Issue
Imunify360 or ImunifyAV process stops without a reason after some minutes. No clues in logs, just a normal process shutting down.
Environment
- Imunify360
- ImunifyAV
Solution
1. Check if there are malicious cron tasks hooked up.
Example:
# crontab -l
* * * * * /bin/systemctl stop imunify360.service
* * * * * /bin/systemctl stop imunify-antivirus.service
* * * * * bash /etc/csf/uninstall.sh
* * * * * /bin/systemctl stop imunify360.service
* * * * * /bin/systemctl stop imunify-antivirus.service
* * * * * bash /etc/csf/uninstall.sh
* * * * * pkill -9 python3
2. Ask users to remove the suspicious crontab tasks and also recommend them to revoke API tokens with root privileges and change root password.
Cause
A possible server has been root promised and the malicious tasks have been hooked up.
Anyway, in advance, as a best practice, if the issue comes back again it means that their OS has been compromised at the root level, so that, their operating system is no longer reliable. For such a scenario as best practice, we recommend reinstalling the operating system from scratch and installing Imunify360 right away afterward.
Comments
0 comments
Please sign in to leave a comment.