The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Run a system command on a cPanel plugin

Discussion in 'cPanel Developers' started by AlexisMeroni, Aug 19, 2013.

  1. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,
    I need develop' a cPanel plugin for the customers can stop iptables.

    I have test with
    PHP:
    exec('service iptables stop');
    but iptables does not stop.

    Have you got a solution ? Thanks you.

    Regards,
    Alexis
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    What user is the plugin running as? Unless it's running as root and a WHM plugin, it's not going to have permissions to stop iptables.

    I'd also recommend using $return_var = shell_exec('service iptables stop') which will return the output of the command as a string. You can then check this string to make sure iptables actually stopped/started/etc.
     
  4. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I'ts for cPanel not WHM because FTP Server is blocked to "MLSD" and it's fixed when iptables is stoped. If you can help me with this problem of the FTP server then it would be better :)
    Thank You
     
  5. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
  6. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    You should check your ftp configuration file and ftp logs and try to get this issue resolved. Allowing an end-user to disable iptables on your server is not advised. This may present a security risk to all users on the system.

    Are you attempting to connect via passive mode? Perhaps the ports listed in your configuration for passive mode are being blocked by iptables?
     
  7. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    This is the FTP Client log. It's passive mode ?
     
  8. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    Yes. Pure-FTP allows you to specify a range of ports used for passive mode in /etc/pure-ftpd.conf (likely on line 180) like so:

    Code:
    # Port range for passive connections replies. - for firewalling.
    
    # PassivePortRange          30000 50000
    
    You should allow this port range to be open on your firewall (you may want to restrict it to a smaller range) for passive connections, or instruct FTP users to not use passive mode in their FTP clients.
     
  9. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Ok, I've uncommented the line. How can i open this port range on iptables ?
     
  10. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    The command is:

    Code:
    iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 30000:50000 -j ACCEPT
    
    then save the ruleset with:

    Code:
    service iptables save
    
    You may want to look into CSF as Michael suggested for managing firewall rules or read over the iptables wiki: HowTos/Network/IPTables - CentOS Wiki
     
Loading...

Share This Page