ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /lib64/nagios/plugins/
Upload Files
File: //lib64/nagios/plugins/check_a2_fw.sh.shared
#!/bin/bash
#
# Inherited from the internal check_fw.sh
# - to ensure Imunify firewall rules are always loaded
#

IPT=$(iptables -S | grep -wE 'INPUT|DROP|REJECT')
IDRP=$(echo "$IPT" | grep -c 'INPUT DROP')
DRP=$(echo "$IPT" | grep -c DROP)
REJ=$(echo "$IPT" | grep -c REJECT)
IMUNIFY=$(echo "$IPT" | grep -c "imunify360_log_bl -j DROP")

if [ "$IDRP" -eq 0 ] && [ "$IMUNIFY" -eq 0 ]; then
  echo "Firewall rules not loaded, has no default DROP policy!"
  exit 2
  exit
elif [ "$DRP" -eq 0 ] && [ "$REJ" -eq 0 ]; then
  echo "Firewall DROP/REJECT rules are missing!"
  exit 2
  exit
fi

CHAINS=$(iptables -nvL | grep 'Chain' | awk '{print $2}')

for CHAIN in $CHAINS; do
  if [ "$CHAIN" != "FORWARD" ] && [ "${CHAIN:0:6}" != "OUTPUT" ] && [ "${CHAIN:0:4}" != "LOG_" ] && [ "${CHAIN:0:5}" != "SOLUS" ] && [[ ! $CHAIN =~ "imunify360" ]]; then
    CNT=$(expr "$(iptables -S "$CHAIN" | wc -l)" '-' 1)
    if [ "$CNT" -eq 0 ]; then
      echo "Firewall rules are missing!"
      exit 2
      exit
    else
      echo "Firewall is working!"
      exit 0
    fi
  fi
done
@ Telegram