The original content of /etc/csf/csf.conf is what's generated by the CSF installer. The only important string in that file is the one containing the auto-determined port numbers (basically, the variable $tcpin).
When installed manually (not via my script), the sed -i command successfully replaces the original port numbers.
Here is the output of bash -x $SCRIPT:
root@server ~]# bash -x csf2
+ cd /usr/local
+ rm -fv csf.tgz
removed `csf.tgz'
+ wget
http://www.configserver.com/free/csf.tgz
--11:02:27--
http://www.configserver.com/free/csf.tgz
Resolving
www.configserver.com... 85.13.195.235
Connecting to
www.configserver.com|85.13.195.235|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 435029 (425K) [application/x-tar]
Saving to: `csf.tgz'
100%[===============================================================================>] 435,029 408K/s in 1.0s
11:02:28 (408 KB/s) - `csf.tgz' saved [435029/435029]
+ tar -xzf csf.tgz
+ cd csf
+ '[' -f /etc/init.d/cpanel ']'
+ sh install.sh
Configuring for OS
Checking for perl modulesok
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: created directory `/etc/csf'
mkdir: created directory `/etc/csf/zone'
mkdir: created directory `/etc/csf/stats'
`csf.generic.conf' -> `/etc/csf/csf.conf'
`csf.allow' -> `/etc/csf/./csf.allow'
`csf.deny' -> `/etc/csf/./csf.deny'
`csf.dirwatch' -> `/etc/csf/./csf.dirwatch'
`csf.ignore' -> `/etc/csf/./csf.ignore'
`csf.generic.pignore' -> `/etc/csf/csf.pignore'
`csf.rignore' -> `/etc/csf/./csf.rignore'
`csf.fignore' -> `/etc/csf/./csf.fignore'
`csf.signore' -> `/etc/csf/./csf.signore'
`csf.suignore' -> `/etc/csf/./csf.suignore'
`csf.mignore' -> `/etc/csf/./csf.mignore'
`csf.sips' -> `/etc/csf/./csf.sips'
`csf.dyndns' -> `/etc/csf/./csf.dyndns'
`alert.txt' -> `/etc/csf/./alert.txt'
`logfloodalert.txt' -> `/etc/csf/./logfloodalert.txt'
`integrityalert.txt' -> `/etc/csf/./integrityalert.txt'
`exploitalert.txt' -> `/etc/csf/./exploitalert.txt'
`tracking.txt' -> `/etc/csf/./tracking.txt'
`connectiontracking.txt' -> `/etc/csf/./connectiontracking.txt'
`processtracking.txt' -> `/etc/csf/./processtracking.txt'
`accounttracking.txt' -> `/etc/csf/./accounttracking.txt'
`usertracking.txt' -> `/etc/csf/./usertracking.txt'
`sshalert.txt' -> `/etc/csf/./sshalert.txt'
`sualert.txt' -> `/etc/csf/./sualert.txt'
`scriptalert.txt' -> `/etc/csf/./scriptalert.txt'
`filealert.txt' -> `/etc/csf/./filealert.txt'
`watchalert.txt' -> `/etc/csf/./watchalert.txt'
`loadalert.txt' -> `/etc/csf/./loadalert.txt'
`resalert.txt' -> `/etc/csf/./resalert.txt'
`portscan.txt' -> `/etc/csf/./portscan.txt'
`permblock.txt' -> `/etc/csf/./permblock.txt'
`netblock.txt' -> `/etc/csf/./netblock.txt'
`messenger' -> `/etc/csf/./messenger'
`messenger/csf_small.png' -> `/etc/csf/./messenger/csf_small.png'
`messenger/index.html' -> `/etc/csf/./messenger/index.html'
`messenger/index.text' -> `/etc/csf/./messenger/index.text'
`lfd.logrotate' -> `/etc/logrotate.d/lfd'
`csfcron.sh' -> `/etc/cron.d/csfcron.sh'
`lfdcron.sh' -> `/etc/cron.d/lfdcron.sh'
`csf.pl' -> `/etc/csf/csf.pl'
`csfui.pl' -> `/etc/csf/csfui.pl'
`csftest.pl' -> `/etc/csf/csftest.pl'
`lfd.pl' -> `/etc/csf/lfd.pl'
`regex.pm' -> `/etc/csf/regex.pm'
`servercheck.pm' -> `/etc/csf/servercheck.pm'
`readme.txt' -> `/etc/csf/readme.txt'
`sanity.txt' -> `/etc/csf/sanity.txt'
`changelog.txt' -> `/etc/csf/changelog.txt'
`install.txt' -> `/etc/csf/install.txt'
`version.txt' -> `/etc/csf/version.txt'
`license.txt' -> `/etc/csf/license.txt'
`uninstall.generic.sh' -> `/etc/csf/uninstall.sh'
`remove_apf_bfd.sh' -> `/etc/csf/remove_apf_bfd.sh'
`lfd.sh' -> `/etc/init.d/lfd'
`csf.sh' -> `/etc/init.d/csf'
`Net' -> `/etc/csf/Net'
`Net/CIDR' -> `/etc/csf/Net/CIDR'
`Net/CIDR/Lite.pm' -> `/etc/csf/Net/CIDR/Lite.pm'
`Sys' -> `/etc/csf/Sys'
`Sys/Hostname' -> `/etc/csf/Sys/Hostname'
`Sys/Hostname/Long.pm' -> `/etc/csf/Sys/Hostname/Long.pm'
`File' -> `/etc/csf/File'
`File/Type.pm' -> `/etc/csf/File/Type.pm'
`File/Type' -> `/etc/csf/File/Type'
`File/Type/Builder.pm' -> `/etc/csf/File/Type/Builder.pm'
`IP' -> `/etc/csf/IP'
`IP/Country.pm' -> `/etc/csf/IP/Country.pm'
`IP/._Authority.pm' -> `/etc/csf/IP/._Authority.pm'
`IP/Authority.pm' -> `/etc/csf/IP/Authority.pm'
`IP/Authority' -> `/etc/csf/IP/Authority'
`IP/Authority/ipauth.gif' -> `/etc/csf/IP/Authority/ipauth.gif'
`IP/Authority/auth.gif' -> `/etc/csf/IP/Authority/auth.gif'
`IP/Authority/._ipauth.gif' -> `/etc/csf/IP/Authority/._ipauth.gif'
`IP/Authority/._auth.gif' -> `/etc/csf/IP/Authority/._auth.gif'
`IP/Country' -> `/etc/csf/IP/Country'
`IP/Country/._Medium.pm' -> `/etc/csf/IP/Country/._Medium.pm'
`IP/Country/._MaxMind.pm' -> `/etc/csf/IP/Country/._MaxMind.pm'
`IP/Country/._Slow.pm' -> `/etc/csf/IP/Country/._Slow.pm'
`IP/Country/._Fast.pm' -> `/etc/csf/IP/Country/._Fast.pm'
`IP/Country/MaxMind.pm' -> `/etc/csf/IP/Country/MaxMind.pm'
`IP/Country/Slow.pm' -> `/etc/csf/IP/Country/Slow.pm'
`IP/Country/Fast.pm' -> `/etc/csf/IP/Country/Fast.pm'
`IP/Country/Fast' -> `/etc/csf/IP/Country/Fast'
`IP/Country/Fast/._ip.gif' -> `/etc/csf/IP/Country/Fast/._ip.gif'
`IP/Country/Fast/ip.gif' -> `/etc/csf/IP/Country/Fast/ip.gif'
`IP/Country/Fast/cc.gif' -> `/etc/csf/IP/Country/Fast/cc.gif'
`IP/Country/Fast/._cc.gif' -> `/etc/csf/IP/Country/Fast/._cc.gif'
`IP/Country/Medium.pm' -> `/etc/csf/IP/Country/Medium.pm'
`IP/Countries.pm' -> `/etc/csf/IP/Countries.pm'
mode of `/etc/csf/uninstall.sh' changed to 0700 (rwx------)
mode of `/etc/csf/csf.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csfui.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csftest.pl' changed to 0700 (rwx------)
mode of `/etc/csf/servercheck.pm' changed to 0700 (rwx------)
mode of `/etc/csf/lfd.pl' changed to 0700 (rwx------)
mode of `/etc/init.d/lfd' changed to 0700 (rwx------)
mode of `/etc/init.d/csf' changed to 0700 (rwx------)
mode of `/etc/cron.d/lfdcron.sh' changed to 0644 (rw-r--r--)
mode of `/etc/cron.d/csfcron.sh' changed to 0644 (rw-r--r--)
create symbolic link `/usr/sbin/csf' to `/etc/csf/csf.pl'
create symbolic link `/usr/sbin/lfd' to `/etc/csf/lfd.pl'
*** SSH port 12112 added to the TCP_IN port list
TCP ports currently listening for incoming connections:
80,111,12112
UDP ports currently listening for incoming connections:
68,111,123,631,5353,46552,47137
Note: The port details above are for information only, csf hasn't been auto-configured.
Don't forget to:
1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in the csf configuration to suite your server
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall
Adding current SSH session IP address to the csf whitelist in csf.allow:
Parameter to use lib must be directory, not file at /etc/csf/csf.pl line 138
Adding 68.79.1.214 to csf.allow only while in TESTING mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
Installation Completed
++ head -n 1
++ cut -f 3 -d ' '
++ grep TCP_IN /etc/csf/csf.conf
++ cut -f 2 -d '"'
+ tcpin=20,21,22,25,53,80,110,143,443,465,587,993,995,12112
++ grep TCP_OUT /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ tcpout=20,21,22,25,53,80,110,113,443
++ grep UDP_IN /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ udpin=20,21,53
++ grep UDP_OUT /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ udpout=20,21,53,113,123
++ grep TESTING /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ testing=1
+ cp -a /etc/csf/csf.conf /etc/csf/csf.conf.bak
+ sed -i s/20,21,22,25,53,80,110,143,443,465,587,993,995,12112/21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,3784 ,10050/g /etc/csf/csf.conf
+ sed -i s/20,21,22,25,53,80,110,113,443/21,25,80,110,443,43/g /etc/csf/csf.conf
+ sed -i s/20,21,53/53,631,665,668,3784/g /etc/csf/csf.conf
+ sed -i s/20,21,53,113,123/20,21,53/g /etc/csf/csf.conf
+ sed -i s/1/0/g /etc/csf/csf.conf
+ echo 'The default CSF configuration has been backed up to the following location: /etc/csf/csf.conf.bak'
The default CSF configuration has been backed up to the following location: /etc/csf/csf.conf.bak
+ echo 'SUCCESS! CSF has been installed and autoconfigured for cPanel.'
SUCCESS! CSF has been installed and autoconfigured for cPanel.
+ echo 'TESTING MODE: OFF'
TESTING MODE: OFF
+ echo 'Please ensure that TCP inbound access is allowed for this server'\''s SSH listening port. Once this is complete, start the firewall with '\''/etc/init.d/csf start'\'''
Please ensure that TCP inbound access is allowed for this server's SSH listening port. Once this is complete, start the firewall with '/etc/init.d/csf start'
[root@server ~]#
As you can see from this output, the tcpin variable is calculated properly but when the sed command substitute's the variable's value, the replace is done incorrectly. The sed -i command (+ sed -i s/20,21,22,25,53,80,110,143,443,465,587,993,995,12112/21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,3784 ,10050/g /etc/csf/csf.conf) messes up the formatting by not including 21, changing 1's to zero's, etc.
BTW: I'm not sure what you mean by code tags as this is my first script and my Bash scripting experience is minimal at best. Some examples would be great.