We are happy to announce a new feature for Imunify360.
Active Response is an OSSEC feature re-engineered by us to block specific server ports under attack.
This gives us significantly fewer false positives, and improves the detection and blocking of aggressive brute force requests. It's only available for Imunify360 version 4.0, currently in beta and due for release before the end of March 2019.
To activate Active Response, follow these steps.
1. Edit the configuration file: /etc/sysconfig/imunify360/imunify360.config
2. Add the these lines to it:OSSEC:
That's it. Now, Imunify360 will detect sustained attacks on any ports, blocking only those specifically being targeted. You can read more about in our technical documentation.
Does this mean ConfigServer firewall could be uninstalled before Imunify 360 4.0 is installed?
Not sure if it's port filter is one of the last remaining features that had CSF and not Imunify.