diff --git a/docs/command_line_interface/README.md b/docs/command_line_interface/README.md index 12c36fed..be784fa0 100644 --- a/docs/command_line_interface/README.md +++ b/docs/command_line_interface/README.md @@ -63,7 +63,6 @@ Available commands: |-|-| |[`3rdparty`](/command_line_interface/#_3rdparty)|Make Imunify360 the primary IDS| |[`backup-systems`](/command_line_interface/#backup-systems)|Allows to manage backup systems integrated to Imunify360| -|[`blacklist`](/command_line_interface/#blacklist)|Return/Edit IP blacklist| |[`blocked-port`](/command_line_interface/#blocked-ports)|Return/Edit list of blocked ports| |[`blocked-port-ip`](/command_line_interface/#blocked-port-ip)|Allows to change the list of IPs that are excluded (allowed) for a certain blocked port| |[`checkdb`](/command_line_interface/#checkdb)|Check database integrity| @@ -77,10 +76,10 @@ Available commands: |[`feature-management`](/command_line_interface/#feature-management)|Manage Imunify360 features available for users| |[`fix modsec directives`](/command_line_interface/#fix-modsec-directives)|Fixes the non-recommended values (sets them to ones
recommended by Imunify360)| |[`get`](/command_line_interface/#get)|Returns list of incidents| -|[`graylist`](/command_line_interface/#graylist)|Return/Edit IP Gray List| |[`hooks`](/command_line_interface/#hooks)|Hooks-related commands| |[`import`](/command_line_interface/#import)|Import data| |[`infected-domains`](/command_line_interface/#infected-domains)|Returns infected domain list| +|[`ip-list`](/command_line_interface/#ip-list)|To view or manage actual IPs within the local firewall lists (white/gray/blacklist)| |[`login`](/command_line_interface/#login)|Allows to get a token which can be used for authentication in [stand-alone Imunify UI](/stand_alone/).| |[`malware`](/command_line_interface/#malware)|Allows to manage malware options| |[`notifications-config`](/command_line_interface/#notifications-config)|Allows to show and update notifications in the configuration file via CLI| @@ -94,7 +93,6 @@ Available commands: |[`unregister`](/command_line_interface/#unregister)|Unregister the agent| |[`vendors`](/command_line_interface/#vendors)|Command for manipulating Imunify360 vendors| |[`version`](/command_line_interface/#version)|Show version| -|[`whitelist`](/command_line_interface/#whitelist)|Return/Edit operator for IP and domain white list| |[`whitelisted-crawlers`](/command_line_interface/#whitelisted-crawlers)|Allows do operate with search engine domains| @@ -232,117 +230,6 @@ The `extended-status` command returns -## Blacklist - -This command allows you to view or edit actual IPs in the Black List. - -**Usage:** - -
- -``` -imunify360-agent blacklist [subject] [command] [--option] -``` - -
- -`subject` is a positional argument and can be: - -| | | -|-|-| -|`country`| Allows to manipulate with countries in the Black List| -|`ip`| Allows to manipulate with IPs in the Black List| - -`command` is a second positional argument and can be: - -| | | -|-|-| -|`add`| add item(-s) to Black List| -|`delete`| remove item(-s) from Black List| -|`move`| move item(-s) to Black List| -|`edit`| edit comment on item in the Black List| -|`list`| list items(-s) in Black List| - - -Please note that by default `list` command outputs only first 100 items in the list as if it was run as `imunify360-agent blacklist ip list --limit 100`. -To check whether specific IP address is in the list, you can run the following command: - -
- -``` -imunify360-agent blacklist ip list --by-ip 12.34.56.78 -``` - -
- -where 12.34.56.78 is that specific IP address. - -`value` is an item to manipulate with. It can be IP itself or a country code (find necessary country codes here in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_CIDR_blocks) in the column ISO ALPHA-2 CODE). - -`option` can be one or few of the optional arguments specified above and one more: - -| | | -|-|-| -|`--comment`|allows to add comment to the item| -|`--expiration`|allows specifying expiration time for the blacklisted IP (in seconds since epoch)| - -**Examples:** - -* The following command adds IP 1.2.3.4 to the Black List with a comment “one bad IP”: - -
- - ``` - imunify360-agent blacklist ip add 1.2.3.4 --comment “one bad ip” - ``` - -
- -* The following command returns a list of IPs in the Black List which are from Bolivia: - -
- - ``` - imunify360-agent blacklist --by-country-code BO - IP TTL COUNTRY IMPORTED_FROM COMMENT - 1.2.3.4 - ``` - -
- - -* The following command adds an IP 1.2.3.4 to the Black List and sets the scope to `group`: - -
- - ``` - imunify360-agent blacklist ip add 1.2.3.4 --scope group - OK - ``` - -
- -To blacklist multiple IP addresses, put them into a file and add to the black list as follows: - -
- -``` -cat list.txt | xargs -n 1 imunify360-agent blacklist ip add -``` - -
- -The alternative would be using the [external white/black list feature](/features/#external-black-whitelist-management). - -:::tip Note -If an IP address has been added to the blacklist on a group of servers, it is enough to remove it from the blacklist on one of the servers, and it will be removed from the blacklist on all servers in the group. -::: - -:::warning Warning -For now, ipset supports only IPv6/64 networks. In most cases, it is enough to specify the mask `/64`. An example of - a proper IPv6 address with the subnet mask: `2001:db8:abcd:0012::0/64`. -::: - ## Blocked ports This command allows to view or edit ports, IPs, and protocols in the list of blocked ports. @@ -926,61 +813,6 @@ TIMESTAMP ABUSER COUNTRY TIMES NAME SEVERIT To get more detailed output to check the plugin or the rule ID these incidents belong to, use the ```--json``` argument. -## Graylist - -This command allows to view or edit IP Gray List. - -**Usage:** - -
- -``` -imunify360-agent graylist ip [command] [--optional argument] -``` - -
- -Available commands: - -| | | -|-|-| -|`delete`|allows to remove IP from Gray List| -|`list`|allows to list IPs in Gray List| - -Optional arguments for `list`: - -| | | -|-|-| -|`--by-country-code [country_code]`|Filters output by country code.
Requires valid country code as argument.
Find valid country codes
in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_CIDR_blocks) in column ISO ALPHA-2 CODE.| -|`--by-ip [ip_address]`|Filters output by abuser's IP or by subnet in CIDR notation.
Example: `--by-ip 1.2.3.0/24`| -|`--limit`|Limits the output with specified number of IPs.
Must be a number greater than zero. By default, equals 100.| -|`--offset`|Offset for pagination. By default, equals 0.| - -Please note that by default `list` command outputs only first 100 items in the list as if it was run as `graylist ip list --limit 100`. -To check whether specific IP address is in the list, you can run the following command: - -
- -``` -imunify360-agent graylist ip list --by-ip 12.34.56.78 -``` - -
- -where `12.34.56.78` is that specific IP address. - -**Example:** - -The following command will remove IP `1.2.3.4` from the Gray List: - -
- -``` -imunify360-agent graylist ip delete 1.2.3.4 -OK -``` - -
## Hooks @@ -1099,6 +931,263 @@ imunify360-agent infected-domains +## IP-List + +This CLI tool allows you to view or manage actual IPs within the local firewall lists. + +**Usage:** + +``` +imunify360-agent ip-list local [command] [--option] +``` + +`command` is a positional argument and can be: + +| | | +|-|-| +|`add`|Add item(-s) from local ip-list| +|`delete`|Remove item(-s) from local ip-list| +|`list`|List item(-s) in local ip-list| + +`option`: + +| | | +|-|-| +|`-h`, `--help`|Show this help message and exit| + +`value` is an item to manipulate with. It can be IP itself or a country code (find necessary country codes here in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_CIDR_blocks) in the column ISO ALPHA-2 CODE). + +### List + +**Usage:** + +``` +imunify360-agent ip-list local list [--options] +``` + +`options`: + +| | | +|-|-| +|`--by-ip BY_IP`|Filters output by abuser's IP or by subnet in CIDR notation.| +|`--purpose [PURPOSE ...]`|IP List purpose can be:
`white` - do not block these IPs.
`drop` - deny access on the network level (DROP packets via iptables, and respond with 403 on web ports even when the request comes through a proxy).
`captcha` - deny access on the network level for all non-web ports, show a Splash Screen challenge page on web ports.
`splashscreen` - check the visitor's browser before allowing access to websites.| +|`-by-country-code BY_COUNTRY_CODE`|Filters output by country code. Requires valid country code as argument. Find valid country codes here [www.nationsonline.org/oneworld/country_code_list.htm](https://www.nationsonline.org/oneworld/country_code_list.htm) in column ISO ALPHA-2 CODE.| +|`--by-comment BY_COMMENT`|Filters output by comment| +|`--limit LIMIT`|Limits the output with specified number of incidents| +|`--offset OFFSET`|Offset for pagination| +|`--order-by [ORDER_BY ...]`|List of fields to sort the results by| +|`--by-type {ip,country}`|Filters output by item tipe [country | ip]| +|`--json`|Returns data in JSON format| + +:::tip +Note that by default `list` command outputs only first 100 items in the list as if it was run as `imunify360-agent ip-list local list --limit 100`. +::: + +### Blacklist + +This command allows you to view or edit actual IPs in the Black List. + +**Usage:** + +``` +imunify360-agent ip-list local [command] --purpose drop [--options] +``` + +`command` is a positional argument and can be: + +| | | +|-|-| +|`add`|Add item(-s) from local ip-list| +|`delete`|Remove item(-s) from local ip-list| +|`list`|List item(-s) in local ip-list| + +`options` is a second positional argument and can be: + +| | | +|-|-| +|`--purpose {white,drop,captcha}`|IP List purpose can be `white` - do not block these IPs.
`drop` - deny access on the network level (DROP packets via iptables, and respond with 403 on web ports even when the request comes through a proxy).
`captcha` - deny access on the network level for all non-web ports, show a Splash Screen challenge page on web ports.
`splashscreen` - check the visitor's browser before allowing access to websites.| +|`--expiration EXPIRATION`|Allows specifying expiration time for the listed IP (in seconds since epoch)| +|`-comment COMMENT`|Allows to add comment to the item| +|`--scope {local,group}`|Allows to set the scope to Global/Local. Accepts two values local (a default value, means "add IP on this server only") and group (means "add IP for the whole group in which this server is").| +|`--json`|Returns data in JSON format| + +**Examples:** + +* The following command lists IP addresses added to the Black List: +``` +imunify360-agent ip-list local list --purpose drop +``` + +* The following command adds IP 1.2.3.4 to the Black List with a comment “one bad IP”: +``` +imunify360-agent ip-list local add --purpose drop 1.2.3.4 --comment "one bad IP" +OK +``` + +* To check whether specific IP address is in the list, you can run the following command (where 12.34.56.78 is that specific IP address): +``` +imunify360-agent ip-list local list --by-ip 12.34.56.78 +``` + +* The following command returns a list of IPs in the Black List which are from Bolivia ([visit here](https://countrycode.org/) for other country codes): +``` +imunify360-agent ip-list local list --by-country-code BO +``` + +* The following command adds an IP 1.2.3.4 to the Black List and sets the scope to group: +``` +imunify360-agent ip-list local add --purpose drop 1.2.3.4 --scope group +OK +``` + +* To blacklist multiple IP addresses, put them into a file and add to the black list as follows: +``` +cat list.txt | xargs -n 1 imunify360-agent ip-list local add --purpose drop +``` + +The alternative would be using the [external white/black list feature](/features/#external-black-whitelist-management). + +* For the following example, the old blacklist command syntax is used. This command adds Bolivia to the Black List (available commands `blacklist country add`/`delete`/`edit`/`list`): +``` +imunify360-agent blacklist country add BO +OK +``` + +:::tip Note +If an IP address has been added to the blacklist on a group of servers, it is enough to remove it from the blacklist on one of the servers, and it will be removed from the blacklist on all servers in the group. +::: + +:::warning Warning +For now, ipset supports only IPv6/64 networks. In most cases, it is enough to specify the mask `/64`. An example of a proper IPv6 address with the subnet mask: `2001:db8:abcd:0012::0/64`. +::: + +### Graylist + +This command allows to view or edit IP Gray List. + +**Usage:** + +``` +imunify360-agent ip-list local [command] --purpose captcha [--options] +``` + +`command` is a positional argument and can be: + +| | | +|-|-| +|`delete`|Remove item(-s) from local ip-list| +|`list`|List item(-s) in local ip-list| + +`options` is a second positional argument and can be: + +| | | +|-|-| +|`--purpose {white,drop,captcha}`|IP List purpose can be `white` - do not block these IPs.
`drop` - deny access on the network level (DROP packets via iptables, and respond with 403 on web ports even when the request comes through a proxy).
`captcha` - deny access on the network level for all non-web ports, show a Splash Screen challenge page on web ports.
`splashscreen` - check the visitor's browser before allowing access to websites.| +|`--expiration EXPIRATION`|Allows specifying expiration time for the listed IP (in seconds since epoch)| +|`-comment COMMENT`|Allows to add comment to the item| +|`--scope {local,group}`|Allows to set the scope to Global/Local. Accepts two values local (a default value, means "add IP on this server only") and group (means "add IP for the whole group in which this server is").| +|`--json`|Returns data in JSON format| + +Note that by default `list` command outputs only first 100 items in the list as if it was run as +``` +imunify360-agent ip-list local list --purpose captcha --limit 100 +``` +or +``` +imunify360-agent ip-list local list --purpose splashscreen –limit 100 +``` + +**Example**: + +* To check whether specific IP address is in the list, you can run the following command: +``` +imunify360-agent ip-list local list --purpose captcha --by-ip 12.34.56.78 +``` + +* The following command will remove IP `1.2.3.4` from the Gray List: +``` +imunify360-agent ip-list local delete --purpose captcha 12.34.56.78 +``` + +### Whitelist + +This command allows to view or edit actual IPs and domains in the White List. + +**Usage:** + +``` +imunify360-agent ip-list local [command] --purpose white [--options] +``` + +`command` is a positional argument and can be: + +| | | +|-|-| +|`add`|Add item(-s) from local ip-list| +|`delete`|Remove item(-s) from local ip-list| +|`list`|List item(-s) in local ip-list| + +`options` is a second positional argument and can be: + +| | | +|-|-| +|`--purpose {white,drop,captcha}`|IP List purpose can be `white` - do not block these IPs.
`drop` - deny access on the network level (DROP packets via iptables, and respond with 403 on web ports even when the request comes through a proxy).
`captcha` - deny access on the network level for all non-web ports, show a Splash Screen challenge page on web ports.
`splashscreen` - check the visitor's browser before allowing access to websites.| +|`--expiration EXPIRATION`|Allows specifying expiration time for the listed IP (in seconds since epoch)| +|`-comment COMMENT`|Allows to add comment to the item| +|`--scope {local,group}`|Allows to set the scope to Global/Local. Accepts two values local (a default value, means "add IP on this server only") and group (means "add IP for the whole group in which this server is").| +|`--full-access`|Only for the `add` command. Allows to grant full access to the IP or subnet ignoring the rules in Blocked ports.| +|`--no-full-access`|Only for the `add` command. Allows to remove full access of the IP or subnet.| +|`--json`|Returns data in JSON format| + +**Examples:** + +* The following commands adds IP 1.2.3.4 to the White List with a comment “one good ip”: +``` +imunify360-agent ip-list local add --purpose white 11.22.33.44 --comment "one good IP" +OK +``` + +* To check whether specific IP address is in the list, you can run the following command (where 11.22.33.44 is that specific IP address): + +``` +imunify360-agent ip-list local list --purpose white --by-ip 11.22.33.44 +AUTO_WHITELISTED COMMENT COUNTRY CTIME DEEP EXPIRATION FULL_ACCESS IMPORTED_FROM IP MANUAL NETMASK NETWORK_ADDRESS PURPOSE SCOPE VERSION +False one good IP US 1715940270 None 0 None None 11.22.33.44 True 4294967295 185999660 white local 4 +``` + +* The following command returns a list of IPs in the White List which are from United States: +``` +imunify360-agent ip-list local list --by-country-code US +``` + +* The following command adds an IP 1.2.3.4 to the White List and sets the scope to group: +``` +imunify360-agent ip-list local add --purpose white 1.2.3.4 --scope group +OK +``` + +* To whitelist multiple IP addresses, put them into a file and add to the white list as follows: + +``` +cat list.txt | xargs -n 1 imunify360-agent ip-list local add --purpose white +``` + +The alternative would be using the [external white/black list feature](https://docs.imunify360.com/features/#external-black-whitelist-management). + +* For the following example, the old whitelist command syntax is used: + * The following command adds Bolivia to the White List (available commands `whitelist country add`/`delete`/`edit`/`list`): +``` +imunify360-agent whitelist country add BO +OK +``` + + * The following command adds domain with a name example.com to the White List (available commands: `add`/`delete`/`list`/`reset-to`): + +``` +imunify360-agent whitelist domain add example.com +OK +``` + ## Login @@ -2409,181 +2498,6 @@ imunify360-agent version [--json] -## Whitelist - -This command allows to view or edit actual IPs and domains in the White List. - -**Usage:** - -
- -``` -imunify360-agent whitelist [subject] [command] [--option] -``` - -
- -`subject` is a positional argument and can be: - -| | | -|-|-| -|`ip`|Allows to manipulate with IPs in the White List.| -|`domain`|Allows to manipulate with domains in the White List.| -|`country`|Allows to manipulate with countries in the White List.| - -:::warning Note -A domain whitelisting will affect only greylisted IPs. It will not affect ModSecurity rules and blacklisted IPs. -::: - -`command` is a second positional argument and can be: - -| | | -|-|-| -|`add`|Add item(-s) to the White List.| -|`delete`|Remove item(-s) from the White List.| -|`move`|Move item(-s) to the White List.| -|`edit`|Edit TTL, comment and other parameters of the Whitelisted item.| -|`list`|List items(-s) in the White List.| -|`reset-to`|Replace whitelisted domains list with a new list.| - -Please note that by default `list` command outputs only first 100 items in the list as if it was run as `imunify360-agent whitelist ip list --limit 100`. -To check whether specific IP address is in the list, you can run the following command: - -
- -``` -imunify360-agent whitelist ip list --by-ip 12.34.56.78 -``` - -
- -where `12.34.56.78` is that specific IP address. - -`value` is an item to manipulate with. It can be IP itself or a country code (find the necessary country codes in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_CIDR_blocks) in ISO ALPHA-2 CODE column), or a domain name. - -`option` can be one or few of the optional arguments from the table above and one more: - -| | | -|-|-| -|`--comment`|Allows to add a comment to the item.| -|`--full-access`|Only for `move` and `edit` commands.
Allows to grant full access to the IP or subnet ignoring the rules in Blocked ports.| -|`--no-full-access`|Only for `move` and `edit` commands.
Allows to remove full access of the IP or subnet.| -|`--expiration`|Allows specifying TTL for the whitelisted IP (in seconds since epoch).| -|`--scope`|Allows to set the scope to _Global/Local_. Accepts two values: `local` (a default value, means "add IP on this server only") and `group` (means "add IP for the whole group in which this server is").| - -**Examples:** - -1. The following commands adds IP `1.2.3.4` to the White List with a comment “one good ip”: - -
- - ``` - imunify360-agent whitelist ip add 1.2.3.4 --comment "one good ip" - OK - ``` - -
- -2. The following command returns a list of IPs in the White List which are from Bolivia: - -
- - ``` - imunify360-agent whitelist --by-country-code BO - ``` - -
- -3. The following command adds domain with a name `example.com` to the White List: - -
- - ``` - imunify360-agent whitelist domain add example.com - OK - ``` - -
- -4. The following command checks domains in the White List: - -
- - ``` - imunify360-agent whitelist domain list - OK - ``` - -
- -5. The following command adds an IP 1.2.3.4 to the White List and sets the scope to `group`: - -
- - ``` - imunify360-agent whitelist ip add 1.2.3.4 --scope group - OK - ``` - -
- -6. The following command adds Bolivia to the White List: - -
- - ``` - imunify360-agent whitelist country add BO - OK - ``` - -
- -7. The `--json` key can be used to get additional details about the IP address. For example, whether it has full access on the server or has just been added to a whitelist: - -
- - ``` - imunify360-agent whitelist ip list --by-ip 1.2.3.4 -v --json - ... - { - "auto_whitelisted": false, - "comment": "Manually added on 2022-09-05 05:16:54", - "country": { - "code": "US", - "id": "1234001", - "name": "United States" - }, - "ctime": 1662355015, - "deep": null, - "expiration": 0, - "full_access": true, - "imported_from": null, - "ip": "1.2.3.4", - "listname": "WHITE", - "manual": true, - "netmask": 1234967295, - "network_address": 123495478, - "scope": "local", - "version": 4 - } - ... - ``` - -
- -To whitelist multiple IP addresses, put them into a file and add to the white list as follows: - -
- -``` -cat list.txt | xargs -n 1 imunify360-agent whitelist ip add -``` - -
- -The alternative would be using the [external white/black list feature](/features/#external-black-whitelist-management). - - ## Whitelisted crawlers