Welcome to this quick reference guide on Imunify360! This powerful security solution for Linux web servers, an enhanced version of ImunifyAV, provides comprehensive protection using machine learning. It includes an integrated firewall, Intrusion Detection and Protection System, Website Reputation Monitoring, and malware cleanup to keep your online presence secure.

This guide covers what Imunify360 is, its installation process, basic command-line usage, and uninstallation procedures.

Where to Purchase Imunify360: Customers can purchase Imunify360 through several channels:

Directly on the Liquid Web site: https://my.liquidweb.com/shop/package/PKG-Imunify360Plus
Imunify360 Website: https://www.imunify360.com/pricing/
The cPanel Store (via the extensions page): https://cpanel.net/extensions/

Note

You won’t be able to buy it directly via WHM, as cPanel licenses are handled differently.

Licensing Difference:
The primary difference between purchasing from the Imunify360 site versus the cPanel Store is the licensing method:

Purchases from the cPanel Store are typically licensed by IP address.
Purchases directly from the Imunify360 website provide a license key.

What Is Imunify360?

Imunify360 is an enhanced version of the free ImunifyAV from CloudLinux. It includes an integrated firewall, Intrusion Detection and Protection System, and Website Reputation Monitoring along with malware cleanup abilities not present in the free ImunifyAV.

From https://docs.imunify360.com/:

Imunify360 is the security solution for Linux web servers based on machine learning technology which utilizes a six-layer approach to provide total protection against any types of malicious attacks or abnormal behavior including distributed brute force attacks.

Installation

These instructions are for Imunify360 purchased directly from https://imunify360.com.

Get your license key from https://www.imunify360.com/ (purchased or trial).
Log in with root privileges to your server.
Go to your home directory and run:

wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh -O i360deploy.sh bash i360deploy.sh --key YOUR_KEY

Replace YOUR_KEY with your actual license key.

To install a beta version:

bash i360deploy.sh --key YOUR_KEY --beta

For an IP-based license:

bash i360deploy.sh

To view available options:

bash i360deploy.sh -h

Registration

If you need to register an activation key after installation:

For a key-based license:

imunify360-agent register YOUR_KEY

Replace YOUR_KEY with your activation key.

For an IP-based license:

imunify360-agent register IPL

Install i360 PHP Module

To install the “i360” PHP module:

yum install imunify360-php-i360

Verify installation:

php -m | grep 360

Expected Output:

i360

Basic Command-line Usage

Common commands for managing Imunify360:

Show All Whitelisted IPs:
imunify360-agent whitelist ip list
Show All Blacklisted IPs:
imunify360-agent blacklist ip list
Search IP Lists:
- Blacklist: imunify360-agent blacklist ip list --by-ip 1.2.3.4
- Whitelist: imunify360-agent whitelist ip list --by-ip 1.2.3.4
Add IP To List:
- Blacklist: imunify360-agent blacklist ip add 1.2.3.4
- Whitelist: imunify360-agent whitelist ip add 1.2.3.4
Remove IP from List:
- Blacklist: imunify360-agent blacklist ip delete 1.2.3.4
- Whitelist: imunify360-agent whitelist ip delete 1.2.3.4

Malware Scans

Scan a user:
Replace /home/username with the user’s home directory.

imunify360-agent malware on-demand start --path=/home/username --ignore-mask=/home*/*/mail

Scan all users:

imunify360-agent malware on-demand start --path=/home*/*/ --ignore-mask=/home*/*/mail

How To Stop Imunify360

For CentOS 6/CloudLinux 6:

service imunify360 stop

For all other operating systems:

systemctl stop imunify360

Uninstall

Warning

Important: You MUST disable HardenedPHP first before uninstalling Imunify360 to avoid breaking Apache and PHP updates. Otherwise, you’ll need to manually downgrade affected packages and remove the repo configuration. See: https://docs.imunify360.com/dashboard/#hardenedphp

To uninstall Imunify360:

bash i360deploy.sh --uninstall

If i360deploy.sh is deleted, download it first:

wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh

For CloudLinux OS (Post-Uninstall):
To remount CageFS and remove files from user’s local directories:

/usr/sbin/cagefsctl --force-update
/usr/sbin/cagefsctl --remount-all

Conflicts

Imunify360 may conflict with other security tools or system configurations.

Conflicts With CXS (ConfigServer eXploit Scanner):

Imunify360 real-time scanning is automatically disabled if cxswatch is detected. You cannot have both CXS and Imunify360 doing real-time scanning.
- Instructions for disabling cxswatch integration: https://docs.imunify360.com/ids_integration/#cxs-integration
- Related article: https://cloudlinux.zendesk.com/hc/en-us/articles/4959174744988-Imunify360-real-time-feature-gets-disabled-automatically-right-after-enabling-it
- Imunify360 is now included as part of Imunify360 Plus.
Conflicts With CloudLinux:

Imunify360’s hardened PHP versions can conflict with CloudLinux’s alt-php repository.
- Related article: https://support.cpanel.net/hc/en-us/articles/4564429041431-Yum-errors-with-the-Imunify360-hardened-PHP-repository-on-CloudLinux
- Solution:
  
  dnf config-manager --disable "imunify360-ea-php-hardened"
Conflict With F5 AIP (Threat Stack):

Servers running both F5 AIP and Imunify360 may experience crashes due to both trying to use auditd.
- Workaround: Disable auditd monitoring in Imunify360.
  1. Create directory and file:
    
    mkdir -p /etc/sysconfig/imunify360/imunify360.config.d/
    touch /etc/sysconfig/imunify360/imunify360.config.d/99-disable-auditd.config
  2. Add to /etc/sysconfig/imunify360/imunify360.config.d/99-disable-auditd.config:
    
    LOGGER:
    syscall_monitor: false

Conflict with Threatdown:
- Imunify360 cannot be run on a server with Liquid Web’s Threatdown security software.

Hardened PHP

Hardened PHP allows installing older, End-of-Life (EOL) PHP versions with security patches, without needing the full CloudLinux OS.

Available Hardened PHP Versions (by OS):

AlmaLinux 9: PHP 5.6, 7.0, 7.1, 7.2, 7.3, 7.4
AlmaLinux 8: PHP 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0, 7.1
CentOS 7: PHP 5.1, 5.2, 5.3

Installation (via WHM)

Log into WHM.
Go to the Imunify360 section.
Go to settings (gear icon top-right).
Press the green Install Hardened PHP button.

Using Hardened PHP versions: Once installed, use your MultiPHP Manager interface to manage these PHP versions system-wide or for specific domains.

Conclusion

Imunify360 is a powerful and essential security solution for any Linux web server. Its integrated approach, combining advanced firewalling, malware detection, proactive defense, and more, offers unparalleled protection against the ever-growing landscape of cyber threats. By automating many critical security tasks, Imunify360 helps ensure your websites remain secure, available, and performant. For further assistance with Imunify360 or any server security concerns, Liquid Web’s Heroic Support® team is always ready to help.

Was this article helpful?

Thank you for your input.

Thank you for your feedback.