Announcement

Collapse
No announcement yet.

Incomplete CLI documentation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Incomplete CLI documentation

    Hello,

    Ive noticed a huge inconsistency between the number of CLI commands listed in the documentation, and those reported by command-line help in imunify360-agent output.

    For example the documentation lists about 30 top-level commands at http://[https://docs.imunify360.com/...ine_interface/. However the CLI output lists about 50 available commands as "positional arguments" and only 27 "Available commands:"

    Code:
    # imunify360-agent -h
    
    usage: imunify360-agent [-h] [--log-config LOG_CONFIG]
    
    [--console-log-level {ERROR,WARNING,INFO,DEBUG}]
    
    [--remote-addr REMOTE_ADDR]
    
    {3rdparty,add-sudouser,admin-emails,backup-systems,blacklist,blocked-port,blocked-port-ip,check,check-domains,checkdb,clean,config,create-rbl-whitelist,delete-sudouser,disable-plugin,doctor,enable-plugin,eula,feature-management,features,fix,get,get-news,graylist,health,hook,import,infected-domains,install-vendors,login,malware,proactive,register,reload-lists,remote-proxy,remove-block-report-script,remove-csf-ports,restore-configs,rstatus,rules,service,submit,support,uninstall-vendors,unregister,update,update-license,version,whitelist,whitelisted-crawlers}
    
    ...
    
    CLI for imunify360 agent.
    
    positional arguments:
    
    {3rdparty,add-sudouser,admin-emails,backup-systems,blacklist,blocked-port,blocked-port-ip,check,check-domains,checkdb,clean,config,create-rbl-whitelist,delete-sudouser,disable-plugin,doctor,enable-plugin,eula,feature-management,features,fix,get,get-news,graylist,health,hook,import,infected-domains,install-vendors,login,malware,proactive,register,reload-lists,remote-proxy,remove-block-report-script,remove-csf-ports,restore-configs,rstatus,rules,service,submit,support,uninstall-vendors,unregister,update,update-license,version,whitelist,whitelisted-crawlers}
    
    Available commands
    
    add-sudouser
    
    admin-emails        Get panel admin emails
    
    blacklist
    
    check-domains       Send domain list check
    
    checkdb
    
    clean
    
    create-rbl-whitelist
    
    Create whitelist for RBL
    
    delete-sudouser
    
    disable-plugin      Disable hosting panel plugin
    
    doctor
    
    enable-plugin       Enable hosting panel plugin (if detected)
    
    get
    
    get-news
    
    health
    
    infected-domains    Returns infected domain list
    
    install-vendors     Enable hosting panel plugin (if detected)
    
    register            Register the agent
    
    reload-lists        Reload custom black and white lists
    
    remove-block-report-script
    
    Restore block reports script
    
    remove-csf-ports    Remove imunify360 ports from csf config
    
    restore-configs     Restore system configs to pre install Imunify360 state
    
    rstatus             Get registration status
    
    uninstall-vendors   Disable hosting panel plugin
    
    unregister          Unregister the agent
    
    update
    
    update-license      Force update license
    
    version
    
    optional arguments:
    
    -h, --help            show this help message and exit
    
    --log-config LOG_CONFIG
    
    logging config filename
    
    --console-log-level {ERROR,WARNING,INFO,DEBUG}
    
    Level of logging input to the console
    
    --remote-addr REMOTE_ADDR
    
    Clients IP address for adding it to the whitelist
    To give another example, under the top-level "malware" command, the documentation on your website lists 6 commands. The CLI reports 10 available commands as "positional arguments:"

    Code:
    # imunify360-agent malware -h
    
    usage: imunify360-agent malware [-h]
    
    {cleanup,dashboard,hash,history,ignore,malicious,on-demand,read,suspicious,user}
    
    ...
    
    positional arguments:
    
    {cleanup,dashboard,hash,history,ignore,malicious,on-demand,read,suspicious,user}
    
    Available commands
    
    read
    
    optional arguments:
    
    -h, --help            show this help message and exit
    What is the reason for the discrepancy? Is the documentation still maintained? Should we use commands and features which do not appear in official documentation?

    The questions arose because it seems that an on-demand scan started as follows, is not scanning every home directory for reasons unknown:

    Code:
    # imunify360-agent malware on-demand start --path /home*/* --no-follow-symlinks --intensity low
    However through experimentation, we found that a scan started as follows will apparently scan every user home directory:

    Code:
    # imunify360-agent malware user scan
    The latter command seems to work as intended, but I am uneasy using it when it is undocumented. Im also curious why the single on-demand scan shown above wouldnt include every directory under /home*/*.](https://docs.imunify360.com/command_line_interface/)

  • #2
    Hi John,
    Thanks for bringing this in. The documentation overall is up-to-date, were going to check the part related to CLI today and get back to you with the answer. Our product team is on it.

    Ive checked the command against Imunify360 v4.5

    Code:
    # imunify360-agent malware on-demand start --path /home*/* --no-follow-symlinks --intensity low
    and it works for me, the scan is queued and run. So Ive got a couple of questions:
    1. What version of the Imunify360 are you using?
    2. What exactly doesnt work (what results you expect and what are the actual results)?

    Thanks!

    Comment


    • #3
      Hello John,
      Thank you for the information provided.
      You are right "intensity_ram" is really undocumented.
      To avoid a similar problem, you can raise it in the configuration or scan smaller volumes.
      If you have any other questions, feel free to ask here. Thank you for contacting us.

      Comment


      • #4
        Thank you for your response.

        Is memory usage expected to grow depending on the amount of files or directories being scanned? I notice the scanner seems to walk directories and build a directory list before scanning files. Does it need to hold all target directories in memory during the scan?

        In other words is it a bad idea to try to scan a large complex filesystem in a single scan operation?

        Comment


        • #5
          Hello John,
          It doesnt hold all target directories in RAM. The scanner needs memory to build a report. But yes, I recommend splitting the scan into smaller ones. Let me know if you have any questions. Thanks.

          Comment


          • #6
            Thank you Sergey for the additional information.

            The problem that Im trying to solve, is that I want to do automated periodic scans of all hosting accounts, while ignoring certain wildcard directories. For example I dont want to scan mail, or the cPanel File Managers .trash directory.

            Here are the methods Ive tried:

            * The background scanner almost does what I need, but it does not seem to allow for wildcard ignore masks.

            * "malware user scan" will let me queue a scan for each user and almost does what I need, except again it does not accept "--ignore-mask" or "--intensity*" options.

            * "malware on-demand start" almost does what I need. It accepts "--ignore-mask" and "--intensity" arguments. But it does not allow me to queue scans. It fails if a scan is already in progress.

            * Experimenting with CLI -h flag, I just found "malware on demand queue put" which is an undocumented command. It appears nowhere in the documentation, and its not even listed as an "Available command" according to CLI help:

            Code:
            $ /usr/bin/imunify360-agent malware on-demand -h
            
            usage: imunify360-agent malware on-demand [-h]
            
            {list,queue,start,status,stop} ...
            
            positional arguments:
            
            {list,queue,start,status,stop}
            
            Available commands
            
            list
            
            start
            
            status
            
            stop
            
            optional arguments:
            
            -h, --help            show this help message and exit
            
            $ /usr/bin/imunify360-agent malware on-demand queue -h
            
            usage: imunify360-agent malware on-demand queue [-h] {put,remove} ...
            
            positional arguments:
            
            {put,remove}  Available commands
            
            put
            
            remove
            
            optional arguments:
            
            -h, --help    show this help message and exit
            This looks like it will do what I need, queue a scan for a given directory with ignore masks and intensity options. Am I understanding this correctly?

            Your product is very good overall, but the documentation and help output are in serious need of improvement IMHO. My use case should be very straightforward, but its taking a lot of experimentation and trial and error to accomplish it using undocumented features. Furthermore I am concerned about using undocumented features in our scripts. With behavior not specified in documentation, I am never sure if I understand the intended functionality, and Im concerned it might change in future versions after scripting is deployed. Do you understand my concerns?

            Comment


            • #7
              Hello John,
              Thanks for continuing.

              > The questions arose because it seems that an on-demand scan started as follows, is not scanning every home directory for reasons unknown:
              >
              >
              Code:
              >
              > # imunify360-agent malware on-demand start --path /home*/* --no-follow-symlinks --intensity low
              >
              >
              Can you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new so we can take a closer look at your system? You can post the ticket number here and well link this thread to it.

              > Your product is very good overall, but the documentation and help output are in serious need of improvement IMHO. My use case should be very straightforward, but its taking a lot of experimentation and trial and error to accomplish it using undocumented features. Furthermore I am concerned about using undocumented features in our scripts. With behavior not specified in documentation, I am never sure if I understand the intended functionality, and Im concerned it might change in future versions after scripting is deployed. Do you understand my concerns?

              We really appreciate your opinion and wishes. In addition, we are currently preparing documentation updates and there will be a lot of things added there, but some of the commands that are official and will not be displayed in the documents.
              Drop me a line if I can do anything else for you. Thank you for contacting us.

              Comment

              Working...
              X