Announcement

Collapse
No announcement yet.

Incomplete CLI documentation

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Incomplete CLI documentation

    Hello,

    Ive noticed a huge inconsistency between the number of CLI commands listed in the documentation, and those reported by command-line help in imunify360-agent output.

    For example the documentation lists about 30 top-level commands at https://[https://docs.imunify360.com...ine_interface/. However the CLI output lists about 50 available commands as "positional arguments" and only 27 "Available commands:"

    Code:
    # imunify360-agent -h

usage: imunify360-agent [-h] [--log-config LOG_CONFIG]

[--console-log-level {ERROR,WARNING,INFO,DEBUG}]

[--remote-addr REMOTE_ADDR]

{3rdparty,add-sudouser,admin-emails,backup-systems,blacklist,blocked-port,blocked-port-ip,check,check-domains,checkdb,clean,config,create-rbl-whitelist,delete-sudouser,disable-plugin,doctor,enable-plugin,eula,feature-management,features,fix,get,get-news,graylist,health,hook,import,infected-domains,install-vendors,login,malware,proactive,register,reload-lists,remote-proxy,remove-block-report-script,remove-csf-ports,restore-configs,rstatus,rules,service,submit,support,uninstall-vendors,unregister,update,update-license,version,whitelist,whitelisted-crawlers}

...

CLI for imunify360 agent.

positional arguments:

{3rdparty,add-sudouser,admin-emails,backup-systems,blacklist,blocked-port,blocked-port-ip,check,check-domains,checkdb,clean,config,create-rbl-whitelist,delete-sudouser,disable-plugin,doctor,enable-plugin,eula,feature-management,features,fix,get,get-news,graylist,health,hook,import,infected-domains,install-vendors,login,malware,proactive,register,reload-lists,remote-proxy,remove-block-report-script,remove-csf-ports,restore-configs,rstatus,rules,service,submit,support,uninstall-vendors,unregister,update,update-license,version,whitelist,whitelisted-crawlers}

Available commands

add-sudouser

admin-emails        Get panel admin emails

blacklist

check-domains       Send domain list check

checkdb

clean

create-rbl-whitelist

Create whitelist for RBL

delete-sudouser

disable-plugin      Disable hosting panel plugin

doctor

enable-plugin       Enable hosting panel plugin (if detected)

get

get-news

health

infected-domains    Returns infected domain list

install-vendors     Enable hosting panel plugin (if detected)

register            Register the agent

reload-lists        Reload custom black and white lists

remove-block-report-script

Restore block reports script

remove-csf-ports    Remove imunify360 ports from csf config

restore-configs     Restore system configs to pre install Imunify360 state

rstatus             Get registration status

uninstall-vendors   Disable hosting panel plugin

unregister          Unregister the agent

update

update-license      Force update license

version

optional arguments:

-h, --help            show this help message and exit

--log-config LOG_CONFIG

logging config filename

--console-log-level {ERROR,WARNING,INFO,DEBUG}

Level of logging input to the console

--remote-addr REMOTE_ADDR

Clients IP address for adding it to the whitelist
    To give another example, under the top-level "malware" command, the documentation on your website lists 6 commands. The CLI reports 10 available commands as "positional arguments:"

    Code:
    # imunify360-agent malware -h

usage: imunify360-agent malware [-h]

{cleanup,dashboard,hash,history,ignore,malicious,on-demand,read,suspicious,user}

...

positional arguments:

{cleanup,dashboard,hash,history,ignore,malicious,on-demand,read,suspicious,user}

Available commands

read

optional arguments:

-h, --help            show this help message and exit
    What is the reason for the discrepancy? Is the documentation still maintained? Should we use commands and features which do not appear in official documentation?

    The questions arose because it seems that an on-demand scan started as follows, is not scanning every home directory for reasons unknown:

    Code:
    # imunify360-agent malware on-demand start --path /home*/* --no-follow-symlinks --intensity low
    However through experimentation, we found that a scan started as follows will apparently scan every user home directory:

    Code:
    # imunify360-agent malware user scan
    The latter command seems to work as intended, but I am uneasy using it when it is undocumented. Im also curious why the single on-demand scan shown above wouldnt include every directory under /home*/*.](https://docs.imunify360.com/command_line_interface/)
    Tags: None
  • #2
    Hi John,
    Thanks for bringing this in. The documentation overall is up-to-date, were going to check the part related to CLI today and get back to you with the answer. Our product team is on it.

    Ive checked the command against Imunify360 v4.5

    Code:
    # imunify360-agent malware on-demand start --path /home*/* --no-follow-symlinks --intensity low
    and it works for me, the scan is queued and run. So Ive got a couple of questions:
    1. What version of the Imunify360 are you using?
    2. What exactly doesnt work (what results you expect and what are the actual results)?

    Thanks!

    Comment

    • #3
      Hello John,
      Thank you for the information provided.
      You are right "intensity_ram" is really undocumented.
      To avoid a similar problem, you can raise it in the configuration or scan smaller volumes.
      If you have any other questions, feel free to ask here. Thank you for contacting us.

      Comment

      • #4
        Thank you for your response.

        Is memory usage expected to grow depending on the amount of files or directories being scanned? I notice the scanner seems to walk directories and build a directory list before scanning files. Does it need to hold all target directories in memory during the scan?

        In other words is it a bad idea to try to scan a large complex filesystem in a single scan operation?

        Comment

        • #5
          Hello John,
          It doesnt hold all target directories in RAM. The scanner needs memory to build a report. But yes, I recommend splitting the scan into smaller ones. Let me know if you have any questions. Thanks.

          Comment

          • #6
            Thank you Sergey for the additional information.

            The problem that Im trying to solve, is that I want to do automated periodic scans of all hosting accounts, while ignoring certain wildcard directories. For example I dont want to scan mail, or the cPanel File Managers .trash directory.

            Here are the methods Ive tried:

            * The background scanner almost does what I need, but it does not seem to allow for wildcard ignore masks.

            * "malware user scan" will let me queue a scan for each user and almost does what I need, except again it does not accept "--ignore-mask" or "--intensity*" options.

            * "malware on-demand start" almost does what I need. It accepts "--ignore-mask" and "--intensity" arguments. But it does not allow me to queue scans. It fails if a scan is already in progress.

            * Experimenting with CLI -h flag, I just found "malware on demand queue put" which is an undocumented command. It appears nowhere in the documentation, and its not even listed as an "Available command" according to CLI help:

            Code:
            $ /usr/bin/imunify360-agent malware on-demand -h

usage: imunify360-agent malware on-demand [-h]

{list,queue,start,status,stop} ...

positional arguments:

{list,queue,start,status,stop}

Available commands

list

start

status

stop

optional arguments:

-h, --help            show this help message and exit

$ /usr/bin/imunify360-agent malware on-demand queue -h

usage: imunify360-agent malware on-demand queue [-h] {put,remove} ...

positional arguments:

{put,remove}  Available commands

put

remove

optional arguments:

-h, --help    show this help message and exit
            This looks like it will do what I need, queue a scan for a given directory with ignore masks and intensity options. Am I understanding this correctly?

            Your product is very good overall, but the documentation and help output are in serious need of improvement IMHO. My use case should be very straightforward, but its taking a lot of experimentation and trial and error to accomplish it using undocumented features. Furthermore I am concerned about using undocumented features in our scripts. With behavior not specified in documentation, I am never sure if I understand the intended functionality, and Im concerned it might change in future versions after scripting is deployed. Do you understand my concerns?

            Comment

            • #7
              Hello John,
              Thanks for continuing.

              > The questions arose because it seems that an on-demand scan started as follows, is not scanning every home directory for reasons unknown:
              >
              >
              Code:
              >
> # imunify360-agent malware on-demand start --path /home*/* --no-follow-symlinks --intensity low
>
>
              Can you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new so we can take a closer look at your system? You can post the ticket number here and well link this thread to it.

              > Your product is very good overall, but the documentation and help output are in serious need of improvement IMHO. My use case should be very straightforward, but its taking a lot of experimentation and trial and error to accomplish it using undocumented features. Furthermore I am concerned about using undocumented features in our scripts. With behavior not specified in documentation, I am never sure if I understand the intended functionality, and Im concerned it might change in future versions after scripting is deployed. Do you understand my concerns?

              We really appreciate your opinion and wishes. In addition, we are currently preparing documentation updates and there will be a lot of things added there, but some of the commands that are official and will not be displayed in the documents.
              Drop me a line if I can do anything else for you. Thank you for contacting us.

              Comment

              Previous template Next
              Working...
              X