/usr/src/csf
#!/usr/bin/perl ############################################################################### # Copyright 2006-2023, Way to the Web Limited # URL: http://www.configserver.com # Email: sales@waytotheweb.com ############################################################################### ## no critic (ProhibitBarewordFileHandles, ProhibitExplicitReturnUndef, ProhibitMixedBooleanOperators, RequireBriefOpen) # start main use strict; use IPC::Open3; umask(0177); our ($return, $fatal, $error); $fatal = 0; $error = 0; #my @modules = ("ip_tables","ipt_state","ipt_multiport","iptable_filter","ipt_limit","ipt_LOG","ipt_REJECT","ipt_conntrack","ip_conntrack","ip_conntrack_ftp","iptable_mangle","ip_tables","xt_state","xt_multiport","iptable_filter","xt_limit","ipt_LOG","ipt_REJECT","ip_conntrack_ftp","iptable_mangle","xt_conntrack"); #push @modules,"ipt_owner"; #push @modules,"xt_owner"; #push @modules,"ipt_REDIRECT"; #push @modules,"iptable_nat"; #push @modules,"ipt_recent ip_list_tot=1000 ip_list_hash_size=0"; #foreach my $module (@modules) {&loadmodule($module)} print "Testing ip_tables/iptable_filter..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp --dport 9999 -j ACCEPT"); if ($return ne "") { print "FAILED [FATAL Error: $return] - Required for csf to function\n"; $fatal++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp --dport 9999 -j ACCEPT"); } print "Testing ipt_LOG..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp --dport 9999 -j LOG"); if ($return ne "") { print "FAILED [FATAL Error: $return] - Required for csf to function\n"; $fatal++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp --dport 9999 -j LOG"); } print "Testing ipt_multiport/xt_multiport..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp -m multiport --dports 9998,9999 -j LOG"); if ($return ne "") { print "FAILED [FATAL Error: $return] - Required for csf to function\n"; $fatal++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp -m multiport --dports 9998,9999 -j LOG"); } print "Testing ipt_REJECT..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp --dport 9999 -j REJECT"); if ($return ne "") { print "FAILED [FATAL Error: $return] - Required for csf to function\n"; $fatal++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp --dport 9999 -j REJECT"); } print "Testing ipt_state/xt_state..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp --dport 9999 -m state --state NEW -j LOG"); if ($return ne "") { print "FAILED [FATAL Error: $return] - Required for csf to function\n"; $fatal++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp --dport 9999 -m state --state NEW -j LOG"); } print "Testing ipt_limit/xt_limit..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp --dport 9999 -m limit --limit 30/m --limit-burst 5 -j LOG"); if ($return ne "") { print "FAILED [FATAL Error: $return] - Required for csf to function\n"; $fatal++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp --dport 9999 -m limit --limit 30/m --limit-burst 5 -j LOG"); } print "Testing ipt_recent..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp --dport 9999 -m recent --set"); if ($return ne "") { print "FAILED [Error: $return] - Required for PORTFLOOD and PORTKNOCKING features\n"; $error++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp --dport 9999 -m recent --set"); } print "Testing xt_connlimit..."; $return = &testiptables("/sbin/iptables -I INPUT -p tcp --dport 9999 -m connlimit --connlimit-above 100 -j REJECT --reject-with tcp-reset"); if ($return ne "") { print "FAILED [Error: $return] - Required for CONNLIMIT feature\n"; $error++; } else { print "OK\n"; &testiptables("/sbin/iptables -D INPUT -p tcp --dport 9999 -m connlimit --connlimit-above 100 -j REJECT --reject-with tcp-reset"); } print "Testing ipt_owner/xt_owner..."; $return = &testiptables("/sbin/iptables -I OUTPUT -p tcp --dport 9999 -m owner --uid-owner 0 -j LOG"); if ($return ne "") { print "FAILED [Error: $return] - Required for SMTP_BLOCK and UID/GID blocking features\n"; $error++; } else { print "OK\n"; &testiptables("/sbin/iptables -D OUTPUT -p tcp --dport 9999 -m owner --uid-owner 0 -j LOG"); } print "Testing iptable_nat/ipt_REDIRECT..."; $return = &testiptables("/sbin/iptables -t nat -I OUTPUT -p tcp --dport 9999 -j REDIRECT --to-ports 9900"); if ($return ne "") { print "FAILED [Error: $return] - Required for MESSENGER feature\n"; $error++; } else { print "OK\n"; &testiptables("/sbin/iptables -t nat -D OUTPUT -p tcp --dport 9999 -j REDIRECT --to-ports 9900"); } print "Testing iptable_nat/ipt_DNAT..."; $return = &testiptables("/sbin/iptables -t nat -I PREROUTING -p tcp --dport 9999 -j DNAT --to-destination 192.168.254.1"); if ($return ne "") { print "FAILED [Error: $return] - Required for csf.redirect feature\n"; $error++; } else { print "OK\n"; &testiptables("/sbin/iptables -t nat -D PREROUTING -p tcp --dport 9999 -j DNAT --to-destination 192.168.254.1"); } if ($fatal) {print "\nRESULT: csf will not function on this server due to FATAL errors from missing modules [$fatal]\n"} elsif ($error) {print "\nRESULT: csf will function on this server but some features will not work due to some missing iptables modules [$error]\n"} else {print "\nRESULT: csf should function on this server\n"} sub testiptables { my $command = shift; my ($childin, $childout); my $cmdpid = open3($childin, $childout, $childout, $command); my @ipdata = <$childout>; waitpid ($cmdpid, 0); chomp @ipdata; return $ipdata[0]; } sub loadmodule { my $module = shift; my @output; eval { local $SIG{__DIE__} = undef; local $SIG{'ALRM'} = sub {die}; alarm(5); my ($childin, $childout); my $pid = open3($childin, $childout, $childout, "modprobe $module"); @output = <$childout>; waitpid ($pid, 0); alarm(0); }; alarm(0); return @output; }
.
Edit
..
Edit
.gitattributes
Edit
ConfigServer
Edit
Crypt
Edit
HTTP
Edit
JSON
Edit
Module
Edit
Net
Edit
accounttracking.txt
Edit
alert.txt
Edit
apache.http.txt
Edit
apache.https.txt
Edit
apache.main.txt
Edit
apf_stub.pl
Edit
auto.cwp.pl
Edit
auto.cyberpanel.pl
Edit
auto.directadmin.pl
Edit
auto.generic.pl
Edit
auto.interworx.pl
Edit
auto.pl
Edit
auto.vesta.pl
Edit
changelog.txt
Edit
connectiontracking.txt
Edit
consolealert.txt
Edit
cpanel
Edit
cpanel.allow
Edit
cpanel.comodo.allow
Edit
cpanel.comodo.ignore
Edit
cpanel.ignore
Edit
cpanelalert.txt
Edit
csf
Edit
csf.1.txt
Edit
csf.allow
Edit
csf.blocklists
Edit
csf.c
Edit
csf.cloudflare
Edit
csf.conf
Edit
csf.cwp.allow
Edit
csf.cwp.conf
Edit
csf.cwp.ignore
Edit
csf.cwp.pignore
Edit
csf.cyberpanel.allow
Edit
csf.cyberpanel.conf
Edit
csf.cyberpanel.ignore
Edit
csf.cyberpanel.pignore
Edit
csf.deny
Edit
csf.directadmin.allow
Edit
csf.directadmin.conf
Edit
csf.directadmin.ignore
Edit
csf.directadmin.pignore
Edit
csf.dirwatch
Edit
csf.div
Edit
csf.dyndns
Edit
csf.fignore
Edit
csf.generic.allow
Edit
csf.generic.conf
Edit
csf.generic.ignore
Edit
csf.generic.pignore
Edit
csf.help
Edit
csf.ignore
Edit
csf.interworx.allow
Edit
csf.interworx.conf
Edit
csf.interworx.ignore
Edit
csf.interworx.pignore
Edit
csf.logfiles
Edit
csf.logignore
Edit
csf.mignore
Edit
csf.pignore
Edit
csf.pl
Edit
csf.rblconf
Edit
csf.rbls
Edit
csf.redirect
Edit
csf.resellers
Edit
csf.rignore
Edit
csf.service
Edit
csf.sh
Edit
csf.signore
Edit
csf.sips
Edit
csf.smtpauth
Edit
csf.suignore
Edit
csf.syslogs
Edit
csf.syslogusers
Edit
csf.uidignore
Edit
csf.vesta.allow
Edit
csf.vesta.conf
Edit
csf.vesta.ignore
Edit
csf.vesta.pignore
Edit
csfajaxtail.js
Edit
csfcron.sh
Edit
csftest.pl
Edit
csget.pl
Edit
cwp
Edit
cyberpanel
Edit
da
Edit
downloadservers
Edit
exploitalert.txt
Edit
filealert.txt
Edit
forkbombalert.txt
Edit
install.cpanel.sh
Edit
install.cwp.sh
Edit
install.cyberpanel.sh
Edit
install.directadmin.sh
Edit
install.generic.sh
Edit
install.interworx.sh
Edit
install.sh
Edit
install.txt
Edit
install.vesta.sh
Edit
integrityalert.txt
Edit
interworx
Edit
lfd.logrotate
Edit
lfd.pl
Edit
lfd.service
Edit
lfd.sh
Edit
lfdcron.directadmin.sh
Edit
lfdcron.sh
Edit
license.txt
Edit
litespeed.http.txt
Edit
litespeed.https.txt
Edit
litespeed.main.txt
Edit
loadalert.txt
Edit
logalert.txt
Edit
logfloodalert.txt
Edit
messenger
Edit
migratedata.sh
Edit
modsecipdbalert.txt
Edit
netblock.txt
Edit
os.pl
Edit
perf.sh
Edit
permblock.txt
Edit
portknocking.txt
Edit
portscan.txt
Edit
processtracking.txt
Edit
profiles
Edit
pt_deleted_action.pl
Edit
queuealert.txt
Edit
readme.txt
Edit
recaptcha.txt
Edit
regex.custom.pm
Edit
regex.txt
Edit
relayalert.txt
Edit
remove_apf_bfd.sh
Edit
resalert.txt
Edit
reselleralert.txt
Edit
restricted.txt
Edit
sanity.txt
Edit
scriptalert.txt
Edit
sshalert.txt
Edit
sualert.txt
Edit
sudoalert.txt
Edit
syslogalert.txt
Edit
tracking.txt
Edit
ui
Edit
uialert.txt
Edit
uidscan.txt
Edit
uninstall.cwp.sh
Edit
uninstall.cyberpanel.sh
Edit
uninstall.directadmin.sh
Edit
uninstall.generic.sh
Edit
uninstall.interworx.sh
Edit
uninstall.sh
Edit
uninstall.vesta.sh
Edit
upgrade.txt
Edit
usertracking.txt
Edit
version
Edit
version.txt
Edit
vestacp
Edit
watchalert.txt
Edit
webmin
Edit
webminalert.txt
Edit
x-arf.txt
Edit