In a Shared Hosting cPanel server, the WHM root access is required for authorized technicians and API calls (like WHMCS) only. In majority cases, the shell access or root level access is restricted only to the web hosting support or server management professionals. Being a popular web hosting control panel, cPanel is exposed to various type of security attacks. Some times an infected or hacked client device with the logins, can be catastrophic if they are able to access the WHM as root user. So limiting the WHM Root access to known IPs provides additional layer of security. Here I am making an attempt to develop a bash script to restrict the root level WHM access after cross checking it with the known IPs list.
How the Script Works?
This script can actively monitor the cPanel access_log (/usr/local/cpanel/logs/access_log) for any WHM Root access and block the source IP if it is not present in the custom whitelist.
The Shell (bash) Script
|
|
The above script require the following additional script to log and block the IP address:
|
Note: The above script requires executable permission.
Configuration
The allowed IP address can be specified in the following formats:
|
123.123.1.2: This IP is allowed.
^111.222: Any IPs begin with 111.222 are allowed.
^222: Any IPs begin with 222 are allowed.
Start/Stop the Script
|
The & will send the process into background.
|
Known Bugs & Limitations
- Need to restart the script to reload IP whitelist modifications.
- Need to Stop then Start to restart the script.
- The script may try multiple times to block a single IP. This may create duplicate entries in IPTABLES.
- Commenting not allowed in whitelist
- No Email alerts for IP block instance.
- CIDR notation is not supported in whitelist
