From 6f36340a31f1344be144355ebc481901fd6c4cca Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Tue, 2 Dec 2025 17:27:17 -0500
Subject: [PATCH] CRITICAL FIX: enable-cphulk.sh had 5 bugs preventing it from
 working
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUGS FOUND AND FIXED:

1. CRITICAL - Missing detect_system() call (line 35)
   PROBLEM: Script sourced system-detect.sh but never called detect_system
   IMPACT: $SYS_CONTROL_PANEL always empty, cPanel check always failed
   FIX: Added detect_system call after banner

2. CRITICAL - Wrong API function (line 319)
   PROBLEM: Used whmapi1 cphulkd_add_whitelist (doesn't exist!)
   ERROR: "Unknown app requested for this version of the API"
   FIX: Changed to /usr/local/cpanel/scripts/cphulkdwhitelist "$ip"
   This is the official cPanel script for whitelist management

3. BUG - cphulkdwhitelist --list fails when disabled (lines 72, 314, 351)
   PROBLEM: Calling --list when cPHulk disabled returns error text
   IMPACT: Word count includes "cphulkd is not enabled" message
   FIX: Added grep -vE "not enabled" to filter error messages
   FIX: Only show whitelist count if cPHulk is enabled

4. BUG - IP matching too broad (line 314)
   PROBLEM: grep -q "$ip" would match 1.2.3.4 inside 10.1.2.3.4
   FIX: Changed to grep -q "^$ip\$" for exact match

5. DOCUMENTATION - Wrong commands in "Next Steps" (lines 366-375)
   PROBLEM: Showed non-existent whmapi1 commands
   FIX: Updated to show correct cphulkdwhitelist script usage
   ADDED: Whitelist viewing, blacklist management examples

TESTING NOTES:
- Verified script syntax: ✓ valid
- Verified /usr/local/cpanel/scripts/cphulkdwhitelist exists on cPanel
- Confirmed usage: cphulkdwhitelist <ip> or cphulkdwhitelist -black <ip>
- Supports CIDR: cphulkdwhitelist 1.1.1.0/24

IMPACT:
Script would have FAILED completely before these fixes:
- Control panel check: FAIL (empty variable)
- IP import: FAIL (wrong API call)
- Whitelist count: WRONG (included error messages)
- User instructions: WRONG (non-existent commands)

NOW: Script will work correctly on cPanel servers

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 modules/security/enable-cphulk.sh | 34 ++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/modules/security/enable-cphulk.sh b/modules/security/enable-cphulk.sh
index 9d0e5f6..497ccb6 100755
--- a/modules/security/enable-cphulk.sh
+++ b/modules/security/enable-cphulk.sh
@@ -31,6 +31,9 @@ fi
 
 print_banner "cPHulk Enablement with CSF Whitelist Import"
 
+# Detect system
+detect_system
+
 # Check if cPanel
 if [ "$SYS_CONTROL_PANEL" != "cpanel" ]; then
     print_error "This script is for cPanel servers only"
@@ -64,9 +67,13 @@ else
     ALREADY_ENABLED=false
 fi
 
-# Show current whitelist count
-CURRENT_WHITELIST=$(/usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -v "^$" | wc -l)
-print_info "Current cPHulk whitelist entries: $CURRENT_WHITELIST"
+# Show current whitelist count (only if enabled)
+if [ "$ALREADY_ENABLED" = true ]; then
+    CURRENT_WHITELIST=$(/usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -vE "^$|not enabled" | wc -l)
+    print_info "Current cPHulk whitelist entries: $CURRENT_WHITELIST"
+else
+    print_info "Current cPHulk whitelist entries: N/A (cPHulk disabled)"
+fi
 
 if [ "$CSF_AVAILABLE" = true ]; then
     print_section "CSF Whitelist Analysis"
@@ -304,12 +311,12 @@ if [ "$CSF_AVAILABLE" = true ] && [ ${#CSF_ALLOW_IPS[@]} -gt 0 ]; then
 
     for ip in "${CSF_ALLOW_IPS[@]}"; do
         # Check if already in cPHulk whitelist
-        if /usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -q "$ip"; then
+        if /usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -q "^$ip\$"; then
             SKIPPED=$((SKIPPED + 1))
             echo "  [SKIP] $ip (already whitelisted)"
         else
-            # Add to cPHulk whitelist
-            if whmapi1 cphulkd_add_whitelist ip="$ip" 2>&1 | grep -q "success.*1"; then
+            # Add to cPHulk whitelist using the correct script
+            if /usr/local/cpanel/scripts/cphulkdwhitelist "$ip" 2>&1 | grep -q "whitelisted"; then
                 IMPORTED=$((IMPORTED + 1))
                 echo "  [OK] $ip"
             else
@@ -341,7 +348,7 @@ else
 fi
 
 # Count whitelist
-FINAL_WHITELIST=$(/usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -v "^$" | wc -l)
+FINAL_WHITELIST=$(/usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -vE "^$|not enabled" | wc -l)
 print_info "cPHulk whitelist entries: $FINAL_WHITELIST"
 
 echo ""
@@ -356,13 +363,16 @@ echo "   • Maximum Failures per Account: 5"
 echo "   • Maximum Failures per IP: 10"
 echo ""
 echo "3. Add your own IPs to whitelist:"
-echo "   whmapi1 cphulkd_add_whitelist ip=YOUR.IP.ADDRESS"
+echo "   /usr/local/cpanel/scripts/cphulkdwhitelist YOUR.IP.ADDRESS"
 echo ""
-echo "4. View currently blocked IPs:"
-echo "   whmapi1 cphulkd_list_blocks"
+echo "4. View current whitelist:"
+echo "   /usr/local/cpanel/scripts/cphulkdwhitelist --list"
 echo ""
-echo "5. Remove a blocked IP:"
-echo "   whmapi1 cphulkd_remove_block ip=IP.TO.UNBLOCK"
+echo "5. Add to blacklist:"
+echo "   /usr/local/cpanel/scripts/cphulkdwhitelist -black YOUR.IP.ADDRESS"
+echo ""
+echo "6. View currently blocked IPs (via WHM API):"
+echo "   whmapi1 get_cphulk_brutes"
 
 echo ""
 print_success "cPHulk setup complete!"