Sometimes it is needed to install Imunify360 on several servers with identical configurations or copy existing configs to other servers. Here you can find the list of steps on how to clone the installation of Imunify360 for several servers with identical configurations.
Step 3. Whitelists / Blacklists / Blocked Ports
Step 4. Features re-installation
Step 1. Installation
Firstly, the Imunify360's usual installation comes. All necessary changes including integration with 3rd-party components will be applied during installation & agent startup. See the manual for details.
Step 2. Cloning config files
Secondly, copy the following files from the existing installation.
- /etc/sysconfig/imunify360/imunify360.config.d/*
- /usr/share/i360-php-opts/module.ini
- /usr/share/i360-php-opts/rules_whitelist (if it exists)
- /etc/pam_imunify/i360.ini
- /var/i360_pam_imunify/users/users.txt (if it exists)
- /etc/sysconfig/imunify360/hooks.yaml
The `scp` command can be used for it, e.g.:
# scp /etc/sysconfig/imunify360/imunify360.config.d/* root@example.com:/etc/sysconfig/imunify360/imunify360.config.d/
Where example.com is the target server.
In order to apply notifications (Hooks) settings on the target system, run:
# systemctl restart imunify-notifier
All required settings will be picked up and applied automatically. It is also important to mention, that other files in /var/imunify360 should be managed by Imunify, also including Independent Agent ID /var/imunify360/iaid.
Step 3. Whitelists / Blacklists / Blocked Ports
Whitelist and blacklist entries that are distributed as files can be found at /etc/imunify360/whitelist/*.txt and /etc/imunify360/blacklist/*.txt (see the manual for details).
If you want to export local Imunify360 firewall entries and then import them into a new Imunify360 instance, use the following CLI command on a source server:
# imunify360-agent ip-list local list --purpose drop --limit 999999 --json | grep -oP '"ip"\s*:\s*"\K[^"]+' > blacklist.txt
# imunify360-agent blacklist country list --limit 999 --json | grep -oP '"code"\s*:\s*"\K[^"]+' > blacklist-c.txt
# imunify360-agent ip-list local list --purpose white --limit 999999 --json | grep -oP '"ip"\s*:\s*"\K[^"]+' > whitelist.txt
Note: there is no need to migrate blocked ports configuration since it is already defined in imunify360.config
Copy the blacklist.txt, blacklist-c.txt, and whitelist.txt files to a target server. Execute the following commands to import lists:
# cat blacklist.txt | xargs imunify360-agent ip-list local add --purpose drop
# cat blacklist-c.txt | xargs imunify360-agent blacklist country add
# cat whitelist.txt | xargs imunify360-agent ip-list local add --purpose white
Step 4. Features re-installation
You need to re-setup features from the original server which you’re using. There are few available features:
- kernelcare
- hardened-php
- invisible-captcha
To evaluate installed features do the following:
# imunify360-agent features status kernelcare
# imunify360-agent features status hardened-php
# imunify360-agent features status invisible-captcha
Once you get the list of needed features you can install them one by one:
# imunify360-agent features install <feature-name>
Step 5. Setup backup system
-
In case if you’ve used a backup service then you need to re-setup it in a new environment.
Particular steps depend on the backend used for backup:
-
Use embedded backup service of a hosting panel (cPanel, Plesk, DirectAdmin):
Copy the
/etc/sysconfig/imunify360/.imunify360.backup_configfile from the existing installation. -
To use the same Acronis account:
Copy the
/var/restore_infected/acronis_api_token.jsonfile from the existing installation. -
All other cases:
-
Comments
0 comments
Please sign in to leave a comment.