Linux server1.hosting4iran.com 4.18.0-553.123.2.el8_10.x86_64 #1 SMP Thu May 7 15:28:41 EDT 2026 x86_64
LiteSpeed
Server IP : 185.208.174.156 & Your IP : 216.73.216.191
Domains : 318 Domain
User : satitravel
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
src /
ConfigServer-Security-Firewall-CSF-main /
Delete
Unzip
Name
Size
Permission
Date
Action
ConfigServer
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
Crypt
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
HTTP
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
JSON
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
Module
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
Net
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
cpanel
[ DIR ]
drwxrwxr-x
2025-12-28 11:53
csf
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
cwp
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
cyberpanel
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
da
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
interworx
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
messenger
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
profiles
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
ui
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
version
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
vestacp
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
webmin
[ DIR ]
drwxrwxr-x
2022-02-28 12:44
.gitattributes
66
B
-rw-rw-r--
2022-02-28 12:44
README.md
6.05
KB
-rw-rw-r--
2022-02-28 12:44
accounttracking.txt
124
B
-rw-rw-r--
2022-02-28 12:44
alert.txt
181
B
-rw-rw-r--
2022-02-28 12:44
apache.http.txt
770
B
-rw-rw-r--
2022-02-28 12:44
apache.https.txt
1
KB
-rw-rw-r--
2022-02-28 12:44
apache.main.txt
0
B
-rw-rw-r--
2022-02-28 12:44
apf_stub.pl
976
B
-rwxrwxr-x
2022-02-28 12:44
auto.cwp.pl
15.01
KB
-rwxrwxr-x
2022-02-28 12:44
auto.cyberpanel.pl
14.56
KB
-rwxrwxr-x
2022-02-28 12:44
auto.directadmin.pl
15.41
KB
-rwxrwxr-x
2022-02-28 12:44
auto.generic.pl
14.56
KB
-rwxrwxr-x
2022-02-28 12:44
auto.interworx.pl
14.56
KB
-rwxrwxr-x
2022-02-28 12:44
auto.pl
31.76
KB
-rwx------
2025-12-28 11:53
auto.vesta.pl
15.07
KB
-rwxrwxr-x
2022-02-28 12:44
changelog.txt
219.96
KB
-rw-rw-r--
2022-02-28 12:44
connectiontracking.txt
192
B
-rw-rw-r--
2022-02-28 12:44
consolealert.txt
76
B
-rw-rw-r--
2022-02-28 12:44
cpanel.allow
3.76
KB
-rw-rw-r--
2022-02-28 12:44
cpanel.comodo.allow
1.84
KB
-rw-rw-r--
2022-02-28 12:44
cpanel.comodo.ignore
1.02
KB
-rw-rw-r--
2022-02-28 12:44
cpanel.ignore
958
B
-rw-rw-r--
2022-02-28 12:44
cpanelalert.txt
136
B
-rw-rw-r--
2022-02-28 12:44
csf.1.txt
7.7
KB
-rw-rw-r--
2022-02-28 12:44
csf.allow
891
B
-rw-rw-r--
2022-02-28 12:44
csf.blocklists
4.42
KB
-rw-rw-r--
2022-02-28 12:44
csf.c
1.53
KB
-rw-rw-r--
2022-02-28 12:44
csf.cloudflare
1.65
KB
-rw-rw-r--
2022-02-28 12:44
csf.conf
115.42
KB
-rw-rw-r--
2022-02-28 12:44
csf.cwp.allow
814
B
-rw-rw-r--
2022-02-28 12:44
csf.cwp.conf
109.38
KB
-rw-rw-r--
2022-02-28 12:44
csf.cwp.ignore
507
B
-rw-rw-r--
2022-02-28 12:44
csf.cwp.pignore
2.99
KB
-rw-rw-r--
2022-02-28 12:44
csf.cyberpanel.allow
814
B
-rw-rw-r--
2022-02-28 12:44
csf.cyberpanel.conf
109.13
KB
-rw-rw-r--
2022-02-28 12:44
csf.cyberpanel.ignore
507
B
-rw-rw-r--
2022-02-28 12:44
csf.cyberpanel.pignore
2.67
KB
-rw-rw-r--
2022-02-28 12:44
csf.deny
812
B
-rw-rw-r--
2022-02-28 12:44
csf.directadmin.allow
814
B
-rw-rw-r--
2022-02-28 12:44
csf.directadmin.conf
111.6
KB
-rw-rw-r--
2022-02-28 12:44
csf.directadmin.ignore
507
B
-rw-rw-r--
2022-02-28 12:44
csf.directadmin.pignore
2.42
KB
-rw-rw-r--
2022-02-28 12:44
csf.dirwatch
636
B
-rw-rw-r--
2022-02-28 12:44
csf.div
12.44
KB
-rw-rw-r--
2022-02-28 12:44
csf.dyndns
939
B
-rw-rw-r--
2022-02-28 12:44
csf.fignore
972
B
-rw-rw-r--
2022-02-28 12:44
csf.generic.allow
814
B
-rw-rw-r--
2022-02-28 12:44
csf.generic.conf
109.08
KB
-rw-rw-r--
2022-02-28 12:44
csf.generic.ignore
507
B
-rw-rw-r--
2022-02-28 12:44
csf.generic.pignore
1.96
KB
-rw-rw-r--
2022-02-28 12:44
csf.help
7.72
KB
-rw-rw-r--
2025-12-28 11:53
csf.ignore
577
B
-rw-rw-r--
2022-02-28 12:44
csf.interworx.allow
814
B
-rw-rw-r--
2022-02-28 12:44
csf.interworx.conf
109.42
KB
-rw-rw-r--
2022-02-28 12:44
csf.interworx.ignore
507
B
-rw-rw-r--
2022-02-28 12:44
csf.interworx.pignore
2.54
KB
-rw-rw-r--
2022-02-28 12:44
csf.logfiles
856
B
-rw-rw-r--
2022-02-28 12:44
csf.logignore
3.96
KB
-rw-rw-r--
2022-02-28 12:44
csf.mignore
408
B
-rw-rw-r--
2022-02-28 12:44
csf.pignore
4.86
KB
-rw-rw-r--
2022-02-28 12:44
csf.pl
244.3
KB
-rwx------
2025-12-28 11:53
csf.rblconf
747
B
-rw-rw-r--
2022-02-28 12:44
csf.rbls
1.82
KB
-rw-rw-r--
2022-02-28 12:44
csf.redirect
1.12
KB
-rw-rw-r--
2022-02-28 12:44
csf.resellers
2.1
KB
-rw-rw-r--
2022-02-28 12:44
csf.rignore
1.58
KB
-rw-rw-r--
2022-02-28 12:44
csf.service
270
B
-rw-rw-r--
2022-02-28 12:44
csf.sh
1.89
KB
-rwxrwxr-x
2022-02-28 12:44
csf.signore
413
B
-rw-rw-r--
2022-02-28 12:44
csf.sips
510
B
-rw-rw-r--
2022-02-28 12:44
csf.smtpauth
660
B
-rw-rw-r--
2022-02-28 12:44
csf.suignore
368
B
-rw-rw-r--
2022-02-28 12:44
csf.syslogs
2.16
KB
-rw-rw-r--
2022-02-28 12:44
csf.syslogusers
1.33
KB
-rw-rw-r--
2022-02-28 12:44
csf.uidignore
457
B
-rw-rw-r--
2022-02-28 12:44
csf.vesta.allow
814
B
-rw-rw-r--
2022-02-28 12:44
csf.vesta.conf
109.29
KB
-rw-rw-r--
2022-02-28 12:44
csf.vesta.ignore
507
B
-rw-rw-r--
2022-02-28 12:44
csf.vesta.pignore
3.05
KB
-rw-rw-r--
2022-02-28 12:44
csfajaxtail.js
3.82
KB
-rw-rw-r--
2022-02-28 12:44
csfcron.sh
14
B
-rwxrwxr-x
2022-02-28 12:44
csftest.pl
5.87
KB
-rwxrwxr-x
2025-12-28 11:53
csget.pl
3.24
KB
-rwxrwxr-x
2022-02-28 12:44
downloadservers
53
B
-rw-rw-r--
2022-02-28 12:44
exploitalert.txt
129
B
-rw-rw-r--
2022-02-28 12:44
filealert.txt
151
B
-rw-rw-r--
2022-02-28 12:44
forkbombalert.txt
132
B
-rw-rw-r--
2022-02-28 12:44
install.cpanel.sh
18.94
KB
-rwxrwxr-x
2022-02-28 12:44
install.cwp.sh
17.06
KB
-rwxrwxr-x
2022-02-28 12:44
install.cyberpanel.sh
16.93
KB
-rwxrwxr-x
2022-02-28 12:44
install.directadmin.sh
16.39
KB
-rwxrwxr-x
2022-02-28 12:44
install.generic.sh
15.62
KB
-rwxrwxr-x
2022-02-28 12:44
install.interworx.sh
16.85
KB
-rwxrwxr-x
2022-02-28 12:44
install.sh
1.05
KB
-rwxrwxr-x
2022-02-28 12:44
install.txt
2.66
KB
-rw-rw-r--
2022-02-28 12:44
install.vesta.sh
15.97
KB
-rwxrwxr-x
2022-02-28 12:44
integrityalert.txt
374
B
-rw-rw-r--
2022-02-28 12:44
lfd.logrotate
172
B
-rw-rw-r--
2022-02-28 12:44
lfd.pl
381.87
KB
-rwx------
2025-12-28 11:53
lfd.service
215
B
-rw-rw-r--
2025-12-28 11:53
lfd.sh
2.13
KB
-rwxrwxr-x
2022-02-28 12:44
lfdcron.directadmin.sh
74
B
-rwxrwxr-x
2022-02-28 12:44
lfdcron.sh
74
B
-rwxrwxr-x
2022-02-28 12:44
license.txt
10.46
KB
-rw-rw-r--
2022-02-28 12:44
litespeed.http.txt
262
B
-rw-rw-r--
2022-02-28 12:44
litespeed.https.txt
1.17
KB
-rw-rw-r--
2022-02-28 12:44
litespeed.main.txt
0
B
-rw-rw-r--
2022-02-28 12:44
loadalert.txt
1.19
KB
-rw-rw-r--
2022-02-28 12:44
logalert.txt
103
B
-rw-rw-r--
2022-02-28 12:44
logfloodalert.txt
101
B
-rw-rw-r--
2022-02-28 12:44
migratedata.sh
8.35
KB
-rwxrwxr-x
2022-02-28 12:44
modsecipdbalert.txt
211
B
-rw-rw-r--
2022-02-28 12:44
netblock.txt
191
B
-rw-rw-r--
2022-02-28 12:44
os.pl
6.96
KB
-rwx------
2025-12-28 11:53
perf.sh
361
B
-rwxrwxr-x
2022-02-28 12:44
permblock.txt
209
B
-rw-rw-r--
2022-02-28 12:44
portknocking.txt
129
B
-rw-rw-r--
2022-02-28 12:44
portscan.txt
175
B
-rw-rw-r--
2022-02-28 12:44
processtracking.txt
391
B
-rw-rw-r--
2022-02-28 12:44
pt_deleted_action.pl
1.11
KB
-rwxrwxr-x
2025-12-28 11:53
queuealert.txt
97
B
-rw-rw-r--
2022-02-28 12:44
readme.txt
66.09
KB
-rw-rw-r--
2022-02-28 12:44
recaptcha.txt
143
B
-rw-rw-r--
2022-02-28 12:44
regex.custom.pm
2.14
KB
-rw-rw-r--
2025-12-28 11:53
regex.txt
13.25
KB
-rw-rw-r--
2022-02-28 12:44
relayalert.txt
196
B
-rw-rw-r--
2022-02-28 12:44
remove_apf_bfd.sh
397
B
-rwxrwxr-x
2022-02-28 12:44
resalert.txt
260
B
-rw-rw-r--
2022-02-28 12:44
reselleralert.txt
181
B
-rw-rw-r--
2022-02-28 12:44
restricted.txt
1.2
KB
-rw-rw-r--
2022-02-28 12:44
sanity.txt
4.93
KB
-rw-rw-r--
2022-02-28 12:44
scriptalert.txt
200
B
-rw-rw-r--
2022-02-28 12:44
sshalert.txt
176
B
-rw-rw-r--
2022-02-28 12:44
sualert.txt
161
B
-rw-rw-r--
2022-02-28 12:44
sudoalert.txt
161
B
-rw-rw-r--
2022-02-28 12:44
syslogalert.txt
194
B
-rw-rw-r--
2022-02-28 12:44
tracking.txt
298
B
-rw-rw-r--
2022-02-28 12:44
uialert.txt
129
B
-rw-rw-r--
2022-02-28 12:44
uidscan.txt
150
B
-rw-rw-r--
2022-02-28 12:44
uninstall.cwp.sh
1.73
KB
-rwxrwxr-x
2022-02-28 12:44
uninstall.cyberpanel.sh
1.94
KB
-rwxrwxr-x
2022-02-28 12:44
uninstall.directadmin.sh
1.64
KB
-rwxrwxr-x
2022-02-28 12:44
uninstall.generic.sh
1.52
KB
-rwxrwxr-x
2022-02-28 12:44
uninstall.interworx.sh
1.85
KB
-rwxrwxr-x
2022-02-28 12:44
uninstall.sh
2.21
KB
-rwxrwxr-x
2022-02-28 12:44
uninstall.vesta.sh
1.68
KB
-rwxrwxr-x
2022-02-28 12:44
upgrade.txt
720
B
-rw-rw-r--
2022-02-28 12:44
usertracking.txt
192
B
-rw-rw-r--
2022-02-28 12:44
version.txt
5
B
-rw-rw-r--
2022-02-28 12:44
watchalert.txt
129
B
-rw-rw-r--
2022-02-28 12:44
webminalert.txt
146
B
-rw-rw-r--
2022-02-28 12:44
x-arf.txt
1.2
KB
-rw-rw-r--
2022-02-28 12:44
Save
Rename
#!/usr/bin/perl ############################################################################### # Copyright 2006-2018, Way to the Web Limited # URL: http://www.configserver.com # Email: sales@waytotheweb.com ############################################################################### ## no critic (ProhibitBarewordFileHandles, ProhibitExplicitReturnUndef, ProhibitMixedBooleanOperators, RequireBriefOpen) use strict; use Fcntl qw(:DEFAULT :flock); use IPC::Open3; umask(0177); our (%config, %configsetting, $vps, $oldversion); $oldversion = $ARGV[0]; open (VERSION, "<","/etc/csf/version.txt"); flock (VERSION, LOCK_SH); my $version = <VERSION>; close (VERSION); chomp $version; $version =~ s/\W/_/g; system("/bin/cp","-avf","/etc/csf/csf.conf","/var/lib/csf/backup/".time."_pre_v${version}_upgrade"); &loadcsfconfig; if (-e "/proc/vz/veinfo") { $vps = 1; } else { open (IN, "<","/proc/self/status"); flock (IN, LOCK_SH); while (my $line = <IN>) { chomp $line; if ($line =~ /^envID:\s*(\d+)\s*$/) { if ($1 > 0) { $vps = 1; last; } } } close (IN); } if (&checkversion("10.11") and !-e "/var/lib/csf/auto1011") { if (-e "/var/lib/csf/stats/lfdstats") { sysopen (STATS,"/var/lib/csf/stats/lfdstats", O_RDWR | O_CREAT); flock (STATS, LOCK_EX); my @stats = <STATS>; chomp @stats; my %ccs; my @line = split(/\,/,$stats[69]); for (my $x = 0; $x < @line; $x+=2) {$ccs{$line[$x]} = $line[$x+1]} $stats[69] = ""; foreach my $key (keys %ccs) {$stats[69] .= "$key,$ccs{$key},"} seek (STATS, 0, 0); truncate (STATS, 0); foreach my $line (@stats) { print STATS "$line\n"; } close (STATS); } open (OUT, ">", "/var/lib/csf/auto1011"); flock (OUT, LOCK_EX); print OUT time; close (OUT); } if (&checkversion("10.23") and !-e "/var/lib/csf/auto1023") { if (-e "/etc/csf/csf.blocklists") { sysopen (IN,"/etc/csf/csf.blocklists", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); my $SPAMDROPV6 = 0; my $STOPFORUMSPAMV6 = 0; foreach my $line (@data) { if ($line =~ /^(\#)?SPAMDROPV6/) {$SPAMDROPV6 = 1} if ($line =~ /^(\#)?STOPFORUMSPAMV6/) {$STOPFORUMSPAMV6 = 1} print IN "$line\n"; } unless ($SPAMDROPV6) { print IN "\n# Spamhaus IPv6 Don't Route Or Peer List (DROPv6)\n"; print IN "# Details: http://www.spamhaus.org/drop/\n"; print IN "#SPAMDROPV6|86400|0|https://www.spamhaus.org/drop/dropv6.txt\n"; } unless ($STOPFORUMSPAMV6) { print IN "\n# Stop Forum Spam IPv6\n"; print IN "# Details: http://www.stopforumspam.com/downloads/\n"; print IN "# Many of the lists available contain a vast number of IP addresses so special\n"; print IN "# care needs to be made when selecting from their lists\n"; print IN "#STOPFORUMSPAMV6|86400|0|http://www.stopforumspam.com/downloads/listed_ip_1_ipv6.zip\n"; } close (IN); } open (OUT, ">", "/var/lib/csf/auto1023"); flock (OUT, LOCK_EX); print OUT time; close (OUT); } if (&checkversion("12.02") and !-e "/var/lib/csf/auto1202") { if (-e "/etc/csf/csf.blocklists") { sysopen (IN,"/etc/csf/csf.blocklists", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /greensnow/) {$line =~ s/http:/https:/g} print IN "$line\n"; } close (IN); } open (OUT, ">", "/var/lib/csf/auto1202"); flock (OUT, LOCK_EX); print OUT time; close (OUT); } if (&checkversion("14.03") and !-e "/var/lib/csf/auto1403") { if (-e "/etc/csf/csf.blocklists") { sysopen (IN,"/etc/csf/csf.blocklists", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /dshield/) {$line =~ s/http:/https:/g} print IN "$line\n"; } close (IN); } } if (-e "/etc/csf/csf.allow") { sysopen (IN,"/etc/csf/csf.allow", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /^Include \/etc\/csf\/cpanel\.comodo\.allow/) {next} print IN "$line\n"; } close (IN); } if (-e "/etc/csf/csf.ignore") { sysopen (IN,"/etc/csf/csf.ignore", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /^Include \/etc\/csf\/cpanel\.comodo\.ignore/) {next} print IN "$line\n"; } close (IN); } if (-e "/usr/local/csf/bin/regex.custom.pm") { sysopen (IN,"/usr/local/csf/bin/regex.custom.pm", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /^use strict;/) {next} print IN "$line\n"; } close (IN); } if (-e "/etc/csf/csf.blocklists") { sysopen (IN,"/etc/csf/csf.blocklists", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /feeds\.dshield\.org/) {$line =~ s/feeds\.dshield\.org/www\.dshield\.org/g} if ($line =~ /openbl\.org/i) {next} if ($line =~ /autoshun/i) {next} print IN "$line\n"; } close (IN); } if (-e "/var/lib/csf/csf.tempban") { sysopen (IN,"/var/lib/csf/csf.tempban", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /^\d+\:/) {$line =~ s/\:/\|/g} print IN "$line\n"; } close (IN); } if (-e "/var/lib/csf/csf.tempallow") { sysopen (IN,"/var/lib/csf/csf.tempallow", O_RDWR | O_CREAT); flock (IN, LOCK_EX); my @data = <IN>; chomp @data; seek (IN, 0, 0); truncate (IN, 0); foreach my $line (@data) { if ($line =~ /^\d+\:/) {$line =~ s/\:/\|/g} print IN "$line\n"; } close (IN); } open (IN,"<", "/usr/local/directadmin/data/admin/services.status"); flock (IN, LOCK_SH); my @chkservd = <IN>; close (IN); chomp @chkservd; if (not grep {$_ =~ /^lfd/} @chkservd) { open (OUT, ">>", "/usr/local/directadmin/data/admin/services.status"); flock (OUT, LOCK_EX); print OUT "lfd=ON\n"; close OUT; } if ($config{TESTING}) { open (IN, "<", "/etc/ssh/sshd_config") or die $!; flock (IN, LOCK_SH) or die $!; my @sshconfig = <IN>; close (IN); chomp @sshconfig; my $sshport = "22"; foreach my $line (@sshconfig) { if ($line =~ /^Port (\d+)/) {$sshport = $1} } $config{TCP_IN} =~ s/\s//g; if ($config{TCP_IN} ne "") { foreach my $port (split(/\,/,$config{TCP_IN})) { if ($port eq $sshport) {$sshport = "22"} } } if ($sshport ne "22") { $config{TCP_IN} .= ",$sshport"; $config{TCP6_IN} .= ",$sshport"; open (IN, "<", "/etc/csf/csf.conf") or die $!; flock (IN, LOCK_SH) or die $!; my @config = <IN>; close (IN); chomp @config; open (OUT, ">", "/etc/csf/csf.conf") or die $!; flock (OUT, LOCK_EX) or die $!; foreach my $line (@config) { if ($line =~ /^TCP6_IN/) { print OUT "TCP6_IN = \"$config{TCP6_IN}\"\n"; print "\n*** SSH port $sshport added to the TCP6_IN port list\n\n"; } elsif ($line =~ /^TCP_IN/) { print OUT "TCP_IN = \"$config{TCP_IN}\"\n"; print "\n*** SSH port $sshport added to the TCP_IN port list\n\n"; } else { print OUT $line."\n"; } } close OUT; &loadcsfconfig; } open (FH, "<", "/proc/sys/kernel/osrelease"); flock (FH, LOCK_SH); my @data = <FH>; close (FH); chomp @data; if ($data[0] =~ /^(\d+)\.(\d+)\.(\d+)/) { my $maj = $1; my $mid = $2; my $min = $3; if ($maj == 3 and $mid > 6) { open (IN, "<", "/etc/csf/csf.conf") or die $!; flock (IN, LOCK_SH) or die $!; my @config = <IN>; close (IN); chomp @config; open (OUT, ">", "/etc/csf/csf.conf") or die $!; flock (OUT, LOCK_EX) or die $!; foreach my $line (@config) { if ($line =~ /^USE_CONNTRACK =/) { print OUT "USE_CONNTRACK = \"1\"\n"; print "\n*** USE_CONNTRACK Enabled\n\n"; } else { print OUT $line."\n"; } } close OUT; &loadcsfconfig; } } my @ipdata; eval { local $SIG{__DIE__} = undef; local $SIG{'ALRM'} = sub {die "alarm\n"}; alarm(3); my ($childin, $childout); my $cmdpid = open3($childin, $childout, $childout, "$config{IPTABLES} --wait -L OUTPUT -nv"); @ipdata = <$childout>; waitpid ($cmdpid, 0); chomp @ipdata; if ($ipdata[0] =~ /# Warning: iptables-legacy tables present/) {shift @ipdata} alarm(0); }; alarm(0); if ($@ ne "alarm\n" and $ipdata[0] =~ /^Chain OUTPUT/) { $config{IPTABLESWAIT} = "--wait"; $config{WAITLOCK} = 1; open (IN, "<", "/etc/csf/csf.conf") or die $!; flock (IN, LOCK_SH) or die $!; my @config = <IN>; close (IN); chomp @config; open (OUT, ">", "/etc/csf/csf.conf") or die $!; flock (OUT, LOCK_EX) or die $!; foreach my $line (@config) { if ($line =~ /WAITLOCK =/) { print OUT "WAITLOCK = \"1\"\n"; } else { print OUT $line."\n"; } } close OUT; &loadcsfconfig; } if (-e $config{IP6TABLES} and !$vps) { my ($childin, $childout); my $cmdpid; if (-e $config{IP}) {$cmdpid = open3($childin, $childout, $childout, $config{IP}, "-oneline", "addr")} elsif (-e $config{IFCONFIG}) {$cmdpid = open3($childin, $childout, $childout, $config{IFCONFIG})} my @ifconfig = <$childout>; waitpid ($cmdpid, 0); chomp @ifconfig; if (grep {$_ =~ /\s*inet6/} @ifconfig) { $config{IPV6} = 1; open (FH, "<", "/proc/sys/kernel/osrelease"); flock (FH, LOCK_SH); my @data = <FH>; close (FH); chomp @data; if ($data[0] =~ /^(\d+)\.(\d+)\.(\d+)/) { my $maj = $1; my $mid = $2; my $min = $3; if (($maj > 2) or (($maj > 1) and ($mid > 6)) or (($maj > 1) and ($mid > 5) and ($min > 19))) { $config{IPV6_SPI} = 1; } else { $config{IPV6_SPI} = 0; } } open (IN, "<", "/etc/csf/csf.conf") or die $!; flock (IN, LOCK_SH) or die $!; my @config = <IN>; close (IN); chomp @config; open (OUT, ">", "/etc/csf/csf.conf") or die $!; flock (OUT, LOCK_EX) or die $!; foreach my $line (@config) { if ($line =~ /^IPV6 =/) { print OUT "IPV6 = \"$config{IPV6}\"\n"; print "\n*** IPV6 Enabled\n\n"; } else { print OUT $line."\n"; } } close OUT; &loadcsfconfig; } } } my $roundcube; if (&checkversion("14.03") and !-e "/var/lib/csf/auto1403") { $roundcube = 1.4; open (my $RC, "<", "/var/www/html/roundcube/program/include/iniset.php"); flock ($RC, LOCK_SH); foreach my $line (<$RC>) { chomp $line; if ($line =~ /define\s*\(\s*'RCMAIL_VERSION'\s*,\s*'([^']*)'/) { $roundcube = $1; last; } } close ($RC); if ($roundcube < 1.4) {$roundcube = 0} else {$roundcube = 1} } open (IN, "<", "csf.directadmin.conf") or die $!; flock (IN, LOCK_SH) or die $!; my @config = <IN>; close (IN); chomp @config; open (OUT, ">", "/etc/csf/csf.conf") or die $!; flock (OUT, LOCK_EX) or die $!; foreach my $line (@config) { if ($line =~ /^\#/) { print OUT $line."\n"; next; } if ($line !~ /=/) { print OUT $line."\n"; next; } my ($name,$value) = split (/=/,$line,2); $name =~ s/\s//g; if ($value =~ /\"(.*)\"/) { $value = $1; } else { print "Error: Invalid configuration line [$line]"; } if (&checkversion("10.15") and !-e "/var/lib/csf/auto1015") { if ($name eq "MESSENGER_RATE" and $config{$name} eq "30/m") {$config{$name} = "100/s"} if ($name eq "MESSENGER_BURST" and $config{$name} eq "5") {$config{$name} = "150"} open (my $AUTO, ">", "/var/lib/csf/auto1015"); flock ($AUTO, LOCK_EX); print $AUTO time; close ($AUTO); } if (&checkversion("14.03") and !-e "/var/lib/csf/auto1403" and $name eq "DIRECTADMIN_LOG_R") { if ($roundcube and $config{$name} !~ /\.log$/) {$config{$name} = "/var/www/html/roundcube/logs/errors.log"} } if ($configsetting{$name}) { print OUT "$name = \"$config{$name}\"\n"; } else { if (&checkversion("9.29") and !-e "/var/lib/csf/auto929" and $name eq "PT_USERRSS") { $line = "PT_USERRSS = \"$config{PT_USERMEM}\""; open (my $AUTO, ">", "/var/lib/csf/auto929"); flock ($AUTO, LOCK_EX); print $AUTO time; close ($AUTO); } if ($name eq "CC_SRC") {$line = "CC_SRC = \"1\""} print OUT $line."\n"; print "New setting: $name\n"; } } close OUT; if (&checkversion("14.03") and !-e "/var/lib/csf/auto1403") { open (my $AUTO, ">", "/var/lib/csf/auto1403"); flock ($AUTO, LOCK_EX); print $AUTO time; close ($AUTO); } if ($config{TESTING}) { my @netstat = `netstat -lpn`; chomp @netstat; my @tcpports; my @udpports; my @tcp6ports; my @udp6ports; foreach my $line (@netstat) { if ($line =~ /^(\w+).* (\d+\.\d+\.\d+\.\d+):(\d+)/) { if ($2 eq '127.0.0.1') {next} if ($1 eq "tcp") { push @tcpports, $3; } elsif ($1 eq "udp") { push @udpports, $3; } } if ($line =~ /^(\w+).* (::):(\d+) /) { if ($1 eq "tcp") { push @tcp6ports, $3; } elsif ($1 eq "udp") { push @udp6ports, $3; } } } @tcpports = sort { $a <=> $b } @tcpports; @udpports = sort { $a <=> $b } @udpports; @tcp6ports = sort { $a <=> $b } @tcp6ports; @udp6ports = sort { $a <=> $b } @udp6ports; print "\nTCP ports currently listening for incoming connections:\n"; my $last = ""; foreach my $port (@tcpports) { if ($port ne $last) { if ($port ne $tcpports[0]) {print ","} print $port; $last = $port; } } print "\n\nUDP ports currently listening for incoming connections:\n"; $last = ""; foreach my $port (@udpports) { if ($port ne $last) { if ($port ne $udpports[0]) {print ","} print $port; $last = $port; } } my $opts = "TCP_*, UDP_*"; if (@tcp6ports or @udp6ports) { $opts .= ", IPV6, TCP6_*, UDP6_*"; print "\n\nIPv6 TCP ports currently listening for incoming connections:\n"; my $last = ""; foreach my $port (@tcp6ports) { if ($port ne $last) { if ($port ne $tcp6ports[0]) {print ","} print $port; $last = $port; } } print "\n"; print "\nIPv6 UDP ports currently listening for incoming connections:\n"; $last = ""; foreach my $port (@udp6ports) { if ($port ne $last) { if ($port ne $udp6ports[0]) {print ","} print $port; $last = $port; } } } print "\n\nNote: The port details above are for information only, csf hasn't been auto-configured.\n\n"; print "Don't forget to:\n"; print "1. Configure the following options in the csf configuration to suite your server: $opts\n"; print "2. Restart csf and lfd\n"; print "3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so\n"; } if ($ENV{SSH_CLIENT}) { my $ip = (split(/ /,$ENV{SSH_CLIENT}))[0]; if ($ip =~ /(\d+\.\d+\.\d+\.\d+)/) { print "\nAdding current SSH session IP address to the csf whitelist in csf.allow:\n"; system("/usr/sbin/csf -a $1 csf SSH installation/upgrade IP address"); } } exit; ############################################################################### sub loadcsfconfig { open (IN, "<", "/etc/csf/csf.conf") or die $!; flock (IN, LOCK_SH) or die $!; my @config = <IN>; close (IN); chomp @config; foreach my $line (@config) { if ($line =~ /^\#/) {next} if ($line !~ /=/) {next} my ($name,$value) = split (/=/,$line,2); $name =~ s/\s//g; if ($value =~ /\"(.*)\"/) { $value = $1; } else { print "Error: Invalid configuration line [$line]"; } $config{$name} = $value; $configsetting{$name} = 1; } return; } ############################################################################### sub checkversion { my $version = shift; my ($maj, $min) = split(/\./,$version); my ($oldmaj, $oldmin) = split(/\./,$oldversion); if ($oldmaj == 0 or $oldmaj eq "") {return 0} if (($oldmaj < $maj) or ($oldmaj == $maj and $oldmin < $min)) {return 1} else {return 0} } ###############################################################################