Control Web Panel
Developers => New Modules => Topic started by: rcschaff on February 06, 2020, 12:48:12 AM
-
I have built a Two Factor Authorization Module for CWP. I have tested it, but please consider this is BETA. All Issues should be reported to me on this post.
Pre-Requisites.
You need an API key created with ACCOUNT-> list created
After installation, make sure you change User Account -> Themes to the modified theme, and don't allow them to change
Please not that this system works around the CWP login system, and therefore is not infallible, though I did my best to hide that it's there.
TO install:
From root user via ssh:
wget https://schaffner.org/cwp2fa.tar.gz
tar -xzf cwp2fa.tar.gz
cd cwp_2fa/
./install.sh
When prompted, put in your API key
That's it.
Now log into CWP and you should see a new menu 2Factor Auth directly under Server Settings Menu
(https://image.prntscr.com/image/la9HadooQouWuMc-INT9mQ.png)
Users Menu Appears under CWP Settings
(https://image.prntscr.com/image/Q4DXQ0EjR_KnZKHff4P10A.png)
-
Zip File is corrupt. Kindly check again
-
Not a zip. It's a tar gzipped
-
Fixed now. Not sure why it corrupted.
-
Here are the checksums for the file cwp2fa.tar.gz
MD5: a3b85cbb5f67022da228de61224560fc
sha1: 65d80e3cd034d54ef0cf144ae236a42b84468366
sha256: edb57a36d2df601e1ef4d02020d7c11a1e74109b7d3a895fee53808e510a57e1
-
Works great!
Only I bumped into 2 things
-1 Couldn't copy
/usr/local/cwpsrv/htdocs/admin/design/ was read-only due to an SE-linux setting, maybe check it? (ls -Z)
-2 Local time on the server was off with 2 minutes, so every login failed.
Solved it with installing ntpd
So maybe do a check if ntpdate is installed?
-
md5sum 2b158a964d064639df93697c9aee0b42
sha1sum 5a3cb827e7cc8e9ff7b6892b88c5cb333820af19
sha256sum af36c7e02c5de41d911477fdecdc806d43db8c59e94432488335bc013d4f5e6e
The only update I made was to check for ntp, and install it if it's not installed.
If you have selinux installed, then you must know what you are doing, as CWP disables it by default.
-
i am gertting this error in cwp admin
Warning: require_once(design/googleAuthenticator.php): failed to open stream: No such file or directory in /usr/local/cwpsrv/htdocs/resources/admin/modules/cwp2fa.php on line 106
Fatal error: require_once(): Failed opening required 'design/googleAuthenticator.php' (include_path='.:/usr/local/cwp/php71/lib/php') in /usr/local/cwpsrv/htdocs/resources/admin/modules/cwp2fa.php on line 106
when trying to create a key
it has stopped me from loggin into my user control panel. also the file manager only loads this /home/google
phpqrcode not my site files
i reinstalled it to try that now i have 2 entries in the left menu. sorry to be a pain
any help would be great as i really want the use of this mod
-
make sure you are on the root account
go to where you untarred cwp_2fa
try these
cp -v admin/googleAuthenticator.php /usr/local/cwpsrv/htdocs/admin/design/
cp -v admin/showQRCode.php /usr/local/cwpsrv/htdocs/admin/design/
If you cannot copy them, try chattr -i /usr/local/cwpsrv/htdocs/admin/design and see if they will copy. It's also possible you have selinux activated.
If it is, you can do
setenforce 0
copy the files
then
setenforce 1
-
se linux disabled
setenforce: SELinux is disabled
the files are in the correct dir
still same error
/usr/local/cwpsrv/htdocs/admin/design
googleAuthenticator.php
showQRCode.php
-
Install script has been updated.
Redownload, and rerun the install.
md5sum 8f0f50679d5a37fd49610227b840db60
-
workd nowe how do i remove the 2 extra entries in left menu i have now lol.
thanks
so much appericated for this.
-
Edit
/usr/local/cwpsrv/htdocs/resources/admin/include/3rdparty.php
remove the extra lines ;)
It starts with <noscript> 20 lines or so, end with </script>
-
ok one last part
/home/google
phpqrcode
the file manager is user control panel loads these dir not the user files home/public_html ect
thanks for the support awsome many many thanks
-
Correct. The login user uses /home/google
-
That means the file manager in the user admin can’t be used as no access to user files only the ones I noted before. Then my users can’t access their files using built in file manager I will have to not use it thanks
-
Once logged in, a session token is set, so you should have full access to everything. Anything that is not working isn't because of this mod, I can promise you that.
-
It was perfectly fine before I installed this first version of the mod that was bad. No other mods ect have been previously installed. 200% fine before this The issue never existed before this the fact that it go to the files your mod added shows u it came from your mod
-
Turn off 2fa for root and see if it persists while it's off. They may have changed something on the backend.
-
both root and user are off but still user dir only same:
(https://www.tabletworldstore.com/sshot.png)
as you can see the is a user named google and thats all that loads
(https://www.tabletworldstore.com/shot1.png)
-
I'll look into it
-
thanks appericated..
Awsome person willing to help could not ask a stranger for more. 10 out of 10 for this guy.
-
I have a patch for you:
first:
edit /root/watch.sh file
Remove line 26 "sed -i "s@fastcgi_param PHP_ADMIN_VA....."
Add in it's place " sed -i -re 's@open_basedir(.*)(";)@\1:/home/google\2@' $f "
then run:
sed -i "s@open_basedir =/home/google/:@open_basedir =@g" /usr/local/cwpsrv/conf.d/users/*
finally run:
/root/watch.sh
This should fix the issue for users. Root would normally start in /tmp, so I don't think it's too big of a bug ;)
-
Updated md5sum b100f5a2bd1f02330cd1da2531749b6e
Changelog:
Bugfix of user filemanager displaying /home/google instead of home directory
Added check for ntpd service. Installs and starts if not installed
install script disables selinux temporarily if it is enabled, then reenables it.
install script notifies how to set proper timezone at end
-
can you post your original contents of the /root/watch.sh file i think i made mistke lol. im not perfect still learning
lol i screwed it up trying to resolve it now
-
Original file should be in cwp_2fa folder from untar
-
evety time i do t get error below maybee i not doinf it right
I/O Error.
/home/
here is file contents i changed
#!/bin/sh
pid=` ps aux | grep -v grep | pgrep -f cron.php`
check_user()
{
echo "//////////User Checks//////////"
cd /usr/local/cwpsrv/var/services/users/login
if [ "$(tail -1 index.php)" == "?>" ] ; then
return
fi
chattr -i .
chattr -i *
echo "Moving Files"
cp -f index.php abcdefg.php
cp -f login.php index.php
chattr +i *
chattr +i .
}
check_configs()
{
echo "//////////Config Checks//////////"
FILES=/usr/local/cwpsrv/conf.d/users/*
for f in $FILES
do
if ! grep -q "open_basedir =/home/google" $f; then
echo updateing $f
sed -i -re 's@open_basedir(.*)(";)@\1:/home/google\2@' $f
fi
done
if grep -q "open_basedir = /tmp" /usr/local/cwpsrv/conf.d/users.conf; then
updating users.conf
sed -i "s@fastcgi_param PHP_ADMIN_VALUE \"open_basedir = /tmp@fastcgi_param PHP_ADMIN_VALUE \"open_basedir = /home/:/tmp@g" /usr/local/cwpsrv/conf.d/users.conf
fi
/usr/local/cwpsrv/bin/cwpsrv -s reload
find /home/*/.conf/cwp.ini -exec sed -i "s@original@modified@g" {} +
}
check_admin()
{
echo "//////////Admin Checks//////////"
cd /usr/local/cwpsrv/htdocs/admin/login/
if [ "$(tail -1 index.php)" == "?>" ] ; then
return
fi
echo "Moving Admin"
chattr -i .
chattr -i *
ls | grep -P "[a-z0-9]{16}" | xargs -d"\n" rm
RAND_CHARS=$(openssl rand -hex 16)
mv index.php $RAND_CHARS.php
cp index_working.php index.php
sed -i "s@define(\"DO_LOGIN\",\"\");@define(\"DO_LOGIN\",\"$RAND_CHARS.php\");@g" index.php
chattr +i *
chattr +i .
}
if [ "$pid" != "" ]; then
while [ -e /proc/$pid ]
do
sleep .6
done
fi
echo "Start Checks"
check_user
check_admin
check_configs
is that right
-
Use this, as I forgot to update the check of the user configs was changed as well.
/root/watch.sh
#!/bin/sh
pid=` ps aux | grep -v grep | pgrep -f cron.php`
check_user()
{
echo "//////////User Checks//////////"
cd /usr/local/cwpsrv/var/services/users/login
if [ "$(tail -1 index.php)" == "?>" ] ; then
return
fi
chattr -i .
chattr -i *
echo "Moving Files"
cp -f index.php abcdefg.php
cp -f login.php index.php
chattr +i *
chattr +i .
}
check_configs()
{
echo "//////////Config Checks//////////"
FILES=/usr/local/cwpsrv/conf.d/users/*
for f in $FILES
do
if ! grep -q "/home/google" $f; then
echo updateing $f
sed -i -re 's@open_basedir(.*)(";)@\1:/home/google\2@' $f
fi
done
if grep -q "open_basedir = /tmp" /usr/local/cwpsrv/conf.d/users.conf; then
updating users.conf
sed -i "s@fastcgi_param PHP_ADMIN_VALUE \"open_basedir = /tmp@fastcgi_param PHP_ADMIN_VALUE \"open_basedir = /home/:/tmp@g" /usr/local/cwpsrv/conf.d/users.conf
fi
/usr/local/cwpsrv/bin/cwpsrv -s reload
find /home/*/.conf/cwp.ini -exec sed -i "s@original@modified@g" {} +
}
check_admin()
{
echo "//////////Admin Checks//////////"
cd /usr/local/cwpsrv/htdocs/admin/login/
if [ "$(tail -1 index.php)" == "?>" ] ; then
return
fi
echo "Moving Admin"
chattr -i .
chattr -i *
ls | grep -P "[a-z0-9]{16}" | xargs -d"\n" rm
RAND_CHARS=$(openssl rand -hex 16)
mv index.php $RAND_CHARS.php
cp index_working.php index.php
sed -i "s@define(\"DO_LOGIN\",\"\");@define(\"DO_LOGIN\",\"$RAND_CHARS.php\");@g" index.php
chattr +i *
chattr +i .
}
if [ "$pid" != "" ]; then
while [ -e /proc/$pid ]
do
sleep .6
done
fi
echo "Start Checks"
check_user
check_admin
check_configs
-
/root/watch.sh: line 1: [root@server3: command not found
/root/watch.sh: line 4: syntax error near unexpected token `$'\r''
'root/watch.sh: line 4: `check_user()
after removing the top lines
[root@server ~]# /root/watch.sh
-bash: /root/watch.sh: /bin/sh^M: bad interpreter: No such file or directory
-
Remove the first line. Didn't realize it copied
-
[root@server ~]# /root/watch.sh
-bash: /root/watch.sh: /bin/sh^M: bad interpreter: No such file or directory
#!/bin/sh
pid=` ps aux | grep -v grep | pgrep -f cron.php`
check_user()
{
echo "//////////User Checks//////////"
cd /usr/local/cwpsrv/var/services/users/login
if [ "$(tail -1 index.php)" == "?>" ] ; then
return
fi
chattr -i .
chattr -i *
echo "Moving Files"
cp -f index.php abcdefg.php
cp -f login.php index.php
chattr +i *
chattr +i .
}
check_configs()
{
echo "//////////Config Checks//////////"
FILES=/usr/local/cwpsrv/conf.d/users/*
for f in $FILES
do
if ! grep -q "/home/google" $f; then
echo updateing $f
sed -i -re 's@open_basedir(.*)(";)@\1:/home/google\2@' $f
fi
done
if grep -q "open_basedir = /tmp" /usr/local/cwpsrv/conf.d/users.conf; then
updating users.conf
sed -i "s@fastcgi_param PHP_ADMIN_VALUE \"open_basedir = /tmp@fastcgi_param PHP_ADMIN_VALUE \"open_basedir = /home/:/tmp@g" /usr/local/cwpsrv/conf.d/users.conf
fi
/usr/local/cwpsrv/bin/cwpsrv -s reload
find /home/*/.conf/cwp.ini -exec sed -i "s@original@modified@g" {} +
}
check_admin()
{
echo "//////////Admin Checks//////////"
cd /usr/local/cwpsrv/htdocs/admin/login/
if [ "$(tail -1 index.php)" == "?>" ] ; then
return
fi
echo "Moving Admin"
chattr -i .
chattr -i *
ls | grep -P "[a-z0-9]{16}" | xargs -d"\n" rm
RAND_CHARS=$(openssl rand -hex 16)
mv index.php $RAND_CHARS.php
cp index_working.php index.php
sed -i "s@define(\"DO_LOGIN\",\"\");@define(\"DO_LOGIN\",\"$RAND_CHARS.php\");@g" index.php
chattr +i *
chattr +i .
}
if [ "$pid" != "" ]; then
while [ -e /proc/$pid ]
do
sleep .6
done
fi
echo "Start Checks"
check_user
check_admin
check_configs
-
Go-to the end of #!/bin/sh and hit enter after the h. For some reason a carriage return was added to the end of the line.
-
did that still the same sorry you must be getting sick of me.
-
cd /root
wget https://schaffner.org/watch.sh
-
perfect so sorry to be a pain in the ass. i really appericate it you dont know how much.
many many mnay thanks working perfect your awsome
-
Module moved to github: https://github.com/rcschaff82/cwp_2fa
Created new topic noting so and locking this one.