Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Using Commando on cPHulk do not echo

Discussion in 'Security' started by Frankenstone, Jan 12, 2019.

  1. Frankenstone

    Frankenstone Member

    Joined:
    Jan 10, 2019
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    Hey Guys,

    actually we wanna build a Notification for CPBulk actions with Slack. So we want to push the Action to a logfile inside our home directory where the slack provider can read from.

    A "touch /path/to/file.log" working fine, but a "echo "strings and %variables% used" > /path/to/file.log" not working.

    Can u help out of this?

    Greetings
     
  2. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    129
    Likes Received:
    74
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Is this working?
    Code:
    echo "teststring" >> /path/to/file.log
    Then is this working?
    Code:
    echo "teststring and $(date)" >> /path/to/file.log
    Then is this working?
    Code:
    echo "teststring and $(yourvariable)" >> /path/to/file.log
    Or is this working
    Code:
    echo "teststring and $yourvariable" >> /path/to/file.log
     
    #2 fuzzylogic, Jan 12, 2019
    Last edited: Jan 13, 2019
  3. Frankenstone

    Frankenstone Member

    Joined:
    Jan 10, 2019
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    Sry, no one is working.
     
    #3 Frankenstone, Jan 13, 2019
    Last edited: Jan 13, 2019
  4. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    129
    Likes Received:
    74
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    What is the output of
    Code:
    echo "teststring"
    What is the output of
    Code:
    echo --version

    What is the output of
    Code:
    which echo
    And are you issuing these commands as root user?
     
  5. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    129
    Likes Received:
    74
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
  6. Frankenstone

    Frankenstone Member

    Joined:
    Jan 10, 2019
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    I already tried to execute the commands in the shell (as root) and it worked. The only thing was that the variables were inserted as a string (since it probably was not coming from script itself).

    /usr/bin/echo and i think - i just configured over WHM -> CPHulk -> "Command to execute when an IP address triggers brute force protection" following:

    Code:
    echo "%exptime% - MaxAllowedFails: %max_allowed_failures% - CurrentFails: %current_failures% - ExcessiveFails: %excessive_failures% - Reason: %reason% - Remote-IP: %remote_ip% - AuthService: %authservice% - User: %user% - Logintime: %logintime%" >> /mnt/MYVOLUME/home/MYUSER/MY.log

    //Edit

    Ouh u was faster ^^

    I tried now:
    Code:
    /usr/bin/echo "%exptime% - MaxAllowedFails: %max_allowed_failures% - CurrentFails: %current_failures% - ExcessiveFails: %excessive_failures% - Reason: %reason% - Remote-IP: %remote_ip% - AuthService: %authservice% - User: %user% - Logintime: %logintime%" >> /mnt/MYVOLUME/home/MYUSER/MY.log
    The file was created like before, but nothing inside. (Banned my phone with 5 login attempts)
     
    #6 Frankenstone, Jan 13, 2019
    Last edited: Jan 13, 2019
  7. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    129
    Likes Received:
    74
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    The cphulk documentation says...
    "The full path to a command that you want the system to run when an IP address"
    So maybe try...
    Code:
    /usr/bin/echo "teststring2 and %remote_ip%" >> /home/username/public_html/file.log
     
  8. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    129
    Likes Received:
    74
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    You may want to simplify things till something works.

    1) Create the log file on the same drive/mnt as the cPanel installation
    2) Create the file.log in advance
    3) Make sure it is writable
    4) Start with simple string echo with no special characters
    /usr/bin/echo "teststring" >> /home/username/public_html/file.log
    5) Use no quotes in command (in case double quotes conflict with cphulk calling script double quotes)
    /usr/bin/echo teststring >> /home/username/public_html/file.log
    6) Use single quotes in command (in case double quotes conflict with cphulk calling script double quotes)
    /usr/bin/echo 'teststring' >> /home/username/public_html/file.log

    Once you get it to work rebuild the complexity.
     
    #8 fuzzylogic, Jan 13, 2019
    Last edited: Jan 13, 2019
  9. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    129
    Likes Received:
    74
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Another option...
    Code:
    /usr/bin/printf '%s\n' '%exptime% - MaxAllowedFails: %max_allowed_failures% - CurrentFails: %current_failures% - ExcessiveFails: %excessive_failures% - Reason: %reason% - Remote-IP: %remote_ip% - AuthService: %authservice% - User: %user% - Logintime: %logintime%' >> /home/username/public_html/file.log
    
    Again if it succeeds it may be do to single quotes.
     
  10. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    129
    Likes Received:
    74
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Another option is a shell script.
    This is tested and working.

    Create file /usr/local/custom/cphulklogger
    with file permissions 755
    with contents as below.
    Code:
    #!/bin/sh
    exptime=$(printf "%q" $1)
    current_failures=$(printf "%q" $2)
    excessive_failures=$(printf "%q" $3)
    reason=$(printf "%q" $4)
    remote_ip=$(printf "%q" $5)
    authservice=$(printf "%q" $6)
    user=$(printf "%q" $7)
    logintime=$(printf "%q" $8)
    ip_version=$(printf "%q" $9)
    echo "Expirytime: - $exptime - MaxAllowedFails: $max_allowed_failures - CurrentFails: $current_failures - ExcessiveFails: $excessive_failures - Reason: $reason - Remote-IP: $remote_ip - AuthService: $authservice - User: $user - Logintime: $logintime" >> /mnt/MYVOLUME/home/MYUSER/MY.log
    
    In cphulk Configuration Command to Run When an IP Address Triggers Brute Force Protection text box enter the command as below.
    Code:
    /usr/local/custom/cphulklogger %exptime% %current_failures% %excessive_failures% %reason% %remote_ip% %authservice% %user% %logintime% %ip_version%
    
    In my test this logged the following
    Code:
    Expirytime: - 1547449467 - MaxAllowedFails:  - CurrentFails: 2 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: ip.ip.ip.ip - AuthService: cpaneld - User: test14 - Logintime: 1547448567
    Expirytime: - 1547450129 - MaxAllowedFails:  - CurrentFails: 2 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: ip.ip.ip.ip - AuthService: cpaneld - User: test16 - Logintime: 1547449229
     
  11. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,161
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    @fuzzylogic

    I find myself saying this frequently but again thank you so much for all the detailed & useful information.

    @Frankenstone please let us know if this helps you resolve your issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Frankenstone

    Frankenstone Member

    Joined:
    Jan 10, 2019
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    Created file with content, correct the path to my own, saved, chmod 755 to the file.

    copy&paste to [...]/cphulk/config link (CPHulk in menu, first open side, IP based brute force protection, commando (tried and to both - ip-based and daily)

    No output to /mnt/MYVOLUME/home/MYUSER/MY.log
     
  13. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,161
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Frankenstone


    I also tried setting this up and it worked perfectly for me. I set it to /home/myuser/cphulktest.log, I created the file there as well and set it to my user's uid/gid.


    I then tested it to make sure it works and sure enough, I got the following:

    Code:
    [root@server public_html]# tail -10 cphulkdtest.log
    Expirytime: - 1547575543 - MaxAllowedFails:  - CurrentFails: 5 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: <IPREMOVED> - AuthService: whostmgrd - User:mytestinguser - Logintime: 1547574643
    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice