_BLOCK_BY_SEVERITY:
check_period: 120
denied_num_limit: 2
enable: true
max_incidents: 2
severity_limit: 2
NETWORK_INTERFACE:
eth6_device: null
eth_device: null
eth_device_skip: []
OSSEC:
active_response: true
PAM:
enable: true
exim_dovecot_native: false
exim_dovecot_protection: true
ftp_protection: true
PERMISSIONS:
advisor: true
allow_malware_scan: false
support_form: true
upgrade_button: true
user_ignore_list: false
user_override_malware_actions: false
user_override_proactive_defense: false
PROACTIVE_DEFENCE:
blamer: true
mode: KILL
php_immunity: true
RESOURCE_MANAGEMENT:
cpu_limit: 2
io_limit: 2
ram_limit: 500
SECURE_SITE:
enable: false
purchase_page_url: https://secure.site
SEND_ADDITIONAL_DATA:
enable: true
SMTP_BLOCKING:
allow_groups:
- mail
allow_local: false
allow_users: []
enable: false
ports:
- 25
- 587
- 465
redirect: false
STOP_MANAGING:
modsec_directives: false
WEBSHIELD:
captcha_secret_key: ''
captcha_site_key: ''
enable: false
invisible_captcha: false
known_proxies_support: true
splash_screen: true
WEB_SERVICES:
http_ports: []
https_ports: []

1
sysconfig/imunify360/imunify360.config.d/90-local.config
View File

@@ -1 +0,0 @@
../imunify360.config

196
sysconfig/imunify360/imunify360.config.defaults.example
View File

@@ -1,196 +0,0 @@
############################################################################
# DO NOT MODIFY THIS FILE!!! #
# USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS #
# This is an example of default values only #
# Changing this file will have no effect #
############################################################################
ADMIN_CONTACTS:
emails: []
enable_icontact_notifications: true
AUTO_WHITELIST:
after_unblock_timeout: 1440
timeout: 1440
BACKUP_RESTORE:
cl_backup_allowed: true
cl_on_premise_backup_allowed: false
max_days_in_backup: 90
BLOCKED_PORTS:
default_mode: allowed
CAPTCHA:
cert_refresh_timeout: 3600
CAPTCHA_DOS:
enabled: true
max_count: 100
time_frame: 21600
timeout: 864000
CSF_INTEGRATION:
catch_lfd_events: false
DOS:
default_limit: 250
enabled: true
interval: 30
port_limits: {}
ERROR_REPORTING:
enable: true
FIREWALL:
TCP_IN_IPv4:
- '20'
- '21'
- '22'
- '25'
- '53'
- '80'
- '110'
- '443'
- '465'
- '587'
- '993'
- '995'
TCP_OUT_IPv4:
- '20'
- '21'
- '22'
- '25'
- '53'
- '80'
- '110'
- '113'
- '443'
- '587'
- '993'
- '995'
UDP_IN_IPv4:
- '20'
- '21'
- '53'
- '443'
UDP_OUT_IPv4:
- '20'
- '21'
- '53'
- '113'
- '123'
internal_use_remote_iplist: false
port_blocking_mode: ALLOW
INCIDENT_LOGGING:
limit: 100000
min_log_level: 4
num_days: 100
ui_autorefresh_timeout: 10
KERNELCARE:
edf: false
LOGGER:
backup_count: 5
max_log_file_size: 62914560
syscall_monitor: false
MALWARE_CLEANUP:
keep_original_files_days: 14
trim_file_instead_of_removal: true
MALWARE_DATABASE_SCAN:
enable: false
MALWARE_SCANNING:
cloud_assisted_scan: true
crontabs: false
default_action: cleanup
detect_elf: true
enable_scan_cpanel: true
enable_scan_inotify: true
enable_scan_modsec: true
enable_scan_pure_ftpd: true
hyperscan: false
max_cloudscan_size_to_scan: 10485760
max_mrs_upload_file: 10485760
max_signature_size_to_scan: 1048576
notify_on_detect: false
optimize_realtime_scan: true
rapid_scan: true
rapid_scan_rescan_unchanging_files_frequency: null
scan_modified_files: null
sends_file_for_analysis: true
try_restore_from_backup_first: false
MALWARE_SCAN_INTENSITY:
cpu: 2
io: 2
ram: 2048
user_scan_cpu: 2
user_scan_io: 2
user_scan_ram: 1024
MALWARE_SCAN_SCHEDULE:
day_of_month: 1
day_of_week: 0
hour: 3
interval: week
MOD_SEC:
app_specific_ruleset: true
cms_account_compromise_prevention: false
prev_settings: ''
ruleset: FULL
MOD_SEC_BLOCK_BY_CUSTOM_RULE:
33332:
check_period: 120
max_incidents: 10
33339:
check_period: 120
max_incidents: 10
MOD_SEC_BLOCK_BY_SEVERITY:
check_period: 120
denied_num_limit: 2
enable: true
max_incidents: 2
severity_limit: 2
NETWORK_INTERFACE:
eth6_device: null
eth_device: null
eth_device_skip: []
OSSEC:
active_response: false
PAM:
enable: true
exim_dovecot_native: false
exim_dovecot_protection: true
ftp_protection: false
PERMISSIONS:
advisor: true
allow_malware_scan: false
support_form: true
upgrade_button: true
user_ignore_list: false
user_override_malware_actions: false
user_override_proactive_defense: false
PROACTIVE_DEFENCE:
blamer: true
mode: LOG
php_immunity: false
RESOURCE_MANAGEMENT:
cpu_limit: 2
io_limit: 2
ram_limit: 500
SECURE_SITE:
enable: false
purchase_page_url: https://secure.site
SEND_ADDITIONAL_DATA:
enable: true
SMTP_BLOCKING:
allow_groups:
- mail
allow_local: false
allow_users: []
enable: false
ports:
- 25
- 587
- 465
redirect: false
STOP_MANAGING:
modsec_directives: false
WEBSHIELD:
captcha_secret_key: ''
captcha_site_key: ''
enable: true
invisible_captcha: false
known_proxies_support: true
splash_screen: true
WEB_SERVICES:
http_ports: []
https_ports: []

4
sysconfig/imunify360/imunify360.config → sysconfig/imunify360/imunify360.config.rpmsave
View File

@@ -10,6 +10,10 @@ MALWARE_DATABASE_SCAN:
MALWARE_SCAN_INTENSITY: MALWARE_SCAN_INTENSITY:
cpu: 2 cpu: 2
io: 1 io: 1
MALWARE_SCAN_SCHEDULE:
day_of_month: 14
hour: 3
interval: month
MOD_SEC: MOD_SEC:
cms_account_compromise_prevention: true cms_account_compromise_prevention: true
ruleset: MINIMAL ruleset: MINIMAL

18
sysconfig/imunify360/malware-filters-admin-conf/ignored.txt
View File

@@ -1,18 +0,0 @@
# IMPORTANT: after making changes to this file, perform:
#
# imunify360-agent malware rebuild patterns
#
# This file contains additional regular expression patterns specifying what
# filesystem paths should not be monitored by inotify/ fanotify realtime
# scanner.
# Patterns can be absolute:
# /another/folder
# or relative to basedirs supplied by hosting control panels:
# +[^/]+/www/\.cache
# This relative pattern will expand to ^/home/[^/]+/www/\.cache for cPanel, for
# example.
#
# All patterns listed here have higher priority than stock watched and ignored
# lists supplied with Imunify360.
#
# Custom ignore patterns have higher priority than custom watched patterns.

1
sysconfig/imunify360/malware-filters-admin-conf/pd-combined.txt
View File

@@ -1 +0,0 @@
/etc/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt

0
sysconfig/imunify360/malware-filters-admin-conf/processed/basedirs-list.txt
View File

3
sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt
View File

@@ -1,3 +0,0 @@
L3Byb2M=
L3N5cw==
L3Vzci9zaGFyZS9jYWdlZnMtc2tlbGV0b24vcHJvYw==

1
sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin.txt
View File

@@ -1 +0,0 @@
^$

1
sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-internal.txt
View File

@@ -1 +0,0 @@
\.log(?:[.-]\d)?(?:\.gz)?$|\.ini$|\.socket$|\.sock$|/error_log$|^/usr/share/cagefs-skeleton(?:$|/)|^/tmp/lshttpd/.+?\.sock$|^/tmp/lshttpd/.+?\.rtreport[.0-9]*$|^/usr/local/apache/domlogs(?:$|/)|^/var/log/(?:apache2?|httpd)/domlogs(?:$|/)|^/etc/(?:apache2?|httpd)/logs/domlogs(?:$|/)|^/var/ossec(?:$|/)|^/(home[1-9]?|var/www|var/imunify360/tmp)/\.restore-infected/.*(?:$|/)|/template_\w{32}.css$|/cache/object/\w{1,10}/\w{1,10}/\w{1,10}/\w{32}\.php$|/wp-content/cache/object/\w{1,5}/\w{1,5}/\w{32}\.php$|/system/cache/templates_c/\w{1,40}\.php$|/assets/cache/rss/\w{1,60}$|/cache/minify/minify_\w{32}$|/cache/page/\w{32}\.php$|/cache/wp-cache-\d{32}\.php$|/cache/page/\w{32}\.php_expire$|/cache/page/\w{32}-cache-page-\w{32}\.php$|\w{32}-cache-com_content-\w{32}\.php$|\w{32}-cache-mod_custom-\w{32}\.php$|\w{32}-cache-mod_templates-\w{32}\.php$|\w{32}-cache-_system-\w{32}\.php$|/autoptimize/js/autoptimize_\w{32}\.js$|/files/templates_c/.{1,150}\.html\.php$|/uploads/javascript_global/.{1,150}\.js$|сore/cache/resource/web/resources/\d+\.cache\.php$|/assets/cache/docid_\d+_\w{32}\.pageCache\.php$|/t3-assets/dev/t3/.{1,150}-cache-\w{1,20}-.{1,150}\.php$|/t3-assets/js/js-\w{1,30}\.js$|/temp/cache/SC/.{1,100}/\.cache\..{1,100}\.php$|/tmp/sess\_\w{32}$|/assets/cache/docid\_.{1,100}\.pageCache\.php$|/stat/usage\_\w{1,100}\.html$|/stat/usage_\d+\.html$|/stat/site\_\w{1,100}\.html$|/gallery/item/list/\w{1,100}\.cache\.php$|/core/cache/registry/.{1,100}/ext-.{1,100}\.php$|/core/cache/resource/shk\_/\w{1,50}\.cache\.php$|/cache/\w{1,40}/\w+-cache-\w+-\w{32,40}\.php$|/hyper-cache/[^/]{1,50}/[^/]{1,50}/[^/]{1,50}/index\.html$|/application/logs/\d+/\d+/\d+\.php$|/session/sess_\w{32}$|/litespeed/(?:[uc]?css|js)/(?:\d/)?[0-9a-f]{3,32}\.(?:css|js)(?:\.tmp)?$|/cache/(?:db/)?(?:\d+/)*options/[0-9a-f]{3}/[0-9a-f]{3}/[0-9a-f]{32}\.php$|/cache/wp-rocket/.+\.html_(?:gzip|temp|gzip_temp)$|/cache(?:-off)?/autoptimize/(?:\d/)?(?:js/|css/)?autoptimize_\w+\.(?:js|css|img|php)$|/(?:et-cache/|cache/et/)(?:[0-9a-f]+|notfound)/et-.+\.css$|/plugins/elementor/assets/(?:css|js|lib|[^/]*shapes|svg-paths|images)/.+\.(?:css|js|svg|gif|png)$|/cache/(?:prod|dev)/smarty/compile/.{1,150}\.tpl(?:\.cache)?\.php$|/smarty/(?:compile|cache)/.*[0-9a-f]{2}/[0-9a-f]{2}/[0-9a-f]{2}/wrt[0-9a-f]{14}_\d{8}$|/cache/(?:pro[d_]|dev)/(?:annotations|doctrine)/\w{2}/\w{16,150}\.doctrinecache\.data$|/sessions/sess_[0-9a-f]{32}$|/cache/cachestore_file/default_application/\w+/.+\.(?:cache|temp)$|/cache/models/(?:model/)?\w+_cake_model_\w+$|/var/(?:page_)?cache/mage-tags/mage---\w+$|/wflogs/config\.tmp\.\w{6}$|/api/user_(?:message|logs)\.db$|/#sql[\w.-]+\.M[YA][DI]$|^/(?:dev/shm(?:/lsws)?|(?:var/)?tmp/lshttpd/swap)/[0-9a-f]/[0-9a-f]/[0-9a-f]{30}\.ls[bz]l?$|/media/catalog/product/cache/.+\.(?:jpe?g|gif|png)$|/cache/zend_cache---[\w-]+$|/images/\d{4}/\d{2}/\d{2}/[^/]+\.(?:jpe?g|gif)$|^/dev/shm/|/cache/cache(?:\.\w+)+\.\d{10}$|/\.wp-toolkit/tmp\.\w{10}$|/media/videos/tmb/[0-9a-f]+/[^/]+\.jpg$

1
sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/pd-combined.txt
View File

@@ -1 +0,0 @@
\.log(?:[.-]\d)?(?:\.gz)?$|\.ini$|\.socket$|\.sock$|/error_log$|^/usr/share/cagefs-skeleton(?:$|/)|^/tmp/lshttpd/.+?\.sock$|^/tmp/lshttpd/.+?\.rtreport[.0-9]*$|^/usr/local/apache/domlogs(?:$|/)|^/var/log/(?:apache2?|httpd)/domlogs(?:$|/)|^/etc/(?:apache2?|httpd)/logs/domlogs(?:$|/)|^/var/ossec(?:$|/)|^/(home[1-9]?|var/www|var/imunify360/tmp)/\.restore-infected/.*(?:$|/)|/template_\w{32}.css$|/cache/object/\w{1,10}/\w{1,10}/\w{1,10}/\w{32}\.php$|/wp-content/cache/object/\w{1,5}/\w{1,5}/\w{32}\.php$|/system/cache/templates_c/\w{1,40}\.php$|/assets/cache/rss/\w{1,60}$|/cache/minify/minify_\w{32}$|/cache/page/\w{32}\.php$|/cache/wp-cache-\d{32}\.php$|/cache/page/\w{32}\.php_expire$|/cache/page/\w{32}-cache-page-\w{32}\.php$|\w{32}-cache-com_content-\w{32}\.php$|\w{32}-cache-mod_custom-\w{32}\.php$|\w{32}-cache-mod_templates-\w{32}\.php$|\w{32}-cache-_system-\w{32}\.php$|/autoptimize/js/autoptimize_\w{32}\.js$|/files/templates_c/.{1,150}\.html\.php$|/uploads/javascript_global/.{1,150}\.js$|сore/cache/resource/web/resources/\d+\.cache\.php$|/assets/cache/docid_\d+_\w{32}\.pageCache\.php$|/t3-assets/dev/t3/.{1,150}-cache-\w{1,20}-.{1,150}\.php$|/t3-assets/js/js-\w{1,30}\.js$|/temp/cache/SC/.{1,100}/\.cache\..{1,100}\.php$|/tmp/sess\_\w{32}$|/assets/cache/docid\_.{1,100}\.pageCache\.php$|/stat/usage\_\w{1,100}\.html$|/stat/usage_\d+\.html$|/stat/site\_\w{1,100}\.html$|/gallery/item/list/\w{1,100}\.cache\.php$|/core/cache/registry/.{1,100}/ext-.{1,100}\.php$|/core/cache/resource/shk\_/\w{1,50}\.cache\.php$|/cache/\w{1,40}/\w+-cache-\w+-\w{32,40}\.php$|/hyper-cache/[^/]{1,50}/[^/]{1,50}/[^/]{1,50}/index\.html$|/application/logs/\d+/\d+/\d+\.php$|/session/sess_\w{32}$|/litespeed/(?:[uc]?css|js)/(?:\d/)?[0-9a-f]{3,32}\.(?:css|js)(?:\.tmp)?$|/cache/(?:db/)?(?:\d+/)*options/[0-9a-f]{3}/[0-9a-f]{3}/[0-9a-f]{32}\.php$|/cache/wp-rocket/.+\.html_(?:gzip|temp|gzip_temp)$|/cache(?:-off)?/autoptimize/(?:\d/)?(?:js/|css/)?autoptimize_\w+\.(?:js|css|img|php)$|/(?:et-cache/|cache/et/)(?:[0-9a-f]+|notfound)/et-.+\.css$|/plugins/elementor/assets/(?:css|js|lib|[^/]*shapes|svg-paths|images)/.+\.(?:css|js|svg|gif|png)$|/cache/(?:prod|dev)/smarty/compile/.{1,150}\.tpl(?:\.cache)?\.php$|/smarty/(?:compile|cache)/.*[0-9a-f]{2}/[0-9a-f]{2}/[0-9a-f]{2}/wrt[0-9a-f]{14}_\d{8}$|/cache/(?:pro[d_]|dev)/(?:annotations|doctrine)/\w{2}/\w{16,150}\.doctrinecache\.data$|/sessions/sess_[0-9a-f]{32}$|/cache/cachestore_file/default_application/\w+/.+\.(?:cache|temp)$|/cache/models/(?:model/)?\w+_cake_model_\w+$|/var/(?:page_)?cache/mage-tags/mage---\w+$|/wflogs/config\.tmp\.\w{6}$|/api/user_(?:message|logs)\.db$|/#sql[\w.-]+\.M[YA][DI]$|^/(?:dev/shm(?:/lsws)?|(?:var/)?tmp/lshttpd/swap)/[0-9a-f]/[0-9a-f]/[0-9a-f]{30}\.ls[bz]l?$|/media/catalog/product/cache/.+\.(?:jpe?g|gif|png)$|/cache/zend_cache---[\w-]+$|/images/\d{4}/\d{2}/\d{2}/[^/]+\.(?:jpe?g|gif)$|^/dev/shm/|/cache/cache(?:\.\w+)+\.\d{10}$|/\.wp-toolkit/tmp\.\w{10}$|/media/videos/tmb/[0-9a-f]+/[^/]+\.jpg$

0
sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-admin.txt
View File

5
sysconfig/imunify360/malware-filters-admin-conf/processed/watched/av-internal.txt
View File

@@ -1,5 +0,0 @@
/tmp
/run/shm
/dev/shm
/dev/mqueue
/var/tmp

14
sysconfig/imunify360/malware-filters-admin-conf/watched.txt
View File

@@ -1,14 +0,0 @@
# IMPORTANT: after making changes to this file, perform:
#
# imunify360-agent malware rebuild patterns
#
# This file contains additional shell-like glob patterns specifying what file
# system directories should be monitored by inotify/ fanotify realtime scanner.
# Patterns can be absolute:
# /another/folder
# or relative to basedirs supplied by hosting control panels:
# +*/www
# This relative pattern will expand to /home/*/www for cPanel, for example.
#
# All patterns listed here have higher priority than stock watched and ignored
# lists supplied with Imunify360.

2
sysctl.d/90-webshield-ip-local-reserved.conf
View File

@@ -1,2 +0,0 @@
# Reserve ports for webshield services
net.ipv4.ip_local_reserved_ports = 52223,52224,52227-52235

1
systemd/system/imunify-antivirus.service
View File

@@ -1 +0,0 @@
/dev/null

1
systemd/system/multi-user.target.wants/aibolit-resident.service
View File

@@ -1 +0,0 @@
/usr/lib/systemd/system/aibolit-resident.service

1
systemd/system/multi-user.target.wants/imunify-antivirus.service
View File

@@ -1 +0,0 @@
/usr/lib/systemd/system/imunify-antivirus.service

1
systemd/system/multi-user.target.wants/imunify-notifier.service
View File

@@ -1 +0,0 @@
/usr/lib/systemd/system/imunify-notifier.service

1
systemd/system/multi-user.target.wants/imunify360-pam.service
View File

@@ -1 +0,0 @@
/usr/lib/systemd/system/imunify360-pam.service

Some files were not shown because too many files have changed in this diff Show More