Issue
- The Imunify360 or ImunifyAV process stops without reason after some minutes. No clues in logs, just a normal process shutting down.
- Imunify360/ImunifyAV is automatically uninstalled.
Environment
- Imunify360
- ImunifyAV
Solution
1. Check if there are malicious cron tasks hooked up. Example:
# crontab -l
* * * * * /bin/systemctl stop imunify360.service
* * * * * /bin/systemctl stop imunify-antivirus.service
* * * * * bash /etc/csf/uninstall.sh
* * * * * /bin/systemctl stop imunify360.service
* * * * * /bin/systemctl stop imunify-antivirus.service
* * * * * bash i360deploy.sh --uninstall
* * * * * pkill -9 python3
2. Ask users to remove the suspicious crontab tasks and also recommend that they revoke API tokens with root privileges and change the root password.
Cause
The server has likely been root compromised and the malicious tasks have been hooked up.
If the issue comes back after removing the cronjobs, this may indicate the OS has been compromised at the root level and the operating system is no longer reliable. In such a scenario, as best practice, we recommend reinstalling the operating system from scratch and installing Imunify360 right away afterwards.
Comments
0 comments
Please sign in to leave a comment.