I don't know anything about ImunifyAV, but for ISPConfig you might want to consider ISPProtect https://ispprotect.com/ //EDIT: There seems to be a standalone mode for ImunifyAV; The docs: https://docs.imunifyav.com/stand_alone_mode/
I think that is possible but surely you have to do it on your own or hire some one to do it for you. For me personally, the perfect server setup already good and safe so I don't bother or worry to add any more AV to it.
Hi! I've finally found this detailed guide to install imunifyAV on Ubuntu 22.04 https://www-ictcloudconsultant-it.t...it&_x_tr_tl=en&_x_tr_hl=es-419&_x_tr_pto=wapp
nice tutorial.. could be useful to allow clients to run their own malware/virus scans and cleanups.. wondering though, would it work if the /var/www/clients/clientX/webYY/web/imunifyav-ispc-*.php scripts were put into /var/www/clients/clientX/webYY/private/ instead.. not sure i'd want those scripts, and a login to the ispconfig db, even read-only.. potentially exposed to the internet like that, especially given that it could expose every single ispconfig control panel username.
Yes, In my case, before installing I had to disable i attr on webXY folder, then installed. The installer script also installed some imunify360 repos that still don't have anything for 22.04 (my Ubuntu version), I have deleted that repos, then re enabled i attr. For the scripts. I have put them into a scrambled name folder, like webXY/web/S6f9B2s You can also add a .htaccess restriction to the scripts as they are executed by PHP cli (all but imunifyav-ispc-domainlist.php ) Code: <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> <IfModule mod_authz_core.c> <RequireAll> Require all denied </RequireAll> </IfModule> For the script that displays folders/domains associations, I think that it can be safely removed, as is only to know the domain/folder associations, that a web server admin can easily check by browsing the file structure in a shell
Some updates on IAV web GUI: Don't forget to make /var/www/clients/clientX/webYY/web//bin/execute.py executable: Code: chmod +x /var/www/clients/clientX/webYY/web//bin/execute.py If you have put the IAV web GUI in a subfolde, since IAV 7.1.2 the web GUI has a bug, to fix it, you need to edit index.php in the subfolder, let's call it /iav: Code: # nano /var/www/clients/clientX/webYY/web/iav/index.php Change the html tag called base from this <base href="/"> to this <base href="./"> Save and that's all!
sorry to revive an old thread.. just come back to this to see about putting it on a new multi-server setup.. and the guide (https://www-ictcloudconsultant-it.t...it&_x_tr_tl=en&_x_tr_hl=es-419&_x_tr_pto=wapp) seems to have disappeared.. does anyone have a copy of it anywhere? mainly interested in the configuration changes needed to get the ispconfig users/sites..
This should show some good results though not sure they are the same: https://www.google.com/search?q=install+imunifyAV+on+Ubuntu+22.04
thanks.. already seen most of those.. there was quite a few changes to make that were ispconfig specific.. that i can't find.. and the old server that i installed it on before no longer exists, so i can't check for it there now either..
Got it online again! https://www.ictcloudconsultant.it/2...egrarlo-con-ispconfig-in-ambiente-ubuntu-lts/ Just translated it and formatted here for reference. Bear in mind that is not updated, maybe some adjustments are needed for Ubuntu Server 24.04 How to install ImunifyAV and integrate it with ISPConfig in Ubuntu LTS environment ImunifyAV is a malware search tool, available free of charge in the basic version, for Linux servers, and is mainly used for websites hosted on the server. It integrates with the main hosting management panels: cPanel Plesk DirectAdmin ISP manager However, it can also be installed and used on servers that do not use control panels or that use panels that are not directly supported such as those listed previously. On the website https://docs.imunifyav.com/ you can try detailed installation instructions with supported panels or even in the Stand-alone version or in case you use an unsupported panel or no hosting management panel. In this tutorial we see how to install the Stand-alone version by integrating it (as far as possible) with the open source ISPConfig panel. ImunifyAV is composed of an "imunify-antivirus" service and a web interface for managing malware scans and verifying malware found. It is also possible, again from the web interface, to subscribe to the ImunifyAV+ version through which it is then possible to proceed with the guided removal of the detected malware. We then proceed with the installation and integration into a server already operational with Ubuntu 18.04LTS and ISPConfig. First you need to create a web space that will host the ImunifyAV web interface: then connect to the ISPConfig web interface and create a "Website" with an appropriate "host name", configure the DNS accordingly and verify that the site is reachable. Again from the ISPConfig interface, take note of the "Document Root" of the site you created (you can find it in the "Domain" TAB of the "Website"), this will be of the type: Code: Document Root:/var/www/clients/clientX/webYY This means that the root folder of the site (the one that contains the HTML or PHP files so to speak) is: Code: /var/www/clients/clientX/webYY The files contained therein must belong to the user "webYY" who is part of the "clientX" group. At this point you must connect to the server via SSH and obtain "root" privileges. Create the file, and possibly also the folders: /etc/sysconfig/ and /etc/sysconfig/imunify360 if not already existing (on Ubuntu systems /etc/sysconfig/ must be created as it is typical of CentOS systems). Code: nano /etc/sysconfig/imunify360/integration.conf Insert the following lines into the file: Code: [paths] ui_path = /var/www/clients/clientX/webYY/web ui_path_owner = webYY:clientX ui_path tells the installation script where to install the files for the ImunifyAV web interface (ATTENTION: it must not have a final “/”). ui_path_owner tells the same script which user and group to assign to the files copied to the ui_path. At the time this tutorial was written the installation script does not correctly set the user and group so I advise you at the end of the script execution to check the files in the ui_path and possibly proceed to set the correct user and group: Code: cd/var/www/clients/clientX/webYY/web chown -R webYY:clientX * We then proceed to execute the installation script, it must be downloaded first: Code: wget https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.sh So it needs to be made executable: Code: chmod +x imav-deploy.sh So it must be done: Code: ./imav-deploy.sh WARNING: if errors appear during execution relating to the creation or movement of files or folders in the ui_path, add a sub-folder to the ui_path (for example: /var/www/clients/clientX/webYY/web/iav) , once the installation is complete, move the contents of the sub-folder to the ui_path indicated previously. Once the script has finished without errors, check the presence of the files in the site folder and try to access the previously created site with the browser, a user and password request should appear: By default the only administrator of this interface is the "root" user, in many systems this user is disabled and in any case does not have a known password. To enable other users as administrators for the ImunifyAV web interface you must edit the file: Code: /etc/sysconfig/imunify360/auth.admin I suggest deleting "root" from this file and replacing it with the same user you use to connect to the ISPConfig management interface, at this point you can use the same credentials that you already use for the IPSConfig panel also for ImunifyAV. Once connected, a page will be displayed with existing users and their "Home directories": However, in the absence of integration with the panel, all the other users existing on the server will also be displayed and not just the webYY ones to which the sites belong and for which we are interested in carrying out scans to look for any malware. So let's see how to integrate ISPConfig data with ImunifyAV. First we need to access the information in the ISPConfig panel and in particular the webYY users and their domain. To do this we need to interact with the MySQL database "dbispconfig". We create a read-only user who can access the "web_domain" table of the "dbispconfig" database, in this table, among other information, we find the users, domains and "Document roots" of the various "Websites" defined in the panel. Again from SSH, run the mysql client and issue the following commands: Code: CREATE USER 'iav_ro'@'localhost' IDENTIFIED BY '1@V!r0'; GRANT SELECT, SHOW VIEW ON dbispconfig.web_domain TO 'iav_ro'@'localhost' IDENTIFIED BY '1@V!r0'; FLUSH PRIVILEGES; A user "iav_ro" was created who has exclusively read-only privileges (can therefore only read the information but not alter it) on the "web_domain" table of the "dbispconfig" database. Now we need to create some PHP scripts that extract the necessary information from the ISPConfig panel database and provide it to ImunifyAV in JSON format. This is documented in: https://docs.imunifyav.com/stand_alone_mode/#integration-config-file ATTENTION: at the time of writing this tutorial, however, the documentation is not updated as reported by the very efficient ImunifyAV support, so see: https://docs.imunify360.com/stand_alone/#integration-config-file. First you need to add to the file: Code: vi /etc/sysconfig/imunify360/integration.conf The following lines: Code: [integration_scripts] admins = /var/www/clients/clientX/webYY/web/imunifyav-ispc-admins.php users = /var/www/clients/clientX/webYY/web/imunifyav-ispc-users.php domains = /var/www/clients/clientX/webYY/web/imunifyav-ispc-domains.php With the scripts we are going to create, ImunifyAV will be provided with information on the administrators, the users to view and the related domains. Let's now create the first script: Code: vi imunifyav-ispc-admins.php Enter the following code, it is assumed that the administrator user is "admin" with the email address "[email protected]", modify the script accordingly if the user you use is different: Code: #!/usr/bin/php <?php $webadmins = array(); $tmpwebadmins = array(); $tmpwebadmins['name'] = "admin"; $tmpwebadmins['unix_user'] = "admin"; $tmpwebadmins['locale_code'] = "IT_it"; $tmpwebadmins['email'] = "[email protected]"; $tmpwebadmins['is_main'] = true; $webadmins[]= $tmpwebadmins; $fullwebadmins['data'] = $webadmins; $resultArray = array(); $resultArray['result'] = 'ok'; $fullwebadmins['metadata'] = $resultArray; echo json_encode($fullwebadmins); The script must then be made executable and assigned the user and site group: Code: chmod +x imunifyav-ispc-admins.php chown webYY:clientX imunifyav-ispc-admins.php Let's now create the second script: Code: vi imunifyav-ispc-users.php Enter the following code: Code: #!/usr/bin/php <?php $db_server = "localhost"; $db_user = "iav_ro"; $db_pass = "1@V!r0"; $db_name = "dbispconfig"; $link = mysqli_connect($db_server, $db_user, $db_pass); if (!$link) { die('Could not connect: ' . mysqli_error($link)); } mysqli_select_db($link,$db_name); $query = "select system_user, domain from web_domain"; $result=mysqli_query($link,$query) or trigger_error(mysqli_error($link,) . $query); $webusers = array(); while ($row = mysqli_fetch_assoc($result)) { if ($row['system_user'] != '') { $tmpwebusers = array(); $userInfo = posix_getpwnam($row['system_user']); $packageArray = array(); $packageArray['name'] = 'ispc'; $packageArray['owner'] = 'admin'; $tmpwebusers['id'] = $userInfo['uid']; $tmpwebusers['username'] = $row['system_user']; $tmpwebusers['owner'] = 'admin'; $tmpwebusers['domain'] = $row['domain']; $tmpwebusers['package'] = $packageArray; $tmpwebusers['email'] = null; $tmpwebusers['locale_code'] = null; $webusers[] = $tmpwebusers; } } mysqli_free_result($result); $fullwebusers['data'] = $webusers; $resultArray = array(); $resultArray['result'] = 'ok'; $fullwebusers['metadata'] = $resultArray; echo json_encode($fullwebusers); mysqli_close($link); The script must then be made executable and assigned the user and site group: Code: chmod +x imunifyav-ispc-users.php chown webYY:clientX imunifyav-ispc-users.php Let's create the third script: Code: vi imunifyav-ispc-domains.php Enter the following code: Code: #!/usr/bin/php <?php $db_server = "localhost"; $db_user = "iav_ro"; $db_pass = "1@V!r0"; $db_name = "dbispconfig"; $link = mysqli_connect($db_server, $db_user, $db_pass); if (!$link) { die('Could not connect: ' . mysqli_error($link)); } mysqli_select_db($link,$db_name); $query = "select system_user,domain, document_root from web_domain"; $result=mysqli_query($link,$query) or trigger_error(mysqli_error($link,) . $query); $webdomains = array(); while ($row = mysqli_fetch_assoc($result)) { if ($row['system_user'] != '') { $tmpwebdomains = array(); $tmpwebdomains['document_root'] = $row['document_root']; $tmpwebdomains['is_main'] = true; $tmpwebdomains['owner'] = $row['system_user']; $webdomains[$row['domain']] = $tmpwebdomains; } } mysqli_free_result($result); $fullwebdomains['data'] = $webdomains; $resultArray = array(); $resultArray['result'] = 'ok'; $fullwebdomains['metadata'] = $resultArray; echo json_encode($fullwebdomains); mysqli_close($link); The script must then be made executable and assigned the user and site group: Code: chmod +x imunifyav-ispc-users.php chown webYY:clientX imunifyav-ispc-users.php If everything has been done correctly, now only active webYY users and their related "Document roots" will be displayed in the ImunifyAV web interface. At the time of writing this tutorial the associated domain names are not displayed although this is planned in a future release. In case of problems, check the error log in: Code: /var/log/imunify360/error.log Using IPSConfig unfortunately there is no obvious link between the webXX user, the "document root" /var/www/clients/clientX/webYY/web and the associated domain, the latter is the one that is normally used as a reference therefore the lack of this information does not make it easy to use ImunifyAV with ISPConfig since in the event of malware being detected it is not immediately obvious which site is affected. While waiting for the new version (at the moment it is not known when this implementation will be made) which will show the domain names we can use a PHP script to show a simple table that associates webYY with the relevant domain: Code: vi imunifyav-ispc-domainlist.php Enter the following code: Code: <html lang="en-GB"> <head> <style> table { border-collapse: collapse; border: 0px solid black; width: 95%; } th, td { border: 1px solid black; padding: 5px; text-align: center; font-size: 12px; font-family: Tahoma, Verdana, Arial, Sans-serif; } tr:nth-child(odd) {background-color: #c0c0c0} </style> </head> <body> <?php $db_server = "localhost"; $db_user = "iav_ro"; $db_pass = "1@V!r0"; $db_name = "dbispconfig"; $link = mysqli_connect($db_server, $db_user, $db_pass); if (!$link) { die('Could not connect: ' . mysqli_error($link)); } mysqli_select_db($link,$db_name); $query = "select system_user, domain from web_domain"; $result=mysqli_query($link,$query) or trigger_error(mysqli_error($link,) . $query); echo "<TABLE BORDER=1 ALIGN=CENTER>"; echo "<TR>".chr(10); echo "<TH>".chr(10)."User"."</TH>".chr(10); echo "<TH>".chr(10)."Domain"."</TH>".chr(10); echo "</TR>".chr(10); while ($row = mysqli_fetch_assoc($result)) { if ($row['system_user'] != '') { echo "<TR>".chr(10); echo "<TD>".chr(10).$row['system_user'].chr(10); echo "<TD>".chr(10).$row['domain'].chr(10); echo "</TR>".chr(10); } } echo "</TABLE>".chr(10); mysqli_free_result($result); ($fullwebusers); mysqli_close($link); ?> </body> </html> You must assign the user and site group: Code: chown webYY:clientX imunifyav-ispc-domainlist.php You can then view a simple table with the webYY users and their domains, this will help to understand which site the "Document root" indicated by ImunifyAV belongs to. Code: https://ImunifyAV-interface-URL/imunifyav-ispc-domainlist.php
thanks.. will give it a try later today.. i tried the imunify standalone install on a blank new server yesterday.. found the install script won't install it onto 24.04 at all.. will look to see if the install script just doesn't install on something not specifically listed as supported, or if there's really an issue.. will also try installing on a 22.04 and seeing what happens when that's upgraded to 24.04..
ok.. it will not install on 24.04 and you can't edit the install script to fudge it.. there are no relevant imunifyav packages for 24.04 in the repo. and you can't trick it into using 22.04 packages... all sorts of unmet dependencies.. now to try out installing it on 22.04 and seeing if upgrading to 24.04 breaks anything..
I am using Imunify360 standalone for 3-4 years already witn an old server where Debian 10 is installed. Working perfectly from /var/www/html/apps/im360 directory and accessing it via hostname: port/im360, chowned under root user. I login with my SSH user to the web interface.