Direct CSF integration

Version 1.61.0

Feature
Finished

DirectAdmin already supports the CSF plugin, and already integrates with it using the block_ip.sh set of scripts. This feature will skip over the hook scripts, and instead make direct calls to csf. Block: csf -d 1.2.3.4 Unblock: csf -dr 1.2.3.4 And get list of currently blocked IPs directly from CSF. /etc/csf/csf.deny Optional comments to be set. ======================= ACTIVATE 1) The csf plugin must be installed 2) The /usr/local/directdmin/scripts/custom/block_ip.sh must NOT exist (so as to not affect exising CSF integrations). Once you have this copy of DA, to flip over to this integration, delete the files; /usr/local/directdmin/scripts/custom/block_ip.sh /usr/local/directdmin/scripts/custom/brute_force_notice_ip.sh /usr/local/directdmin/scripts/custom/show_blocked_ips.sh /usr/local/directdmin/scripts/custom/unblock_ip.sh After testing confirms feature is functional, the csf_install.sh script will be updated to not install the scripts/custom/*.sh files. ======================= BLOCKED LIST The BFM will use the /etc/csf/csf.deny to show the listing of blocked IPs and comments/dates. The following files will not be related to the new method; /root/blocked_ips.txt /root/exempt_ips.txt ======================= SKIP LIST CSF does have it's own skip list. The Brute Force Manager also has it's own skip list: /usr/local/directadmin/data/admin/brute_skip.list With integration, when adding an IP to the skip list through the BFM, DA will add it to both brute_skip.list and to CSF's csf.ignore. Adding ranges in the format: 1.2.3.4-5 will only be added to the BFM. DA will not accept 1.2.3.0/24, but CSF will. Adding the 1.2.3.0/24 style ranges should be done in CSF, as even if DA decides to try and block an IP, the CSF csf.ignore would override the block, so the CSF allow has priority. Listing all Skip value in DA will show the contents of both lists. Deleting a value from DA ONLY deletes it from the skip.list, not from CSF's allow list (the value would remain showing). There is room for improvement here, so it may come should there be sufficient demand. ---- T26468 Update: changed from csf.allow to csf.ignore: Compile time: May 7 2020 at 18:04:30

Interested to try DirectAdmin? Get a 30-day Free Trial!