From b5130e37a3fd2a5e1652dbbb7cb110f0d0d381b7 Mon Sep 17 00:00:00 2001 From: cschantz Date: Thu, 11 Dec 2025 16:57:21 -0500 Subject: [PATCH] Fix cPHulk enable script - detection and import issues Problems Fixed: 1. detect_system() function doesn't exist - System detection happens automatically when sourcing system-detect.sh - Changed to verify SYS_CONTROL_PANEL is set instead 2. cPHulk service not staying enabled - Added whmapi1 configureservice call to enable service properly - Added 2-second wait for service to start - Added verification that service is actually running 3. All IP imports failing (131/131 failed) - cphulkdwhitelist --list doesn't exist (invalid flag) - Changed to query MySQL cphulkd database directly - Fixed import logic to not check for "whitelisted" in output - Now assumes success if command exits 0 4. Final status check broken - --status flag doesn't work on cphulk_pam_ctl - Changed to check if systemd/init service is running - Query database for whitelist count instead of --list 5. Next steps had invalid commands - Removed --list flag (doesn't exist) - Removed -black flag reference - Added correct database query commands Changes: - Line 35-39: Fixed detect_system call - Lines 299-314: Proper cPHulk enable sequence with service start - Lines 328-344: Fixed IP import with database query - Lines 362-370: Fixed final status check - Lines 386-390: Corrected next steps commands --- modules/security/enable-cphulk.sh | 61 +++++++++++++++++++------------ 1 file changed, 38 insertions(+), 23 deletions(-) diff --git a/modules/security/enable-cphulk.sh b/modules/security/enable-cphulk.sh index dc0e1fd..d167ac4 100755 --- a/modules/security/enable-cphulk.sh +++ b/modules/security/enable-cphulk.sh @@ -31,8 +31,12 @@ fi print_banner "cPHulk Enablement with CSF Whitelist Import" -# Detect system -detect_system +# System detection happens automatically when sourcing system-detect.sh +# Just verify it completed +if [ -z "$SYS_CONTROL_PANEL" ]; then + print_error "System detection failed" + exit 1 +fi # Check if cPanel if [ "$SYS_CONTROL_PANEL" != "cpanel" ]; then @@ -291,11 +295,22 @@ print_section "Execution" # Step 1: Enable cPHulk if [ "$ALREADY_ENABLED" = false ]; then print_info "Enabling cPHulk..." - if /usr/local/cpanel/bin/cphulk_pam_ctl --enable 2>&1; then + + # Enable via PAM control + /usr/local/cpanel/bin/cphulk_pam_ctl --enable >/dev/null 2>&1 + + # Enable and start the cphulkd service via WHM API + whmapi1 configureservice service=cphulkd enabled=1 monitored=1 >/dev/null 2>&1 + + # Wait for service to start + sleep 2 + + # Verify it's running + if systemctl is-active cphulkd >/dev/null 2>&1 || service cphulkd status >/dev/null 2>&1; then print_success "cPHulk enabled successfully" else - print_error "Failed to enable cPHulk" - exit 1 + print_warning "cPHulk enabled but service may not be running" + print_info "You may need to start it manually: service cphulkd start" fi else print_info "cPHulk already enabled, skipping" @@ -309,14 +324,18 @@ if [ "$CSF_AVAILABLE" = true ] && [ ${#CSF_ALLOW_IPS[@]} -gt 0 ]; then SKIPPED=0 FAILED=0 + # Get existing whitelist from database + EXISTING_IPS=$(mysql cphulkd -Nse "SELECT ip FROM whitelist" 2>/dev/null || echo "") + for ip in "${CSF_ALLOW_IPS[@]}"; do # Check if already in cPHulk whitelist - if /usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -q "^$ip\$"; then + if echo "$EXISTING_IPS" | grep -q "^$ip\$"; then SKIPPED=$((SKIPPED + 1)) echo " [SKIP] $ip (already whitelisted)" else - # Add to cPHulk whitelist using the correct script - if /usr/local/cpanel/scripts/cphulkdwhitelist "$ip" 2>&1 | grep -q "whitelisted"; then + # Add to cPHulk whitelist - cphulkdwhitelist doesn't give useful output + # Just run it and assume success if no error + if /usr/local/cpanel/scripts/cphulkdwhitelist "$ip" >/dev/null 2>&1; then IMPORTED=$((IMPORTED + 1)) echo " [OK] $ip" else @@ -339,16 +358,15 @@ fi echo "" print_section "Final Configuration" -# Check status -FINAL_STATUS=$(/usr/local/cpanel/bin/cphulk_pam_ctl --status 2>/dev/null) -if echo "$FINAL_STATUS" | grep -qi "enabled"; then - print_success "cPHulk Status: ENABLED" +# Check if service is running +if systemctl is-active cphulkd >/dev/null 2>&1 || service cphulkd status >/dev/null 2>&1; then + print_success "cPHulk Status: ENABLED and RUNNING" else - print_error "cPHulk Status: DISABLED (unexpected)" + print_warning "cPHulk Status: Service not running" fi -# Count whitelist -FINAL_WHITELIST=$(/usr/local/cpanel/scripts/cphulkdwhitelist --list 2>/dev/null | grep -vE "^$|not enabled" | wc -l) +# Count whitelist entries from database +FINAL_WHITELIST=$(mysql cphulkd -Nse "SELECT COUNT(*) FROM whitelist" 2>/dev/null || echo "0") print_info "cPHulk whitelist entries: $FINAL_WHITELIST" echo "" @@ -362,17 +380,14 @@ echo " • Brute Force Protection Period: 5 minutes" echo " • Maximum Failures per Account: 5" echo " • Maximum Failures per IP: 10" echo "" -echo "3. Add your own IPs to whitelist:" +echo "3. Add more IPs to whitelist:" echo " /usr/local/cpanel/scripts/cphulkdwhitelist YOUR.IP.ADDRESS" echo "" -echo "4. View current whitelist:" -echo " /usr/local/cpanel/scripts/cphulkdwhitelist --list" +echo "4. View current whitelist (via database):" +echo " mysql cphulkd -e 'SELECT * FROM whitelist'" echo "" -echo "5. Add to blacklist:" -echo " /usr/local/cpanel/scripts/cphulkdwhitelist -black YOUR.IP.ADDRESS" -echo "" -echo "6. View currently blocked IPs (via WHM API):" -echo " whmapi1 get_cphulk_brutes" +echo "5. View currently blocked IPs (via database):" +echo " mysql cphulkd -e 'SELECT * FROM brutes'" echo "" print_success "cPHulk setup complete!"