|Since the number of Admin's on a server is usually limited to a small handful, limiting the access to Admin accounts to the IPs of those people might be something an Admin would want to do, in case the password fell into the wrong hands.|
To do this, we can use the all_pre.sh in order to check the IP of the caller to ensure they're allowed to be logged in.
Also, it would be recommended to enable the all_pre.sh on HTM files, not just as CMD files.
Create /usr/local/directadmin/scripts/custom/all_pre.sh, and in it, add the code
You can add more checks for more IPs as needed.
Chmod the all_pre.sh to 700.
Note, if your IP changes, you must edit this file to add your new IP to the list or you won't be able to login as the Admin.
The same guide could be modified in many other ways, such as blocking all access to DirectAdmin, except to specific IPs.
This can be done by simply removing the "if" statement that checks the USERTYPE, so that the IP check applies to all usertypes.
Note that there is also the custom script login_pre.sh if you actually wish to block the accepted login from a specific IP. This would be a block at the login level (would be the same as wrong password), versus the all_pre.sh which simply restricts running any command *after* a login was successful, and session file created.
|Prevent the creation of any other Admin account on the server|
|Using login_pre.sh to only allow certain IPs|
© 2018 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST