This article provides some of the basic and useful commands of BitNinja.
IP Management
Whitelisting/Blacklisting the IP:
bitninjacli --whitelist --add=1.2.3.4
bitninjacli --blacklist --add=1.2.3.4
Checking if the IP is added on blacklist or whitelist:
bitninjacli --blacklist --check=1.2.3.4
bitninjacli --whitelist --check=1.2.3.4
Removing the IP from the blacklist/whitelist:
bitninjacli --blacklist --del=1.2.3.4
bitninjacli --whitelist --del=1.2.3.4
Examples:
WAF 2.0 Module
These commands are useful if your domains behind Cloudflare becomes unreachable after you enabled the Trusted Proxy module. After issuing these commands the issue will be resolved.
bitninjacli --module=SslTerminating --reload
You can reload SslTerminating haproxy.cfg, if Bitninja is running:
bitninjacli --module=SslTerminating --regenerate
You can regenerate SslTerminating haproxy.cfg, if Bitninja is running:
netstat -lntp | grep -E ~60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'
You can check whether WAF has bound itself correctly.
Malware detection/scanner module
Change FileSystem monitor temporary to AuditdD:
bitninjacli --module=MalwareDetection --use-auditd
Change FileSystem monitor temporary to Inotifywait:
bitninjacli --module=MalwareDetection --use-inotify
You can manually start the Malware scan on a specific directory:
bitninjacli --module=MalwareScanner --scan=/folder_name
You can manually stop the running malware scan.
bitninjacli--module=MalwareScanner --cancel
Other useful commands
Check the ipsets:
ipset list -n
Check whether an IP is in any of our lists:
ipset list ”name of the list” | grep 1.2.3.4
Check for the open ports (Port Honeypot) :
netstat -lntp | grep bitninja