Mastering cPFence with an Intuitive CLI: Simplify Management and Security

The cPFence command-line interface (CLI) provides a comprehensive set of commands for managing and securing your server. This guide organizes all available commands into categories for easier navigation and efficient usage. Use these commands to configure, monitor, and maintain your server's security settings with precision.

 

General Options

 

  • Check Status:
    cpfence --status
    Displays information about current running modules and license status.

 

  • Show Statistics:
    cpfence --show-stats
    View protection statistics and server details.

 

  • Set Notification Email:
    cpfence --set-email [email protected]
    Set or update the email address in cPFence configuration.

 

  • Enable or Disable SMTP Notifications:
    cpfence --enable-cpfence-smtp
    cpfence --disable-cpfence-smtp
    Manages SMTP settings for cPFence notifications only.

 

  • Enable or Disable Global SMTP:
    cpfence --enable-global-smtp
    cpfence --disable-global-smtp
    Manages server-wide SMTP relay when Enhance Smart Host isn’t working for you.

 

  • Restart Services:
    cpfence --restart
    Restarts all services and modules to apply settings.

 

Protection Control

 

  • Enable All Protections:
    cpfence --enable-all
    Activate all default protections.

 

  • Disable All Protections:
    cpfence --disable-all
    Deactivate all protections.

 

IPDB / DDoS Protection Module

 

  • Enable or Disable IPDB:
    cpfence --enable-ipdb
    cpfence --disable-ipdb
    Manage the cPFence IPDB module for enhanced security.

 

  • Restart IPDB:
    cpfence --restart-ipdb
    Restart the IPDB service.

 

  • Enable or Disable DDoS Protection:
    cpfence --enable-DDos
    cpfence --disable-DDos
    Manage cPFence DDoS protection.

 

WordPress Security and Maintenance Tools

 

  • Enable or Disable WordPress Integrity Check:
    cpfence --enable-integrity-check
    cpfence --disable-integrity-check
    Manage WordPress Integrity Check for enhanced security.

 

  • Enable or Disable Automatic Quarantine for Wordpress sites :
    cpfence --enable-auto-file-action
    cpfence --disable-auto-file-action
    Control automatic handling of unexpected files.

 

  • Set Integrity Check Frequency:
    cpfence --set-check-frequency [daily|hourly]
    Choose how often to run the integrity check.

 

  • Generate WordPress Sites List:
    cpfence --generate-wp-sites-list
    Lists all WordPress sites on the server along with account owners.

 

  • Perform Vulnerability Scan:
    cpfence --vuln-scan
    Scan WordPress sites for vulnerabilities.

 

  • Export Vulnerability Scan Results:
    cpfence --vuln-export
    Export the scan results in CSV format.

 

WAF Management

 

  • Enable WAF:
    cpfence --enable-ols-waf
    Enable the OLS/LS latest cPFence WAF.

 

  • Disable WAF:
    cpfence --disable-ols-waf
    Disable the OLS/LS cPFence WAF.

 

  • Disable a Specific WAF Rule by ID:
    cpfence --disable-waf-rule RULE-ID
    Disable a specific WAF rule server-wide by its ID.

 

  • Enable a Specific WAF Rule by ID:
    cpfence --enable-waf-rule RULE-ID
    Re-enable a currently disabled WAF rule server-wide by its ID.

 

  • Disable WAF for a Specific Domain:
    cpfence --disable-waf-domain DOMAIN
    Disable WAF entirely for a specific domain.

 

  • Enable WAF for a Specific Domain:
    cpfence --enable-waf-domain DOMAIN
    Re-enable WAF for a previously disabled domain.

 

  • Disable WAF Rules for a Specific Domain by ID:
    cpfence --disable-waf-domain-byid DOMAIN ID-LIST
    Disable one or more specific WAF rules for a domain by providing the rule IDs.

 

  • Enable WAF Rules for a Specific Domain by ID:
    cpfence --enable-waf-domain-byid DOMAIN
    Re-enable specific WAF rules for a domain that were previously disabled.

 

Malware Protection Settings

 

  • Enable Real-Time Protection:
    cpfence --enable-MRTP
    Enable Malware Real-Time Protection for continuous scanning.

 

  • Disable Real-Time Protection:
    cpfence --disable-MRTP
    Disable Malware Real-Time Protection.

 

  • Enable Proactive Scanning:
    cpfence --enable-proactive
    Enable Proactive Scanning for fast detection. (recommended)

 

  • Disable Proactive Scanning:
    cpfence --disable-proactive
    Disable Proactive Scanning for reduced RAM usage.

 

  • Enable Auto Quarantine:
    cpfence --enable-quarantine
    Automatically move infected files to the quarantine directory.

 

  • Disable Auto Quarantine:
    cpfence --disable-quarantine
    Turn off automatic quarantine. Review scan results manually.

 

  • Enable Email Quarantine:
    cpfence --enable-email-quarantine
    Quarantine suspicious emails with infected attachments or phishing links.

 

  • Disable Email Quarantine:
    cpfence --disable-email-quarantine
    Disable automatic quarantine for suspicious emails.

 

  • Enable Spam Protection:
    cpfence --enable-spam-protection
    Enable advanced filtering to detect and quarantine spam emails.

 

  • Disable Spam Protection:
    cpfence --disable-spam-protection
    Disable spam filtering for email content.

 

Scanning Options

 

  • Run a Full Scan:
    cpfence --full-scan
    Perform a full scan on all files. This process may take 30 minutes up to several hours.

 

  • Run a Smart Scan:
    cpfence --smart-scan
    Scan critical areas and commonly infected files for faster results.

 

  • Run a Custom Scan:
    cpfence --custom-scan PATH
    Perform a custom scan on a specific path or directory.

 

  • Stop Active Scanning Jobs:
    cpfence --stop-scan
    Stop all currently running scans, including Full, Smart, and Custom scans.

 

  • Exclude a Path from Scans:
    cpfence --exclude-path PATH
    Add a path or directory to the exclusion list for all scanning jobs.

 

  • Remove a Path from Exclusions:
    cpfence --del-exclude-path PATH
    Remove a previously excluded path from the exclusion list.

 

  • Run a Custom Scan without Quarantine:
    cpf_scan /var/www
    Run a custom scan without quarantine or exclusions. Example: cpf_scan /var/www.

 

  • Run a Custom Scan and Move to Quarantine:
    cpf_scan --move=/opt/cpfence/quarantined/ /var/www
    Perform a custom scan and move infected files to the quarantine directory.

 

cPFence Owl™ Monitoring Module

 

  • Enable Owl Monitoring System:
    cpfence --enable-owl
    Enable the cPFence Owl Monitoring system to track and analyze server activity. (recommended)

 

  • Disable Owl Monitoring System:
    cpfence --disable-owl
    Disable the cPFence Owl Monitoring system.

 

  • Restart Owl Monitoring System:
    cpfence --restart-owl
    Restart the cPFence Owl Monitoring system to refresh its operations.

 

Rootkit Scanner

 

  • Enable Rootkit Scanner:
    cpfence --rootkit-on
    Turn on the Rootkit daily scanner to detect and protect against hidden threats. (recommended)

 

  • Disable Rootkit Scanner:
    cpfence --rootkit-off
    Turn off the Rootkit daily scanner.

 

IP Management Commands

 

  • Check the Current State of an IP:
    cpfence --check-ip IP
    Check if an IP is whitelisted, blacklisted, or blocked and view related statistics. Example: cpfence --check-ip 192.168.1.1.

 

  • Add an IP to the Whitelist:
    cpfence --add-whitelist-ip IP
    Whitelist an IP to allow it through server defenses. Example: cpfence --add-whitelist-ip 192.168.1.1/23.

 

  • Remove an IP from the Whitelist:
    cpfence --del-whitelist-ip IP
    Remove an IP from the whitelist. Example: cpfence --del-whitelist-ip 192.168.1.1.

 

  • Add an IP to the Blacklist:
    cpfence --add-blacklist-ip IP
    Blacklist an IP to block it from accessing your server. Example: cpfence --add-blacklist-ip 192.168.1.1/24.

 

  • Remove an IP from the Blacklist:
    cpfence --del-blacklist-ip IP
    Remove an IP from the blacklist. Example: cpfence --del-blacklist-ip 192.168.1.1.

 

  • Bulk Add IPs to the Whitelist:
    cpfence --bulk-whitelist-ip URL_OR_FILE
    Add multiple IPs to the whitelist from a file or URL. Example: cpfence --bulk-whitelist-ip https://a.com/file.txt.

 

  • Bulk Add IPs to the Blacklist:
    cpfence --bulk-blacklist-ip URL_OR_FILE
    Add multiple IPs to the blacklist from a file or URL. Example: cpfence --bulk-blacklist-ip /path/to/file.

 

  • Bulk Remove IPs from the Whitelist:
    cpfence --bulk-del-wl-ip URL_OR_FILE
    Remove multiple IPs from the whitelist using a file or URL. Example: cpfence --bulk-del-wl-ip https://a.com/file.txt.

 

  • Bulk Remove IPs from the Blacklist:
    cpfence --bulk-del-bl-ip URL_OR_FILE
    Remove multiple IPs from the blacklist using a file or URL. Example: cpfence --bulk-del-bl-ip /path/to/file.

 

Country Blacklisting / Whitelisting Module

 

  • Add a Country to the Whitelist:
    cpfence --whitelist-country ISOCODE
    Allow traffic from a specific country. Example: cpfence --whitelist-country us.

 

  • Add a Country to the Blacklist:
    cpfence --blacklist-country ISOCODE
    Block traffic from a specific country. Example: cpfence --blacklist-country cn.

 

  • Remove a Country from the Whitelist:
    cpfence --del-whitelist-country ISOCODE
    Remove a country from the whitelist. Example: cpfence --del-whitelist-country us.

 

  • Remove a Country from the Blacklist:
    cpfence --del-blacklist-country ISOCODE
    Remove a country from the blacklist. Example: cpfence --del-blacklist-country cn.

 

Maintenance Options

 

  • Update cPFence:
    cpfence --update
    Update cPFence software and virus signatures to the latest version.

 

  • Uninstall cPFence:
    cpfence --uninstall
    Uninstall the cPFence software completely from your server.

 

  • Display Installed Version:
    cpfence --version
    Check the currently installed version of cPFence.

 

  • Display Help Message:
    cpfence --help
    Show the full list of available cPFence commands and their descriptions.

 

 


Need Further Assistance?

Visit our Knowledgebase or contact our support team for help.

  • wordpress
  • 1 istifadəçi bunu faydalı hesab edir
Bu cavab sizə kömək etdi?

Uyğun məqalələr

How to Manage cPFence License?

When cPFence is initially installed, the license should be added automatically. If you encounter...

What is the Recommended cPFence Settings for Email, Backup, and DNS Servers?

If you're running DNS, backup, or email servers, optimizing cPFence settings can help ensure...

Installation Guide & Quick Start

cPFence installation is a straightforward process : Requirements - Ensure your server is...

Configuring cPFence

The default configuration of cPFence is highly recommended for the majority of use cases. Upon...