D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
tier1adv
/
bin
/
Filename :
checkip
back
Copy
#!/opt/support/venv/bin/python3 """Checks if an IP is blocked in the firewall""" import os from argparse import ArgumentParser import sys import subprocess import json import netaddr import rads sys.path.insert(0, '/opt/support/lib') import arg_types from output import header, print_listed, warn import firewall_tools as fw def parse_args(): """Parse IPs from commandline args""" parser = ArgumentParser(description=__doc__) parser.add_argument( 'ips', metavar='IP_ADDRESS', nargs='+', type=arg_types.ipaddress, help='IP to check (may be either IPv4 or IPv6)', ) yes_group = parser.add_mutually_exclusive_group() yes_group.add_argument( '--yes', '-y', action='store_true', help='Auto-YES to the confirmation prompt to check ping and traceroute', ) yes_group.add_argument( '--no', '-n', action='store_true', help="Auto-NO to the confirmation prompt to check ping and traceroute", ) args = parser.parse_args() for addr in args.ips: addr: netaddr.IPAddress if not addr.is_global(): warn( f'Warning: {addr} is a private IP and therefore cannot route ' 'over the internet.' ) if str(addr).endswith('.255'): warn( f'Warning: {addr} ends in .255 and therefore may be rejected ' 'as a "bogon" by some routers, even if this is a valid IP.' ) return args def check_firewall(ips: list[netaddr.IPAddress]): header('Checking firewall...') fw_name, _, fw_data = fw.fw_info() print('This server is using', fw_name) for ipaddr in ips: if fw_name == 'ipset+fail2ban': # this function handles printing already fw.ipset_fail2ban_check(fw_data, ipaddr) else: # APF or CSF listed = str(ipaddr) in fw_data print_listed(ipaddr, listed, f'the {fw_name} deny list') def check_cphulk_logs(ips: list[netaddr.IPAddress]): if os.path.exists("/usr/local/cpanel/logs/cphulkd.log"): cph_log = "/usr/local/cpanel/logs/cphulkd.log" try: cmd = ["whmapi1", "--output=jsonpretty", "cphulk_status"] result = subprocess.run( cmd, capture_output=True, text=True, check=False ) if ( json.loads(result.stdout) .get('data', {}) .get('is_enabled', False) == 1 ): with open(cph_log, encoding="utf-8") as logfile: for ip in ips: if str(ip) in logfile.read(): print(f'{ip} was found in cphulk logs') except Exception: print( f''' An error occured while checking CPHulk status. If this is a VPS or dedicated server confirm that CPHulk is enabled. Confirm the path to CPHulk logs: {cph_log} ''' ) else: print( ''' Log file for CPHulk is missing. Is CPHulk enabled? ''' ) def ping(ips: dict[netaddr.IPAddress, bool]): header('Running ping tests...') for addr, is_v6 in ips.items(): cmd = ['ping6'] if is_v6 else ['ping'] cmd.extend(['-c2', str(addr)]) subprocess.call(cmd) def trace(ips: dict[netaddr.IPAddress, bool]): header('Running traceroute tests...') for addr, is_v6 in ips.items(): cmd = ['traceroute6'] if is_v6 else ['traceroute'] cmd.append(str(addr)) subprocess.call(cmd) def main(): """Parse args, check firewall""" args = parse_args() check_firewall(args.ips) check_cphulk_logs(args.ips) if args.no: sys.exit(0) if not args.yes and not rads.prompt_y_n( 'Would you like to proceed with ping and traceroute tests?' ): sys.exit(0) ips: dict[netaddr.IPAddress, bool] = { x: netaddr.valid_ipv6(str(x)) for x in args.ips } try: ping(ips) trace(ips) except KeyboardInterrupt: sys.exit(0) if __name__ == '__main__': main()