Remove CSF 'do not delete' IP entries with bash

386 views Asked by At

Is there a way to remove CSF IPs (automatically using bash) that have comment # do not delete append to it? For example this list below:

1.1.1.1 # do not delete
1.2.3.4 # This is another IP # do not delete
1.2.3.5 # This IP is bad # do not delete

If I remove the IP 1.1.1.1 using CSF like this:

csf -dr 1.1.1.1

I will get this error:

csf: 1.1.1.1 set as "do not delete" - not removed

Of course I can remove this IP perfectly by editing csf.deny and manually remove that comment line # do not delete, then when I run csf -d 1.1.1.1 it will get deleted.

Does CSF has this option to force remove this entry or is there alternative way to do this automatically via bash script? There are more than few hundred entries that have this # do not delete. So, this is not easy to do manually.

1

There are 1 answers

0
MaXi32 On BEST ANSWER

You can use grep command without using csf -dr:

#!/bin/bash

# Find IP:

ip="1.1.1.1"

search_csf_ip_without_comment=$(grep -w "^${ip}" "/etc/csf/csf.deny")

# If IP found:

if [[ -n "${search_csf_ip_without_comment}" ]]; then
  echo "IP found, remove and restarting csf ..." 
    grep -wv "^${ip}" "/etc/csf/csf.deny" >write.tmp && mv write.tmp "/etc/csf/csf.deny"

   csf -r > /dev/null
else

  echo "IP not found"
fi