Skip to main content

Commands Module

The commands module allows executing remote commands on servers from the Bloqd dashboard.

Available Commands

Jail Management

CommandDescriptionParameters
jail_enableStart a jailjail
jail_disableStop a jailjail

fail2ban Operations

CommandDescriptionParameters
fail2ban_reloadReload fail2ban configNone
list_jailsList active jailsNone
list_bansList banned IPsjail (optional)

IP Management

CommandDescriptionParameters
ip_banBan an IPip, jail (default: recidive)
ip_unbanUnban an IPip, jail (optional)
ip_unban_allUnban all IPsNone

Synchronization

CommandDescriptionParameters
whitelist_syncTrigger whitelist syncNone
filter_syncSync filter filesfilters[]

Configuration

CommandDescriptionParameters
config_updateUpdate jail configurationadd_jails, modify_jails, remove_jails
custom_commandExecute fail2ban-client commandcommand

Agent Management

CommandDescriptionParameters
agent_updateUpdate agent to latest versionNone
agent_uninstallUninstall the agentkeep_fail2ban

Advanced Features

CommandDescriptionParameters
terminal_startStart terminal sessionsession_id
siem_enableEnable SIEM moduleinstall_lynis
siem_disableDisable SIEM moduleNone
siem_run_auditRun security auditNone
portknock_enableEnable port knockingConfiguration
portknock_disableDisable port knockingNone

Configuration

modules:
  commands:
    enabled: true
    poll_interval: 30  # seconds
    allowed_commands:
      - jail_enable
      - jail_disable
      - fail2ban_reload
      - ip_ban
      - ip_unban
      - ip_unban_all
      - whitelist_sync
      - list_bans
      - list_jails
      - agent_update
      - agent_uninstall
      - config_update
      - custom_command
      - filter_sync
      - terminal_start
SettingDescriptionDefault
enabledEnable command executiontrue
poll_intervalHow often to poll for commands (seconds)30
allowed_commandsList of allowed command typesAll commands

How It Works

Polling Mode

  1. Agent polls server every poll_interval seconds
  2. Server returns pending commands
  3. Agent acknowledges receipt
  4. Agent executes command
  5. Agent reports result
┌─────────────────┐  GET /commands   ┌─────────────────┐
│                 │◄────────────────│                 │
│  Bloqd Server   │                  │ Commands Module │
│                 │────────────────►│                 │
└─────────────────┘  Command list    └─────────────────┘
         ▲                                    │
         │                                    │ Execute
         │                                    ▼
         │                           ┌─────────────────┐
         │        Result             │    fail2ban     │
         └───────────────────────────│   (or other)    │
                                     └─────────────────┘

WebSocket Mode

When WebSocket is enabled, commands are pushed instantly:

  1. Dashboard sends command
  2. Server pushes to agent via WebSocket
  3. Agent executes immediately
  4. Result sent back

Command Flow

Dashboard UI

     │ "Unban IP 192.168.1.100"

Bloqd Server

     │ Queue command

Commands Table

     │ Agent polls / WebSocket push

Commands Module

     │ Validate & execute

fail2ban-client

     │ Result

Commands Module

     │ Report completion

Bloqd Server

     │ Update UI

Dashboard UI

Security

Command Restrictions

  • Only commands in allowed_commands are executed
  • Default list covers common operations
  • Custom commands restricted to fail2ban-client
  • No shell injection allowed

Custom Command Safety

The custom_command handler enforces:

# Must start with fail2ban-client
if not command.startswith("fail2ban-client"):
    return error

# No command chaining
if any(c in command for c in [";", "|", "&", "`", "$("]):
    return error

Valid examples:

  • fail2ban-client status
  • fail2ban-client set sshd banip 192.168.1.100
  • fail2ban-client get sshd actions

Invalid examples:

  • rm -rf / - Not fail2ban-client
  • fail2ban-client status; cat /etc/passwd - Command chaining

Events

EventDirectionDescription
command_receivedSubscribesWebSocket command received
command_executedEmitsCommand completed
sync_requestedEmitsTriggers whitelist sync

Command Lifecycle

  1. Queued: Command created, waiting for agent
  2. Acknowledged: Agent received command
  3. Completed: Execution finished successfully
  4. Failed: Execution failed

Troubleshooting

Commands Not Executing

  1. Check agent is running:

    systemctl status bloqd-agent

  2. Check poll interval:

    grep poll_interval /etc/bloqd/agent.yaml

  3. View pending commands:

    journalctl -u bloqd-agent | grep -i command

  4. Verify command is allowed:

    grep allowed_commands /etc/bloqd/agent.yaml

Command Stuck in "Pending"

  • Agent may be offline
  • Check server connectivity
  • Restart agent

Command Failed

  1. Check result message in dashboard
  2. Common causes:
    • Jail doesn't exist
    • IP already banned/unbanned
    • fail2ban not running
    • Permission denied