Sindbad~EG File Manager
| Current Path : /opt/dedrads/ |
|
|
| Current File : //opt/dedrads/allfw |
#!/bin/bash
#created by tylern
#todo factor in iptables-legacy for g4 and newer dedis.
set -euo pipefail
# Colors
GREEN='\033[0;32m'
NC='\033[0m' # No Color
RED='\033[0;31m'
YELLOW='\033[0;33m'
# Verify this is a cPanel server (allow help to run regardless)
if [[ ! -d /usr/local/cpanel ]]; then
if [[ "${1:-}" != "-h" && "${1:-}" != "--help" && "${1:-}" != "help" ]]; then
echo -e "${RED}Error: This script requires cPanel. /usr/local/cpanel not found.${NC}" >&2
exit 1
fi
fi
is_valid_ip() {
local ip="$1"
# IPv4 or IPv4/CIDR
if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?$ ]]; then
return 0
fi
return 1
}
allow_ip() {
if [[ -z "${1:-}" ]]; then
echo -e "${RED}Error: No IP address provided${NC}"
return 1
fi
if ! is_valid_ip "$1"; then
echo -e "${RED}Error: Invalid IP address format: $1${NC}"
return 1
fi
echo -e "\n${GREEN}Whitelisting $1 in.....${NC}"
#see https://api.docs.cpanel.net/openapi/whm/operation/flush_cphulk_login_history_for_ips/
echo -e "\n${GREEN}...Cphulk Firewall${NC}"
whmapi1 flush_cphulk_login_history_for_ips ip="$1" 2>/dev/null || true
/scripts/cphulkdwhitelist "$1" 2>/dev/null || true
if [[ -f /etc/csf/csf.conf ]]; then
echo -e "\n${GREEN}...CSF${NC}"
csf -a "$1" 2>/dev/null || true
else
echo -e "\n${GREEN}...APF${NC}"
apf -a "$1" 2>/dev/null || true
fi
#imunify blocks
#https://docs.imunify360.com/command_line_interface/#whitelist
if [[ -d /etc/imunify360/ ]]; then
echo -e "\n${GREEN}...Imunify360${NC}"
imunify360-agent whitelist ip add "$1" 2>/dev/null || true
fi
}
deny_ip() {
if [[ -z "${1:-}" ]]; then
echo -e "${RED}Error: No IP address provided${NC}"
return 1
fi
if ! is_valid_ip "$1"; then
echo -e "${RED}Error: Invalid IP address format: $1${NC}"
return 1
fi
echo -e "\n${RED}Blacklisting $1 in.....${NC}"
#see https://api.docs.cpanel.net/openapi/whm/operation/flush_cphulk_login_history_for_ips/
echo -e "\n${RED}...Cphulk Firewall${NC}"
whmapi1 flush_cphulk_login_history_for_ips ip="$1" 2>/dev/null || true
/scripts/cphulkdblacklist "$1" 2>/dev/null | grep -F "$1" || true
if [[ -f /etc/csf/csf.conf ]]; then
echo -e "\n${RED}...CSF${NC}"
csf -d "$1" 2>/dev/null || true
else
echo -e "\n${RED}...APF${NC}"
apf -d "$1" 2>/dev/null || true
fi
#imunify blocks
#https://docs.imunify360.com/command_line_interface/#blacklist
if [[ -d /etc/imunify360/ ]]; then
echo -e "\n${RED}...Imunify360${NC}"
imunify360-agent blacklist ip add "$1" 2>/dev/null || true
fi
}
view_ip() {
if [[ -z "${1:-}" ]]; then
echo -e "${RED}Error: No IP address provided${NC}"
return 1
fi
if ! is_valid_ip "$1"; then
echo -e "${RED}Error: Invalid IP address format: $1${NC}"
return 1
fi
echo -e "\n${YELLOW}Looking for $1 in.....${NC}\n"
#https://api.docs.cpanel.net/openapi/whm/operation/read_cphulk_records/
echo -e "\n${YELLOW}cPHulk Blacklist${NC}"
whmapi1 read_cphulk_records list_name='black' 2>/dev/null | grep -F "$1" || true
echo -e "\n${YELLOW}cPHulk Whitelist${NC}"
whmapi1 read_cphulk_records list_name='white' 2>/dev/null | grep -F "$1" || true
echo -e "\n${YELLOW}Fail2ban${NC}"
[[ -f /var/log/fail2ban.log ]] && grep -F "$1" /var/log/fail2ban.log | tail -n2 || true
echo -e "\n${YELLOW}SSH/FTP${NC}"
[[ -f /var/log/messages ]] && grep -F "$1" /var/log/messages | tail -n2 || true
[[ -f /var/log/secure ]] && grep -F "$1" /var/log/secure | tail -n2 || true
echo -e "\n${YELLOW}LFD${NC}"
[[ -f /var/log/lfd.log ]] && grep -F "$1" /var/log/lfd.log | tail -n2 || true
echo -e "\n${YELLOW}Email Logins${NC}"
[[ -f /var/log/maillog ]] && grep -F "$1" /var/log/maillog | grep 'auth failed' | tail -n2 || true
#failing exim
[[ -f /var/log/exim_mainlog ]] && grep -F "$1" /var/log/exim_mainlog | grep 'authenticator failed' | tail -n2 || true
#Modsec blocks
echo -e "\n${YELLOW}ModSecurity${NC}"
[[ -f /usr/local/apache/logs/error_log ]] && grep -F "$1" /usr/local/apache/logs/error_log | grep -E 'id "(13052|13051|13504|90334)"' | tail -n2 || true
#cPanel blocks
echo -e "\n${YELLOW}cPanel${NC}"
for logfile in /usr/local/cpanel/logs/access_log /usr/local/cpanel/logs/login_log /usr/local/cpanel/logs/error_log; do
[[ -f "$logfile" ]] && grep -F "$1" "$logfile" | grep "FAILED LOGIN" | tail -n2 || true
done
#apf/csf logs, requires root
echo -e "\n${YELLOW}CSF/APF${NC}"
grep -F "$1" /etc/*/*allow* /etc/*/*deny* 2>/dev/null | tail -n2 || true
echo -e "\n${YELLOW}iptables${NC}"
iptables -L -n 2>/dev/null | grep -F "$1" || true
}
show_help() {
cat << 'EOF'
allfw - Unified firewall management for cPanel servers
USAGE
allfw <command> <ip_address>
COMMANDS
allow <IP> Whitelist an IP across all firewalls (CSF/APF, cPHulk, Imunify360)
deny <IP> Blacklist an IP across all firewalls
view <IP> Search logs to find why an IP was blocked (read-only)
EXAMPLES
allfw allow 192.168.1.100
allfw deny 10.0.0.50
allfw view 203.0.113.25
LOGS SEARCHED (view command)
cPHulk: whmapi1 read_cphulk_records
Fail2Ban: /var/log/fail2ban.log
SSH/FTP: /var/log/messages, /var/log/secure
LFD: /var/log/lfd.log
Email: /var/log/maillog
Exim: /var/log/exim_mainlog
ModSecurity: /usr/local/apache/logs/error_log
cPanel: /usr/local/cpanel/logs/login_log
CSF/APF: /etc/*/*allow*, /etc/*/*deny*
DOCUMENTATION
CSF: https://support.cpanel.net/hc/en-us/articles/360058211754
cPHulk: https://docs.cpanel.net/knowledge-base/security/cphulk-management-on-the-command-line/
Imunify: https://docs.imunify360.com/command_line_interface/#whitelist
EOF
}
case "${1:-}" in
allow)
allow_ip "${2:-}"
;;
view)
view_ip "${2:-}"
;;
deny)
deny_ip "${2:-}"
;;
-h|--help|help|*)
show_help
;;
esac
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists