Tweet
Overview
This document describes how to manage cPHulk from the command line.
Note: You can also manage cPHulk with WHM's cPHulk Brute Force Protection interface (Home >> Security Center >> cPHulk Brute Force Protection).
Manage cPHulk
Use the following methods to manage cPHulk on your server.
Important:The system requires several configuration changes in order to properly enable cPHulk. Therefor, we strongly recommend that you do not enable it from the command line. Instead, use WHM's cPHulk Brute Force Protection interface (Home >> Security Center >> cPHulk Brute Force Protection) to enable cPHulk.
Debug mode
To enable debug mode for cPHulk, run the following command: touch /var/cpanel/hulkd/debug
Check cPHulk's status
To check cPHulk's status, run the ps aux | grep -i cphulk command. The system will return output that resembles the following example:
root 1501 0.0 0.4 34816 5076 ? S 07:58 0:00 cPhulkd - processor
Note: In this example, the output indicates that cPHulk is enabled.
Restart the cPHulk daemon (cphulkd)
To restart the cphulkd daemon, perform either of the following actions:
A. Perform a soft restart. To do this, run the following command: /scripts/restartsrv_cphulkd
B.Perform a hard restart and force the system to flush the daemon's memory. To do this, run the following command: /scripts/restartsrv_cphulkd --stop; /scripts/restartsrv_cphulkd --start
Disable cPHulk
To disable cPHulk via the command line, run the following commands:
/usr/local/cpanel/etc/init/stopcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl --disable
To disable cPHulk to keep it offline, even after a restart of cPanel & WHM, remove the cPHulk touch file with the following command: rm /var/cpanel/hulkd/enabled
Log files
cPHulk stores its logs in the following files:
/usr/local/cpanel/logs/cphulkd.log
/usr/local/cpanel/logs/cphulkd_errors.log
IP address management
Add IP addresses to the whitelist
To add IP addresses to the whitelist from the command line, run the /scripts/cphulkdwhitelist IP command, where IP represents the IP address or IP address range that you wish to add.
For example, to add the 192.168.0.20 IP address to the whitelist, run the following command as the root user: /scripts/cphulkdwhitelist 192.168.0.20
Add IP addresses to the blacklist
To add IP addresses to the blacklist from the command line, run the /scripts/cphulkdblacklist IP command, where IP represents the IP address or IP address range that you wish to add.
For example, to add the 192.168.0.20 IP address to the blacklist, run the following command as the root user: /scripts/cphulkdblacklist 192.168.0.20
Remove lockouts
If cPHulk locks you out of your cPanel account, the /scripts2/doautofixer?autofix=disable_cphulkd script in WHM can disable cPHulk and allow you to log in.
For example, log in to WHM and navigate to https://www.example.com:2087/scripts...isable_cphulkd, where Example Domain represents your server's hostname.
If you enabled the Block IP addresses at the firewall level if they trigger brute force protection or the Block IP addresses at the firewall level if they trigger a one-day block options, remove the iptables rule that the system created. To do this, run the following command: iptables -F cphulk && mysql -e "Delete from cphulkd.login_track;"
Note: This command removes all of cPHulk's lockouts. To remove the lockout for a specific IP address, on servers that run cPanel & WHM version 11.50, call WHM API 1's flush_cphulk_login_history_for_ips function.
Regards,
Dexter
http://webhosting.uk.com
This document describes how to manage cPHulk from the command line.
Note: You can also manage cPHulk with WHM's cPHulk Brute Force Protection interface (Home >> Security Center >> cPHulk Brute Force Protection).
Manage cPHulk
Use the following methods to manage cPHulk on your server.
Important:The system requires several configuration changes in order to properly enable cPHulk. Therefor, we strongly recommend that you do not enable it from the command line. Instead, use WHM's cPHulk Brute Force Protection interface (Home >> Security Center >> cPHulk Brute Force Protection) to enable cPHulk.
Debug mode
To enable debug mode for cPHulk, run the following command: touch /var/cpanel/hulkd/debug
Check cPHulk's status
To check cPHulk's status, run the ps aux | grep -i cphulk command. The system will return output that resembles the following example:
root 1501 0.0 0.4 34816 5076 ? S 07:58 0:00 cPhulkd - processor
Note: In this example, the output indicates that cPHulk is enabled.
Restart the cPHulk daemon (cphulkd)
To restart the cphulkd daemon, perform either of the following actions:
A. Perform a soft restart. To do this, run the following command: /scripts/restartsrv_cphulkd
B.Perform a hard restart and force the system to flush the daemon's memory. To do this, run the following command: /scripts/restartsrv_cphulkd --stop; /scripts/restartsrv_cphulkd --start
Disable cPHulk
To disable cPHulk via the command line, run the following commands:
/usr/local/cpanel/etc/init/stopcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl --disable
To disable cPHulk to keep it offline, even after a restart of cPanel & WHM, remove the cPHulk touch file with the following command: rm /var/cpanel/hulkd/enabled
Log files
cPHulk stores its logs in the following files:
/usr/local/cpanel/logs/cphulkd.log
/usr/local/cpanel/logs/cphulkd_errors.log
IP address management
Add IP addresses to the whitelist
To add IP addresses to the whitelist from the command line, run the /scripts/cphulkdwhitelist IP command, where IP represents the IP address or IP address range that you wish to add.
For example, to add the 192.168.0.20 IP address to the whitelist, run the following command as the root user: /scripts/cphulkdwhitelist 192.168.0.20
Add IP addresses to the blacklist
To add IP addresses to the blacklist from the command line, run the /scripts/cphulkdblacklist IP command, where IP represents the IP address or IP address range that you wish to add.
For example, to add the 192.168.0.20 IP address to the blacklist, run the following command as the root user: /scripts/cphulkdblacklist 192.168.0.20
Remove lockouts
If cPHulk locks you out of your cPanel account, the /scripts2/doautofixer?autofix=disable_cphulkd script in WHM can disable cPHulk and allow you to log in.
For example, log in to WHM and navigate to https://www.example.com:2087/scripts...isable_cphulkd, where Example Domain represents your server's hostname.
If you enabled the Block IP addresses at the firewall level if they trigger brute force protection or the Block IP addresses at the firewall level if they trigger a one-day block options, remove the iptables rule that the system created. To do this, run the following command: iptables -F cphulk && mysql -e "Delete from cphulkd.login_track;"
Note: This command removes all of cPHulk's lockouts. To remove the lockout for a specific IP address, on servers that run cPanel & WHM version 11.50, call WHM API 1's flush_cphulk_login_history_for_ips function.
Regards,
Dexter
http://webhosting.uk.com