Author Topic: /bin/bash^M: bad interpreter and iptables  (Read 9023 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
/bin/bash^M: bad interpreter and iptables
« on: March 30, 2019, 09:01:27 AM »
Howdy

I was trying to add some custom iptables commands to basically drop all connects from my SSH port + MySQL etc, other than my IP but I keep getting this when starting CSF

root@[~]: sh: /usr/local/csf/bin/csfpost.sh: /bin/bash^M: bad interpreter: No such file or directory

I tried changing the shebang in csfpost.sh to #!/usr/bin/bash but that returned the same.

At this time csfpost.sh is default with what ships with CWP7, so basically empty. What can I do to have these rules applied after / before startup of CSF?

Offline
***
Re: /bin/bash^M: bad interpreter and iptables
« Reply #1 on: March 30, 2019, 09:20:58 PM »
I do not know what commands you are putting there, or what their purpose is, but to disable all IP connections, first I would change the default sshd server port to any other unused port, then I would remove the default access permission from that port of the file '/etc/csf/csf.conf', the TCP_IN directive, and TCP6_IN.
And only then, if it was a fixed IP address, would it put the IP address permission on '/etc/csf/csf.allow'.
If it were a dynamic address, it would just portknocking on that port.
This solution would not suit you .. ??

Regards,
Netino

Offline
*
Re: /bin/bash^M: bad interpreter and iptables
« Reply #2 on: March 31, 2019, 10:11:22 AM »
^M is a DOS ‘Carriadge Return/Line Feed’ control symbol. Possibly, you are edit UNIX shell script using Windows editor (or copy-paste it from Windows), so ^M was appended to each string in script.

Use CentOS appropriate text editor to fix it. If you not familar with ‘vi’ or ‘nano’ editors, you can install ‘mc’ - Midnight Commander, which looks like as Norton Commander for DOS using shell command

yum install mc

then navigate to your script, open it for edit and you will see ^M at the end of strings. Remove it completely

« Last Edit: March 31, 2019, 10:15:28 AM by PavelZh »

Offline
*
Re: /bin/bash^M: bad interpreter and iptables
« Reply #3 on: April 02, 2019, 10:09:45 PM »
I do not know what commands you are putting there, or what their purpose is, but to disable all IP connections, first I would change the default sshd server port to any other unused port, then I would remove the default access permission from that port of the file '/etc/csf/csf.conf', the TCP_IN directive, and TCP6_IN.
And only then, if it was a fixed IP address, would it put the IP address permission on '/etc/csf/csf.allow'.
If it were a dynamic address, it would just portknocking on that port.
This solution would not suit you .. ??

Regards,
Netino

All I am trying to do is get CSF to execute two iptable commands on startup by default, rather than me having to manually insert them. I do have, an accept config for my IP on both ports.

iptables -A INPUT -p tcp --destination-port 2222 -j DROP
iptables -A INPUT -p tcp --destination-port 3306 -j DROP

^M is a DOS ‘Carriadge Return/Line Feed’ control symbol. Possibly, you are edit UNIX shell script using Windows editor (or copy-paste it from Windows), so ^M was appended to each string in script.

Use CentOS appropriate text editor to fix it. If you not familar with ‘vi’ or ‘nano’ editors, you can install ‘mc’ - Midnight Commander, which looks like as Norton Commander for DOS using shell command

yum install mc

then navigate to your script, open it for edit and you will see ^M at the end of strings. Remove it completely



I am using VIM to edit the files, and I tried to edit them through CSF itself, that is when I started getting this error. Right now, the two files  csfpost.sh and csfpre.sh are empty except for the two top lines of

Code: [Select]
csfpost.sh
#!/bin/bash
# Run external commands after csf configures iptables

csfpre.sh
#!/bin/bash
# Run external commands before csf configures iptables

Output
Running /usr/local/csf/bin/csfpost.sh
sh: /usr/local/csf/bin/csfpost.sh: /bin/bash^M: bad interpreter: No such file or directory

Offline
*
Re: /bin/bash^M: bad interpreter and iptables
« Reply #4 on: April 03, 2019, 08:03:49 PM »
try this command

Code: [Select]
cat -A /usr/local/csf/bin/csfpost.sh
Do you see any ^M on output near $ ($ is an end-of-line symbol)?
If so, in VIM, you need an extra command to force display ^M before opening file to edit - see https://superuser.com/questions/357760/vi-on-linux-show-m-line-endings-for-dos-format-files for details

Launch vim without filename to edit

Code: [Select]
vim
in vim interface execute a command

Code: [Select]
:set ffs=unix
then open file to edit

Code: [Select]
:e /usr/local/csf/bin/csfpost.sh
You should see any ^M if exist
« Last Edit: April 03, 2019, 08:08:26 PM by PavelZh »

Offline
*
Re: /bin/bash^M: bad interpreter and iptables
« Reply #5 on: April 04, 2019, 06:41:47 PM »
That worked! Thank you very much!