https://github.com/thekugelblitz/mysql-remote-host-csf-whitelister
Shell script that automatically syncs MySQL remote host IPs with CSF firewall on cPanel/WHM servers.
https://github.com/thekugelblitz/mysql-remote-host-csf-whitelister
bash configserver configserver-firewall cpanel csf hostingspell mysql-connector shell-script sysadmin-tool webhosting whm
Last synced: 28 days ago
JSON representation
Shell script that automatically syncs MySQL remote host IPs with CSF firewall on cPanel/WHM servers.
- Host: GitHub
- URL: https://github.com/thekugelblitz/mysql-remote-host-csf-whitelister
- Owner: thekugelblitz
- License: gpl-3.0
- Created: 2025-04-07T21:39:07.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2025-04-07T22:01:54.000Z (about 1 month ago)
- Last Synced: 2025-04-07T22:33:09.556Z (about 1 month ago)
- Topics: bash, configserver, configserver-firewall, cpanel, csf, hostingspell, mysql-connector, shell-script, sysadmin-tool, webhosting, whm
- Language: Shell
- Homepage: http://hostingspell.com
- Size: 0 Bytes
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# MySQL Remote Host CSF Whitelister
A secure and performance-optimized shell script that automatically syncs MySQL remote host IPs with the CSF firewall on cPanel/WHM servers.
This script fetches all non-local MySQL user host IPs and hostnames that are added to cPanel MySQL Remote Host, excludes the server's own IPs and hostnames, and whitelists them using CSFβensuring seamless remote MySQL access without manual firewall entries and edits. The script, with cronjob, automatically adds new IP addresses to CSF (ConfigServer Firewall) when a cPanel user adds them to their cPanel MySQL Remote Host. It's super easy and time-saving!
---
## π§ Features
- β
Fully automated CSF whitelisting for remote MySQL hosts
- π« Skips localhost, private ranges, and server-owned IPs
- π Efficient (non-looping), clean, and secure execution
- π Dry-run mode for safe validation
- π Logs all actions and warnings/errors separately
---
## π₯ Installation
`
wget https://raw.githubusercontent.com/thekugelblitz/MySQL-Remote-Host-CSF-Whitelister/main/mysql_csf_whitelist.sh
chmod +x /root/mysql_csf_whitelist.sh
`
---
## β± Cron Setup
Run the script automatically every 1 minute or as per your need, like 15 minutes:
`* * * * * /bin/bash /root/mysql_csf_whitelist.sh >> /var/log/mysql_csf_cron.log 2>&1`
For debugging/testing:
`*/1 * * * * /bin/bash /root/mysql_csf_whitelist.sh --dry-run >> /var/log/mysql_csf_cron_test.log 2>&1`
---
## βοΈ Usage
### β€ Run Manually
`
./mysql_csf_whitelist.sh
`
### β€ Dry Run
`
./mysql_csf_whitelist.sh --dry-run
`
This will show all the IPs it would whitelist without making any changes.
---
## π Logs
- β
Main Log: /var/log/mysql_csf_cron.log
- β οΈ Error/Skip Log: /var/log/mysql_csf_whitelist_error.log
---
## π Requirements
- Root access
- CSF (ConfigServer Security & Firewall) installed
- cPanel/WHM with MySQL enabled
---
## π§βπ» Example MySQL Output Handled
CSF Output:
`
csf.allow: 45.11.XX.XX # Auto-whitelist:mysql:2025-04-08 - Tue Apr 8 03:21:20 2025
`
Default MySQL fetch query:
```
mysql> SELECT Host, User FROM mysql.user WHERE Host NOT IN ('localhost', '127.0.0.1', '::1');
+--------------+--------------------+
| Host | User |
+--------------+--------------------+
| 103.99.XX.XX | example_remote |
| 192.168.1.10 | bad_entry |
| server.host | should_be_skipped |
| 45.11.XX.XX | good_ip |
+--------------+--------------------+
```
This script will **only allow valid public IPs or hostnames**, not local/private ones.
---
## **π€ Contribution**
Developed by **Dhruval Joshi** from **[HostingSpell](https://hostingspell.com)**
GitHub Profile: [@thekugelblitz](https://github.com/thekugelblitz)
If you want to contribute, feel free to fork and submit a PR! π
---
## **π License**
This script is released under the **GNU GENERAL PUBLIC LICENSE Version 3**. You are free to modify and use it for commercial or personal use. I would appreciate your contribution! π
---