Issue
How to check the latest Imunify360 WAF ruleset is installed? How to update the ruleset?
The related error displayed in the Imunify360 dashboard:
ERROR: Your ModSecurity (WAF) ruleset is outdated (current version is X, latest version is Y).
We highly recommend updating them as soon as possible in order to protect your server
against malware and compromise. Please, update the ruleset manually or make sure
that the auto-update option is enabled.
Environment
- Imunify360
Solution
-
Check the current ruleset version installed on the server:
-
cPanel:
# cat /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/VERSION
-
The full information about the vendor can be checked using this command:
# /usr/local/cpanel/scripts/modsec_vendor list
The current version will be pointed on the line for `inst_dist` as on the example below:
inst_dist | imunify360-full-apache-4.31-stable
-
Plesk:
# cat /etc/httpd/conf/modsecurity.d/rules/custom/VERSION
or
# cat /etc/apache2/modsecurity.d/rules/custom/VERSION
-
DirectAdmin:
# cat /usr/local/directadmin/custombuild/custom/modsecurity/conf/VERSION
NB! 1: Based on the webserver configured (Apache or LiteSpeed) and the ruleset used (`full` or `minimal`), the paths may vary.
For example, you need to use imunify360-full-litespeed instead of imunify360-full-apache (if you have LiteSpeed installed)
Replace full with minimal if you have a minimal ruleset.
-
Compare this with the recently released version we post on our changelog at https://changelog.imunify.com/waf-rules
-
Update the ModSecurity ruleset if necessary by running the following command and double-check the version once again:
# imunify360-agent update --force modsec-rules
NB! 2: In case the ruleset version indeed requires an update, mind that it may take a while for the Imunify360 agent to catch the most recent configuration and for the WAF warning to disappear in from the Dashboard.
Useful links
- https://changelog.imunify.com/waf-rules
- https://docs.imunify360.com/hosting_panels_specific_settin/#hosting-panels-firewall-rulesets-specific-settings-modsec
- https://cloudlinux.zendesk.com/hc/en-us/articles/4415931633042-Imunify360-dashboard-displays-Medium-or-Poor-protection-status
Comments
9 comments
For Plesk and Litespeed, there is no such directory like
And I don't have option for autoupdate on Plesk Imunify360 interface :(
Running
returns
but:
Hello Milosz Rycko-Bozenski,
Thanks for a question!
If it's a Debian-based system, the path may be /etc/apache2/... Please check it on your end as well.
Also, please mind that after the successful ruleset update, the warning in the Dashboard won't disappear immediately and it may take up to 24 hours to reflect the actual info, More at: https://cloudlinux.zendesk.com/hc/en-us/articles/4415931633042-Imunify360-dashboard-displays-Medium-or-Poor-protection-status
Should you still experience any difficulties updating the Imunify360 ruleset on the server, please feel free to submit a ticket to our Support team.
same issue on my side
OK
cat /etc/httpd/conf/modsecurity.d/rules/custom/VERSION
4.68
and in plesk
Is this still not updated after 24h? If so please create a ticket and we would like to find the root cause of it.
On Plesk, I found the VERSION file in
/etc/apache2/modsecurity.d/rules/custom
Indeed, you are right. That seems to be another possible location.
Thank you for sharing.
Same issue here.
Setup: CloudLinux, Plesk, LiteSpeed
The Imunify360 dashboard shows: "Your ModSecurity (WAF) ruleset is outdated (current version is 5.15, latest version is 5.21)..."
... this shows me that version 5.15 is installed.
Then i try to update the ruleset:
"OK" returned. But still version 5.15 is installed and the Imunify360 dashboard shows the warning.
Any solution for this? Thanks for your help!
Hello,
Are there any errors related to the rules/files update inside /var/log/imunify360/error.log? Also, does the server have only 1 ruleset configured? What's inside
? Also does this one reflects Imunify rules only?
You can also try the extreme method to reinstall the ruleset and check if the most version is delivered. This can be done with:
After uninstalling, make sure to remove the line in the ModSecurity settings for Plesk (the section is called "Custom directives" - it should be empty. The proceed to:
Then, check if no errors exist with:
In case everything looks good from the first glance after the ruleset reinstalltion but the version is still not recent, please submit a ticket to us and we will take a closer look (:
Thank you! The uninstall/reinstall made it work and the version is up to date again. I will see if the problem occurs again...
Please sign in to leave a comment.