Using Commando on cPHulk do not echo
Hey Guys,
actually we wanna build a Notification for CPBulk actions with Slack. So we want to push the Action to a logfile inside our home directory where the slack provider can read from.
A "touch /path/to/file.log" working fine, but a "echo "strings and %variables% used" > /path/to/file.log" not working.
Can u help out of this?
Greetings
-
Is this working? echo "teststring" >> /path/to/file.log
Then is this working?echo "teststring and $(date)" >> /path/to/file.log
Then is this working?echo "teststring and $(yourvariable)" >> /path/to/file.log
Or is this workingecho "teststring and $yourvariable" >> /path/to/file.log0 -
Is this working?
echo "teststring" >> /path/to/file.log
Then is this working?echo "teststring and $(date)" >> /path/to/file.log
Then is this working?echo "teststring and $(yourvariable)" >> /path/to/file.log
Or is this workingecho "teststring and $yourvariable" >> /path/to/file.log
Sry, no one is working.0 -
What is the output of echo "teststring"
What is the output ofecho --version
What is the output ofwhich echo
And are you issuing these commands as root user?0 -
From cPHulk Brute Force Protection - Version 74 Documentation - cPanel Documentation [QUOTE]The full path to a command that you want the system to run when the system blocks an IP
Have you tried/bin/echo "teststring2 and %remote_ip%" >> /home/username/public_html/file.log0 -
What is the output of
echo "teststring"
What is the output ofecho --version
I already tried to execute the commands in the shell (as root) and it worked. The only thing was that the variables were inserted as a string (since it probably was not coming from script itself).What is the output of
which echo
And are you issuing these commands as root user?
/usr/bin/echo and i think - i just configured over WHM -> CPHulk -> "Command to execute when an IP address triggers brute force protection" following:echo "%exptime% - MaxAllowedFails: %max_allowed_failures% - CurrentFails: %current_failures% - ExcessiveFails: %excessive_failures% - Reason: %reason% - Remote-IP: %remote_ip% - AuthService: %authservice% - User: %user% - Logintime: %logintime%" >> /mnt/MYVOLUME/home/MYUSER/MY.log
//Edit Ouh u was faster ^^ I tried now:/usr/bin/echo "%exptime% - MaxAllowedFails: %max_allowed_failures% - CurrentFails: %current_failures% - ExcessiveFails: %excessive_failures% - Reason: %reason% - Remote-IP: %remote_ip% - AuthService: %authservice% - User: %user% - Logintime: %logintime%" >> /mnt/MYVOLUME/home/MYUSER/MY.log
The file was created like before, but nothing inside. (Banned my phone with 5 login attempts)0 -
The cphulk documentation says... "The full path to a command that you want the system to run when an IP address" So maybe try... /usr/bin/echo "teststring2 and %remote_ip%" >> /home/username/public_html/file.log0 -
You may want to simplify things till something works. 1) Create the log file on the same drive/mnt as the cPanel installation 2) Create the file.log in advance 3) Make sure it is writable 4) Start with simple string echo with no special characters /usr/bin/echo "teststring" >> /home/username/public_html/file.log 5) Use no quotes in command (in case double quotes conflict with cphulk calling script double quotes) /usr/bin/echo teststring >> /home/username/public_html/file.log 6) Use single quotes in command (in case double quotes conflict with cphulk calling script double quotes) /usr/bin/echo 'teststring' >> /home/username/public_html/file.log Once you get it to work rebuild the complexity. 0 -
Another option... /usr/bin/printf '%s\n' '%exptime% - MaxAllowedFails: %max_allowed_failures% - CurrentFails: %current_failures% - ExcessiveFails: %excessive_failures% - Reason: %reason% - Remote-IP: %remote_ip% - AuthService: %authservice% - User: %user% - Logintime: %logintime%' >> /home/username/public_html/file.log
Again if it succeeds it may be do to single quotes.0 -
Another option is a shell script. This is tested and working. Create file /usr/local/custom/cphulklogger with file permissions 755 with contents as below. #!/bin/sh exptime=$(printf "%q" $1) current_failures=$(printf "%q" $2) excessive_failures=$(printf "%q" $3) reason=$(printf "%q" $4) remote_ip=$(printf "%q" $5) authservice=$(printf "%q" $6) user=$(printf "%q" $7) logintime=$(printf "%q" $8) ip_version=$(printf "%q" $9) echo "Expirytime: - $exptime - MaxAllowedFails: $max_allowed_failures - CurrentFails: $current_failures - ExcessiveFails: $excessive_failures - Reason: $reason - Remote-IP: $remote_ip - AuthService: $authservice - User: $user - Logintime: $logintime" >> /mnt/MYVOLUME/home/MYUSER/MY.log
In cphulk Configuration Command to Run When an IP Address Triggers Brute Force Protection text box enter the command as below./usr/local/custom/cphulklogger %exptime% %current_failures% %excessive_failures% %reason% %remote_ip% %authservice% %user% %logintime% %ip_version%
In my test this logged the followingExpirytime: - 1547449467 - MaxAllowedFails: - CurrentFails: 2 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: ip.ip.ip.ip - AuthService: cpaneld - User: test14 - Logintime: 1547448567 Expirytime: - 1547450129 - MaxAllowedFails: - CurrentFails: 2 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: ip.ip.ip.ip - AuthService: cpaneld - User: test16 - Logintime: 15474492290 -
@fuzzylogic I find myself saying this frequently but again thank you so much for all the detailed & useful information. @Frankenstone please let us know if this helps you resolve your issue. 0 -
Another option is a shell script. This is tested and working. Create file /usr/local/custom/cphulklogger with file permissions 755 with contents as below.
#!/bin/sh exptime=$(printf "%q" $1) current_failures=$(printf "%q" $2) excessive_failures=$(printf "%q" $3) reason=$(printf "%q" $4) remote_ip=$(printf "%q" $5) authservice=$(printf "%q" $6) user=$(printf "%q" $7) logintime=$(printf "%q" $8) ip_version=$(printf "%q" $9) echo "Expirytime: - $exptime - MaxAllowedFails: $max_allowed_failures - CurrentFails: $current_failures - ExcessiveFails: $excessive_failures - Reason: $reason - Remote-IP: $remote_ip - AuthService: $authservice - User: $user - Logintime: $logintime" >> /mnt/MYVOLUME/home/MYUSER/MY.log
Created file with content, correct the path to my own, saved, chmod 755 to the file.In cphulk Configuration Command to Run When an IP Address Triggers Brute Force Protection text box enter the command as below.
/usr/local/custom/cphulklogger %exptime% %current_failures% %excessive_failures% %reason% %remote_ip% %authservice% %user% %logintime% %ip_version%
copy&paste to [...]/cphulk/config link (CPHulk in menu, first open side, IP based brute force protection, commando (tried and to both - ip-based and daily)In my test this logged the following
Expirytime: - 1547449467 - MaxAllowedFails: - CurrentFails: 2 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: ip.ip.ip.ip - AuthService: cpaneld - User: test14 - Logintime: 1547448567 Expirytime: - 1547450129 - MaxAllowedFails: - CurrentFails: 2 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: ip.ip.ip.ip - AuthService: cpaneld - User: test16 - Logintime: 1547449229
No output to /mnt/MYVOLUME/home/MYUSER/MY.log0 -
Hi @Frankenstone I also tried setting this up and it worked perfectly for me. I set it to /home/myuser/cphulktest.log, I created the file there as well and set it to my user's uid/gid. I then tested it to make sure it works and sure enough, I got the following: [root@server public_html]# tail -10 cphulkdtest.log Expirytime: - 1547575543 - MaxAllowedFails: - CurrentFails: 5 - ExcessiveFails: '' - Reason: IPreachedmaximumauthfailures - Remote-IP: - AuthService: whostmgrd - User:mytestinguser - Logintime: 1547574643
Thanks!0
Please sign in to leave a comment.
Comments
12 comments