Imunify and ConfigServer Warning
I was surprised to see this during the CSF check. Was this expected? Why does Imunify need it's own php.ini file. I am guessing we need to edit this manually?
PHP Check
Check php for enable_dl or disabled dl()
You should set:
enable_dl = Off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration:
Affected PHP versions:
/opt/alt/php74-imunify/etc/php.ini (/opt/alt/php74-imunify/usr/bin/php)
Check php for disable_functions
You should consider disabling commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list:
Affected PHP versions:
/opt/alt/php74-imunify/etc/php.ini (/opt/alt/php74-imunify/usr/bin/php)
-
You raise a good point. But if you're using CageFS, then it shouldn't be an issue. 0 -
I was surprised to see this during the CSF check. Was this expected? Why does Imunify need it's own php.ini file. I am guessing we need to edit this manually? PHP Check Check php for enable_dl or disabled dl() You should set: enable_dl = Off This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration: Affected PHP versions: /opt/alt/php74-imunify/etc/php.ini (/opt/alt/php74-imunify/usr/bin/php) Check php for disable_functions You should consider disabling commonly abused php functions, e.g.: disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list: Affected PHP versions: /opt/alt/php74-imunify/etc/php.ini (/opt/alt/php74-imunify/usr/bin/php)
Hello, Can you open a support ticket0 -
I am having this issue as well. I do not like having any software on my servers that causes security issues like this. Between this and the SPAM ads in security center, it seems Imunify is not a very well designed product and uses techniques and practices that are far below professional standards. Please advise when this matter has been resolved. 0 -
Hi, CSF Warning regarding PHP configuration can be ignored. The scanner is written in PHP and we configure our php.ini file so that it does not depend on the configuration of the PHP client, so this is normal. 0 -
Hi, CSF Warning regarding PHP configuration can be ignored. The scanner is written in PHP and we configure our php.ini file so that it does not depend on the configuration of the PHP client, so this is normal.
That makes ZERO sense. If there is a php.ini file on the server configured to not follow my diable_functions (such as the imunify version of php.ini) that is in and of itself a problem. What other scripts are on the box and what they use is irrelevant. It is not "normal', nor is it acceptable.0 -
That makes ZERO sense. If there is a php.ini file on the server configured to not follow my diable_functions (such as the imunify version of php.ini) that is in and of itself a problem. What other scripts are on the box and what they use is irrelevant. It is not "normal', nor is it acceptable.
I came back here to report the outcome of the ticket I opened with CloudLinux, pretty much told the same: [QUOTE]It is strongly not recommended to touch the Imunify360 php.ini file, and any warnings with regards to it can be disregarded safely.
Not sure why I can't modify their file, but I don't have the time to research why they have these settings and the danger of correcting them, so I'm just going to uninstall Imunify.0 -
Then when you do that you get a big scare tactic danger Will Robinson warning and alert in Security Advisor. I think we just need to pull Imunify out of the standard build of cPanel. It is too much of a intrusive PITA! 0 -
I want to ask something.. the path /opt/alt/php74-imunify/etc/php does implies that Imunify added its own and custom PHP install? If so, why does Imunify need it to be so? 0 -
I want to ask something.. the path /opt/alt/php74-imunify/etc/php does implies that Imunify added its own and custom PHP install? If so, why does Imunify need it to be so?
Hello Kent, Yes, it does Imunify. This PHP is needed for the ai-bolit scanner to work. And we did it separately so that uninstalling or not installing the general version of PHP 7.4 would not break the product. Thank you0 -
Can you tell how many disk space use the basic Imunify install? I guess it can grow somehow, due to signatures, logs, and whatever. But just wanted to know how much disk space add this to the server. Also, WHM's Service Manager or an option in Tweak Settings should allow to disable/uninstall Imunify for those servers where it was unintendedly installed. 0 -
Can you tell how many disk space use the basic Imunify install? I guess it can grow somehow, due to signatures, logs, and whatever. But just wanted to know how much disk space add this to the server. Also, WHM's Service Manager or an option in Tweak Settings should allow to disable/uninstall Imunify for those servers where it was unintendedly installed.
Hello Kent, According to our documentation Installation Guide it is "HDD: 20Gb available disk space" Thanks0 -
Hello Kent, According to our documentation
Wow. Well, then you have a big bug there. Chat with the proper people in cPanel staff to add code to verify there is enough disk space in any given server cause I had VPS users installing this with least than 6 GB of free disk space. cPanel should check this prior to allow installation! Also, what is the method to uninstall Imunify and free disk space in case it is not needed?0 -
Wow. Well, then you have a big bug there. Chat with the proper people in cPanel staff to add code to verify there is enough disk space in any given server cause I had VPS users installing this with least than 6 GB of free disk space. cPanel should check this prior to allow installation! Also, what is the method to uninstall Imunify and free disk space in case it is not needed?
Hello, To help with these questions, can you create a feature request and open a ticket here0 -
Wow it looks like Imunify is in and of itself a very intrusive and nasty piece of software, possibly even a trojan. No one in his right mind would install a piece of software on a production server that has to run its own version of PHP and allow that software to configure its PHP however they damn well please. I strongly implore cPanel to remove this extremely risky software from their install and absolutely remove every single instance of warning that it shoudl eb installed. No reputable software company would allow a plug-in of theis nature in their product. Imunify is VERY unprofessional in their programing practices and is hiding behind themselves being a supposed seccurity program to do so. What they are doing is akin to a hoem security firm installing tehir product on your house and then slipping a master key under the front door mat because their security sytem needs it. Please simply tell me how to unistall this total piece of junk very amatuer software from my srever and NEVER see any warning about it ever again. 0 -
Wow it looks like Imunify is in and of itself a very intrusive and nasty piece of software, possibly even a trojan. No one in his right mind would install a piece of software on a production server that has to run its own version of PHP and allow that software to configure its PHP however they damn well please. I strongly implore cPanel to remove this extremely risky software from their install and absolutely remove every single instance of warning that it shoudl eb installed. No reputable software company would allow a plug-in of theis nature in their product. Imunify is VERY unprofessional in their programing practices and is hiding behind themselves being a supposed seccurity program to do so. What they are doing is akin to a hoem security firm installing tehir product on your house and then slipping a master key under the front door mat because their security sytem needs it. Please simply tell me how to unistall this total piece of junk very amatuer software from my srever and NEVER see any warning about it ever again.
Hello, Thank you for expressing your thoughts and concerns about the product (albeit in a rather strange, or even aggressive and intrusive form). Firstly, just consider that the application itself is a reliable antivirus that has been running on hundreds of thousands of servers for several years. It is being constantly reviewed by an independent app security company. And it"s really wrong to consider it suspicious or even more - dangerous. It is completely safe and effective. Secondly, it is more effective than ClamAV, it can detect more and it can safely clean up malicious files (remove infections from the files, trim completely malicious instead of removal, etc). Thirdly, if you don"t need it, you can easily uninstall it. No reason to agitate others do that just because you personally don"t like it for some reason. If you have technical questions, please, let us know. We will answer. Thank you.0 -
The short version of your post is that it has not been hacked YET (that you are aware of) The second part is nothing but sales hype. The third part ignores the at that when it is uninstaled cPanel constantly nags the server admin. WHne it is insttaleld it nags them to upgrade to the paid version. a HIGHLY unprofessional way to do business. There is absolutely no way around that. 0 -
I ran yum manually last night since an EasyApache update was out. I should have recorded the error, but the Imunify installation caused yum to exit with an error and not update any files. I followed the instructions to uninstall Imunify, went back and ran yum successfully. Just a heads up to check your logs in case you have yum run via cron. 0 -
Dear customer, thank you for the provided information. We're really sorry for the issues you were facing with, accept our apologies. We already know about this problem with the dependency of package oniguruma from EPEL. Our development team is already working on this issue. As a temporary workaround, you may try adding the oniguruma package to the exceptions for EPEL. To exclude a package from EPEL repo, add the following line: exclude=oniguruma
To the section [epel] in file /etc/yum.repos.d/epel.repo. It will look like:[epel] name=Extra Packages for Enterprise Linux 7 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch&infra=$infra&content=$contentdir failovermethod=priority enabled = 1 gpgcheck=1 exclude=oniguruma gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
With this fix, you will exclude the conflict package from EPEL repo. The fixed beta version is already available for public, and the stable version will be fixed shortly.0 -
The short version of your post is that it has not been hacked YET (that you are aware of)
Hello PCZero, Could you please be more specific on ""it has not been hacked YET (that you are aware of)", what exactly could be hacked from your point regarding ImunifyAV? Thanks in advance!0 -
How to uninstall ImunifyAV To uninstall ImunifyAV, run the command: bash imav-deploy.sh --uninstall -- If you have already removed imav-deploy.sh then download it by running: ** ( this file was not downloaded from us Via SSH so it's not there) ** - so you have to download it wget https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.sh
And then in that same directory you downloaded you run the codebash imav-deploy.sh --uninstall
after it runs and uninstalls it, don;t forget to remove that file.rm imav-deploy.sh
- it will ask you if you are sure your remove it? type Y for yes and hit enter... Finished all done. now if you run CSF again to check you will not get that php errorPHP Check Check php for disable_functions You should consider disabling commonly abused php functions, e.g.: disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list: Affected PHP versions: /opt/cpanel/ea-php74/root/etc/php.ini (/opt/cpanel/ea-php74/root/usr/bin/php) /opt/cpanel/ea-php80/root/etc/php.ini (/opt/cpanel/ea-php80/root/usr/bin/php)
just for reference below if you want to stop it only..0 -
I am not a hacker or a black hat and I have never reviewed the code for the application in question. As such I would not know what specifically could be done to hack the app. However if you think that ANY software is unhackable you are sadly mistaken. 0
Please sign in to leave a comment.
Comments
21 comments