diff --git a/modules/security/enable-cphulk.sh b/modules/security/enable-cphulk.sh index dc0e1fd..d167ac4 100755 --- a/modules/security/enable-cphulk.sh +++ b/modules/security/enable-cphulk.sh @@ -31,8 +31,12 @@ fi print_banner "cPHulk Enablement with CSF Whitelist Import" -# Detect system -detect_system +# System detection happens automatically when sourcing system-detect.sh +# Just verify it completed +if [ -z "$SYS_CONTROL_PANEL" ]; then + print_error "System detection failed" + exit 1 +fi # Check if cPanel if [ "$SYS_CONTROL_PANEL" != "cpanel" ]; then @@ -291,11 +295,22 @@ print_section "Execution" # Step 1: Enable cPHulk if [ "$ALREADY_ENABLED" = false ]; then print_info "Enabling cPHulk..." - if /usr/local/cpanel/bin/cphulk_pam_ctl --enable 2>&1; then + + # Enable via PAM control + /usr/local/cpanel/bin/cphulk_pam_ctl --enable >/dev/null 2>&1 + + # Enable and start the cphulkd service via WHM API + whmapi1 configureservice service=cphulkd enabled=1 monitored=1 >/dev/null 2>&1 + + # Wait for service to start + sleep 2 + + # Verify it's running + if systemctl is-active cphulkd >/dev/null 2>&1 || service cphulkd status >/dev/null 2>&1; then print_success "cPHulk enabled successfully" else - print_error "Failed to enable cPHulk" - exit 1 + print_warning "cPHulk enabled but service may not be running" + print_info "You may need to start it manually: service cphulkd start" fi else print_info "cPHulk already enabled, skipping" @@ -309,14 +324,18 @@ if [ "$CSF_AVAILABLE" = true ] && [ ${#CSF_ALLOW_IPS[@]} -gt 0 ]; then SKIPPED=0 FAILED=0 + # Get existing whitelist from database + EXISTING_IPS=$(mysql cphulkd -Nse "SELECT ip FROM whitelist" 2>/dev/null || echo "") + for ip in "${CSF_ALLOW_IPS[@]}"; do # Check if already in cPHulk whitelist - if /usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -q "^$ip\$"; then + if echo "$EXISTING_IPS" | grep -q "^$ip\$"; then SKIPPED=$((SKIPPED + 1)) echo " [SKIP] $ip (already whitelisted)" else - # Add to cPHulk whitelist using the correct script - if /usr/local/cpanel/scripts/cphulkdwhitelist "$ip" 2>&1 | grep -q "whitelisted"; then + # Add to cPHulk whitelist - cphulkdwhitelist doesn't give useful output + # Just run it and assume success if no error + if /usr/local/cpanel/scripts/cphulkdwhitelist "$ip" >/dev/null 2>&1; then IMPORTED=$((IMPORTED + 1)) echo " [OK] $ip" else @@ -339,16 +358,15 @@ fi echo "" print_section "Final Configuration" -# Check status -FINAL_STATUS=$(/usr/local/cpanel/bin/cphulk_pam_ctl --status 2>/dev/null) -if echo "$FINAL_STATUS" | grep -qi "enabled"; then - print_success "cPHulk Status: ENABLED" +# Check if service is running +if systemctl is-active cphulkd >/dev/null 2>&1 || service cphulkd status >/dev/null 2>&1; then + print_success "cPHulk Status: ENABLED and RUNNING" else - print_error "cPHulk Status: DISABLED (unexpected)" + print_warning "cPHulk Status: Service not running" fi -# Count whitelist -FINAL_WHITELIST=$(/usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -vE "^$|not enabled" | wc -l) +# Count whitelist entries from database +FINAL_WHITELIST=$(mysql cphulkd -Nse "SELECT COUNT(*) FROM whitelist" 2>/dev/null || echo "0") print_info "cPHulk whitelist entries: $FINAL_WHITELIST" echo "" @@ -362,17 +380,14 @@ echo " • Brute Force Protection Period: 5 minutes" echo " • Maximum Failures per Account: 5" echo " • Maximum Failures per IP: 10" echo "" -echo "3. Add your own IPs to whitelist:" +echo "3. Add more IPs to whitelist:" echo " /usr/local/cpanel/scripts/cphulkdwhitelist YOUR.IP.ADDRESS" echo "" -echo "4. View current whitelist:" -echo " /usr/local/cpanel/scripts/cphulkdwhitelist --list" +echo "4. View current whitelist (via database):" +echo " mysql cphulkd -e 'SELECT * FROM whitelist'" echo "" -echo "5. Add to blacklist:" -echo " /usr/local/cpanel/scripts/cphulkdwhitelist -black YOUR.IP.ADDRESS" -echo "" -echo "6. View currently blocked IPs (via WHM API):" -echo " whmapi1 get_cphulk_brutes" +echo "5. View currently blocked IPs (via database):" +echo " mysql cphulkd -e 'SELECT * FROM brutes'" echo "" print_success "cPHulk setup complete!"