############################################################################### # Copyright 2006-2023, Way to the Web Limited # URL: http://www.configserver.com # Email: sales@waytotheweb.com ############################################################################### ## no critic (RequireUseWarnings, ProhibitExplicitReturnUndef, ProhibitMixedBooleanOperators, RequireBriefOpen) package ConfigServer::DisplayUI; use strict; use lib '/usr/local/csf/lib'; use Fcntl qw(:DEFAULT :flock); use File::Basename; use File::Copy; use Net::CIDR::Lite; use IPC::Open3; use ConfigServer::Config; use ConfigServer::CheckIP qw(checkip); use ConfigServer::Ports; use ConfigServer::URLGet; use ConfigServer::Sanity qw(sanity);; use ConfigServer::ServerCheck; use ConfigServer::ServerStats; use ConfigServer::Service; use ConfigServer::RBLCheck; use ConfigServer::GetEthDev; use ConfigServer::Slurp qw(slurp); use Exporter qw(import); our $VERSION = 1.01; our @ISA = qw(Exporter); our @EXPORT_OK = qw(); umask(0177); our ($chart, $ipscidr6, $ipv6reg, $ipv4reg, %config, %ips, $mobile, $urlget, %FORM, $script, $script_da, $images, $myv); my $slurpreg = ConfigServer::Slurp->slurpreg; my $cleanreg = ConfigServer::Slurp->cleanreg; # ############################################################################### # start main sub main { my $form_ref = shift; %FORM = %{$form_ref}; $script = shift; $script_da = shift; $images = shift; $myv = shift; $config{THIS_UI} = shift; $| = 1; $ipscidr6 = Net::CIDR::Lite->new; my $thisui = $config{THIS_UI}; my $config = ConfigServer::Config->loadconfig(); %config = $config->config; $config{THIS_UI} = $thisui; $ipv4reg = $config->ipv4reg; $ipv6reg = $config->ipv6reg; if ($config{CF_ENABLE}) { require ConfigServer::CloudFlare; import ConfigServer::CloudFlare; } $mobile = 0; if ($FORM{mobi}) {$mobile = 1} $chart = 1; if ($config{ST_ENABLE}) { if (!defined ConfigServer::ServerStats::init()) {$chart = 0} } $urlget = ConfigServer::URLGet->new($config{URLGET}, "csf/$myv", $config{URLPROXY}); unless (defined $urlget) { $config{URLGET} = 1; $urlget = ConfigServer::URLGet->new($config{URLGET}, "csf/$myv", $config{URLPROXY}); print "

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

\n"; } if ($config{RESTRICT_UI} == 2) { print "\n"; print "\n"; print "
csf UI Disabled via the RESTRICT_UI option in /etc/csf/csf.conf
\n"; exit; } if ($FORM{ip} ne "") {$FORM{ip} =~ s/(^\s+)|(\s+$)//g} if (($FORM{ip} ne "") and ($FORM{ip} ne "all") and (!checkip(\$FORM{ip}))) { print "[$FORM{ip}] is not a valid IP/CIDR"; } elsif (($FORM{ignorefile} ne "") and ($FORM{ignorefile} =~ /[^\w\.]/)) { print "[$FORM{ignorefile}] is not a valid file"; } elsif (($FORM{template} ne "") and ($FORM{template} =~ /[^\w\.]/)) { print "[$FORM{template}] is not a valid file"; } elsif ($FORM{action} eq "manualcheck") { print "

Checking version...

\n\n"; my ($upgrade, $actv) = &manualversion($myv); if ($upgrade) { print "
A new version of csf (v$actv) is available. Upgrading will retain your settings. View ChangeLog
\n"; } else { if ($actv ne "") { print "
$actv
\n"; } else { print "
You are running the latest version of csf (v$myv). An Upgrade button will appear here if a new version becomes available
\n"; } } print "
\n"; &printreturn; } elsif ($FORM{action} eq "lfdstatus") { print "

Show lfd status...

\n
\n";
		ConfigServer::Service::statuslfd();
		print "
\n

...Done.

\n"; &printreturn; } elsif ($FORM{action} eq "ms_list") { &modsec; } elsif ($FORM{action} eq "chart") { &chart; } elsif ($FORM{action} eq "systemstats") { &systemstats($FORM{graph}); } elsif ($FORM{action} eq "lfdstart") { print "

Starting lfd...

\n
\n";
		ConfigServer::Service::startlfd();
		print "
\n

...Done.

\n"; &printreturn; } elsif ($FORM{action} eq "lfdrestart") { if ($config{THIS_UI}) { print "

Signal lfd to restart...

\n
\n";
			sysopen (my $OUT, "/var/lib/csf/lfd.restart",, O_WRONLY | O_CREAT) or die "Unable to open file: $!";
			close ($OUT);
		} else {
			print "
Restarting lfd...
\n
\n";
			ConfigServer::Service::restartlfd();
		}
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "lfdstop") {
		print "
Stopping lfd...
\n
\n";
		ConfigServer::Service::stoplfd();
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "status") {
		&resize("top");
		print "
\n";
		&printcmd("/usr/sbin/csf","-l");
		if ($config{IPV6}) {
			print "\n\nip6tables:\n\n";
			&printcmd("/usr/sbin/csf","-l6");
		}
		print "
\n";
		&resize("bot",1);
		&printreturn;
	}
	elsif ($FORM{action} eq "start") {
		print "
Starting csf...
\n";
		&resize("top");
		print "
\n";
		&printcmd("/usr/sbin/csf","-sf");
		print "
\n
...Done.
\n";
		&resize("bot",1);
		&printreturn;
	}
	elsif ($FORM{action} eq "restart") {
		print "
Restarting csf...
\n";
		&resize("top");
		print "
\n";
		&printcmd("/usr/sbin/csf","-sf");
		print "
\n
...Done.
\n";
		&resize("bot",1);
		&printreturn;
	}
	elsif ($FORM{action} eq "restartq") {
		print "
Restarting csf via lfd...
\n
\n";
		&printcmd("/usr/sbin/csf","-q");
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "temp") {
		print "\n";
		print "\n";
		my @deny;
		if (! -z "/var/lib/csf/csf.tempban") {
			open (my $IN, "<", "/var/lib/csf/csf.tempban") or die $!;
			flock ($IN, LOCK_SH);
			@deny = <$IN>;
			chomp @deny;
			close ($IN);
		}
		foreach my $line (reverse @deny) {
			if ($line eq "") {next}
			my ($time,$ip,$port,$inout,$timeout,$message) = split(/\|/,$line);
			$time = $timeout - (time - $time);
			if ($port eq "") {$port = "*"}
			if ($inout eq "") {$inout = " *"}
			if ($time < 1) {
				$time = "<1";
			} else {
				my $days = int($time/(24*60*60));
				my $hours = ($time/(60*60))%24;
				my $mins = ($time/60)%60;
				my $secs = $time%60;
				$days = $days < 1 ? '' : $days .'d ';
				$hours = $hours < 1 ? '' : $hours .'h ';
				$mins = $mins < 1 ? '' : $mins . 'm ';
				$time = $days . $hours . $mins . $secs . 's'; 
			}
			print "\n";
			print "\n";
		}
		my @allow;
		if (! -z "/var/lib/csf/csf.tempallow") {
			open (my $IN, "<", "/var/lib/csf/csf.tempallow") or die $!;
			flock ($IN, LOCK_SH);
			@allow = <$IN>;
			chomp @allow;
			close ($IN);
		}
		foreach my $line (@allow) {
			if ($line eq "") {next}
			my ($time,$ip,$port,$inout,$timeout,$message) = split(/\|/,$line);
			$time = $timeout - (time - $time);
			if ($port eq "") {$port = "*"}
			if ($inout eq "") {$inout = " *"}
			if ($time < 1) {
				$time = "<1";
			} else {
				my $days = int($time/(24*60*60));
				my $hours = ($time/(60*60))%24;
				my $mins = ($time/60)%60;
				my $secs = $time%60;
				$days = $days < 1 ? '' : $days .'d ';
				$hours = $hours < 1 ? '' : $hours .'h ';
				$mins = $mins < 1 ? '' : $mins . 'm ';
				$time = $days . $hours . $mins . $secs . 's'; 
			}
			print "\n";
		}
		print "
 A/DIP addressPortDirTime To LiveComment
 \n";
			print "DENY$ip$port$inout$time$message
 \n";
			print "ALLOW$ip$port$inout$time$message
\n";
		if (@deny or @allow) {
			print "
Flush all temporary blocks
\n";
		} else {
			print "
There are no temporary IP entries
\n";
		}
		&printreturn;
	}
	elsif ($FORM{action} eq "temprm") {
		print "
Removing all temporary entries:
\n
\n";
		if ($FORM{ip} eq "all") {
			&printcmd("/usr/sbin/csf","-tf");
		}
		print "
\n
...Done.
\n";
		print "
\n";
	}
	elsif ($FORM{action} eq "temprmd") {
		print "
Removing temporary deny entry for $FORM{ip}:
\n
\n";
		&printcmd("/usr/sbin/csf","-trd",$FORM{ip});
		print "
\n
...Done.
\n";
		print "
\n";
	}
	elsif ($FORM{action} eq "temprma") {
		print "
Removing temporary allow entry for $FORM{ip}:
\n
\n";
		&printcmd("/usr/sbin/csf","-tra",$FORM{ip});
		print "
\n
...Done.
\n";
		print "
\n";
	}
	elsif ($FORM{action} eq "temptoperm") {
		print "
Permanent ban for $FORM{ip}:
\n
\n";
		&printcmd("/usr/sbin/csf","-tr",$FORM{ip});
		&printcmd("/usr/sbin/csf","-d",$FORM{ip});
		print "
\n
...Done.
\n";
		print "
\n";
	}
	elsif ($FORM{action} eq "tempdeny") {
		$FORM{timeout} =~ s/\D//g;
		if ($FORM{dur} eq "minutes") {$FORM{timeout} = $FORM{timeout} * 60}
		if ($FORM{dur} eq "hours") {$FORM{timeout} = $FORM{timeout} * 60 * 60}
		if ($FORM{dur} eq "days") {$FORM{timeout} = $FORM{timeout} * 60 * 60 * 24}
		if ($FORM{ports} eq "") {$FORM{ports} = "*"}
		print "
Temporarily $FORM{do}ing $FORM{ip} for $FORM{timeout} seconds:
\n
\n";
		if ($FORM{do} eq "block") {
			&printcmd("/usr/sbin/csf","-td",$FORM{ip},$FORM{timeout},"-p",$FORM{ports},$FORM{comment});
		} else {
			&printcmd("/usr/sbin/csf","-ta",$FORM{ip},$FORM{timeout},"-p",$FORM{ports},$FORM{comment});
		}
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "stop") {
		print "
Stopping csf...
\n";
		&resize("top");
		print "
\n";
		&printcmd("/usr/sbin/csf","-f");
		print "
\n
...Done.
\n";
		&resize("bot",1);
		&printreturn;
	}
	elsif ($FORM{action} eq "disable") {
		print "
Disabling csf...
\n";
		&resize("top");
		print "
\n";
		&printcmd("/usr/sbin/csf","-x");
		print "
\n
...Done.
\n";
		&resize("bot",1);
		&printreturn;
	}
	elsif ($FORM{action} eq "enable") {
		if ($config{THIS_UI}) {
			print "
You must login to the root shell to enable csf using:\n
csf -e
\n";
		} else {
			print "
Enabling csf...
\n";
			&resize("top");
			print "
\n";
			&printcmd("/usr/sbin/csf","-e");
			print "
";
			&resize("bot",1);
		}
		print "
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "logtail") {
		$FORM{lines} =~ s/\D//g;
		if ($FORM{lines} eq "" or $FORM{lines} == 0) {$FORM{lines} = 30}
		my $script_safe = $script;
		my $CSFfrombot = 120;
		my $CSFfromright = 10;
		if ($config{DIRECTADMIN}) {
			$script = $script_da;
			$CSFfrombot = 400;
			$CSFfromright = 150;
		}
		my @data = slurp("/etc/csf/csf.syslogs");
		foreach my $line (@data) {
			if ($line =~ /^Include\s*(.*)$/) {
				my @incfile = slurp($1);
				push @data,@incfile;
			}
		}
		@data = sort @data;
		my $options = "  


Refresh in 0  






   



EOF
		if ($config{DIRECTADMIN}) {$script = $script_safe}
		&printreturn;
	}
	elsif ($FORM{action} eq "logtailcmd") {
		$FORM{lines} =~ s/\D//g;
		if ($FORM{lines} eq "" or $FORM{lines} == 0) {$FORM{lines} = 30}

		my @data = slurp("/etc/csf/csf.syslogs");
		foreach my $line (@data) {
			if ($line =~ /^Include\s*(.*)$/) {
				my @incfile = slurp($1);
				push @data,@incfile;
			}
		}
		@data = sort @data;
		my $cnt = 0;
		my $logfile = "/var/log/lfd.log";
		my $hit = 0;
		foreach my $file (@data) {
			$file =~ s/$cleanreg//g;
			if ($file eq "") {next}
			if ($file =~ /^\s*\#|Include/) {next}
			my @globfiles;
			if ($file =~ /\*|\?|\[/) {
				foreach my $log (glob $file) {push @globfiles, $log}
			} else {push @globfiles, $file}

			foreach my $globfile (@globfiles) {
				if (-f $globfile) {
					if ($FORM{lognum} == $cnt) {
						$logfile = $globfile;
						$hit = 1;
						last;
					}
					$cnt++;
				}
			}
			if ($hit) {last}
		}
		if (-z $logfile) {
			print "<---- $logfile is currently empty ---->";
		} else {
			if (-x $config{TAIL}) {
				my $timeout = 30;
				eval {
					local $SIG{__DIE__} = undef;
					local $SIG{'ALRM'} = sub {die};
					alarm($timeout);
					my ($childin, $childout);
					my $pid = open3($childin, $childout, $childout,$config{TAIL},"-$FORM{lines}",$logfile);
					while (<$childout>) {
						my $line = $_;
						$line =~ s/&/&/g;
						$line =~ s//>/g;
						print $line;
					}
					waitpid ($pid, 0);
					alarm(0);
				};
				alarm(0);
				if ($@) {print "TIMEOUT: tail command took too long. Timed out after $timeout seconds\n"}
			} else {
				print "Executable [$config{TAIL}] invalid";
			}
		}
	}
	elsif ($FORM{action} eq "loggrep") {
		$FORM{lines} =~ s/\D//g;
		if ($FORM{lines} eq "" or $FORM{lines} == 0) {$FORM{lines} = 30}
		my $script_safe = $script;
		my $CSFfrombot = 120;
		my $CSFfromright = 10;
		if ($config{DIRECTADMIN}) {
			$script = $script_da;
			$CSFfrombot = 400;
			$CSFfromright = 150;
		}
		my @data = slurp("/etc/csf/csf.syslogs");
		foreach my $line (@data) {
			if ($line =~ /^Include\s*(.*)$/) {
				my @incfile = slurp($1);
				push @data,@incfile;
			}
		}
		@data = sort @data;
		my $options = " 
-i 
-E 
 wildcard 
 

Please Note:

 1. Searches use $config{GREP}/$config{ZGREP} if wildcard is used), so the search text/regex must be syntactically correct
 2. Use the "-i" option to ignore case
 3. Use the "-E" option to perform an extended regular expression search
 4. Searching large log files can take a long time. This feature has a 30 second timeout
 5. The searched for text will usually be highlighted but may not always be successful
 6. Only log files listed in /etc/csf/csf.syslogs can be searched. You can add to this file
 7. The wildcard option will use $config{ZGREP} and search logs with a wildcard suffix, e.g. /var/log/lfd.log*
EOF if ($config{DIRECTADMIN}) {$script = $script_safe} &printreturn; } elsif ($FORM{action} eq "loggrepcmd") { my @data = slurp("/etc/csf/csf.syslogs"); foreach my $line (@data) { if ($line =~ /^Include\s*(.*)$/) { my @incfile = slurp($1); push @data,@incfile; } } @data = sort @data; my $cnt = 0; my $logfile = "/var/log/lfd.log"; my $hit = 0; foreach my $file (@data) { $file =~ s/$cleanreg//g; if ($file eq "") {next} if ($file =~ /^\s*\#|Include/) {next} my @globfiles; if ($file =~ /\*|\?|\[/) { foreach my $log (glob $file) {push @globfiles, $log} } else {push @globfiles, $file} foreach my $globfile (@globfiles) { if (-f $globfile) { if ($FORM{lognum} == $cnt) { $logfile = $globfile; $hit = 1; last; } $cnt++; } } if ($hit) {last} } my @cmd; my $grepbin = $config{GREP}; if ($FORM{grepZ}) {$grepbin = $config{ZGREP}} if ($FORM{grepi}) {push @cmd, "-i"} if ($FORM{grepE}) {push @cmd, "-E"} push @cmd, $FORM{grep}; if (-z $logfile) { print "<---- $logfile is currently empty ---->"; } else { if (-x $grepbin) { my $timeout = 30; eval { local $SIG{__DIE__} = undef; local $SIG{'ALRM'} = sub {die}; my $total; if ($FORM{grepZ}) { foreach my $file (glob $logfile."\*") { print "\nSearching $file:\n"; alarm($timeout); my ($childin, $childout); my $pid = open3($childin, $childout, $childout,$grepbin,@cmd,$file); while (<$childout>) { my $line = $_; $line =~ s/&/&/g; $line =~ s//>/g; if ($FORM{grep} ne "") { eval { local $SIG{__DIE__} = undef; if ($FORM{grepi}) { $line =~ s/$FORM{grep}/$&<\/mark>/ig; } else { $line =~ s/$FORM{grep}/$&<\/mark>/g; } }; } print $line; $total += length $line; } waitpid ($pid, 0); unless ($total) {print "<---- No matches found for \"$FORM{grep}\" in $file ---->\n"} alarm(0); } } else { alarm($timeout); my ($childin, $childout); my $pid = open3($childin, $childout, $childout,$grepbin,@cmd,$logfile); while (<$childout>) { my $line = $_; $line =~ s/&/&/g; $line =~ s//>/g; if ($FORM{grep} ne "") { eval { local $SIG{__DIE__} = undef; if ($FORM{grepi}) { $line =~ s/$FORM{grep}/$&<\/mark>/ig; } else { $line =~ s/$FORM{grep}/$&<\/mark>/g; } }; } print $line; $total += length $line; } waitpid ($pid, 0); unless ($total) {print "<---- No matches found for \"$FORM{grep}\" in $logfile ---->\n"} alarm(0); } }; alarm(0); if ($@) {print "TIMEOUT: grep command took too long. Timed out after $timeout seconds\n"} } else { print "Executable [$grepbin] invalid"; } } } elsif ($FORM{action} eq "readme") { &resize("top"); print "
\n";
		open (my $IN, "<", "/etc/csf/readme.txt") or die $!;
		flock ($IN, LOCK_SH);
		my @readme = <$IN>;
		close ($IN);
		chomp @readme;

		foreach my $line (@readme) {
			$line =~ s/\/\>\;/g;
			print $line."\n";
		}
		print "
\n"; &resize("bot",0); &printreturn; } elsif ($FORM{action} eq "servercheck") { print ConfigServer::ServerCheck::report($FORM{verbose}); open (my $IN, "<", "/etc/cron.d/csf-cron"); flock ($IN, LOCK_SH); my @data = <$IN>; close ($IN); chomp @data; my $optionselected = "never"; my $email; if (my @ls = grep {$_ =~ /csf \-m/} @data) { if ($ls[0] =~ /\@(\w+)\s+root\s+\/usr\/sbin\/csf \-m (.*)/) {$optionselected = $1; $email = $2} } print "
\n"; print "Generate and email this report to the email address
\n"; print "
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "serverchecksave") { my $extra = ""; my $freq = "daily"; my $email; if ($FORM{email} ne "") {$email = "root"} if ($FORM{email} =~ /^[a-zA-Z0-9\-\_\.\@\+]+$/) {$email = $FORM{email}} foreach my $option ("never","hourly","daily","weekly","monthly") {if ($FORM{freq} eq $option) {$freq = $option}} unless ($email) {$freq = "never"; $extra = "(no valid email address supplied)";} sysopen (my $CRON, "/etc/cron.d/csf-cron", O_RDWR | O_CREAT) or die "Unable to open file: $!"; flock ($CRON, LOCK_EX); my @data = <$CRON>; chomp @data; seek ($CRON, 0, 0); truncate ($CRON, 0); my $done = 0; foreach my $line (@data) { if ($line =~ /csf \-m/) { if ($freq and ($freq ne "never") and !$done) { print $CRON "\@$freq root /usr/sbin/csf -m $email\n"; $done = 1; } } else { print $CRON "$line\n"; } } if (!$done and ($freq ne "never")) { print $CRON "\@$freq root /usr/sbin/csf -m $email\n"; } close ($CRON); if ($freq and $freq ne "never") { print "
Report scheduled to be emailed to $email $freq
\n"; } else { print "
Report schedule cancelled $extra
\n"; } print "
\n"; } elsif ($FORM{action} eq "rblcheck") { my ($status, undef) = ConfigServer::RBLCheck::report($FORM{verbose},$images,1); print "
These options can take a long time to run (several minutes) depending on the number of IP addresses to check and the response speed of the DNS requests:
\n"; print "
Generates the normal report showing exceptions only
\n"; print "
Generates the normal report but shows successes and failures
\n"; print "
Edit csf.rblconf to enable and disable IPs and RBLs
\n"; open (my $IN, "<", "/etc/cron.d/csf-cron"); flock ($IN, LOCK_SH); my @data = <$IN>; close ($IN); chomp @data; my $optionselected = "never"; my $email; if (my @ls = grep {$_ =~ /csf \-\-rbl/} @data) { if ($ls[0] =~ /\@(\w+)\s+root\s+\/usr\/sbin\/csf \-\-rbl (.*)/) {$optionselected = $1; $email = $2} } print "
\n"; print "Generate and email this report to the email address
\n"; &printreturn; } elsif ($FORM{action} eq "rblchecksave") { my $extra = ""; my $freq = "daily"; my $email; if ($FORM{email} ne "") {$email = "root"} if ($FORM{email} =~ /^[a-zA-Z0-9\-\_\.\@\+]+$/) {$email = $FORM{email}} foreach my $option ("never","hourly","daily","weekly","monthly") {if ($FORM{freq} eq $option) {$freq = $option}} unless ($email) {$freq = "never"; $extra = "(no valid email address supplied)";} sysopen (my $CRON, "/etc/cron.d/csf-cron", O_RDWR | O_CREAT) or die "Unable to open file: $!"; flock ($CRON, LOCK_EX); my @data = <$CRON>; chomp @data; seek ($CRON, 0, 0); truncate ($CRON, 0); my $done = 0; foreach my $line (@data) { if ($line =~ /csf \-\-rbl/) { if ($freq and ($freq ne "never") and !$done) { print $CRON "\@$freq root /usr/sbin/csf --rbl $email\n"; $done = 1; } } else { print $CRON "$line\n"; } } if (!$done and ($freq ne "never")) { print $CRON "\@$freq root /usr/sbin/csf --rbl $email\n"; } close ($CRON); if ($freq and $freq ne "never") { print "
Report scheduled to be emailed to $email $freq
\n"; } else { print "
Report schedule cancelled $extra
\n"; } print "
\n"; } elsif ($FORM{action} eq "rblcheckedit") { &editfile("/etc/csf/csf.rblconf","saverblcheckedit"); print "
\n"; } elsif ($FORM{action} eq "saverblcheckedit") { &savefile("/etc/csf/csf.rblconf",""); print "
\n"; } elsif ($FORM{action} eq "cloudflareedit") { &editfile("/etc/csf/csf.cloudflare","savecloudflareedit"); &printreturn; } elsif ($FORM{action} eq "savecloudflareedit") { &savefile("/etc/csf/csf.cloudflare",""); &printreturn; } elsif ($FORM{action} eq "restartboth") { print "

Restarting csf...

\n"; &resize("top"); print "
\n";
		&printcmd("/usr/sbin/csf","-sf");
		print "
\n

...Done.

\n"; if ($config{THIS_UI}) { print "

Signal lfd to restart...

\n
\n";
			sysopen (my $OUT, "/var/lib/csf/lfd.restart",, O_WRONLY | O_CREAT) or die "Unable to open file: $!";
			close ($OUT);
		} else {
			print "
Restarting lfd...
\n
\n";
			ConfigServer::Service::restartlfd();
		}
		print "
\n
...Done.
\n";
		&resize("bot",1);
		&printreturn;
	}
	elsif ($FORM{action} eq "remapf") {
		print "
Removing APF/BFD...
\n
\n";
		&printcmd("sh","/usr/local/csf/bin/remove_apf_bfd.sh");
		print "
\n
...Done.
\n";
		print "
Note: You should check the root cron and /etc/crontab to ensure that there are no apf or bfd related cron jobs remaining
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "qallow") {
		print "
Allowing $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-a",$FORM{ip},$FORM{comment});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "qdeny") {
		print "
Blocking $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-d",$FORM{ip},$FORM{comment});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "qignore") {
		print "
Ignoring $FORM{ip}...\n";
		open (my $OUT, ">>", "/etc/csf/csf.ignore");
		flock ($OUT, LOCK_EX);
		print $OUT "$FORM{ip}\n";
		close ($OUT);
		print "Done.
\n";
		if ($config{THIS_UI}) {
			print "
Signal lfd to restart...
\n
\n";
			sysopen (my $OUT, "/var/lib/csf/lfd.restart",, O_WRONLY | O_CREAT) or die "Unable to open file: $!";
			close ($OUT);
		} else {
			print "
Restarting lfd...
\n
\n";
			ConfigServer::Service::restartlfd();
		}
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "kill") {
		print "
Unblock $FORM{ip}, trying permanent blocks...
\n
\n";
		&printcmd("/usr/sbin/csf","-dr",$FORM{ip});
		print "
\n
...Done.
\n";
		print "
Unblock $FORM{ip}, trying temporary blocks...
\n
\n";
		&printcmd("/usr/sbin/csf","-trd",$FORM{ip});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "killallow") {
		print "
Unblock $FORM{ip}, trying permanent blocks...
\n
\n";
		&printcmd("/usr/sbin/csf","-ar",$FORM{ip});
		print "
\n
...Done.
\n";
		print "
Unblock $FORM{ip}, trying temporary blocks...
\n
\n";
		&printcmd("/usr/sbin/csf","-tra",$FORM{ip});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "grep") {
		print "
Searching for $FORM{ip}...
\n";
		&resize("top");
		print "
\n";
		my ($childin, $childout);
		my $pid = open3($childin, $childout, $childout, "/usr/sbin/csf","-g",$FORM{ip});
		my $unblock;
		my $unallow;
		while (<$childout>) {
			my $line = $_;
			if ($line =~ /^csf.deny:\s(\S+)\s*/) {$unblock = 1}
			if ($line =~ /^Temporary Blocks: IP:(\S+)\s*/) {$unblock = 1}
			if ($line =~ /^csf.allow:\s(\S+)\s*/) {$unallow = 1}
			if ($line =~ /^Temporary Allows: IP:(\S+)\s*/) {$unallow = 1}
			print $_;
		}
		waitpid ($pid, 0);
		print "
\n
...Done.
\n";
		&resize("bot",1);
		if ($unblock) {print "\n"}
		if ($unallow) {print "\n"}
		&printreturn;
	}
	elsif ($FORM{action} eq "callow") {
		print "
Cluster Allow $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-ca",$FORM{ip},$FORM{comment});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "cignore") {
		print "
Cluster Ignore $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-ci",$FORM{ip},$FORM{comment});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "cirm") {
		print "
Cluster Remove ignore $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-cir",$FORM{ip});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "cloudflare") {
		&cloudflare;
	}
	elsif ($FORM{action} eq "cflist") {
		print "
CloudFlare list $FORM{type} rules for user(s) $FORM{domains}:
\n";
		print "
";
		&printcmd("/usr/sbin/csf","--cloudflare","list",$FORM{type},$FORM{domains});
		print "
\n
\n";
	}
	elsif ($FORM{action} eq "cftempdeny") {
		print "
CloudFlare $FORM{do} $FORM{target} for user(s) $FORM{domains}:
\n";
		print "
\n";
		&printcmd("/usr/sbin/csf","--cloudflare","tempadd",$FORM{do},$FORM{target},$FORM{domains});
		print "
\n
\n";
	}
	elsif ($FORM{action} eq "cfadd") {
		print "
CloudFlare Add $FORM{type} $FORM{target} for user(s) $FORM{domains}:
\n";
		print "
";
		&printcmd("/usr/sbin/csf","--cloudflare","add",$FORM{type},$FORM{target},$FORM{domains});
		print "
\n
\n";
	}
	elsif ($FORM{action} eq "cfremove") {
		print "
CloudFlare Delete $FORM{type} $FORM{target} for user(s) $FORM{domains}:
\n";
		print "
";
		&printcmd("/usr/sbin/csf","--cloudflare","del", $FORM{target},$FORM{domains});
		print "
\n
\n";
	}
	elsif ($FORM{action} eq "cdeny") {
		print "
Cluster Deny $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-cd",$FORM{ip},$FORM{comment});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "ctempdeny") {
		$FORM{timeout} =~ s/\D//g;
		if ($FORM{dur} eq "minutes") {$FORM{timeout} = $FORM{timeout} * 60}
		if ($FORM{dur} eq "hours") {$FORM{timeout} = $FORM{timeout} * 60 * 60}
		if ($FORM{dur} eq "days") {$FORM{timeout} = $FORM{timeout} * 60 * 60 * 24}
		if ($FORM{ports} eq "") {$FORM{ports} = "*"}
		print "
cluster Temporarily $FORM{do}ing $FORM{ip} for $FORM{timeout} seconds:
\n
\n";
		if ($FORM{do} eq "block") {
			&printcmd("/usr/sbin/csf","-ctd",$FORM{ip},$FORM{timeout},"-p",$FORM{ports},$FORM{comment});
		} else {
			&printcmd("/usr/sbin/csf","-cta",$FORM{ip},$FORM{timeout},"-p",$FORM{ports},$FORM{comment});
		}
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "crm") {
		print "
Cluster Remove Deny $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-cr",$FORM{ip});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "carm") {
		print "
Cluster Remove Allow $FORM{ip}...
\n
\n";
		&printcmd("/usr/sbin/csf","-car",$FORM{ip});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "cping") {
		print "
Cluster PING...
\n
\n";
		&printcmd("/usr/sbin/csf","-cp");
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "cgrep") {
		print "
Cluster GREP for $FORM{ip}...
\n";
		print "
\n";
		my ($childin, $childout);
		my $pid = open3($childin, $childout, $childout, "/usr/sbin/csf","-cg",$FORM{ip});
		my $unblock;
		my $start = 0;
		while (<$childout>) {
			my $line = $_;
			if ($line =~ /^====/) {
				if ($start) {
					print "$line
";
					$start = 0;
				} else {
					print "
$line";
					$start = 1;
				}
			} else {
				print $line;
			}
		}
		waitpid ($pid, 0);
		print "...Done\n
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "cconfig") {
		$FORM{option} =~ s/\s*//g;
		my %restricted;
		if ($config{RESTRICT_UI}) {
			sysopen (my $IN, "/usr/local/csf/lib/restricted.txt", O_RDWR | O_CREAT) or die "Unable to open file: $!";
			flock ($IN, LOCK_SH);
			while (my $entry = <$IN>) {
				chomp $entry;
				$restricted{$entry} = 1;
			}
			close ($IN);
		}
		if ($restricted{$FORM{option}}) {
			print "
Option $FORM{option} cannot be set with RESTRICT_UI enabled
\n";
			exit;
		}
		print "
Cluster configuration option...
\n
\n";
		&printcmd("/usr/sbin/csf","-cc",$FORM{option},$FORM{value});
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "crestart") {
		print "
Cluster restart csf and lfd...
\n
\n";
		&printcmd("/usr/sbin/csf --crestart");
		print "
\n
...Done.
\n";
		&printreturn;
	}
	elsif ($FORM{action} eq "allow") {
		&editfile("/etc/csf/csf.allow","saveallow");
		&printreturn;
	}
	elsif ($FORM{action} eq "saveallow") {
		&savefile("/etc/csf/csf.allow","both");
		&printreturn;
	}
	elsif ($FORM{action} eq "redirect") {
		&editfile("/etc/csf/csf.redirect","saveredirect");
		&printreturn;
	}
	elsif ($FORM{action} eq "saveredirect") {
		&savefile("/etc/csf/csf.redirect","both");
		&printreturn;
	}
	elsif ($FORM{action} eq "smtpauth") {
		&editfile("/etc/csf/csf.smtpauth","savesmtpauth");
		&printreturn;
	}
	elsif ($FORM{action} eq "savesmtpauth") {
		&savefile("/etc/csf/csf.smtpauth","both");
		&printreturn;
	}
	elsif ($FORM{action} eq "reseller") {
		&editfile("/etc/csf/csf.resellers","savereseller");
		&printreturn;
	}
	elsif ($FORM{action} eq "savereseller") {
		&savefile("/etc/csf/csf.resellers","");
		&printreturn;
	}
	elsif ($FORM{action} eq "dirwatch") {
		&editfile("/etc/csf/csf.dirwatch","savedirwatch");
		&printreturn;
	}
	elsif ($FORM{action} eq "savedirwatch") {
		&savefile("/etc/csf/csf.dirwatch","lfd");
		&printreturn;
	}
	elsif ($FORM{action} eq "dyndns") {
		&editfile("/etc/csf/csf.dyndns","savedyndns");
		&printreturn;
	}
	elsif ($FORM{action} eq "savedyndns") {
		&savefile("/etc/csf/csf.dyndns","lfd");
		&printreturn;
	}
	elsif ($FORM{action} eq "blocklists") {
		&editfile("/etc/csf/csf.blocklists","saveblocklists");
		&printreturn;
	}
	elsif ($FORM{action} eq "saveblocklists") {
		&savefile("/etc/csf/csf.blocklists","both");
		&printreturn;
	}
	elsif ($FORM{action} eq "syslogusers") {
		&editfile("/etc/csf/csf.syslogusers","savesyslogusers");
		&printreturn;
	}
	elsif ($FORM{action} eq "savesyslogusers") {
		&savefile("/etc/csf/csf.syslogusers","lfd");
		&printreturn;
	}
	elsif ($FORM{action} eq "logfiles") {
		&editfile("/etc/csf/csf.logfiles","savelogfiles");
		&printreturn;
	}
	elsif ($FORM{action} eq "savelogfiles") {
		&savefile("/etc/csf/csf.logfiles","lfd");
		&printreturn;
	}
	elsif ($FORM{action} eq "deny") {
		&editfile("/etc/csf/csf.deny","savedeny");
		&printreturn;
	}
	elsif ($FORM{action} eq "savedeny") {
		&savefile("/etc/csf/csf.deny","both");
		&printreturn;
	}
	elsif ($FORM{action} eq "templates") {
		&editfile("/usr/local/csf/tpl/$FORM{template}","savetemplates","template");
		&printreturn;
	}
	elsif ($FORM{action} eq "savetemplates") {
		&savefile("/usr/local/csf/tpl/$FORM{template}","",1);
		&printreturn;
	}
	elsif ($FORM{action} eq "ignorefiles") {
		&editfile("/etc/csf/$FORM{ignorefile}","saveignorefiles","ignorefile");
		&printreturn;
	}
	elsif ($FORM{action} eq "saveignorefiles") {
		&savefile("/etc/csf/$FORM{ignorefile}","lfd");
		&printreturn;
	}
	elsif ($FORM{action} eq "conf") {
		sysopen (my $IN, "/etc/csf/csf.conf", O_RDWR | O_CREAT) or die "Unable to open file: $!";
		flock ($IN, LOCK_SH);
		my @confdata = <$IN>;
		close ($IN);
		chomp @confdata;

		my %restricted;
		if ($config{RESTRICT_UI}) {
			sysopen (my $IN, "/usr/local/csf/lib/restricted.txt", O_RDWR | O_CREAT) or die "Unable to open file: $!";
			flock ($IN, LOCK_SH);
			while (my $entry = <$IN>) {
				chomp $entry;
				$restricted{$entry} = 1;
			}
			close ($IN);
		}

		print <
function CSFexpand(obj){
	if (!obj.savesize) {obj.savesize=obj.size;}
	var newsize = Math.max(obj.savesize,obj.value.length);
	if (newsize > 120) {newsize = 120;}
	obj.size = newsize;
}

EOF
		print "\n";
		open (my $DIV, "<", "/usr/local/csf/lib/csf.div");
		flock ($DIV, LOCK_SH);
		my @divdata = <$DIV>;
		close ($DIV);
		print @divdata;
		print "
\n";
		print "
\n";
		print "\n";
		my $first = 1;
		my @divnames;
		my $comment = 0;
		foreach my $line (@confdata) {
			if (($line !~ /^\#/) and ($line =~ /=/)) {
				if ($comment) {print "
\n"}
				$comment = 0;
				my ($start,$end) = split (/=/,$line,2);
				my $name = $start;
				my $cleanname = $start;
				$cleanname =~ s/\s//g;
				$name =~ s/\s/\_/g;
				if ($end =~ /\"(.*)\"/) {$end = $1}
				my $size = length($end) + 4;
				my $class = "value-default";
				my ($status,$range,$default) = sanity($start,$end);
				my $showrange = "";
				my $showfrom;
				my $showto;
				if ($range =~ /^(\d+)-(\d+)$/) {
					$showfrom = $1;
					$showto = $2;
				}
				if ($default ne "") {
					$showrange = " Default: $default [$range]";
					if ($end ne $default) {$class = "value-other"}
				}
				if ($status) {$class = "value-warning"; $showrange = " Recommended range: $range (Default: $default)"}
				if ($config{RESTRICT_UI} and ($cleanname eq "CLUSTER_KEY" or $cleanname eq "UI_PASS" or $cleanname eq "UI_USER")) {
					print "
$start =  (hidden restricted UI item)
\n";
				}
				elsif ($restricted{$cleanname}) {
					print "
$start =  (restricted UI item)
\n";
				} else {
					if ($range eq "0-1") {
						my $switch_checked_0 = "";
						my $switch_checked_1 = "";
						my $switch_active_0 = "";
						my $switch_active_1 = "";
						if ($end == 0) {$switch_checked_0 = "checked"; $switch_active_0 = "active"}
						if ($end == 1) {$switch_checked_1 = "checked"; $switch_active_1 = "active"}
						print "
$start = ";
						print "
\n";
						print "\n";
						print "\n";
						print "
\n";
					}
					elsif ($range =~ /^(\d+)-(\d+)$/ and !(-e "/etc/csuibuttondisable") and ($showto - $showfrom <= 20) and $end >= $showfrom and $end <= $showto) {
						my $selected = "";
						print "
$start = 
\n";
					} else {
						print "
$start = $showrange
\n";
					}
				}
			} else {
				if ($line =~ /^\# SECTION:(.*)/) {
					push @divnames, $1;
					unless ($first) {print "
\n"} print "
\n
"; print "$1
\n"; $first = 0; next; } if ($line =~ /^\# / and $comment == 0) { $comment = 1; print "
\n"; } $line =~ s/\#//g; $line =~ s/&/&/g; $line =~ s//>/g; $line =~ s/\n/
\n/g; print "$line
\n"; } } print "

\n"; print "
\nShow All Prev \n
\n"; print < var pagecontent=new virtualpaginate({ piececlass: "virtualpage", //class of container for each piece of content piececontainer: "div", //container element type (ie: "div", "p" etc) pieces_per_page: 1, //Pieces of content to show per page (1=1 piece, 2=2 pieces etc) defaultpage: 0, //Default page selected (0=1st page, 1=2nd page etc). Persistence if enabled overrides this setting. wraparound: false, persist: false //Remember last viewed page and recall it when user returns within a browser session? }); EOD print "pagecontent.buildpagination(['paginatediv','paginatediv2'],["; foreach my $line (@divnames) {print "'$line',"} print "''])\npagecontent.showall();\n\n"; print "
\n"; print "\n"; &printreturn; } elsif ($FORM{action} eq "saveconf") { sysopen (my $IN, "/etc/csf/csf.conf", O_RDWR | O_CREAT) or die "Unable to open file: $!"; flock ($IN, LOCK_SH); my @confdata = <$IN>; close ($IN); chomp @confdata; my %restricted; if ($config{RESTRICT_UI}) { sysopen (my $IN, "/usr/local/csf/lib/restricted.txt", O_RDWR | O_CREAT) or die "Unable to open file: $!"; flock ($IN, LOCK_SH); while (my $entry = <$IN>) { chomp $entry; $restricted{$entry} = 1; } close ($IN); } sysopen (my $OUT, "/etc/csf/csf.conf", O_WRONLY | O_CREAT) or die "Unable to open file: $!"; flock ($OUT, LOCK_EX); seek ($OUT, 0, 0); truncate ($OUT, 0); for (my $x = 0; $x < @confdata;$x++) { if (($confdata[$x] !~ /^\#/) and ($confdata[$x] =~ /=/)) { my ($start,$end) = split (/=/,$confdata[$x],2); if ($end =~ /\"(.*)\"/) {$end = $1} my $name = $start; my $sanity_name = $start; $name =~ s/\s/\_/g; $sanity_name =~ s/\s//g; if ($restricted{$sanity_name}) { print $OUT "$confdata[$x]\n"; } else { print $OUT "$start= \"$FORM{$name}\"\n"; $end = $FORM{$name}; } } else { print $OUT "$confdata[$x]\n"; } } close ($OUT); ConfigServer::Config::resetconfig(); my $newconfig = ConfigServer::Config->loadconfig(); my %newconfig = $config->config; foreach my $key (keys %newconfig) { my ($insane,$range,$default) = sanity($key,$newconfig{$key}); if ($insane) {print "
WARNING: $key sanity check. $key = \"$newconfig{$key}\". Recommended range: $range (Default: $default)\n"} } print "
Changes saved. You should restart both csf and lfd.
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "viewlogs") { if (-e "/var/lib/csf/stats/iptables_log") { open (my $IN, "<", "/var/lib/csf/stats/iptables_log") or die "Unable to open file: $!"; flock ($IN, LOCK_SH); my @iptables = <$IN>; close ($IN); chomp @iptables; @iptables = reverse @iptables; my $from; my $to; my $divcnt = 0; my $expcnt = @iptables; if ($iptables[0] =~ /\|(\S+\s+\d+\s+\S+)/) {$from = $1} if ($iptables[-1] =~ /\|(\S+\s+\d+\s+\S+)/) {$to = $1} print "
\n"; print "
\n"; print "

Last $config{ST_IPTABLES} iptables logs*, latest:$from oldest:$to


\n"; print "\n"; print "\n"; my $size = scalar @iptables; if ($size > $config{ST_IPTABLES}) {$size = $config{ST_IPTABLES}} for (my $x = 0 ;$x < $size ;$x++) { my $line = $iptables[$x]; $divcnt++; my ($text,$log) = split(/\|/,$line); my ($time,$desc,$in,$out,$src,$dst,$spt,$dpt,$proto,$inout); if ($log =~ /IN=(\S+)/) {$in = $1} if ($log =~ /OUT=(\S+)/) {$out = $1} if ($log =~ /SRC=(\S+)/) {$src = $1} if ($log =~ /DST=(\S+)/) {$dst = $1} if ($log =~ /SPT=(\d+)/) {$spt = $1} if ($log =~ /DPT=(\d+)/) {$dpt = $1} if ($log =~ /PROTO=(\S+)/) {$proto = $1} if ($text ne "") { $text =~ s/\(/\\(/g; if ($in and $src) {$src = $text ; $dst .= "
(server)"} elsif ($out and $dst) {$dst = $text ; $src .= "
(server)"} } if ($log =~ /^(\S+\s+\d+\s+\S+)/) {$time = $1} $inout = "n/a"; if ($in) {$inout = "in"} elsif ($out) {$inout = "out"} print "\n"; $log =~ s/\&/\&\;/g; $log =~ s/>/\>\;/g; $log =~ s/\n"; } print "
TimeFromPortI/OToPortProto
$time$src$spt$inout$dst$dpt$proto
$log
\n"; print "
* These iptables logs taken from $config{IPTABLES_LOG} will not necessarily show all packets blocked by iptables. For example, ports listed in DROP_NOLOG or the settings for DROP_LOGGING/DROP_IP_LOGGING/DROP_ONLYRES/DROP_PF_LOGGING will affect what is logged. Additionally, there is rate limiting on all iptables log rules to prevent log file flooding
\n"; } else { print "
No logs entries found
\n"; } &printreturn; } elsif ($FORM{action} eq "sips") { sysopen (my $IN, "/etc/csf/csf.sips", O_RDWR | O_CREAT) or die "Unable to open file: $!"; flock ($IN, LOCK_SH); my @confdata = <$IN>; close ($IN); chomp @confdata; print "

\n"; print "\n"; print "\n"; my %sips; open (my $SIPS, "<","/etc/csf/csf.sips"); flock ($SIPS, LOCK_SH); my @data = <$SIPS>; close ($SIPS); chomp @data; foreach my $line (@data) { if ($line =~ /^(\s|\#|$)/) {next} $sips{$line} = 1; } my $ethdev = ConfigServer::GetEthDev->new(); my %g_ipv4 = $ethdev->ipv4; my %g_ipv6 = $ethdev->ipv6; foreach my $key (sort keys %g_ipv4) { my $ip = $key; if ($ip =~ /^127\.0\.0/) {next} my $chk = "ip_$ip"; $chk =~ s/\./\_/g; my $checked = ""; if ($sips{$ip}) {$checked = "checked"} print "\n"; } foreach my $key (sort keys %g_ipv6) { my $ip = $key; my $chk = "ip_$ip"; $chk =~ s/\./\_/g; my $checked = ""; if ($sips{$ip}) {$checked = "checked"} print "\n"; } print "\n"; print "
IP AddressDeny All Access to IP
$ip
$ip
\n"; &printreturn; } elsif ($FORM{action} eq "sipsave") { open (my $IN,"<","/etc/csf/csf.sips"); flock ($IN, LOCK_SH); my @data = <$IN>; close ($IN); chomp @data; open (my $OUT,">","/etc/csf/csf.sips"); flock ($OUT, LOCK_EX); foreach my $line (@data) { if ($line =~ /^\#/) {print $OUT "$line\n"} else {last} } foreach my $key (keys %FORM) { if ($key =~ /^ip_(.*)/) { my $ip = $1; $ip =~ s/\_/\./g; print $OUT "$ip\n"; } } close($OUT); print "
Changes saved. You should restart csf.
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "upgrade") { if ($config{THIS_UI}) { print "
You cannot upgrade through the UI as restarting lfd will interrupt this session. You must login to the root shell to upgrade csf using:\n

csf -u

\n"; } else { print "

Upgrading csf...

\n"; &resize("top"); print "
\n";
			&printcmd("/usr/sbin/csf","-u");
			print "
\n

...Done.

\n"; &resize("bot",1); open (my $IN, "<", "/etc/csf/version.txt") or die $!; flock ($IN, LOCK_SH); $myv = <$IN>; close ($IN); chomp $myv; } &printreturn; } elsif ($FORM{action} eq "denyf") { print "

Removing all entries from csf.deny...

\n"; &resize("top"); print "
\n";
		&printcmd("/usr/sbin/csf","-df");
		&printcmd("/usr/sbin/csf","-tf");
		print "
\n

...Done.

\n"; &resize("bot",1); &printreturn; } elsif ($FORM{action} eq "csftest") { print "

Testing iptables...

\n
\n";
		&printcmd("/usr/local/csf/bin/csftest.pl");
		print "
\n

...Done.

\n"; print "
You should restart csf after having run this test.
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "profiles") { my @profiles = sort glob("/usr/local/csf/profiles/*"); my @backups = reverse glob("/var/lib/csf/backup/*"); print "
\n"; print "\n"; print "\n"; foreach my $profile (@profiles) { my ($file, undef) = fileparse($profile); $file =~ s/\.conf$//; my $text; open (my $IN, "<", $profile); flock ($IN, LOCK_SH); my @profiledata = <$IN>; close ($IN); chomp @profiledata; if ($file eq "reset_to_defaults") { $text = "This is the installation default profile and will reset all csf.conf settings, including enabling TESTING mode"; } elsif ($profiledata[0] =~ /^\# Profile:/) { foreach my $line (@profiledata) { if ($line =~ /^\# (.*)$/) {$text .= "$1 "} } } print "\n"; } print "\n"; print "
Preconfigured Profiles 
$file
\n$text
You can apply one or more of these profiles to csf.conf. Apart from reset_to_defaults, most of these profiles contain only a subset of settings. You can find out what will be changed by comparing the profile to the current configuration below. A backup of csf.conf will be created before any profile is applied.
\n"; print "
\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
Backup csf.conf
Create a backup of csf.conf. You can use an optional name for the backup that should only contain alphanumerics. Other characters (including spaces) will be replaced with an underscore ( _ )
\n"; print "
\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
Restore Backup Of csf.conf
\n"; print "
\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
Compare Configurations
Select first configuration:
\n
Select second configuration:
\n
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "profileapply") { my $profile = $FORM{profile}; $profile =~ s/\W/_/g; print "

Applying profile ($profile)...

\n
\n";
		&printcmd("/usr/sbin/csf","--profile","apply",$profile);
		print "
\n

...Done.

\n"; print "
You should restart both csf and lfd.
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "profilebackup") { my $profile = $FORM{backup}; $profile =~ s/\W/_/g; print "

Creating backup...

\n
\n";
		&printcmd("/usr/sbin/csf","--profile","backup",$profile);
		print "
\n

...Done.

\n"; &printreturn; } elsif ($FORM{action} eq "profilerestore") { my $profile = $FORM{backup}; $profile =~ s/\W/_/g; print "

Restoring backup ($profile)...

\n
\n";
		&printcmd("/usr/sbin/csf","--profile","restore",$profile);
		print "
\n

...Done.

\n"; print "
You should restart both csf and lfd.
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "profilediff") { my $profile1 = $FORM{profile1}; my $profile2 = $FORM{profile2}; $profile2 =~ s/\W/_/g; $profile2 =~ s/\W/_/g; print "\n"; my ($childin, $childout); my $pid = open3($childin, $childout, $childout, "/usr/sbin/csf","--profile","diff",$profile1,$profile2); while (<$childout>) { $_ =~ s/\[|\]//g; my ($var,$p1,$p2) = split(/\s+/,$_); if ($var eq "") { next; } elsif ($var eq "SETTING") { print "\n"; } else { print "\n"; } } waitpid ($pid, 0); print "
$var$p1$p2
$var$p1$p2
\n"; &printreturn; } elsif ($FORM{action} eq "viewports") { print "

Ports listening for external connections and the executables running behind them:

\n"; print "\n"; print "\n"; my %listen = ConfigServer::Ports->listening; my %ports = ConfigServer::Ports->openports; foreach my $protocol (sort keys %listen) { foreach my $port (sort {$a <=> $b} keys %{$listen{$protocol}}) { foreach my $pid (sort {$a <=> $b} keys %{$listen{$protocol}{$port}}) { my $fopen; if ($ports{$protocol}{$port}) {$fopen = "4"} else {$fopen = "-"} if ($config{IPV6} and $ports{$protocol."6"}{$port}) {$fopen .= "/6"} else {$fopen .= "/-"} my $fcmd = ($listen{$protocol}{$port}{$pid}{cmd}); $fcmd =~ s/\\n"; } } } print "
PortProtoOpenConnsPIDUserCommand LineExecutable
$port$protocol$fopen$fconn$pid$listen{$protocol}{$port}{$pid}{user}$fcmd$fexe
\n"; &printreturn; } elsif ($mobile) { print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; } elsif ($FORM{action} eq "fix") { print "
These options should only be used as a last resort as most of them will reduce the effectiveness of csf and lfd to protect the server
\n"; print "\n"; print ""; if ($config{LF_SPI} == 0) { print "\n"; if ($config{TCP_IN} =~ /30000:35000/) { print "\n"; if ($config{PT_USERKILL} == 0) { print "\n"; if ($config{SMTP_BLOCK} == 0) { print "\n"; print "\n"; print "\n"; print "
Fix Common Problems
\n"; } else { print "
\n"; } print "If you find that ports listed in TCP_IN/UDP_IN are being blocked by iptables (e.g. port 80) as seen in /var/log/messages and users can only connect to the server if entered in csf.allow, then it could be that the kernel (usually on virtual servers) is broken and cannot perform connection tracking. In this case, disabling the Stateful Packet Inspection functionality of csf (LF_SPI) may help\n"; if ($config{LF_SPI} == 0) { print "
Note: LF_SPI is already disabled"; } print "
\n"; } else { print "
\n"; } print "If the kernel (usually on virtual servers) is broken and cannot perform ftp connection tracking, or if you are trying to use FTP over SSL, this option will open a hole in the firewall to allow PASV connections through\n"; if ($config{TCP_IN} =~ /30000:35000/) { print "
Note: The port range 30000 to 35000 is already open in csf\n"; } print "
\n"; } else { print "
\n"; } print "If lfd is killing running processes and you have PT_USERKILL enabled, then we recommend that you disable this feature\n"; if ($config{PT_USERKILL} == 0) { print "
Note: PT_USERKILL is already disabled"; } print "
\n"; } else { print "
\n"; } print "If scripts on the server are unable to send out email via external SMTP connections and you have SMTP_BLOCK enabled then those scripts should be configured to send email either through /usr/sbin/sendmail or localhost on the server. If this is not possible then disabling SMTP_BLOCK can fix this\n"; if ($config{SMTP_BLOCK} == 0) { print "
Note: SMTP_BLOCK is already disabled"; } print "
\n"; print "If you really want to disable all alerts in lfd you can do so here. This is not recommended in any situation - you should go through the csf configuration and only disable those you do not want. As new features are added to csf you may find that you have to go into the csf configuration and disable them manually as this procedure only disables the ones that it is aware of when applied\n"; print "
\n"; print "If all else fails this option will completely uninstall csf and install it again with completely default options (including TESTING mode). The previous configuration will be lost including all modifications\n"; print "
\n"; &printreturn; &confirmmodal; } elsif ($FORM{action} eq "fixpasvftp") { print "
\n"; print "
Enabling pure-ftpd PASV hole:
\n"; print "
"; &resize("top"); print "
\n";

		my $ftpdone = 0;
		if (-e "/usr/local/cpanel/version") {
			require Cpanel::Config;
			import Cpanel::Config;
			my $cpconf = Cpanel::Config::loadcpconf();
			if ($cpconf->{ftpserver} eq "pure-ftpd") {
				copy("/etc/pure-ftpd.conf","/etc/pure-ftpd.conf-".time."_prefixpasvftp");
				sysopen (my $PUREFTP,"/etc/pure-ftpd.conf", O_RDWR | O_CREAT);
				flock ($PUREFTP, LOCK_EX);
				my @ftp = <$PUREFTP>;
				chomp @ftp;
				seek ($PUREFTP, 0, 0);
				truncate ($PUREFTP, 0);
				my $hit = 0;
				foreach my $line (@ftp) {
					if ($line =~ /^#?\s*PassivePortRange/i) {
						if ($hit) {next}
						$line = "PassivePortRange 30000 35000";
						$hit = 1;
					}
					print $PUREFTP "$line\n";
				}
				unless ($hit) {print $PUREFTP "PassivePortRange 30000 35000"}
				close ($PUREFTP);
				&printcmd("/scripts/restartsrv_pureftpd");
				$ftpdone = 1;
			}
		}

		if ($config{TCP_IN} =~ /30000:35000/) {
			print "PASV port range 30000:35000 already exists in TCP_IN/TCP6_IN\n";
		} else {
			$config{TCP_IN} .= ",30000:35000";
			$config{TCP6_IN} .= ",30000:35000";

			copy("/etc/csf/csf.conf","/var/lib/csf/backup/".time."_prefixpasvftp");
			sysopen (my $CSFCONF,"/etc/csf/csf.conf", O_RDWR | O_CREAT);
			flock ($CSFCONF, LOCK_EX);
			my @csf = <$CSFCONF>;
			chomp @csf;
			seek ($CSFCONF, 0, 0);
			truncate ($CSFCONF, 0);
			foreach my $line (@csf) {
				if ($line =~ /^TCP6_IN/) {
					print $CSFCONF "TCP6_IN = \"$config{TCP6_IN}\"\n";
					print "*** PASV port range 30000:35000 added to the TCP6_IN port list\n";
				}
				elsif ($line =~ /^TCP_IN/) {
					print $CSFCONF "TCP_IN = \"$config{TCP_IN}\"\n";
					print "*** PASV port range 30000:35000 added to the TCP_IN port list\n";
				}
				else {
					print $CSFCONF $line."\n";
				}
			}
			close ($CSFCONF);
		}

		print "
\n"; &resize("bot",1); print "
Completed
\n"; unless ($ftpdone) {print "

You MUST now open the same port range hole (30000 to 35000) in your FTP Server configuration

\n"} print "
\n"; print "
\n"; print "
You MUST now restart both csf and lfd:
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "fixspi") { print "
\n"; print "
Disabling LF_SPI:
\n"; print "
"; copy("/etc/csf/csf.conf","/var/lib/csf/backup/".time."_prefixspi"); sysopen (my $CSFCONF,"/etc/csf/csf.conf", O_RDWR | O_CREAT); flock ($CSFCONF, LOCK_EX); my @csf = <$CSFCONF>; chomp @csf; seek ($CSFCONF, 0, 0); truncate ($CSFCONF, 0); foreach my $line (@csf) { if ($line =~ /^LF_SPI /) { print $CSFCONF "LF_SPI = \"0\"\n"; print "*** LF_SPI disabled ***\n"; } else { print $CSFCONF $line."\n"; } } close ($CSFCONF); print "
\n"; print "
Completed
\n"; print "
\n"; print "
You MUST now restart both csf and lfd:
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "fixkill") { print "
\n"; print "
Disabling PT_USERKILL:
\n"; print "
"; copy("/etc/csf/csf.conf","/var/lib/csf/backup/".time."_prefixkill"); sysopen (my $CSFCONF,"/etc/csf/csf.conf", O_RDWR | O_CREAT); flock ($CSFCONF, LOCK_EX); my @csf = <$CSFCONF>; chomp @csf; seek ($CSFCONF, 0, 0); truncate ($CSFCONF, 0); foreach my $line (@csf) { if ($line =~ /^PT_USERKILL /) { print $CSFCONF "PT_USERKILL = \"0\"\n"; print "*** PT_USERKILL disabled ***\n"; } else { print $CSFCONF $line."\n"; } } close ($CSFCONF); print "
\n"; print "
Completed
\n"; print "
\n"; print "
You MUST now restart both csf and lfd:
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "fixsmtp") { print "
\n"; print "
Disabling SMTP_BLOCK:
\n"; print "
"; copy("/etc/csf/csf.conf","/var/lib/csf/backup/".time."_prefixsmtp"); sysopen (my $CSFCONF,"/etc/csf/csf.conf", O_RDWR | O_CREAT); flock ($CSFCONF, LOCK_EX); my @csf = <$CSFCONF>; chomp @csf; seek ($CSFCONF, 0, 0); truncate ($CSFCONF, 0); foreach my $line (@csf) { if ($line =~ /^SMTP_BLOCK /) { print $CSFCONF "SMTP_BLOCK = \"0\"\n"; print "*** SMTP_BLOCK disabled ***\n"; } else { print $CSFCONF $line."\n"; } } close ($CSFCONF); print "
\n"; print "
Completed
\n"; print "
\n"; print "
You MUST now restart both csf and lfd:
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "fixalerts") { print "
\n"; print "
Disabling All Alerts:
\n"; print "
"; &resize("top"); print "
\n";
		copy("/etc/csf/csf.conf","/var/lib/csf/backup/".time."_prefixalerts");
		&printcmd("/usr/sbin/csf","--profile","apply","disable_alerts");
		print "
\n"; &resize("bot",1); print "
\n"; print "
Completed
\n"; print "
\n"; print "
You MUST now restart both csf and lfd:
\n"; print "
\n"; &printreturn; } elsif ($FORM{action} eq "fixnuclear") { print "
\n"; print "
Nuclear Option:
\n"; print "
"; my $time = time; sysopen (my $REINSTALL, "/usr/src/reinstall_$time.sh", O_WRONLY | O_CREAT | O_TRUNC); flock ($REINSTALL, LOCK_EX); print $REINSTALL <\n"; &printcmd("bash","/usr/src/reinstall_$time.sh"); unlink "/usr/src/reinstall_$time.sh"; print "\n"; &resize("bot",1); print "
\n"; print "
Completed
\n"; print "
\n"; &printreturn; } else { if (defined $ENV{WEBMIN_VAR} and defined $ENV{WEBMIN_CONFIG} and -e "module.info") { my @data = slurp("module.info"); foreach my $line (@data) { if ($line =~ /^name=csf$/) { unless (-l "index.cgi") { unlink "index.cgi"; my $status = symlink ("/usr/local/csf/lib/webmin/csf/index.cgi","index.cgi"); if ($status and -l "index.cgi") { symlink ("/usr/local/csf/lib/webmin/csf/images","csfimages"); print "

csf updated to symlink webmin module to /usr/local/csf/lib/webmin/csf/. Click here to continue

\n"; exit; } else { print "

Failed to symlink to /usr/local/csf/lib/webmin/csf/

\n"; } } last; } } } &getethdev; my ($childin, $childout); my $pid = open3($childin, $childout, $childout, "$config{IPTABLES} $config{IPTABLESWAIT} -L LOCALINPUT -n"); my @iptstatus = <$childout>; waitpid ($pid, 0); chomp @iptstatus; if ($iptstatus[0] =~ /# Warning: iptables-legacy tables present/) {shift @iptstatus} my $status = "

Firewall Status: Enabled and Running

"; if (-e "/etc/csf/csf.disable") { $status = "

Firewall Status: Disabled and Stopped

\n" } elsif ($config{TESTING}) { $status = "

Firewall Status: Enabled but in Test Mode - Don't forget to disable TESTING in the Firewall Configuration

"; } elsif ($iptstatus[0] !~ /^Chain LOCALINPUT/) { $status = "

Firewall Status: Enabled but Stopped

" } if (-e "/var/lib/csf/lfd.restart") {$status .= "

lfd restart request pending

"} unless ($config{RESTRICT_SYSLOG}) {$status .= "

WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration

\n"} my $tempcnt = 0; if (! -z "/var/lib/csf/csf.tempban") { sysopen (my $IN, "/var/lib/csf/csf.tempban", O_RDWR); flock ($IN, LOCK_EX); my @data = <$IN>; close ($IN); chomp @data; $tempcnt = scalar @data; } my $tempbans = "(Currently: $tempcnt temp IP bans, "; $tempcnt = 0; if (! -z "/var/lib/csf/csf.tempallow") { sysopen (my $IN, "/var/lib/csf/csf.tempallow", O_RDWR); flock ($IN, LOCK_EX); my @data = <$IN>; close ($IN); chomp @data; $tempcnt = scalar @data; } $tempbans .= "$tempcnt temp IP allows)"; my $permcnt = 0; if (! -z "/etc/csf/csf.deny") { sysopen (my $IN, "/etc/csf/csf.deny", O_RDWR); flock ($IN, LOCK_SH); while (my $line = <$IN>) { chomp $line; if ($line =~ /^(\#|\n|\r)/) {next} if ($line =~ /$ipv4reg|$ipv6reg/) {$permcnt++} } close ($IN); } my $permbans = "(Currently: $permcnt permanent IP bans)"; $permcnt = 0; if (! -z "/etc/csf/csf.allow") { sysopen (my $IN, "/etc/csf/csf.allow", O_RDWR); flock ($IN, LOCK_SH); while (my $line = <$IN>) { chomp $line; if ($line =~ /^(\#|\n|\r)/) {next} if ($line =~ /$ipv4reg|$ipv6reg/) {$permcnt++} } close ($IN); } my $permallows = "(Currently: $permcnt permanent IP allows)"; print $status; print "
\n"; print "

A new version of csf is available

"; print "
\n"; print "
\n"; print "
\n"; print "
\n"; print "\n"; print ""; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; if ($config{ST_ENABLE}) { print "\n"; if ($chart) { print "\n"; if ($config{ST_SYSTEM}) { print "\n"; } } } print "
Server Information
Perform a basic security, stability and settings check on the server
View the csf+lfd readme.txt file
Watch (tail) various system log files (listed in csf.syslogs)
Search (grep) various system log files (listed in csf.syslogs)
View ports on the server that have a running process behind them listening for external connections
Check whether any of the servers IP addresses are listed in RBLs
View the last $config{ST_IPTABLES} iptables log lines
View lfd blocking statistics
View basic system statistics
\n"; print "
\n"; print "
\n"; print "\n"; print ""; my ($upgrade, $actv) = &csgetversion("csf",$myv); if ($upgrade) { print "\n"; } else { print "\n"; } else { print "You are running the latest version of csf. An Upgrade button will appear here if a new version becomes available. New version checking is performed automatically by a daily cron job (csget)\n"; } } if (!$config{INTERWORX} and (-e "/etc/apf" or -e "/usr/local/bfd")) { print "\n"; } unless (-e "/etc/cxs/cxs.pl") { if (-e "/usr/local/cpanel/version" or $config{DIRECTADMIN} or $config{INTERWORX} or $config{VESTA} or $config{CWP} or $config{CYBERPANEL}) { print "\n"; } } unless (-e "/etc/osm/osmd.pl") { if (-e "/usr/local/cpanel/version" or $config{DIRECTADMIN}) { print "\n"; } } unless (-e "/usr/msfe/mschange.pl") { if (-e "/usr/local/cpanel/version" or $config{DIRECTADMIN}) { print "\n"; } } print "
Upgrade
A new version of csf (v$actv) is available. Upgrading will retain your settings
View ChangeLog
"; if ($actv ne "") { print "(csget cron check) $actv
Remove APF/BFD from the server. You must not run both APF or BFD with csf on the same server
\n"; print "
Add server and user data protection against exploits using ConfigServer eXploit Scanner (cxs)
\n"; print "
\n"; print "
Add outgoing spam monitoring and prevention using ConfigServer Outgoing Spam Monitor(osm)
\n"; print "
\n"; print "
Add effective incoming virus and spam detection and user level processing using ConfigServer MailScanner Front-End (msfe)
\n"; print "
\n"; print "
\n"; if ($upgrade) {print "\n"} print "
\n"; print "
\n"; print "\n"; print ""; print "\n"; print "\n"; print "\n"; print "\n"; print "
csf - Quick Actions
Allow IP address through the firewall and add to the allow file (csf.allow).
Comment for Allow:
Block IP address in the firewall and add to the deny file (csf.deny).
Comment for Block:
Ignore IP address in lfd, add to the ignore file (csf.ignore) and restart lfd
Remove IP address from the firewall (temp and perm blocks)
\n"; print "\n"; print ""; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
csf - ConfigServer Firewall
Edit the configuration file for the csf firewall and lfd
Apply pre-configured csf.conf profiles and backup/restore csf.conf
Display the active iptables rules
Search iptables for IP address
Edit csf.allow, the IP address allow file $permallows
Edit csf.deny, the IP address deny file $permbans
Enables csf and lfd if previously Disabled
Completely disables csf and lfd
Restart the csf iptables firewall
Have lfd restart the csf iptables firewall
Temporarily IP address to port(s) for .
Comment:
\n(ports can be either * for all ports, a single port, or a comma separated list of ports)
View/Remove the temporary IP entries $tempbans
Deny access to and from specific IP addresses configured on the server (csf.sips)
Removes and unblocks all entries in csf.deny (excluding those marked \"do not delete\") and all temporary IP entries (blocks and allows)
Redirect connections to this server to other ports/IP addresses
Offers solutions to some common problems when using an SPI firewall
\n"; print "\n"; print "
\n"; print "
\n"; print "\n"; print ""; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
lfd - Login Failure Daemon
Display lfd status
Restart lfd
Edit lfd ignore file
Edit the Directory File Watching file (csf.dirwatch) - all listed files and directories will be watched for changes by lfd
Edit the Dynamic DNS file (csf.dyndns) - all listed domains will be resolved and allowed through the firewall
Edit email alert templates. See Firewall Information for details of each file
Edit the Log Scanner file (csf.logfiles) - Scan listed log files for log lines and periodically send a report
Edit the Blocklists configuration file (csf.blocklists)
Edit the syslog/rsyslog allowed users file (csf.syslogusers)
\n"; print "
\n"; if ($config{CLUSTER_SENDTO}) { print "
\n"; print "\n"; print ""; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; if ($config{CLUSTER_CONFIG}) { if ($ips{$config{CLUSTER_MASTER}} or $ipscidr6->find($config{CLUSTER_MASTER}) or ($config{CLUSTER_MASTER} eq $config{CLUSTER_NAT})) { my $options; my %restricted; if ($config{RESTRICT_UI}) { sysopen (my $IN, "/usr/local/csf/lib/restricted.txt", O_RDWR | O_CREAT) or die "Unable to open file: $!"; flock ($IN, LOCK_SH); while (my $entry = <$IN>) { chomp $entry; $restricted{$entry} = 1; } close ($IN); } foreach my $key (sort keys %config) { unless ($restricted{$key}) {$options .= ""} } print "\n"; print "\n"; } } print "
csf - ConfigServer lfd Cluster
Ping each member of the cluster (logged in lfd.log)
Allow IP address through the Cluster and add to the allow file (csf.allow)
Comment:
Block IP address in the Cluster and add to the deny file (csf.deny)
Comment:
Ignore IP address in the Cluster and add to the ignore file (csf.ignore)
Comment: Note: This will result in lfd being restarted
Search iptables for IP address
Temporarily IP address to port(s) for .
Comment:
\n(ports can be either * for all ports, a single port, or a comma separated list of ports)
Remove Deny IP address in the Cluster (temporary or permanent)
Remove Allow IP address in the Cluster (temporary or permanent)
Remove Ignore IP address in the Cluster
Note: This will result in lfd being restarted
Change configuration option to in the Cluster"; if ($config{RESTRICT_UI}) {print "
\nSome items have been removed with RESTRICT_UI enabled"} print "
Restart csf and lfd on Cluster members
\n"; print "
\n"; } print "
\n"; if ($config{CF_ENABLE}) { print "\n"; print ""; print "\n"; print "\n"; print "
CloudFlare Firewall
Access CloudFlare firewall functionality
Edit the CloudFlare Configuration file (csf.cloudflare)
\n"; } if ($config{SMTPAUTH_RESTRICT}) { print "\n"; print ""; print "\n"; print "
cPanel SMTP AUTH Restrictions
Edit the file that allows SMTP AUTH to be advertised to listed IP addresses (csf.smtpauth)
\n"; } if (-e "/usr/local/cpanel/version" or $config{DIRECTADMIN} or $config{INTERWORX}) { my $resellers = "cPanel Resellers"; if ($config{DIRECTADMIN}) {$resellers = "DirectAdmin Resellers"} elsif ($config{INTERWORX}) {$resellers = "InterWorx Resellers"} print "\n"; print ""; print "\n"; print "
$resellers
Privileges can be assigned to $resellers accounts by editing this file (csf.resellers)
\n"; } print "\n"; print ""; print "\n"; print "
Extra
Check that iptables has the required modules to run csf
\n"; # if ($config{DIRECTADMIN} and !$config{THIS_UI}) { # print " DirectAdmin Main Page\n"; # } print "
\n
\n"; if ($config{STYLE_MOBILE}) { if (-e "/usr/local/cpanel/version" and !$config{THIS_UI}) { require Cpanel::Version::Tiny; if ($Cpanel::Version::Tiny::major_version < 65) { print " cPanel Main Page\n"; } } if (defined $ENV{WEBMIN_VAR} and defined $ENV{WEBMIN_CONFIG} and !$config{THIS_UI}) { print " Webmin Main Page\n"; } print "
Shows a subset of functions suitable for viewing on mobile devices
\n"; print "
Mobile View
\n"; print "
\n
\n"; print "
\n"; print "
\n"; print "

\n"; print "

\n"; print "

\n"; print "

\n"; print "

\n"; print "

\n"; print "
\n"; print "
\n"; print "

\n"; print "

\n"; print "


\n"; print "

\n"; print "

\n"; print "
\n"; print "
\n"; if (-e "/usr/local/cpanel/version" and !$config{THIS_UI}) { if ($Cpanel::Version::Tiny::major_version < 65) { print "

cPanel Main Page

\n"; } } # if ($config{DIRECTADMIN} and !$config{THIS_UI}) { # print "

DirectAdmin Main Page

\n"; # } if (defined $ENV{WEBMIN_VAR} and defined $ENV{WEBMIN_CONFIG} and !$config{THIS_UI}) { print "

Webmin Main Page

\n"; } print "

\n"; print "
\n

\n"; } print "
\n"; print "
Development Contribution
"; print "
We are very happy to be able to provide this and other products for free. However, it does take time for us to develop and maintain them. If you would like to help with their development by providing a PayPal contribution, please contact us for details
\n"; print "
\n"; } unless ($FORM{action} eq "tailcmd" or $FORM{action} =~ /^cf/ or $FORM{action} eq "logtailcmd" or $FORM{action} eq "loggrepcmd") { print "
\n"; print "
csf: v$myv
"; print "

©2006-2023, ConfigServer Services (Way to the Web Limited)

\n"; print "
\n"; } return; } # end main ############################################################################### # start printcmd sub printcmd { my @command = @_; my ($childin, $childout); my $pid = open3($childin, $childout, $childout, @command); while (<$childout>) {print $_} waitpid ($pid, 0); return; } # end printcmd ############################################################################### # start getethdev sub getethdev { my $ethdev = ConfigServer::GetEthDev->new(); my %g_ipv4 = $ethdev->ipv4; my %g_ipv6 = $ethdev->ipv6; foreach my $key (keys %g_ipv4) { $ips{$key} = 1; } if ($config{IPV6}) { foreach my $key (keys %g_ipv6) { eval { local $SIG{__DIE__} = undef; $ipscidr6->add($key); }; } } return; } # end getethdev ############################################################################### # start chart sub chart { my $img; my $imgdir = ""; my $imghddir = ""; if (-e "/usr/local/cpanel/version") { $imgdir = "/"; $imghddir = ""; } elsif (-e "/usr/local/directadmin/conf/directadmin.conf") { $imgdir = "/CMD_PLUGINS_ADMIN/csf/images/"; $imghddir = "plugins/csf/images/"; umask(0133); } elsif (-e "/usr/local/interworx") { $imgdir = "/configserver/csf/"; $imghddir = "/usr/local/interworx/html/configserver/csf/"; umask(0133); } elsif (-e "/usr/local/CyberCP/") { $imgdir = "/static/configservercsf/"; $imghddir = "/usr/local/CyberCP/public/static/configservercsf/"; umask(0133); } if ($config{THIS_UI}) { $imgdir = "$images/"; $imghddir = "/etc/csf/ui/images/"; } my $STATS; if (-e "/var/lib/csf/stats/lfdstats") { sysopen ($STATS,"/var/lib/csf/stats/lfdstats", O_RDWR | O_CREAT); } elsif (-e "/var/lib/csf/stats/lfdmain") { sysopen (my $OLDSTATS,"/var/lib/csf/stats/lfdmain", O_RDWR | O_CREAT); flock ($OLDSTATS, LOCK_EX); my @stats = <$OLDSTATS>; chomp @stats; my @newstats; my $cnt = 0; foreach my $line (@stats) { if ($cnt == 55) {push @newstats,""} push @newstats,$line; $cnt++; } sysopen ($STATS,"/var/lib/csf/stats/lfdstats", O_RDWR | O_CREAT); flock ($STATS, LOCK_EX); seek ($STATS, 0, 0); truncate ($STATS, 0); foreach my $line (@newstats) { print $STATS "$line\n"; } close ($STATS); rename "/var/lib/csf/stats/lfdmain", "/var/lib/csf/stats/lfdmain.".time; close ($OLDSTATS); sysopen ($STATS,"/var/lib/csf/stats/lfdstats", O_RDWR | O_CREAT); } else { sysopen ($STATS,"/var/lib/csf/stats/lfdstats", O_RDWR | O_CREAT); } flock ($STATS, LOCK_SH); my @stats = <$STATS>; chomp @stats; close ($STATS); if (@stats) { ConfigServer::ServerStats::charts($config{CC_LOOKUPS},$imghddir); print ConfigServer::ServerStats::charts_html($config{CC_LOOKUPS},$imgdir); } else { print "\n"; print "
No statistical data has been collected yet
\n"; } &printreturn; return; } # end chart ############################################################################### # start systemstats sub systemstats { my $type = shift; if ($type eq "") {$type = "load"} my $img; my $imgdir = ""; my $imghddir = ""; if (-e "/usr/local/cpanel/version") { if (-e "/usr/local/cpanel/bin/register_appconfig") { $imgdir = "csf/"; $imghddir = "cgi/configserver/csf/"; } else { $imgdir = "/"; $imghddir = ""; } } elsif (-e "/usr/local/directadmin/conf/directadmin.conf") { $imgdir = "/CMD_PLUGINS_ADMIN/csf/images/"; $imghddir = "plugins/csf/images/"; umask(0133); } elsif (-e "/usr/local/interworx") { $imgdir = "/configserver/csf/"; $imghddir = "/usr/local/interworx/html/configserver/csf/"; umask(0133); } elsif (-e "/usr/local/CyberCP/") { $imgdir = "/static/configservercsf/"; $imghddir = "/usr/local/CyberCP/public/static/configservercsf/"; umask(0133); } if ($config{THIS_UI}) { $imgdir = "$images/"; $imghddir = "/etc/csf/ui/images/"; } if (defined $ENV{WEBMIN_VAR} and defined $ENV{WEBMIN_CONFIG}) { $imgdir = "/csf/"; $imghddir = ""; } sysopen (my $STATS,"/var/lib/csf/stats/system", O_RDWR | O_CREAT); flock ($STATS, LOCK_SH); my @stats = <$STATS>; chomp @stats; close ($STATS); if (@stats > 1) { ConfigServer::ServerStats::graphs($type,$config{ST_SYSTEM_MAXDAYS},$imghddir); print "

\n"; print ConfigServer::ServerStats::graphs_html($imgdir); unless ($config{ST_MYSQL} and $config{ST_APACHE}) { print "
\n\n"; print "
You may be able to collect more statistics by enabling ST_MYSQL or ST_APACHE in the csf configuration
\n"; } } else { print "\n"; print "
No statistical data has been collected yet
\n"; } &printreturn; return; } # end systemstats ############################################################################### # start editfile sub editfile { my $file = shift; my $save = shift; my $extra = shift; my $ace = 0; sysopen (my $IN, $file, O_RDWR | O_CREAT) or die "Unable to open file: $!"; flock ($IN, LOCK_SH); my @confdata = <$IN>; close ($IN); chomp @confdata; if (-e "/usr/local/cpanel/3rdparty/share/ace-editor/optimized/src-min-noconflict/ace.js") {$ace = 1} if (-e "/usr/local/cpanel/version" and $ace and !$config{THIS_UI}) { print "\n"; print "

Edit $file

\n"; print "\n"; print "
\n"; print "
\n"; print "
\n"; print "\n"; print "\n"; if ($extra) {print "\n";} print "\n"; print "

\n"; print "
\n"; print "
\n"; print < var myFont = 14; var textarea = \$('#formdata'); var editordiv = \$('#editor'); var editor = ace.edit("editor"); editor.setTheme("ace/theme/tomorrow"); editor.setShowPrintMargin(false); editor.setOptions({ fontFamily: "Courier New, Courier", fontSize: "14px" }); editor.getSession().setMode("ace/mode/space"); editor.getSession().on('change', function () { textarea.val(editor.getSession().getValue()); }); textarea.on('change', function () { editor.getSession().setValue(textarea.val()); }); editor.getSession().setValue(textarea.val()); \$('#textarea').hide(); editordiv.show(); \$("#toggletextarea-btn").on('click', function () { \$('#textarea').toggle(); editordiv.toggle(); }); \$("#fontplus-btn").on('click', function () { myFont++; if (myFont > 20) {myFont = 20} editor.setFontSize(myFont) textarea.css("font-size",myFont+"px"); }); \$("#fontminus-btn").on('click', function () { myFont--; if (myFont < 12) {myFont = 12} editor.setFontSize(myFont) textarea.css("font-size",myFont+"px"); }); EOF } else { if ($config{DIRECTADMIN}) { print "
\n
\n"; } else { print "\n
\n"; } print "
Edit $file
\n"; print "
\n"; print "\n"; if ($extra) {print "\n";} print "
\n"; print "
\n"; print "
\n"; } return; } # end editfile ############################################################################### # start savefile sub savefile { my $file = shift; my $restart = shift; $FORM{formdata} =~ s/\r//g; if ($FORM{ace} == "1") { if ($FORM{formdata} !~ /^# Do not remove or change this line as it is a safeguard for the UI editor\n/) { print "
UI editor safeguard missing, changes have not been saved.
\n"; return; } $FORM{formdata} =~ s/^# Do not remove or change this line as it is a safeguard for the UI editor\n//g; } sysopen (my $OUT, $file, O_WRONLY | O_CREAT) or die "Unable to open file: $!"; flock ($OUT, LOCK_EX); seek ($OUT, 0, 0); truncate ($OUT, 0); if ($FORM{formdata} !~ /\n$/) {$FORM{formdata} .= "\n"} print $OUT $FORM{formdata}; close ($OUT); if ($restart eq "csf") { print "
Changes saved. You should restart csf.
\n"; print "
\n"; } elsif ($restart eq "lfd") { print "
Changes saved. You should restart lfd.
\n"; print "
\n"; } elsif ($restart eq "both") { print "
Changes saved. You should restart csf and lfd.

\n"; print "
\n"; } else { print "
Changes saved.
\n"; } return; } # end cloudflare ############################################################################### # start cloudflare sub cloudflare { my $scope = &ConfigServer::CloudFlare::getscope(); print "\n"; print "\n"; print "\n"; print "\n"; print ""; print "\n"; # } else { # print "\n"; # } print ""; print "\n"; print "\n"; print ""; print "
csf - CloudFlare
Select the user(s), then select the action below
Select the domain(s), then select the action below
List rules in CloudFlare ONLY for the chosen accounts
Add rule for target in CloudFlare ONLY for the chosen accounts
Delete rule for target in CloudFlare ONLY
Temporarily IP address for $config{CF_TEMP} secs in CloudFlare AND csf for the chosen accounts and those with to \"any\"
\n"; print "
Output will appear here
\n"; print "
Note:\n
    \n"; print "
  • target can be one of:
    • An IP address
      • \n
    • 2 letter Country Code
      • \n
    • IP range CIDR
    \n
    • \n"; print "
  • Only Enterprise customers can block a Country Code, but all can allow and challenge\n"; print "
  • \nIP range CIDR is limited to /16 and /24
\n"; print "\n"; &printreturn; return; } # end cloudflare ############################################################################### # start resize sub resize { my $part = shift; my $scroll = shift; if ($part eq "top") { print "
\n"; print "
\n"; } else { print " EOF } return; } # end resize ############################################################################### # start printreturn sub printreturn { print "
\n"; return; } # end printreturn ############################################################################### # start confirmmodal # print "\n"; # &confirmmodal; sub confirmmodal { print "\n"; print "\n"; return; } # end confirmmodal ############################################################################### # start csgetversion sub csgetversion { my $product = shift; my $current = shift; my $upgrade = 0; my $newversion; if (-e "/var/lib/configserver/".$product.".txt.error") { open (my $VERSION, "<", "/var/lib/configserver/".$product.".txt.error"); flock ($VERSION, LOCK_SH); $newversion = <$VERSION>; close ($VERSION); chomp $newversion; if ($newversion eq "") { $newversion = "Failed to retrieve latest version from ConfigServer"; } else { $newversion = "Failed to retrieve latest version from ConfigServer: $newversion"; } } elsif (-e "/var/lib/configserver/".$product.".txt") { open (my $VERSION, "<", "/var/lib/configserver/".$product.".txt"); flock ($VERSION, LOCK_SH); $newversion = <$VERSION>; close ($VERSION); chomp $newversion; if ($newversion eq "") { $newversion = "Failed to retrieve latest version from ConfigServer"; } else { if ($newversion =~ /^[\d\.]*$/) { if ($newversion > $current) {$upgrade = 1} else {$newversion = ""} } else {$newversion = ""} } } elsif (-e "/var/lib/configserver/error") { open (my $VERSION, "<", "/var/lib/configserver/error"); flock ($VERSION, LOCK_SH); $newversion = <$VERSION>; close ($VERSION); chomp $newversion; if ($newversion eq "") { $newversion = "Failed to retrieve latest version from ConfigServer"; } else { $newversion = "Failed to retrieve latest version from ConfigServer: $newversion"; } } else { $newversion = "Failed to retrieve latest version from ConfigServer"; } return ($upgrade, $newversion); } # end csgetversion ############################################################################### # start manualversion sub manualversion { my $current = shift; my $upgrade = 0; my $url = "https://$config{DOWNLOADSERVER}/csf/version.txt"; if ($config{URLGET} == 1) {$url = "http://$config{DOWNLOADSERVER}/csf/version.txt";} my ($status, $newversion) = $urlget->urlget($url); if (!$status and $newversion ne "" and $newversion =~ /^[\d\.]*$/ and $newversion > $current) {$upgrade = 1} else {$newversion = ""} return ($upgrade, $newversion); } # end manualversion ############################################################################### 1;