You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dashboard/README.md
+33-18Lines changed: 33 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1372,24 +1372,39 @@ Move the slider to change your preferences.
1372
1372
1373
1373
There are 15 available levels related to [OSSEC](https://www.ossec.net/docs/manual/rules-decoders/rule-levels.html) and [ModSecurity](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#severity) severity levels:
|15 | 0 – <spanclass="notranslate">EMERGENCY</span> | 15 – Severe attack|
1375
+
**OSSEC**
1376
+
1377
+
| Severity (Level) range | Agent's action | Notes |
1378
+
|---|---|---|
1379
+
| 0 | Ignored by agent | No action taken |
1380
+
| 1 | Ignored by agent | None |
1381
+
| 2 | Ignored by agent | System low priority notifications or status messages. No security relevance. |
1382
+
| 3 | Just shows in reports | Successful/Authorized events (successful login attempts, firewall allow events, etc.) |
1383
+
| 4 | Just shows in reports | System low priority error (related to bad configurations or unused devices/applications). No security relevance, usually caused by default installations or software testing. Default to be seen in Imunify360 UI on the fresh installation. |
1384
+
| 5 | Just shows in reports | User generated error (missed passwords, denied actions, etc., no security relevance). Used in [Active Response](/dashboard/#ossec) rules that are blocking specific ports. |
1385
+
| 6 | Blocking with greylists | Low relevance attack. They indicate a worm or a virus that have no affect to the system (like code red for Apache servers, etc). They also include frequent IDS events and errors. |
| 8 | Blocking with greylists | Include first time seen events. First time an IDS event is fired or the first time an user logged in. If you just started using OSSEC HIDS, these messages will probably be frequent. |
1388
+
| 9 | Blocking with greylists | Error from invalid source. Include attempts to login as an unknown user or from an invalid source. May have security relevance (specially, if repeated). |
1389
+
| 10 | Blocking with greylists | Multiple user generated error. They include multiple bad passwords, multiple failed logins, etc. They may indicate an attack or may just be that a user just forgot their credencials. |
1390
+
| 11 | Blocking with greylists | Integrity checking warning. Includes messages regarding the modification of binaries or the presence of rootkits (by rootcheck). |
1391
+
| 12 | Blocking with greylists | High importancy event. They include error or warning messages from the system, kernel, etc. They may indicate an attack against a specific application. |
1392
+
| 13 | Blocking with greylists | Unusual error (high importance). Most of the times, it matches a common attack pattern. |
1393
+
| 14 | Blocking with greylists | High importance security event. Most of the times, done with correlation and it indicates an attack. |
1394
+
| 15 | Blocking with greylists | Severe attack. No chances of false positives. Immediate attention is necessary. |
1395
+
1396
+
**ModSecurity**
1397
+
1398
+
| Severity (Level) range | Incident type | Notes |
1399
+
|---|---|---|
1400
+
| 7 | <spanclass="notranslate">DEBUG</span> | Used for monitoring |
1401
+
| 6 | <spanclass="notranslate">INFO</span> | Used for monitoring |
1402
+
| 5 | <spanclass="notranslate">NOTICE</span> | Used for monitoring |
1403
+
| 4 | <spanclass="notranslate">WARNING</span> | Generated by malicious client rules. Used for monitoring. |
1404
+
| 3 | <spanclass="notranslate">ERROR</span> | Mostly generated from outbound leakage rules. Used for greylisting. |
1405
+
| 2 | <spanclass="notranslate">CRITICAL</span> | Generated by the web attack rules. Used for greylisting. |
1406
+
| 1 | <spanclass="notranslate">ALERT</span> | Generated from correlation where there is an inbound attack and an outbound application level error. |
1407
+
| 0 | <spanclass="notranslate">EMERGENCY</span> | Generated from correlation of anomaly scoring data where there is an inbound attack and an outbound leakage. |
1393
1408
1394
1409
Autocleanup configuration allows to keep the <spanclass="notranslate">Incidents</span> page clean by default. The possible settings are as follows:
Copy file name to clipboardExpand all lines: docs/email/README.md
+31-36Lines changed: 31 additions & 36 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,25 +7,42 @@ Welcome to Imunify Email, a powerful plugin designed to enhance your Imunify360
7
7
-**Rate-Limit Settings**: Allows you to define how many messages can be sent on behalf of specific accounts, domains, emails, or scripts, helping to prevent abuse and maintain control over email traffic.
8
8
-**BETA: Incoming Filtration**: A new feature, currently in beta, that can be enabled to protect your users from incoming spam. Learn more about enabling this feature [here](https://docs.imunify360.com/email/#beta-incoming-emails-filtration).
9
9
10
-
### Installation Steps
10
+
### System Requirements
11
11
12
-
:::tip Requirements
13
-
- cPanel
14
-
- Imunify360
15
-
:::
12
+
At the moment, Imunify Email runs on the following environments:
16
13
17
-
1.**Install Imunify360**
14
+
**Supported distributions:**
15
+
* CentOS 7, 8
16
+
* CloudLinux OS 7, 8, 9
17
+
* AlmaLinux 8, 9, 10
18
18
19
-
Imunify Email is a plugin for the Imunify360 product. To use Imunify Email, you must first install Imunify360. Follow the [installation instructions for Imunify360](https://docs.imunify360.com/installation/#installation-instructions) to get started.
19
+
**Control panel requirements:**
20
+
* cPanel/WHM control panel only
20
21
21
-
2.**Enable Imunify Email in CLN**
22
+
**Software requirements:**
23
+
* Hosting administrator only.
24
+
* Imunify Email **requires Imunify360** to be installed on the server.
25
+
1.**Install Imunify360**:
26
+
_Imunify Email is a plugin for the Imunify360 product. To use Imunify Email, you must first install Imunify360. Follow the [installation instructions for Imunify360](https://docs.imunify360.com/installation/#installation-instructions) to get started_.
22
27
23
-
Once Imunify360 is installed and registered, you can enable the Imunify Email plugin through the CLN (CloudLinux Network) portal. This will automatically install all necessary components. Follow the [instructions to enable Imunify Email in CLN](https://docs.imunify360.com/email/#how-to-enable-imunify-email).
24
-
For the system requirements and installation steps, refer to the [Installation](https://docs.imunify360.com/email/#installation).
28
+
2.**Enable Imunify Email in CLN**:
29
+
_Once Imunify360 is installed and registered, you can enable the Imunify Email plugin through the CLN (CloudLinux Network) portal. This will automatically install all necessary components. Follow the [instructions to enable Imunify Email in CLN](https://docs.imunify360.com/email/#how-to-enable-imunify-email). For the system requirements and installation steps, refer to the [Installation](https://docs.imunify360.com/email/#installation)_.
25
30
26
-
## Full Documentation
31
+
**Minimum system requirements for installation**:
32
+
* x64
33
+
* 512 Mb
34
+
* 20 Gb disk space
35
+
36
+
:::tip Note
37
+
- Imunify Email RAM consumption depends on the mail traffic. In a waiting state it consumes little RAM; however, for scanning large mails temporary increase of RAM consumption can be observed.
38
+
- Used disk space depends on the number of accounts on a server. By default, each account will have 100 MB limitation for quarantine space. This limit can be adjusted using the UI later.
39
+
:::
40
+
41
+
:::warning
42
+
Ensure that **port 11335 is open**. Additionally, note that it is a UDP server, and therefore, it is not accessible via telnet.
43
+
:::
27
44
28
-
####Imunify Email compatibility
45
+
### Imunify Email compatibility
29
46
30
47
Imunify Email has been checked for compatibility with following tools and mail gateways:
31
48
@@ -36,32 +53,10 @@ Imunify Email has been checked for compatibility with following tools and mail g
36
53
* SpamAssassin (incoming and outgoing configuration)
37
54
*[Smtp2go](https://www.smtp2go.com/)
38
55
39
-
### Installation
40
-
41
-
:::danger Note
42
-
Hosting administrator only.
43
-
Imunify Email requires Imunify360 to be installed on the server.
44
-
:::
45
56
46
-
:::warning
47
-
Ensure that port 11335 is open. Additionally, note that it is a UDP server, and therefore, it is not accessible via telnet.
48
-
:::
49
-
50
-
Imunify Email is simple to install. At the moment, it runs on the following distributions:
51
-
52
-
* CentOS 7, 8 with support of cPanel/WHM control panel.
53
-
* CloudLinux OS 7, 8, 9 with support of cPanel/WHM control panel.
54
-
* AlmaLinux 8, 9, 10 with support of cPanel/WHM control panel.
55
-
56
-
Minimum system requirements for installation:
57
-
58
-
**x64 | 512 Mb | 20 Gb disk space**
59
-
60
-
:::tip Note
61
-
- Imunify Email RAM consumption depends on the mail traffic. In a waiting state it consumes little RAM, however for scanning large mails temporary increase of RAM consumption can be observed.
57
+
## Full Documentation
62
58
63
-
- Used disk space depends on the number of accounts on a server. By default, each account will have 100 MB limitation for quarantine space. This limit can be adjusted using UI later.
64
-
:::
59
+
### Installation
65
60
66
61
To install Imunify Email, you need to enable the corresponding option in your CLN account. After that the product will be installed automatically
67
62
within 24 hours. To install it immediately you can use on of the following command as root user:
0 commit comments