Introduction
Imunify360 provides complete automated security for Linux Servers. It includes features like Antivirus, Real-time Malware Scanner, Firewall, and more, all with an easy-to-use interface and advanced automation. With Imunify360 in FASTPANEL, you get seamless integration for enhanced server protection.
In this guide, we’ll discuss how to install imunify360 in FASTPANEL so that you can secure your Linux Server.
Prerequisites
Before you begin this guide, make sure you’ve completed the following prerequisites:
- FASTPANEL Installation: Ensure FASTPANEL is properly installed on your system. If you haven’t done so yet, refer to our guide on how to install FASTPANEL (Ubuntu, CentOS, or Debian).
- ModSecurity: Verify that ModSecurity version 2.9 or higher is installed. If not, follow the instructions for installing ModSecurity.
- mod_remoteip Apache Module: Confirm that the mod_remoteip Apache module is enabled in your Apache configuration.
- Imunify360 License Key: Ensure you have a valid Imunify360 license key. You can either purchase one from here or get a trial key from here.
Hardware Requirements:
Ensure your server meets the following hardware specifications:
- RAM: Minimum 1GB of RAM.
- Disk Space: At least 20GB of available disk space.
- CPU: 64bit version on x86_64 processors only
Step 1 – Imunify360 integrations in FASTPANEL
Create the domain or sub-domain imunify360.domain.com in FASTPANEL. (Here’s How to create domain/sub-domain in FASTPANEL)
First, create the Imunify360 integration and ModSecurity configuration file at /etc/sysconfig/imunify360. Start by creating a directory named “imunify360” within /etc/sysconfig/. Then, proceed to create the integration files inside this directory by running the following commands.
mkdir -p /etc/sysconfig/imunify360/ touch /etc/sysconfig/imunify360/integration.conf touch /etc/sysconfig/imunify360/generic/modsec.conf
Setup Integration scripts which are necessary to manage domains, users, and admins effectively.
1. Get Admins Script (get-admins-script.sh):
(This script will create admin users in Imunify360.)
To start, generate a file named get-admins-script.sh within the /etc/sysconfig/imunify360 directory. Then, insert the following code:
#!/bin/bash
generate_users_json()
{
_is_main="true"
echo "{"
echo " \"data\": ["
count=
n=$(cat "$_file" | wc -l)
for line in $(cat "$_file"); do
_user=`awk -F: '{print $1}' <<< $line`
_email=`awk -F: '{print $2}' <<< $line`
comma=","
if [[ $count -gt 0 ]]; then
multi_user=true
_is_main="false"
fi
count=$((count+1))
if [[ $count -eq $n ]]; then
comma=""
fi
template_users_json
done
cat <<EOF
],
"metadata": {
"result": "ok"
}
}
EOF
}
template_users_json()
{
cat <<EOF
{
"name": "$_user",
"unix_user": "$_user",
"locale_code": "EN_us",
"email": "$_email",
"is_main": $_is_main
}$comma
EOF
}
_file="/etc/sysconfig/imunify360/admins.txt"
test -f $_file || { echo "file \"$_file\" does not exist" && exit 1; }
generate_users_json
1.1 Create admins.txt File:
Create a file named admins.txt at /etc/sysconfig/imunify360 location. Add all the admin usernames that you want to add to Imunify360, each on a new line.
For example:
root:root@example1.com test:test@example2.com
2. Add Domains Script (add-domains-script.sh):
Create a file named get-domains-script.sh at /etc/sysconfig/imunify360 location. This script will create all the domains hosted in FASTPANEL in Imunify360. Add the following code to the script:
#!/bin/bash
generate_domains_json()
{
_is_main="true"
echo "{"
echo " \"data\": {"
count=
n=$(cat $_file | wc -l)
for line in $(cat "$_file"); do
_user=`awk -F: '{print $1}' <<< $line`
_domain=`awk -F: '{print $2}' <<< $line`
_documentroot=`awk -F: '{print $3}' <<< $line`
comma=","
if [[ $count -gt 0 ]]; then
multi_user=true
comma=","
_is_main="false"
fi
count=$((count+1))
if [[ $count -eq $n ]]; then
comma=""
fi
template_domains_json
done
cat <<EOF
},
"metadata": {
"result": "ok"
}
}
EOF
}
template_domains_json()
{
cat <<EOF
"$_domain": {
"document_root": "$_documentroot",
"is_main": $_is_main,
"owner": "$_user"
}$comma
EOF
}
_file="/etc/sysconfig/imunify360/domains.txt"
test -f $_file || { echo "file \"$_file\" does not exist" && exit 1; }
generate_domains_json2.1 Create domains.txt File:
Create a file named domains.txt at /etc/sysconfig/imunify360 location. Add all the domains that you want to add to Imunify360, each on a new line.
For example:
test01:example001.com:/home/test01/public_html/ test02:example002.com:/home/test02/public_html/
3. Add Users Script (add-users-script.sh):
Create a file named get-users-script.sh at /etc/sysconfig/imunify360 location. This script will create users from FASTPANEL in Imunify360. Add the following code to the script:
#!/bin/bash
generate_users_json()
{
echo "{"
echo " \"data\": ["
count=
n=$(cat "$_file" | wc -l)
for line in $(cat "$_file"); do
_user=`awk -F: '{print $1}' <<< $line`
_uid=`awk -F: '{print $2}' <<< $line`
_domain=`awk -F: '{print $3}' <<< $line`
_email=`awk -F: '{print $4}' <<< $line`
comma=","
if [[ $count -gt 0 ]]; then
multi_user=true
fi
count=$((count+1))
if [[ "$count" -eq "$n" ]]; then
comma=""
fi
template_users_json
done
cat <<EOF
],
"metadata": {
"result": "ok"
}
}
EOF
}
template_users_json()
{
cat <<EOF
{
"id": $_uid,
"username": "$_user",
"owner": "root",
"domain": "$_domain",
"package": {
"name": "package",
"owner": "root"
},
"email": "$_email",
"locale_code": "EN_us"
}$comma
EOF
}
_file="/etc/sysconfig/imunify360/users.txt"
test -f $_file || { echo "file \"$_file\" does not exist" && exit 1; }
generate_users_json
3.1 Create users.txt File:
Create a file named users.txt at /etc/sysconfig/imunify360 location. Add all the users that you want to add to Imunify360, each on a new line.
For example:
test01:1003:example01.com:test01@example01.com test02:1004:example02.com:test02@example02.com
Make sure to set appropriate permissions on these scripts to ensure they are executable. You can do this using the chmod command. For example:
chmod +x /etc/sysconfig/imunify360/get-admins-script.sh chmod +x /etc/sysconfig/imunify360/get-domains-script.sh chmod +x /etc/sysconfig/imunify360/get-users-script.sh
Now, we need to add all the following configurations into the integration.conf file.
Note: Before adding these configurations, ensure to change the default settings, such as the ui_path, ui_path_owner and more.
# Integration with web server - Path where the Imunify360 UI SPA application will be installed and served. [paths] ui_path = /path/to/domain/imunify360.domain.com # User of FASTPANEL, replace the user and owner ui_path_owner = imunify360:imunify360 [pam] service_name = system-auth # Integration with Malware Scanner - To scan files for changes (to detect malware) using inotify, # configure which directories to watch in the integration.conf file: [malware] basedir = /var/www #a root directory to watch (recursively) pattern_to_watch = ^/var/www/.+?/(public_html|public_ftp|private_html)(/.*)?$ #WEB server type and commands [web_server] #server type apache/nginx/litespeed server_type = apache graceful_restart_script = /usr/sbin/apachectl restart config_test_script = /usr/sbin/apachectl -t #path to ModSecurity audit logs modsec_audit_log = /var/log/httpd/modsec_audit.log modsec_audit_logdir = /var/log/modsec_audit #Limiting users and provide context for IM360 mechanisms [integration_scripts] admins = /etc/sysconfig/imunify360/get-admins-script.sh users = /etc/sysconfig/imunify360/get-users-script.sh domains = /etc/sysconfig/imunify360/get-domains-script.sh #Domain-specific ModSecurity configuration (to disable rules using CLI) #modsec_domain_config_script = /path/to/inject/domain/specific/config/script.sh
Step 2 – Install Imunify360 in FASTPANEL
Before you start installing Imunify360 on FASTPANEL, it’s advisable to ensure that the screen and wget packages are installed.
Execute the command below to install the screen package. (Refer to the screen documentation for more details)
CentOS:
sudo yum install screen -y
Ubuntu/Debian:
sudo apt-get install screen -y
To install the wget package, execute the following command. (Refer to the wget documentation for more details)
CentOS:
sudo yum install wget -y
Ubuntu/Debian:
sudo apt-get install wget -y
Log in to the server with root access.
Run screen & then run the following commands:
wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh -O i360deploy.sh bash i360deploy.sh --key YOUR_KEY
Replace YOUR_KEY with the actual imunify360 license key.
Installation can take up to 10-15 minutes.
Now, Activate WebShield in Imunify360
Activate WebShield and start the service by following these steps:
Enable WebShield:
By default, WebShield is disabled upon installing Imunify360 stand-alone. To enable it, execute the following commands:
imunify360-agent config update '{"WEBSHIELD": {"enable": true, "known_proxies_support": true}}'systemctl enable imunify360-webshield
systemctl restart imunify360-webshield
That’s it.
You can now use Imunify360 from: https://imunify360.domain.com and change the default settings from Imunify360 dashboard to reflect your needs.
BENIFITS
- Real-time Automatic Virus & Malware Scanning and Removal:
- Imunify360 provides continuous real-time scanning for viruses and malware, automatically removing any detected threats to secure your server.
- Advanced Firewall/WAF with Machine-learning Rulesets:
- Imunify360 features an advanced firewall and web application firewall (WAF) equipped with machine-learning rulesets. This proactive defense mechanism helps identify and block malicious traffic, protecting your server from various online threats.
- Malicious PHP Script Detection and Blocking (Proactive Defense):
- With its Proactive Defense component, Imunify360 detects and blocks malicious PHP scripts, preventing them from causing harm to your system.
- Blocks Brute-force Attacks at Both Network and HTTP Levels:
- Imunify360 effectively thwarts brute-force attacks targeting both network services and HTTP applications, mitigating the risk of unauthorized access to your system.
- Protection Against Vulnerability Exploitation, Including 0-day Attacks:
- Imunify360 offers comprehensive protection against vulnerability exploitation, including zero-day attacks, by continuously monitoring for and blocking potential exploit attempts.
- Blocks Denial of Service (DoS) Attacks:
- Imunify360 secures your system against Denial of Service (DoS) attacks, preventing disruptions to your services and ensuring uninterrupted availability.
- Port Scanning:
- Imunify360 includes advanced port scanning capabilities to monitor and secure your system’s network ports, preventing unauthorized access and potential vulnerabilities.
- World-Class 24x7x365 Technical Support Included:
- Imunify360 provides access to top-tier technical support around the clock, every day of the year. This ensures that you have help available whenever you need it, guaranteeing the best performance and security of your server.
Conclusion:
Integrating Imunify360 into your FASTPANEL enhances your server’s security against online threats. By adhering to the steps delineated in this guide and fulfilling the necessary prerequisites, you can seamlessly integrate Imunify360 into your server infrastructure. With its robust real-time threat detection capabilities and intuitive interface, Imunify360 offers server administrators peace of mind, enabling them to concentrate on their primary responsibilities without compromising on security. Take proactive measures today to safeguard your server and valuable data from potential malicious activities.
Nilesh R. Agrawal 