Announcement

Collapse
No announcement yet.

Exporting the Blacklist via SSH in Imunify360

Collapse
This topic has been answered.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exporting the Blacklist via SSH in Imunify360

    Hello everyone,

    I am seeking assistance to enhance security management across multiple independent servers that utilize Imunify360. Each of my clients operates their own server and purchases their own license, maintaining complete autonomy from my services. I am looking to automate the process of exporting blacklists to facilitate analysis and synchronization across these separate systems.

    Could anyone provide guidance on the best way to access and export the blacklist directly via SSH? Are there specific files or databases where these lists are stored? Additionally, what commands or scripts would you recommend for performing this task securely and efficiently?

    I would also appreciate any advice regarding the handling and security of the extracted data to ensure that the process adheres to the best security practices.

    Thank you very much for your help!
  • Answer selected by bogdan.sh at 05-03-2024, 03:59 PM.

    Hello dear forum member, I hope you are doing fine today.

    Thank you for inquiring. I'll provide you with a few pieces of information. I trust it will be beneficial.

    To display the current blacklisted IPs, you can run the following command.

    Code:
    imunify360-agent blacklist ip list

    If you want to add an IP, such as 1.2.3.4, you can use the following command.

    Code:
    imunify360-agent blacklist ip add 1.2.3.4
    A couple of valuable articles should be found below,


    https://blog.imunify360.com/enhanced-ip-black/white-list-management-comes-to-imunify360-v4.3
    ​​


    The IPs are getting stored into the sqlite file, under iplist table.

    Code:
    ls -l /var/imunify360/imunify360-resident.db

    As such the following should be enough to get them exported in detail,

    Code:
    sqlite3 /var/imunify360/imunify360-resident.db "select * from iplist where listname like 'BLACK';"
    ​
    If you wish to get only the IPs then,

    Code:
    sqlite3 /var/imunify360/imunify360-resident.db "select ip from iplist where listname like 'BLACK';"
    I am sharing a lab screenshot to better understand the outputs.

    Click image for larger version

Name:	forum.png
Views:	154
Size:	24.9 KB
ID:	39981

    Under that logic, you can use a command to export the results of the SQL query to a text file. Here's how you can do it:

    Code:
    sqlite3 /var/imunify360/imunify360-resident.db "select * from iplist where listname like 'BLACK';" > /path/to/output_file.txt
    ​
    Replace "/path/to/output_file.txt" with the desired path and filename where you want to save the results. This command will execute the SQL query and redirect the output to the specified text file.

    I hope it helped.

    K.

    Comment


    • #2
      Hello dear forum member, I hope you are doing fine today.

      Thank you for inquiring. I'll provide you with a few pieces of information. I trust it will be beneficial.

      To display the current blacklisted IPs, you can run the following command.

      Code:
      imunify360-agent blacklist ip list

      If you want to add an IP, such as 1.2.3.4, you can use the following command.

      Code:
      imunify360-agent blacklist ip add 1.2.3.4
      A couple of valuable articles should be found below,


      https://blog.imunify360.com/enhanced-ip-black/white-list-management-comes-to-imunify360-v4.3
      ​​


      The IPs are getting stored into the sqlite file, under iplist table.

      Code:
      ls -l /var/imunify360/imunify360-resident.db

      As such the following should be enough to get them exported in detail,

      Code:
      sqlite3 /var/imunify360/imunify360-resident.db "select * from iplist where listname like 'BLACK';"
      ​
      If you wish to get only the IPs then,

      Code:
      sqlite3 /var/imunify360/imunify360-resident.db "select ip from iplist where listname like 'BLACK';"
      I am sharing a lab screenshot to better understand the outputs.

      Click image for larger version

Name:	forum.png
Views:	154
Size:	24.9 KB
ID:	39981

      Under that logic, you can use a command to export the results of the SQL query to a text file. Here's how you can do it:

      Code:
      sqlite3 /var/imunify360/imunify360-resident.db "select * from iplist where listname like 'BLACK';" > /path/to/output_file.txt
      ​
      Replace "/path/to/output_file.txt" with the desired path and filename where you want to save the results. This command will execute the SQL query and redirect the output to the specified text file.

      I hope it helped.

      K.

      Comment


      • #3
        Thank You
        @KBOURDAKOS
        I am writing to express my gratitude for your valuable support. With your help, I have successfully identified the solution I was seeking. I will take the necessary steps to continue protecting my clients effectively.

        Thank you once again for your assistance.​

        Comment

        Working...
        X