Control Web Panel
Security => CSF Firewall => Topic started by: ItzBlakeBro on March 30, 2019, 09:01:27 AM
-
Howdy
I was trying to add some custom iptables commands to basically drop all connects from my SSH port + MySQL etc, other than my IP but I keep getting this when starting CSF
root@[~]: sh: /usr/local/csf/bin/csfpost.sh: /bin/bash^M: bad interpreter: No such file or directory
I tried changing the shebang in csfpost.sh to #!/usr/bin/bash but that returned the same.
At this time csfpost.sh is default with what ships with CWP7, so basically empty. What can I do to have these rules applied after / before startup of CSF?
-
I do not know what commands you are putting there, or what their purpose is, but to disable all IP connections, first I would change the default sshd server port to any other unused port, then I would remove the default access permission from that port of the file '/etc/csf/csf.conf', the TCP_IN directive, and TCP6_IN.
And only then, if it was a fixed IP address, would it put the IP address permission on '/etc/csf/csf.allow'.
If it were a dynamic address, it would just portknocking on that port.
This solution would not suit you .. ??
Regards,
Netino
-
^M is a DOS ‘Carriadge Return/Line Feed’ control symbol. Possibly, you are edit UNIX shell script using Windows editor (or copy-paste it from Windows), so ^M was appended to each string in script.
Use CentOS appropriate text editor to fix it. If you not familar with ‘vi’ or ‘nano’ editors, you can install ‘mc’ - Midnight Commander, which looks like as Norton Commander for DOS using shell command
yum install mc
then navigate to your script, open it for edit and you will see ^M at the end of strings. Remove it completely
-
I do not know what commands you are putting there, or what their purpose is, but to disable all IP connections, first I would change the default sshd server port to any other unused port, then I would remove the default access permission from that port of the file '/etc/csf/csf.conf', the TCP_IN directive, and TCP6_IN.
And only then, if it was a fixed IP address, would it put the IP address permission on '/etc/csf/csf.allow'.
If it were a dynamic address, it would just portknocking on that port.
This solution would not suit you .. ??
Regards,
Netino
All I am trying to do is get CSF to execute two iptable commands on startup by default, rather than me having to manually insert them. I do have, an accept config for my IP on both ports.
iptables -A INPUT -p tcp --destination-port 2222 -j DROP
iptables -A INPUT -p tcp --destination-port 3306 -j DROP
^M is a DOS ‘Carriadge Return/Line Feed’ control symbol. Possibly, you are edit UNIX shell script using Windows editor (or copy-paste it from Windows), so ^M was appended to each string in script.
Use CentOS appropriate text editor to fix it. If you not familar with ‘vi’ or ‘nano’ editors, you can install ‘mc’ - Midnight Commander, which looks like as Norton Commander for DOS using shell command
yum install mc
then navigate to your script, open it for edit and you will see ^M at the end of strings. Remove it completely
I am using VIM to edit the files, and I tried to edit them through CSF itself, that is when I started getting this error. Right now, the two files csfpost.sh and csfpre.sh are empty except for the two top lines of
csfpost.sh
#!/bin/bash
# Run external commands after csf configures iptables
csfpre.sh
#!/bin/bash
# Run external commands before csf configures iptables
Output
Running /usr/local/csf/bin/csfpost.sh
sh: /usr/local/csf/bin/csfpost.sh: /bin/bash^M: bad interpreter: No such file or directory
-
try this command
cat -A /usr/local/csf/bin/csfpost.sh
Do you see any ^M on output near $ ($ is an end-of-line symbol)?
If so, in VIM, you need an extra command to force display ^M before opening file to edit - see https://superuser.com/questions/357760/vi-on-linux-show-m-line-endings-for-dos-format-files (https://superuser.com/questions/357760/vi-on-linux-show-m-line-endings-for-dos-format-files) for details
Launch vim without filename to edit
vim
in vim interface execute a command
:set ffs=unix
then open file to edit
:e /usr/local/csf/bin/csfpost.sh
You should see any ^M if exist
-
That worked! Thank you very much!