Difference between revisions of "Main Page"

From Wiki.onotech.org
Jump to: navigation, search
(cPHulk)
(command line)
Line 71: Line 71:
 
  /usr/local/cpanel/etc/init/stopcphulkd
 
  /usr/local/cpanel/etc/init/stopcphulkd
 
  /usr/local/cpanel/bin/cphulk_pam_ctl --disable
 
  /usr/local/cpanel/bin/cphulk_pam_ctl --disable
 +
 +
 +
==Host Access Control==
 +
GUI in WHM (along with syntax/instructions):
 +
Main >> Security Center >> Host Access Control
 +
 +
or edit the file directly:
 +
/etc/hosts.allow
 +
 +
keep in mind that there is
 +
/etc/hosts.deny
 +
 +
which WHM does not not touch, but this is another place IPs can be manually blocked

Revision as of 18:36, 1 October 2017

MediaWiki has been installed.

Consult the User's Guide for information on using the wiki software.

Wiki

Firewalls/Blocked IPs

APF

Blacklist

vim /etc/apf/deny_hosts.rules 

Whitelist

vim /etc/apf/allow_hosts.rules 

Config file

vim /etc/apf/conf.apf 

Restart

/etc/init.d/apf restart 

Flush IP Tables

iptables -F

CSF

Use CSF to grep the current rules for an IP

csf -g ip.add.re.ss

CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line:

csf -i ip.add.re.ss

Blacklist

vim /etc/csf/csf.deny 

Whitelist

vim /etc/csf/csf.allow 

Restart (both CSF and LFD)

csf -ra 

Configuration

vim /etc/csf/csf.conf 

login failure log

/var/log/lfd.log 

Fun output, IP address and the LFD trigger that got it blocked:

grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D' 


looks like

118.98.66.56    ==blocked for==> [LF_SMTPAUTH]
92.38.233.191   ==blocked for==> [LF_SSHD]
104.167.104.147 ==blocked for==> [LF_SSHD]
73.179.232.255  ==blocked for==> [LF_CPANEL]
118.163.76.38   ==blocked for==> [LF_SMTPAUTH]


cPHulk

Brute Force Protection deny/allow list edited through WHM

 Main >> Security Center >> cPHulk Brute Force Protection 

command line

Is it running?

/usr/local/cpanel/scripts/restartsrv_cphulkd --status 

stop and disable it

/usr/local/cpanel/etc/init/stopcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl --disable


Host Access Control

GUI in WHM (along with syntax/instructions):

Main >> Security Center >> Host Access Control

or edit the file directly:

/etc/hosts.allow 

keep in mind that there is

/etc/hosts.deny 

which WHM does not not touch, but this is another place IPs can be manually blocked