#!/bin/bash ###----------------------------------------### ### ### BOA Meta Installer ### ### Copyright (C) 2010-2025 Omega8.cc ### noc@omega8.cc www.omega8.cc ### ### This program is free software. You can ### redistribute it and/or modify it under ### the terms of the GNU GPL as published by ### the Free Software Foundation, version 2 ### or later. ### ### This program is distributed in the hope ### that it will be useful, but WITHOUT ANY ### WARRANTY; without even the implied ### warranty of MERCHANTABILITY or FITNESS ### FOR A PARTICULAR PURPOSE. See the GNU GPL ### for more details. ### ### You should have received a copy of the ### GNU GPL along with this program. ### If not, see http://www.gnu.org/licenses/ ### ### Code: https://github.com/omega8cc/boa ### ###----------------------------------------### ###----------------------------------------### ### How To: run it with bash, not with sh ### ###----------------------------------------### ### ### $ wget -qO- http://files.aegir.cc/BOA.sh.txt | bash ### ###----------------------------------------### ### DON'T EDIT ANYTHING BELOW THIS LINE ### ###----------------------------------------### export HOME=/root export SHELL=/bin/bash export PATH=/usr/local/bin:/usr/local/sbin:/opt/local/bin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/libexec export _tRee=lts export _xSrl=570ltsT09 export _rLsn="BOA-5.7.12" export _bTs=570v51 ### ### Avoid too many questions ### export DEBIAN_FRONTEND=noninteractive export APT_LISTCHANGES_FRONTEND=none if [ -z "${TERM+x}" ]; then export TERM=vt100 fi _NOW=$(date +%y%m%d-%H%M%S) export _NOW=${_NOW//[^0-9-]/} _TODAY=$(date +%y%m%d) export _TODAY=${_TODAY//[^0-9]/} # _barCnf="/root/.barracuda.cnf" _crlGet="-L --max-redirs 3 -k -s --retry 9 --retry-delay 9 -A iCab" _wgetGet="--max-redirect=3 --no-check-certificate -q --tries=9 --wait=9 --user-agent='iCab'" _aptAllow="--allow-unauthenticated" _aptYesUnth="-y ${_aptAllow}" _optBin="/opt/local/bin" _usrBin="/usr/local/bin" _xpthLog="/var/xdrago/log" _pthLog="/var/log/boa" _tBn="tools/bin" _vBs="/var/backups" _boaToolsPid="${_pthLog}/updateBOAtools.${_bTs}.ctrl.${_tRee}.${_xSrl}.pid" # if [ ! -e "${_pthLog}/.migrated.txt" ] && [ -d "${_xpthLog}" ]; then mkdir -p "${_pthLog}" cp -a ${_xpthLog}/*.pid ${_pthLog}/ cp -a ${_xpthLog}/.*pid ${_pthLog}/ cp -a ${_xpthLog}/*.log ${_pthLog}/ cp -a ${_xpthLog}/*.txt ${_pthLog}/ cp -a ${_xpthLog}/usage ${_pthLog}/ cp -a ${_xpthLog}/daily ${_pthLog}/ cp -a ${_xpthLog}/core ${_pthLog}/ cp -a ${_xpthLog}/le ${_pthLog}/ touch "${_pthLog}/.migrated.txt" fi [ ! -d "${_pthLog}/usage" ] && mkdir -p "${_pthLog}/usage" [ ! -d "${_pthLog}/daily" ] && mkdir -p "${_pthLog}/daily" [ ! -d "${_pthLog}/core" ] && mkdir -p "${_pthLog}/core" [ ! -d "${_pthLog}/le" ] && mkdir -p "${_pthLog}/le" # _eldirF="0001-Print-site_footer-if-defined.patch" _eldirP="/var/xdrago/conf/${_eldirF}" # _tenCorePatchFname="drupal-ten-aegir-core-01.patch" _tenCorePatchPath="/data/conf/patches/${_tenCorePatchFname}" # _tenConsolePatchFname="drupal-ten-aegir-console-02.patch" _tenConsolePatchPath="/data/conf/patches/${_tenConsolePatchFname}" # _elevenCorePatchFname="drupal-eleven-aegir-core-01.patch" _elevenCorePatchPath="/data/conf/patches/${_elevenCorePatchFname}" # _elevenConsolePatchFname="drupal-eleven-aegir-console-02.patch" _elevenConsolePatchPath="/data/conf/patches/${_elevenConsolePatchFname}" # _elevenValidatorPatchFname="drupal-eleven-aegir-validator-03.patch" _elevenValidatorPatchPath="/data/conf/patches/${_elevenValidatorPatchFname}" # _provLeInc="provision_hosting_le.drush.inc" _provLeIncFull="/var/xdrago/conf/${_provLeInc}" # _hoLeInc="hosting_le_vhost.drush.inc" _hoLeIncFull="/var/xdrago/conf/${_hoLeInc}" # _dehydName="dehydrated" _dehydSrcPath="/var/xdrago/conf/${_dehydName}" _legacyLeSh="/var/xdrago/conf/letsencrypt.sh" _DEBUG_MODE=$([ -e "/root/.debug-barracuda-installer.cnf" ] && echo "YES" || echo "NO") _os_detection_minimal() { _APT_UPDATE="apt-get update" _OS_CODE=$(lsb_release -ar 2>/dev/null | grep -i codename | cut -s -f2) _OS_LIST="daedalus chimaera beowulf buster bullseye bookworm" for e in ${_OS_LIST}; do if [ "${e}" = "${_OS_CODE}" ]; then _APT_UPDATE="apt-get update --allow-releaseinfo-change" fi done } _apt_clean_update() { ${_APT_UPDATE} -qq &> /dev/null } _if_hosted_sys() { _hName="$(cat /etc/hostname 2>/dev/null | tr -d '\n' || hostname -f 2>/dev/null)" if [ -e "/root/.host8.cnf" ] \ || [[ "${_hName}" =~ ".aegir.cc"($) ]]; then _hostedSys=YES else _hostedSys=NO fi } # # Find server city. _find_server_city() { if [ -e "/root/.found_correct_city.cnf" ]; then _LOC_CITY=$(cat /root/.found_correct_city.cnf 2>/dev/null | tr -d '\n') else if [ -e "/root/.found_correct_ipv4.cnf" ]; then _LOC_IP=$(cat /root/.found_correct_ipv4.cnf 2>/dev/null | tr -d '\n') _LOC_CITY=$(curl ${_crlGet} ipinfo.io/${_LOC_IP}/city 2>&1) _LOC_CITY=$(echo -n ${_LOC_CITY} | tr -d "\n" 2>&1) fi if [ ! -z "${_LOC_CITY}" ]; then _LOC_CITY=$(echo "${_LOC_CITY}" | tr ' ' '+' 2>&1) echo ${_LOC_CITY} > /root/.found_correct_city.cnf fi fi } # # Find correct IP. _find_correct_ip() { if [ -e "/root/.found_correct_ipv4.cnf" ]; then _LOC_IP=$(cat /root/.found_correct_ipv4.cnf 2>/dev/null | tr -d '\n') else _LOC_IP=$(curl ${_crlGet} https://api.ipify.org | sed 's/[^0-9\.]//g') if [ -z "${_LOC_IP}" ]; then _LOC_IP=$(curl ${_crlGet} http://ipv4.icanhazip.com | sed 's/[^0-9\.]//g') fi if [ ! -z "${_LOC_IP}" ]; then echo ${_LOC_IP} > /root/.found_correct_ipv4.cnf fi fi if [ -n "${_LOC_IP}" ] && grep -qE "${_LOC_IP}\s" /etc/hosts; then cp -af /etc/hosts /etc/.was.hosts sed -i "s/^${_LOC_IP}.*//g" /etc/hosts [ -x "/etc/init.d/unbound" ] && [ ! -e "/usr/etc/unbound/unbound.conf.d" ] && mkdir -p /usr/etc/unbound/unbound.conf.d [ -x "/etc/init.d/unbound" ] && service unbound restart &> /dev/null fi } _fix_dns_settings() { [ ! -d "${_vBs}" ] && mkdir -p ${_vBs} rm -f ${_vBs}/resolv.conf.tmp if ! grep -q "BOA-DNS-Config" /etc/resolv.conf; then echo "### BOA-DNS-Config ###" > ${_vBs}/resolv.conf.tmp if [ -x "/usr/sbin/unbound" ] && [ -e "/run/unbound/unbound.pid" ]; then echo "nameserver 127.0.0.1" >> ${_vBs}/resolv.conf.tmp fi echo "nameserver 1.1.1.1" >> ${_vBs}/resolv.conf.tmp echo "nameserver 8.8.8.8" >> ${_vBs}/resolv.conf.tmp echo "nameserver 9.9.9.9" >> ${_vBs}/resolv.conf.tmp fi if [ -e "${_vBs}/resolv.conf.tmp" ]; then rm -f /etc/resolv.conf cp -a ${_vBs}/resolv.conf.tmp /etc/resolv.conf cp -a ${_vBs}/resolv.conf.tmp ${_vBs}/resolv.conf.vanilla fi if [ -x "/usr/sbin/unbound-control" ] \ && [ -e "/etc/resolvconf/run/interface/lo.unbound" ]; then unbound-control reload &> /dev/null fi } _check_dns_settings() { if [ -L "/etc/resolv.conf" ]; then _fix_dns_settings return 1 # Exit the function but continue the script fi if [ -e "/root/.use.default.nameservers.cnf" ]; then if [ -e "/root/.use.local.nameservers.cnf" ]; then rm -f /root/.use.local.nameservers.cnf fi _USE_DEFAULT_DNS=YES if ! grep -q "BOA-DNS-Config" /etc/resolv.conf; then _fix_dns_settings return 1 # Exit the function but continue the script fi fi if [ -e "/root/.use.local.nameservers.cnf" ]; then _USE_PROVIDER_DNS=YES else _REMOTE_DNS_TEST=$(host files.aegir.cc 1.1.1.1 -w 10 2>&1) if ! grep -q "BOA-DNS-Config" /etc/resolv.conf; then _fix_dns_settings return 1 # Exit the function but continue the script fi fi if [[ "${_REMOTE_DNS_TEST}" =~ "no servers could be reached" ]] \ || [[ "${_REMOTE_DNS_TEST}" =~ "Host files.aegir.cc not found" ]] \ || [ "${_USE_PROVIDER_DNS}" = "YES" ]; then _fix_dns_settings fi } _find_fast_mirror_early() { _isNetc=$(which netcat 2>&1) if [ ! -x "${_isNetc}" ] || [ -z "${_isNetc}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install netcat-traditional ${_aptYesUnth} &> /dev/null fi _ffMirr=$(which ffmirror 2>&1) if [ -x "${_ffMirr}" ]; then _ffList="/var/backups/boa-mirrors-2025-01.txt" mkdir -p /var/backups if [ ! -e "${_ffList}" ]; then echo "eu.files.aegir.cc" > ${_ffList} echo "us.files.aegir.cc" >> ${_ffList} echo "ao.files.aegir.cc" >> ${_ffList} fi if [ -e "${_ffList}" ]; then _BROKEN_FFMIRR_TEST=$(grep "stuff" ${_ffMirr} 2>&1) if [[ "${_BROKEN_FFMIRR_TEST}" =~ "stuff" ]]; then _CHECK_MIRROR=$(bash ${_ffMirr} < ${_ffList} 2>&1) _CHECK_MIRROR=$(bash ${_ffMirr} < ${_ffList} 2>&1) _USE_MIR="${_CHECK_MIRROR}" [[ "${_USE_MIR}" =~ "printf" ]] && _USE_MIR="files.aegir.cc" else _USE_MIR="files.aegir.cc" fi else _USE_MIR="files.aegir.cc" fi else _USE_MIR="files.aegir.cc" fi _urlDev="http://${_USE_MIR}/dev" _urlHmr="http://${_USE_MIR}/versions/${_tRee}/boa/aegir" } _extract_archive() { if [ ! -z "$1" ]; then case $1 in *.tar.bz2) tar xjf $1 ;; *.tar.gz) tar xzf $1 ;; *.tar.xz) tar xvf $1 ;; *.bz2) bunzip2 $1 ;; *.rar) unrar x $1 ;; *.gz) gunzip -q $1 ;; *.tar) tar xf $1 ;; *.tbz2) tar xjf $1 ;; *.tgz) tar xzf $1 ;; *.zip) unzip -qq $1 ;; *.Z) uncompress $1 ;; *.7z) 7z x $1 ;; *) echo "'$1' cannot be extracted via >extract<" ;; esac rm -f $1 fi } # # Download and extract from dev/contrib mirror. _get_dev_contrib() { if [ ! -z "$1" ]; then _max_attempts=10 _attempt_num=1 _success=0 while [ ${_attempt_num} -le ${_max_attempts} ]; do [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} of ${_max_attempts}: Downloading $1..." if curl ${_crlGet} "${_urlDev}/${_tRee}/contrib/$1" -o "$1"; then _success=1 break else [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} failed." _attempt_num=$((_attempt_num+1)) if [ "${_attempt_num}" -le "${_max_attempts}" ]; then [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Retrying in 9 seconds..." sleep 9 fi fi done if [ "${_success}" -eq 1 ]; then _extract_archive "$1" else echo "OOPS: Failed to download ${_urlDev}/${_tRee}/contrib/$1 after ${_max_attempts} attempts" return 1 # Exit the function but continue the script fi fi } # # Download and extract archive from dev/src mirror. _get_dev_src() { if [ ! -z "$1" ]; then _max_attempts=10 _attempt_num=1 _success=0 while [ ${_attempt_num} -le ${_max_attempts} ]; do [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} of ${_max_attempts}: Downloading $1..." if curl ${_crlGet} "${_urlDev}/src/$1" -o "$1"; then _success=1 break else [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} failed." _attempt_num=$((_attempt_num+1)) if [ "${_attempt_num}" -le "${_max_attempts}" ]; then [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Retrying in 9 seconds..." sleep 9 fi fi done if [ "${_success}" -eq 1 ]; then _extract_archive "$1" else echo "OOPS: Failed to download ${_urlDev}/src/$1 after ${_max_attempts} attempts" return 1 # Exit the function but continue the script fi fi } _if_clean_boa_env() { if [ ! -x "/etc/init.d/clean-boa-env" ]; then curl ${_crlGet} "${_urlHmr}/conf/var/clean-boa-env" -o /etc/init.d/clean-boa-env if [ -e "/etc/init.d/clean-boa-env" ]; then chmod 700 /etc/init.d/clean-boa-env chown root:root /etc/init.d/clean-boa-env update-rc.d clean-boa-env defaults &> /dev/null fi fi } ### ### Function to verify BOA keys ### _verify_boa_keys() { if [ -e "/root/.dev.server.cnf" ]; then echo "PROC: _verify_boa_keys in BOA.sh.txt" fi if [ "${_tRee}" = "pro" ] || [ "${_tRee}" = "dev" ]; then _if_hosted_sys _allw=NO _urlEnc="http://${_USE_MIR}/enc/2024" _encName=$(echo ${_hName} \ | openssl md5 \ | awk '{ print $2}' \ | tr -d "\n" 2>&1) if [[ "${_hName}" =~ ".aegir.cc"($) ]] \ || [[ "${_hName}" =~ ".o8.io"($) ]] \ || [[ "${_hName}" =~ ".boa.io"($) ]]; then _allw=YES fi mkdir -p /var/opt rm -f /var/opt/_encN* curl ${_crlGet} "${_urlEnc}/${_encName}" -o /var/opt/_encN.${_encName}.tmp wait echo "${_hName}.${_encName}" > /var/opt/_encN_local.${_encName}.tmp wait if [ -e "/var/opt/_encN.${_encName}.tmp" ] && [ -e "/var/opt/_encN_local.${_encName}.tmp" ]; then _diffTestIf=$(diff -w -B /var/opt/_encN.${_encName}.tmp /var/opt/_encN_local.${_encName}.tmp 2>&1) if [ ! -z "${_diffTestIf}" ] && [ "${_allw}" = "NO" ]; then echo echo "Your system requires valid license for access to ${_rLsn}-${_tRee}" echo "Please visit https://omega8.cc/licenses to purchase your own" echo if [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "/var/aegir/key/barracuda_key.txt" ]; then mkdir -p /var/aegir/key cat /var/opt/_encN_local.${_encName}.tmp > /var/aegir/key/barracuda_key.txt fi rm -f /var/opt/_encN* exit 0 else if [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "/var/aegir/key/barracuda_key.txt" ]; then mkdir -p /var/aegir/key cat /var/opt/_encN_local.${_encName}.tmp > /var/aegir/key/barracuda_key.txt fi fi else echo echo "Your system requires valid license to use this BOA version (${_tRee})" echo "Unfortunately it was not possible to verify your system status" echo "Please contact our support but visit https://omega8.cc/licenses first" echo exit 0 fi fi } _locales_check_fix_early() { _isLoc=$(which locale 2>&1) if [ ! -x "${_isLoc}" ] || [ -z "${_isLoc}" ]; then _INITINS="/usr/bin/apt-get ${_aptAllow} -y install" apt-get update -qq &> /dev/null ${_INITINS} locales locales-all &> /dev/null fi _LOC_TEST=$(locale 2>&1) if [[ "${_LOC_TEST}" =~ LANG=.*UTF-8 ]]; then _LOCALE_TEST=OK fi if [[ "${_LOC_TEST}" =~ "Cannot" ]]; then _LOCALE_TEST=BROKEN fi if [ "${_LOCALE_TEST}" = "BROKEN" ]; then _LOCALE_GEN_TEST=$(grep -v "^#" /etc/locale.gen 2>&1) if [[ ! "${_LOCALE_GEN_TEST}" =~ "en_US.UTF-8 UTF-8" ]]; then echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen fi sed -i "/^$/d" /etc/locale.gen locale-gen &> /dev/null locale-gen en_US.UTF-8 &> /dev/null # Explicitly enforce all locale settings update-locale \ LANG=en_US.UTF-8 \ LC_CTYPE=en_US.UTF-8 \ LC_COLLATE=POSIX \ LC_NUMERIC=POSIX \ LC_TIME=en_US.UTF-8 \ LC_MONETARY=en_US.UTF-8 \ LC_MESSAGES=en_US.UTF-8 \ LC_PAPER=en_US.UTF-8 \ LC_NAME=en_US.UTF-8 \ LC_ADDRESS=en_US.UTF-8 \ LC_TELEPHONE=en_US.UTF-8 \ LC_MEASUREMENT=en_US.UTF-8 \ LC_IDENTIFICATION=en_US.UTF-8 \ LC_ALL= &> /dev/null # Define all locale settings on the fly to prevent unnecessary # warnings during installation of packages. export LANG=en_US.UTF-8 &> /dev/null export LC_CTYPE=en_US.UTF-8 &> /dev/null export LC_COLLATE=POSIX &> /dev/null export LC_NUMERIC=POSIX &> /dev/null export LC_TIME=en_US.UTF-8 &> /dev/null export LC_MONETARY=en_US.UTF-8 &> /dev/null export LC_MESSAGES=en_US.UTF-8 &> /dev/null export LC_PAPER=en_US.UTF-8 &> /dev/null export LC_NAME=en_US.UTF-8 &> /dev/null export LC_ADDRESS=en_US.UTF-8 &> /dev/null export LC_TELEPHONE=en_US.UTF-8 &> /dev/null export LC_MEASUREMENT=en_US.UTF-8 &> /dev/null export LC_IDENTIFICATION=en_US.UTF-8 &> /dev/null export LC_ALL= &> /dev/null else _LOCALE_GEN_TEST=$(grep -v "^#" /etc/locale.gen 2>&1) if [[ ! "${_LOCALE_GEN_TEST}" =~ "en_US.UTF-8 UTF-8" ]]; then echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen fi sed -i "/^$/d" /etc/locale.gen locale-gen &> /dev/null locale-gen en_US.UTF-8 &> /dev/null # Explicitly enforce locale settings required for consistency update-locale \ LANG=en_US.UTF-8 \ LC_CTYPE=en_US.UTF-8 \ LC_COLLATE=POSIX \ LC_NUMERIC=POSIX \ LC_ALL= &> /dev/null # Define locale settings required for consistency also on the fly export LC_COLLATE=POSIX &> /dev/null export LC_NUMERIC=POSIX &> /dev/null export LC_ALL= &> /dev/null fi _LOCALES_BASHRC_TEST=$(grep LC_COLLATE /root/.bashrc 2>&1) if [[ ! "${_LOCALES_BASHRC_TEST}" =~ "LC_COLLATE" ]]; then printf "\n" >> /root/.bashrc echo "export LANG=en_US.UTF-8" >> /root/.bashrc echo "export LC_CTYPE=en_US.UTF-8" >> /root/.bashrc echo "export LC_COLLATE=POSIX" >> /root/.bashrc echo "export LC_NUMERIC=POSIX" >> /root/.bashrc echo "export LC_TIME=en_US.UTF-8" >> /root/.bashrc echo "export LC_MONETARY=en_US.UTF-8" >> /root/.bashrc echo "export LC_MESSAGES=en_US.UTF-8" >> /root/.bashrc echo "export LC_PAPER=en_US.UTF-8" >> /root/.bashrc echo "export LC_NAME=en_US.UTF-8" >> /root/.bashrc echo "export LC_ADDRESS=en_US.UTF-8" >> /root/.bashrc echo "export LC_TELEPHONE=en_US.UTF-8" >> /root/.bashrc echo "export LC_MEASUREMENT=en_US.UTF-8" >> /root/.bashrc echo "export LC_IDENTIFICATION=en_US.UTF-8" >> /root/.bashrc echo "export LC_ALL=" >> /root/.bashrc printf "\n" >> /root/.bashrc fi } _if_fix_iptables_symlinks() { ### ### Fix for iptables paths backward compatibility ### if [ -x "/sbin/iptables" ] && [ ! -e "/usr/sbin/iptables" ]; then ln -sfn /sbin/iptables /usr/sbin/iptables fi if [ -x "/usr/sbin/iptables" ] && [ ! -e "/sbin/iptables" ]; then ln -sfn /usr/sbin/iptables /sbin/iptables fi if [ -x "/sbin/iptables-save" ] && [ ! -e "/usr/sbin/iptables-save" ]; then ln -sfn /sbin/iptables-save /usr/sbin/iptables-save fi if [ -x "/usr/sbin/iptables-save" ] && [ ! -e "/sbin/iptables-save" ]; then ln -sfn /usr/sbin/iptables-save /sbin/iptables-save fi if [ -x "/sbin/iptables-restore" ] && [ ! -e "/usr/sbin/iptables-restore" ]; then ln -sfn /sbin/iptables-restore /usr/sbin/iptables-restore fi if [ -x "/usr/sbin/iptables-restore" ] && [ ! -e "/sbin/iptables-restore" ]; then ln -sfn /usr/sbin/iptables-restore /sbin/iptables-restore fi if [ -x "/sbin/ip6tables" ] && [ ! -e "/usr/sbin/ip6tables" ]; then ln -sfn /sbin/ip6tables /usr/sbin/ip6tables fi if [ -x "/usr/sbin/ip6tables" ] && [ ! -e "/sbin/ip6tables" ]; then ln -sfn /usr/sbin/ip6tables /sbin/ip6tables fi if [ -x "/sbin/ip6tables-save" ] && [ ! -e "/usr/sbin/ip6tables-save" ]; then ln -sfn /sbin/ip6tables-save /usr/sbin/ip6tables-save fi if [ -x "/usr/sbin/ip6tables-save" ] && [ ! -e "/sbin/ip6tables-save" ]; then ln -sfn /usr/sbin/ip6tables-save /sbin/ip6tables-save fi if [ -x "/sbin/ip6tables-restore" ] && [ ! -e "/usr/sbin/ip6tables-restore" ]; then ln -sfn /sbin/ip6tables-restore /usr/sbin/ip6tables-restore fi if [ -x "/usr/sbin/ip6tables-restore" ] && [ ! -e "/sbin/ip6tables-restore" ]; then ln -sfn /usr/sbin/ip6tables-restore /sbin/ip6tables-restore fi ### ### Fix for iptables paths backward compatibility ### } ### ### Prefer Devuan APT sources ### _prefer_devuan_repositories() { # Prefer Devuan; force base-files from Devuan (handles lower version vs Debian). mkdir -p /etc/apt/preferences.d cat >/etc/apt/preferences.d/99-prefer-devuan <<'EOF' Package: * Pin: release o=Devuan Pin-Priority: 700 Package: base-files Pin: release o=Devuan Pin-Priority: 1001 EOF _apt_clean_update } # --- internal: print message only in debug mode _msg() { if [ "${_DEBUG_MODE}" = "YES" ]; then echo "[virt-what-fix] $*" fi } # --- internal: run virt-what under strace and parse the helper's exec path _discover_with_strace() { local _path_found="" if ! command -v strace >/dev/null 2>&1; then _msg "strace not available, skipping strace-based discovery" echo "" return 0 fi # Temporarily extend PATH so virt-what can exec the helper for strace to see. PATH="${PATH}:${_CANDIDATE_PATHS}" strace -f -qq -e trace=execve -o "${_TRACE}" virt-what >/dev/null 2>&1 # mawk-safe parsing: pull the first quoted arg from execve("…") and check suffix if [ -s "${_TRACE}" ]; then _path_found=$( awk -v n="${_HELPER_NAME}" ' /execve\("/ { # Find start of execve(" then extract up to next quote i = index($0, "execve(\"") if (i) { s = substr($0, i + 8) # after execve(" j = index(s, "\"") if (j) { p = substr(s, 1, j - 1) # the path inside quotes if (p ~ ("/" n "$")) { print p; exit } } } } ' "${_TRACE}" ) fi rm -f "${_TRACE}" if [ -n "${_path_found}" ] && [ -x "${_path_found}" ]; then _msg "strace discovered helper at: ${_path_found}" echo "${_path_found}" return 0 fi _msg "strace discovery failed" echo "" return 0 } # --- internal: dpkg-based discovery (Debian/Devuan) _discover_with_dpkg() { local _p="" if command -v dpkg >/dev/null 2>&1; then _p=$(dpkg -L virt-what 2>/dev/null | grep -E "/${_HELPER_NAME}$" | head -n1) if [ -n "${_p}" ] && [ -x "${_p}" ]; then _msg "dpkg discovered helper at: ${_p}" echo "${_p}" return 0 fi fi echo "" return 0 } # --- internal: filesystem search fallback (bounded) _discover_with_find() { local _p="" # Keep it bounded to /usr to stay fast/noisy-free. _p=$(find /usr -maxdepth 4 -type f -name "${_HELPER_NAME}" 2>/dev/null | head -n1) if [ -n "${_p}" ] && [ -x "${_p}" ]; then _msg "find discovered helper at: ${_p}" echo "${_p}" return 0 fi echo "" return 0 } # --- main: ensure symlink _ensure_virt_what_helper_symlink() { # If the symlink already exists and is working, nothing to do. if [ -L "${_SYMLINK}" ] && [ -x "${_SYMLINK}" ] && [ -e "$(readlink -f "${_SYMLINK}")" ]; then _msg "Symlink already present and valid: ${_SYMLINK} -> $(readlink -f "${_SYMLINK}")" return 0 fi local _helper_path="" _helper_path="$(_discover_with_strace)" if [ -z "${_helper_path}" ]; then _helper_path="$(_discover_with_dpkg)" fi if [ -z "${_helper_path}" ]; then _helper_path="$(_discover_with_find)" fi if [ -z "${_helper_path}" ]; then echo "ERROR: Could not locate ${_HELPER_NAME} anywhere under /usr." 1>&2 return 1 fi # Safety: if a non-symlink file already exists at the target, back it up once. if [ -e "${_SYMLINK}" ] && [ ! -L "${_SYMLINK}" ]; then _msg "Backing up existing non-symlink at ${_SYMLINK} to ${_SYMLINK}.orig" mv -f "${_SYMLINK}" "${_SYMLINK}.orig" fi ln -sfn "${_helper_path}" "${_SYMLINK}" if [ -x "${_SYMLINK}" ]; then _msg "Symlink created: ${_SYMLINK} -> ${_helper_path}" return 0 else echo "ERROR: Failed to create working symlink ${_SYMLINK} -> ${_helper_path}" 1>&2 return 2 fi } ### ### Fix VM system detection ### _fix_virt_what() { _VIRT_TEST=$(which virt-what) if [ -n "${_VIRT_TEST}" ] && [ -x "${_VIRT_TEST}" ]; then _SHELL_TEST_A=$(grep -I -o "\#\!.*/usr/bin/sh" ${_VIRT_TEST} 2>&1) _SHELL_TEST_B=$(grep -I -o "\#\!.*/bin/sh" ${_VIRT_TEST} 2>&1) if [[ "${_SHELL_TEST_A}" =~ "/usr/bin/sh" ]]; then sed -i "s/\/usr\/bin\/sh/\/bin\/dash/g" ${_VIRT_TEST} fi if [[ "${_SHELL_TEST_B}" =~ "/bin/sh" ]]; then sed -i "s/\/bin\/sh/\/bin\/dash/g" ${_VIRT_TEST} fi _HELPER_NAME="virt-what-cpuid-helper" _SYMLINK="/usr/sbin/${_HELPER_NAME}" _TRACE="/tmp/virtwhat.$$.strace" # Extra dirs we temporarily expose to PATH so virt-what can exec the helper for strace discovery _CANDIDATE_PATHS="/usr/libexec:/usr/lib/x86_64-linux-gnu:/usr/lib64/virt-what:/usr/lib/virt-what" if [ ! -e "${_SYMLINK}" ]; then echo "INFO: virt-what tool requires small update, fixing..." if ! command -v strace &> /dev/null; then _apt_clean_update apt-get install strace ${_aptYesUnth} fi _ensure_virt_what_helper_symlink fi fi } ### ### Fix or install VM system detection ### _fix_or_install_virt_what() { _VIRT_TEST=$(which virt-what) if [ -n "${_VIRT_TEST}" ] && [ -x "${_VIRT_TEST}" ]; then _fix_virt_what else echo "INFO: installing required virt-what tool ..." if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install virt-what ${_aptYesUnth} wait _fix_virt_what fi } ### ### Make local OpenSSL new/legacy ssl/certs symlinked to system ssl/certs ### _fix_sync_system_ssl_certs() { if [ -e "/etc/ssl/certs/ca-certificates.crt" ] \ && [ ! -e "/usr/local/ssl3/.old-certs" ] \ && [ -d "/usr/local/ssl3/certs" ] \ && [ ! -L "/usr/local/ssl3/certs" ]; then mv -f /usr/local/ssl3/certs /usr/local/ssl3/.old-certs ln -sfn /etc/ssl/certs /usr/local/ssl3/certs fi if [ -e "/etc/ssl/certs/ca-certificates.crt" ] \ && [ ! -e "/usr/local/ssl/.old-certs" ] \ && [ -d "/usr/local/ssl/certs" ] \ && [ ! -L "/usr/local/ssl/certs" ]; then mv -f /usr/local/ssl/certs /usr/local/ssl/.old-certs ln -sfn /etc/ssl/certs /usr/local/ssl/certs fi } _update_agents() { _if_hosted_sys if [ "${_hostedSys}" = "YES" ]; then if [ ! -e "/root/.extended.firewall.exceptions.cnf" ]; then echo host8 > /root/.extended.firewall.exceptions.cnf fi fi if [ "${_VMFAMILY}" = "HOSTED" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -d "/data/u" ] \ && [ -e "/var/xdrago" ]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ON > /root/.fast.cron.cnf _PrTestPower=$(grep "POWER" /root/.*.octopus.cnf 2>&1) _PrTestPhantom=$(grep "PHANTOM" /root/.*.octopus.cnf 2>&1) _PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) InTest=$(ls /data/disk/*/static/control/cli.info | wc -l 2>&1) _SQL_PSWD=$(cat /root/.my.pass.txt 2>/dev/null | tr -d '\n') if [ "${InTest}" -lt 9 ] \ && [[ ! "${_PrTestPower}" =~ "POWER" ]] \ && [[ ! "${_PrTestPhantom}" =~ "PHANTOM" ]] \ && [[ ! "${_PrTestCluster}" =~ "CLUSTER" ]]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && [ ! -e "/root/.slow.cron.cnf.protected" ] && rm -f /root/.slow.cron.cnf [ -e "/root/.tg.cnf" ] && rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 555;" mysql -u root -e "SET GLOBAL max_connections = 111;" mysql -u root -e "SET GLOBAL max_user_connections = 111;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -ge 9 ] && [ "${InTest}" -le 50 ]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && [ ! -e "/root/.slow.cron.cnf.protected" ] && rm -f /root/.slow.cron.cnf [ -e "/root/.tg.cnf" ] && rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 777;" mysql -u root -e "SET GLOBAL max_connections = 555;" mysql -u root -e "SET GLOBAL max_user_connections = 111;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -gt 50 ]; then [ -e "/root/.fast.cron.cnf" ] && rm -f /root/.fast.cron.cnf [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.hr.monitor.cnf" ] && echo ${InTest} > /root/.hr.monitor.cnf [ ! -e "/root/.slow.cron.cnf" ] && echo ${InTest} > /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 999;" mysql -u root -e "SET GLOBAL max_connections = 777;" mysql -u root -e "SET GLOBAL max_user_connections = 111;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${_PrTestPower}" =~ "POWER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && [ ! -e "/root/.slow.cron.cnf.protected" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 555;" mysql -u root -e "SET GLOBAL max_connections = 333;" mysql -u root -e "SET GLOBAL max_user_connections = 111;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${_PrTestPhantom}" =~ "PHANTOM" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && [ ! -e "/root/.slow.cron.cnf.protected" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 777;" mysql -u root -e "SET GLOBAL max_connections = 555;" mysql -u root -e "SET GLOBAL max_user_connections = 333;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${_PrTestCluster}" =~ "CLUSTER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && [ ! -e "/root/.slow.cron.cnf.protected" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 999;" mysql -u root -e "SET GLOBAL max_connections = 777;" mysql -u root -e "SET GLOBAL max_user_connections = 555;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi mysql -u root -e "SET GLOBAL optimizer_switch='derived_merge=off';" mysql -u root -e "SET GLOBAL sort_buffer_size = 262144;" if [ -e "/root/.tg.cnf" ]; then if [ ! -e "/root/.fixed_fpm_workers.pid" ]; then sed -i "s/^_PHP_FPM_WORKERS=.*/_PHP_FPM_WORKERS=100/g" ${_barCnf} touch /root/.fixed_fpm_workers.pid fi fi if [ ! -e "/root/.high_traffic.cnf" ]; then echo ${InTest} > /root/.high_traffic.cnf echo ${InTest} > /root/.no.swap.clear.cnf fi [ -e "/root/.randomize_duplicity_full_backup_day.cnf" ] && rm -f /root/.randomize_duplicity_full_backup_day.cnf [ -e "/root/.skip_duplicity_monthly_cleanup.cnf" ] && rm -f /root/.skip_duplicity_monthly_cleanup.cnf [ -e "/root/.my.batch_innodb.cnf" ] && rm -f /root/.my.batch_innodb.cnf [ -e "/root/.batch_innodb.cnf" ] && rm -f /root/.batch_innodb.cnf [ -e "/root/.force.drupalgeddon.cnf" ] && rm -f /root/.force.drupalgeddon.cnf [ -e "/root/.skip_cleanup.cnf" ] && rm -f /root/.skip_cleanup.cnf [ -e "/root/.giant_traffic.cnf" ] && rm -f /root/.giant_traffic.cnf [ -e "/root/.default.cnf" ] && rm -f /root/.default.cnf [ -e "/root/.debug.cnf" ] && rm -f /root/.debug.cnf if [ -e "/data/conf/override.global.inc" ] \ && [ ! -e "/data/conf/.prev6.override.global.inc.off" ]; then mv -f /data/conf/override.global.inc /data/conf/.prev6.override.global.inc.off fi # if [ ! -e "/data/conf/override.global.inc" ]; then # echo " /data/conf/override.global.inc.tmp # echo "" >> /data/conf/override.global.inc.tmp # echo "\$use_redis = TRUE;" >> /data/conf/override.global.inc.tmp # chmod 644 /data/conf/override.global.inc.tmp # mv -f /data/conf/override.global.inc.tmp /data/conf/override.global.inc # fi fi if [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then _pthCtrl="/root/.remote_backups/ctrl" if [ "${_tRee}" = "pro" ] || [ "${_tRee}" = "dev" ]; then [ ! -e "${_pthCtrl}" ] && mkdir -p ${_pthCtrl} [ ! -e "/root/.remote_backups/run" ] && mkdir -p /root/.remote_backups/run else rm -rf /root/.remote_backups fi [ ! -e "/var/xdrago/monitor/check" ] && mkdir -p /var/xdrago/monitor/check [ ! -e "/var/xdrago/monitor/log" ] && mkdir -p /var/xdrago/monitor/log if [ ! -e "${_pthLog}/.force.f92.${_tRee}.${_xSrl}.ctrl" ]; then rm -f ${_pthLog}/*.ctrl.*.pid touch ${_pthLog}/.force.f92.${_tRee}.${_xSrl}.ctrl fi [ ! -e "/var/xdrago/checksql.pl" ] && rm -f ${_pthLog}/checksql.pl.ctrl.*.pid [ ! -e "/var/xdrago/clear.sh" ] && rm -f ${_pthLog}/clear.sh.ctrl.*.pid [ ! -e "/var/xdrago/daily.sh" ] && rm -f ${_pthLog}/daily.sh.ctrl.*.pid [ ! -e "/var/xdrago/graceful.sh" ] && rm -f ${_pthLog}/graceful.sh.ctrl.*.pid [ ! -e "/var/xdrago/guest-fire.sh" ] && rm -f ${_pthLog}/guest-fire.sh.ctrl.*.pid [ ! -e "/var/xdrago/guest-water.sh" ] && rm -f ${_pthLog}/guest-water.sh.ctrl.*.pid [ ! -e "/var/xdrago/ip_access.sh" ] && rm -f ${_pthLog}/ip_access.sh.ctrl.*.pid [ ! -e "/var/xdrago/manage_ltd_users.sh" ] && rm -f ${_pthLog}/manage_ltd_users.sh.ctrl.*.pid [ ! -e "/var/xdrago/manage_solr_config.sh" ] && rm -f ${_pthLog}/manage_solr_config.sh.ctrl.*.pid [ ! -e "/var/xdrago/minute.sh" ] && rm -f ${_pthLog}/minute.sh.ctrl.*.pid [ ! -e "/var/xdrago/move_sql.sh" ] && rm -f ${_pthLog}/move_sql.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_backup.sh" ] && rm -f ${_pthLog}/mysql_backup.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_cleanup.sh" ] && rm -f ${_pthLog}/mysql_cleanup.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_cluster_backup.sh" ] && rm -f ${_pthLog}/mysql_cluster_backup.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_repair.sh" ] && rm -f ${_pthLog}/mysql_repair.sh.ctrl.*.pid [ ! -e "/var/xdrago/proc_num_ctrl.pl" ] && rm -f ${_pthLog}/proc_num_ctrl.pl.ctrl.*.pid [ ! -e "/var/xdrago/purge_binlogs.sh" ] && rm -f ${_pthLog}/purge_binlogs.sh.ctrl.*.pid [ ! -e "/var/xdrago/runner.sh" ] && rm -f ${_pthLog}/runner.sh.ctrl.*.pid [ ! -e "/var/xdrago/second.sh" ] && rm -f ${_pthLog}/second.sh.ctrl.*.pid [ ! -e "/var/xdrago/usage.sh" ] && rm -f ${_pthLog}/usage.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/java.sh" ] && rm -f ${_pthLog}/java.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/mysql.sh" ] && rm -f ${_pthLog}/mysql.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/nginx.sh" ] && rm -f ${_pthLog}/nginx.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/php.sh" ] && rm -f ${_pthLog}/php.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/valkey.sh" ] && rm -f ${_pthLog}/valkey.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/redis.sh" ] && rm -f ${_pthLog}/redis.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/scan_nginx.sh" ] && rm -f ${_pthLog}/scan_nginx.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/system.sh" ] && rm -f ${_pthLog}/system.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/unbound.sh" ] && rm -f ${_pthLog}/unbound.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/escapecheck.pl" ] && rm -f ${_pthLog}/escapecheck.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/hackcheck.pl" ] && rm -f ${_pthLog}/hackcheck.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/hackftp.pl" ] && rm -f ${_pthLog}/hackftp.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/locked_java.pl" ] && rm -f ${_pthLog}/locked_java.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/locked_nginx.pl" ] && rm -f ${_pthLog}/locked_nginx.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/scan_nginx.pl" ] && rm -f ${_pthLog}/scan_nginx.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/segfault_alert.pl" ] && rm -f ${_pthLog}/segfault_alert.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/sqlcheck.pl" ] && rm -f ${_pthLog}/sqlcheck.pl.ctrl.*.pid [ -e "/var/xdrago/proc_num_ctrl.cgi" ] && rm -f /var/xdrago/proc_num_ctrl.cgi [ -e "/var/xdrago/checksql.cgi" ] && rm -f /var/xdrago/checksql.cgi [ -e "/var/xdrago/mysql_hourly.sh" ] && rm -f /var/xdrago/mysql_hourly.sh [ -e "/var/xdrago/monitor/check/sqlcheck" ] && rm -f ${_pthLog}/*.ctrl.*.pid [ -e "/var/xdrago/monitor/check/sqlcheck" ] && rm -f /var/xdrago/monitor/check/* [ -e "/var/xdrago/monitor/hackcheck.archive.log" ] && rm -f /var/xdrago/monitor/.scan_nginx_arch* [ -e "/var/xdrago/monitor/hackcheck.archive.log" ] && mv -f /var/xdrago/monitor/*.log /var/xdrago/monitor/log/ fi if [ -e "/root/.remote_backups/schedule/backup_schedule.txt" ] \ && [ -d "/var/aegir/drush" ]; then if grep -q "Out of memory: Killed process.*duplicity" /var/log/iptables.log; then if [ ! -e "/root/.remote_backups/schedule/backup_schedule.txt-off" ]; then cp -a /root/.remote_backups/schedule/backup_schedule.txt /root/.remote_backups/schedule/backup_schedule.txt-off echo "# Backup schedule (service user) OFF" > /root/.remote_backups/schedule/backup_schedule.txt chattr +i /root/.remote_backups/schedule/backup_schedule.txt fi else if [ -e "/root/.remote_backups/schedule/backup_schedule.txt-off" ]; then chattr -i /root/.remote_backups/schedule/backup_schedule.txt rm -f /root/.remote_backups/schedule/backup_schedule.txt mv /root/.remote_backups/schedule/backup_schedule.txt-off /root/.remote_backups/schedule/backup_schedule.txt fi fi if [ "$(pgrep -fc duplicity)" -gt 0 ] \ && [ "$(pgrep -fc dcysetup)" -lt 1 ] \ && [ "$(pgrep -fc mybackup)" -lt 1 ] \ && [ "$(pgrep -fc multiback)" -lt 1 ]; then pkill -9 -f duplicity rm -rf /tmp/duplicity* rm -rf /root/.cache/duplicity/*/duplicity-*tempdir rm -f /root/.cache/duplicity/*/lockfile echo "$(date) Orphaned duplicity processes killed" >> /var/log/duplicity-cleanup.log fi fi if ! grep -q "OFF" ${_optBin}/lock.inc; then rm -f ${_pthLog}/lock.inc.sh.ctrl.* fi if [ ! -e "${_optBin}/lock.inc" ] \ || [ ! -e "${_pthLog}/lock.inc.sh.ctrl.f98.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc foobar) if (( _CNT > 0 )); then echo "The foobar is running!" else if [ -e "${_optBin}/lock.inc" ]; then mv -f ${_optBin}/lock.inc ${_optBin}/lock.inc.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/lock.inc" -o ${_optBin}/lock.inc if [ -e "${_optBin}/lock.inc" ]; then chmod 700 ${_optBin}/lock.inc chown root:root ${_optBin}/lock.inc touch ${_pthLog}/lock.inc.sh.ctrl.f98.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/lock.inc.old" ]; then mv -f ${_optBin}/lock.inc.old ${_optBin}/lock.inc fi fi fi fi if [ ! -e "${_optBin}/vmnetfix" ] \ || [ ! -e "${_pthLog}/vmnetfix.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc vmnetfix) if (( _CNT > 0 )); then echo "The vmnetfix is running!" else if [ ! -e "/etc/init.d/networking" ]; then mkdir -p /etc/init.d curl ${_crlGet} "${_urlHmr}/conf/network/networking" -o /etc/init.d/networking chmod 0755 /etc/init.d/networking chown root:root /etc/init.d/networking update-rc.d networking defaults >/dev/null 2>&1 || true fi if [ -e "${_optBin}/vmnetfix" ]; then mv -f ${_optBin}/vmnetfix ${_optBin}/vmnetfix.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/vmnetfix" -o ${_optBin}/vmnetfix if [ -e "${_optBin}/vmnetfix" ]; then chmod 700 ${_optBin}/vmnetfix chown root:root ${_optBin}/vmnetfix touch ${_pthLog}/vmnetfix.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/vmnetfix.old" ]; then mv -f ${_optBin}/vmnetfix.old ${_optBin}/vmnetfix fi fi fi fi if [ ! -e "${_optBin}/aptcleanup" ] \ || [ ! -e "${_pthLog}/aptcleanup.sh.ctrl.f97.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc aptcleanup) if (( _CNT > 0 )); then echo "The aptcleanup is running!" else if [ -e "${_optBin}/aptcleanup" ]; then mv -f ${_optBin}/aptcleanup ${_optBin}/aptcleanup.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/aptcleanup" -o ${_optBin}/aptcleanup if [ -e "${_optBin}/aptcleanup" ]; then chmod 700 ${_optBin}/aptcleanup chown root:root ${_optBin}/aptcleanup touch ${_pthLog}/aptcleanup.sh.ctrl.f97.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/aptcleanup.old" ]; then mv -f ${_optBin}/aptcleanup.old ${_optBin}/aptcleanup fi fi fi fi if [ ! -e "${_optBin}/loadguard" ] \ || [ ! -e "${_pthLog}/loadguard.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc xloadguard) if (( _CNT > 0 )); then echo "The xloadguard is running!" else if [ -e "${_optBin}/loadguard" ]; then mv -f ${_optBin}/loadguard ${_optBin}/loadguard.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/loadguard" -o ${_optBin}/loadguard if [ -e "${_optBin}/loadguard" ]; then chmod 700 ${_optBin}/loadguard chown root:root ${_optBin}/loadguard touch ${_pthLog}/loadguard.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/loadguard.old" ]; then mv -f ${_optBin}/loadguard.old ${_optBin}/loadguard fi fi fi fi if [ ! -e "${_optBin}/ffdevuan" ] \ || [ ! -e "${_pthLog}/ffdevuan.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc xffdevuan) if (( _CNT > 0 )); then echo "The xffdevuan is running!" else if [ -e "${_optBin}/ffdevuan" ]; then mv -f ${_optBin}/ffdevuan ${_optBin}/ffdevuan.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/ffdevuan" -o ${_optBin}/ffdevuan if [ -e "${_optBin}/ffdevuan" ]; then chmod 700 ${_optBin}/ffdevuan chown root:root ${_optBin}/ffdevuan touch ${_pthLog}/ffdevuan.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/ffdevuan.old" ]; then mv -f ${_optBin}/ffdevuan.old ${_optBin}/ffdevuan fi fi fi fi if [ ! -e "${_optBin}/webserver" ] \ || [ ! -e "${_pthLog}/webserver.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc xwebserver) if (( _CNT > 0 )); then echo "The xwebserver is running!" else if [ -e "${_optBin}/webserver" ]; then mv -f ${_optBin}/webserver ${_optBin}/webserver.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/webserver" -o ${_optBin}/webserver if [ -e "${_optBin}/webserver" ]; then chmod 700 ${_optBin}/webserver chown root:root ${_optBin}/webserver touch ${_pthLog}/webserver.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/webserver.old" ]; then mv -f ${_optBin}/webserver.old ${_optBin}/webserver fi fi fi fi if [ ! -e "${_optBin}/boa" ] \ || [ ! -e "${_pthLog}/boa.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc /local/bin/boa) if (( _CNT > 0 )); then echo "The boa is running!" else if [ -e "${_optBin}/boa" ]; then mv -f ${_optBin}/boa ${_optBin}/boa.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/boa" -o ${_optBin}/boa if [ -e "${_optBin}/boa" ]; then chmod 700 ${_optBin}/boa chown root:root ${_optBin}/boa touch ${_pthLog}/boa.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/boa.old" ]; then mv -f ${_optBin}/boa.old ${_optBin}/boa fi fi fi fi if [ ! -e "${_optBin}/barracuda" ] \ || [ ! -e "${_pthLog}/barracuda.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc /local/bin/barracuda) if (( _CNT > 0 )); then echo "The barracuda is running!" else if [ -e "${_optBin}/barracuda" ]; then mv -f ${_optBin}/barracuda ${_optBin}/barracuda.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/barracuda" -o ${_optBin}/barracuda if [ -e "${_optBin}/barracuda" ]; then chmod 700 ${_optBin}/barracuda chown root:root ${_optBin}/barracuda touch ${_pthLog}/barracuda.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/barracuda.old" ]; then mv -f ${_optBin}/barracuda.old ${_optBin}/barracuda fi fi fi fi if [ ! -e "${_optBin}/octopus" ] \ || [ ! -e "${_pthLog}/octopus.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc /local/bin/octopus) if (( _CNT > 0 )); then echo "The octopus is running!" else if [ -e "${_optBin}/octopus" ]; then mv -f ${_optBin}/octopus ${_optBin}/octopus.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/octopus" -o ${_optBin}/octopus if [ -e "${_optBin}/octopus" ]; then chmod 700 ${_optBin}/octopus chown root:root ${_optBin}/octopus touch ${_pthLog}/octopus.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/octopus.old" ]; then mv -f ${_optBin}/octopus.old ${_optBin}/octopus fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/backboa.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc duplicity) if (( _CNT > 0 )); then echo "The duplicity backup is running!" else if [ -e "${_optBin}/backboa" ]; then mv -f ${_optBin}/backboa ${_optBin}/backboa.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/backboa" -o ${_optBin}/backboa if [ -e "${_optBin}/backboa" ]; then chmod 700 ${_optBin}/backboa chown root:root ${_optBin}/backboa touch ${_pthLog}/backboa.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/backboa.old" ]; then mv -f ${_optBin}/backboa.old ${_optBin}/backboa fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/duobackboa.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc duplicity) if (( _CNT > 0 )); then echo "The duplicity backup is running!" else if [ -e "${_optBin}/duobackboa" ]; then mv -f ${_optBin}/duobackboa ${_optBin}/duobackboa.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/duobackboa" -o ${_optBin}/duobackboa if [ -e "${_optBin}/duobackboa" ]; then chmod 700 ${_optBin}/duobackboa chown root:root ${_optBin}/duobackboa touch ${_pthLog}/duobackboa.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/duobackboa.old" ]; then mv -f ${_optBin}/duobackboa.old ${_optBin}/duobackboa fi fi fi fi if [ -e "/root/.remote_backups/schedule/backup_schedule.txt" ]; then _BROKEN_UPDATE_TEST=$(grep "Under Construction" /root/.remote_backups/run/*.sh 2>&1) if [ ! -z "${_BROKEN_UPDATE_TEST}" ]; then rm -f ${_pthCtrl}/*.pid fi _BROKEN_UPDATE_TEST=$(grep "404 Not Found" /root/.remote_backups/run/*.sh 2>&1) if [ ! -z "${_BROKEN_UPDATE_TEST}" ]; then rm -f ${_pthCtrl}/*.pid fi fi if [ -e "/root/.remote_backups/schedule/backup_schedule.txt" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/dcysetup.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc duplicity) if (( _CNT > 0 )); then echo "The duplicity backup is running!" else if [ -e "${_optBin}/dcysetup" ]; then mv -f ${_optBin}/dcysetup ${_optBin}/dcysetup.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/dcysetup" -o ${_optBin}/dcysetup if [ -e "${_optBin}/dcysetup" ]; then chmod 700 ${_optBin}/dcysetup chown root:root ${_optBin}/dcysetup touch ${_pthCtrl}/dcysetup.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/dcysetup.old" ]; then mv -f ${_optBin}/dcysetup.old ${_optBin}/dcysetup fi fi fi fi if [ -e "/root/.remote_backups/schedule/backup_schedule.txt" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/multiback.sh.ctrl.f37.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc duplicity) if (( _CNT > 0 )); then echo "The duplicity backup is running!" else if [ -e "${_optBin}/multiback" ]; then mv -f ${_optBin}/multiback ${_optBin}/multiback.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/multiback" -o ${_optBin}/multiback if [ -e "${_optBin}/multiback" ]; then chmod 700 ${_optBin}/multiback chown root:root ${_optBin}/multiback touch ${_pthCtrl}/multiback.sh.ctrl.f37.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/multiback.old" ]; then mv -f ${_optBin}/multiback.old ${_optBin}/multiback fi fi fi fi if [ -e "/root/.remote_backups/schedule/backup_schedule.txt" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/mybackup.sh.ctrl.f37.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc duplicity) if (( _CNT > 0 )); then echo "The duplicity backup is running!" else if [ -e "${_optBin}/mybackup" ]; then mv -f ${_optBin}/mybackup ${_optBin}/mybackup.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/mybackup" -o ${_optBin}/mybackup if [ -e "${_optBin}/mybackup" ]; then chmod 755 ${_optBin}/mybackup chown root:root ${_optBin}/mybackup touch ${_pthCtrl}/mybackup.sh.ctrl.f37.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/mybackup.old" ]; then mv -f ${_optBin}/mybackup.old ${_optBin}/mybackup fi fi fi fi if [ -d "/root/.remote_backups/run" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/install_dependencies.sh.ctrl.f48.${_tRee}.${_xSrl}.pid" ]; then if [ -e "/root/.remote_backups/run/install_dependencies.sh" ]; then mv -f /root/.remote_backups/run/install_dependencies.sh /root/.remote_backups/run/install_dependencies.sh.old fi curl ${_crlGet} "${_urlHmr}/tools/backup/run/install_dependencies.sh" -o /root/.remote_backups/run/install_dependencies.sh if [ -e "/root/.remote_backups/run/install_dependencies.sh" ]; then chmod 700 /root/.remote_backups/run/install_dependencies.sh chown root:root /root/.remote_backups/run/install_dependencies.sh touch ${_pthCtrl}/install_dependencies.sh.ctrl.f48.${_tRee}.${_xSrl}.pid else if [ -e "/root/.remote_backups/run/install_dependencies.sh.old" ]; then mv -f /root/.remote_backups/run/install_dependencies.sh.old /root/.remote_backups/run/install_dependencies.sh fi fi fi if [ -d "/root/.remote_backups/run" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/create_credentials_templates.sh.ctrl.f48.${_tRee}.${_xSrl}.pid" ]; then rm -f /.backboa* if [ -e "/root/.remote_backups/run/create_credentials_templates.sh" ]; then mv -f /root/.remote_backups/run/create_credentials_templates.sh /root/.remote_backups/run/create_credentials_templates.sh.old fi curl ${_crlGet} "${_urlHmr}/tools/backup/run/create_credentials_templates.sh" -o /root/.remote_backups/run/create_credentials_templates.sh if [ -e "/root/.remote_backups/run/create_credentials_templates.sh" ]; then chmod 700 /root/.remote_backups/run/create_credentials_templates.sh chown root:root /root/.remote_backups/run/create_credentials_templates.sh touch ${_pthCtrl}/create_credentials_templates.sh.ctrl.f48.${_tRee}.${_xSrl}.pid else if [ -e "/root/.remote_backups/run/create_credentials_templates.sh.old" ]; then mv -f /root/.remote_backups/run/create_credentials_templates.sh.old /root/.remote_backups/run/create_credentials_templates.sh fi fi fi if [ -d "/root/.remote_backups/run" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/create_global_paths_config.sh.ctrl.f44.${_tRee}.${_xSrl}.pid" ]; then if [ -e "/root/.remote_backups/run/create_global_paths_config.sh" ]; then mv -f /root/.remote_backups/run/create_global_paths_config.sh /root/.remote_backups/run/create_global_paths_config.sh.old fi curl ${_crlGet} "${_urlHmr}/tools/backup/run/create_global_paths_config.sh" -o /root/.remote_backups/run/create_global_paths_config.sh if [ -e "/root/.remote_backups/run/create_global_paths_config.sh" ]; then chmod 700 /root/.remote_backups/run/create_global_paths_config.sh chown root:root /root/.remote_backups/run/create_global_paths_config.sh touch ${_pthCtrl}/create_global_paths_config.sh.ctrl.f44.${_tRee}.${_xSrl}.pid else if [ -e "/root/.remote_backups/run/create_global_paths_config.sh.old" ]; then mv -f /root/.remote_backups/run/create_global_paths_config.sh.old /root/.remote_backups/run/create_global_paths_config.sh fi fi fi if [ -d "/root/.remote_backups/run" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/create_user_paths_config.sh.ctrl.f48.${_tRee}.${_xSrl}.pid" ]; then rm -f /.backboa* if [ -e "/root/.remote_backups/run/create_user_paths_config.sh" ]; then mv -f /root/.remote_backups/run/create_user_paths_config.sh /root/.remote_backups/run/create_user_paths_config.sh.old fi curl ${_crlGet} "${_urlHmr}/tools/backup/run/create_user_paths_config.sh" -o /root/.remote_backups/run/create_user_paths_config.sh if [ -e "/root/.remote_backups/run/create_user_paths_config.sh" ]; then chmod 700 /root/.remote_backups/run/create_user_paths_config.sh chown root:root /root/.remote_backups/run/create_user_paths_config.sh touch ${_pthCtrl}/create_user_paths_config.sh.ctrl.f48.${_tRee}.${_xSrl}.pid else if [ -e "/root/.remote_backups/run/create_user_paths_config.sh.old" ]; then mv -f /root/.remote_backups/run/create_user_paths_config.sh.old /root/.remote_backups/run/create_user_paths_config.sh fi fi fi if [ -d "/root/.remote_backups/run" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/create_cron_entries.sh.ctrl.f48.${_tRee}.${_xSrl}.pid" ]; then if [ -e "/root/.remote_backups/run/create_cron_entries.sh" ]; then mv -f /root/.remote_backups/run/create_cron_entries.sh /root/.remote_backups/run/create_cron_entries.sh.old fi curl ${_crlGet} "${_urlHmr}/tools/backup/run/create_cron_entries.sh" -o /root/.remote_backups/run/create_cron_entries.sh if [ -e "/root/.remote_backups/run/create_cron_entries.sh" ]; then chmod 700 /root/.remote_backups/run/create_cron_entries.sh chown root:root /root/.remote_backups/run/create_cron_entries.sh touch ${_pthCtrl}/create_cron_entries.sh.ctrl.f48.${_tRee}.${_xSrl}.pid else if [ -e "/root/.remote_backups/run/create_cron_entries.sh.old" ]; then mv -f /root/.remote_backups/run/create_cron_entries.sh.old /root/.remote_backups/run/create_cron_entries.sh fi fi fi if [ -d "/root/.remote_backups/run" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/create_readme.sh.ctrl.f48.${_tRee}.${_xSrl}.pid" ]; then if [ -e "/root/.remote_backups/run/create_readme.sh" ]; then mv -f /root/.remote_backups/run/create_readme.sh /root/.remote_backups/run/create_readme.sh.old fi curl ${_crlGet} "${_urlHmr}/tools/backup/run/create_readme.sh" -o /root/.remote_backups/run/create_readme.sh if [ -e "/root/.remote_backups/run/create_readme.sh" ]; then chmod 700 /root/.remote_backups/run/create_readme.sh chown root:root /root/.remote_backups/run/create_readme.sh touch ${_pthCtrl}/create_readme.sh.ctrl.f48.${_tRee}.${_xSrl}.pid else if [ -e "/root/.remote_backups/run/create_readme.sh.old" ]; then mv -f /root/.remote_backups/run/create_readme.sh.old /root/.remote_backups/run/create_readme.sh fi fi fi if [ -d "/root/.remote_backups/run" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthCtrl}/create_config_readme.sh.ctrl.f48.${_tRee}.${_xSrl}.pid" ]; then if [ -e "/root/.remote_backups/run/create_config_readme.sh" ]; then mv -f /root/.remote_backups/run/create_config_readme.sh /root/.remote_backups/run/create_config_readme.sh.old fi curl ${_crlGet} "${_urlHmr}/tools/backup/run/create_config_readme.sh" -o /root/.remote_backups/run/create_config_readme.sh if [ -e "/root/.remote_backups/run/create_config_readme.sh" ]; then chmod 700 /root/.remote_backups/run/create_config_readme.sh chown root:root /root/.remote_backups/run/create_config_readme.sh touch ${_pthCtrl}/create_config_readme.sh.ctrl.f48.${_tRee}.${_xSrl}.pid else if [ -e "/root/.remote_backups/run/create_config_readme.sh.old" ]; then mv -f /root/.remote_backups/run/create_config_readme.sh.old /root/.remote_backups/run/create_config_readme.sh fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/scan_nginx.sh.ctrl.f88.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/scan_nginx.sh /var/xdrago/monitor/check/scan_nginx.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/scan_nginx.sh" -o /var/xdrago/monitor/check/scan_nginx.sh if [ -e "/var/xdrago/monitor/check/scan_nginx.sh" ]; then chmod 700 /var/xdrago/monitor/check/scan_nginx.sh chown root:root /var/xdrago/monitor/check/scan_nginx.sh touch ${_pthLog}/scan_nginx.sh.ctrl.f88.${_tRee}.${_xSrl}.pid if [ ! -e "/var/xdrago/monitor/log/.scan_nginx_arch.${_xSrl}.pid" ]; then if [ -e "/var/xdrago/monitor/scan_nginx.archive.log" ]; then mv -f /var/xdrago/monitor/scan_nginx.archive.log /var/xdrago/monitor/log/.scan_nginx_legacy.archive.f88.${_tRee}.${_xSrl}.log fi if [ -e "/var/xdrago/monitor/log/scan_nginx.archive.log" ]; then mv -f /var/xdrago/monitor/log/scan_nginx.archive.log /var/xdrago/monitor/log/scan_nginx.archive.f88.${_tRee}.${_xSrl}.log fi rm -f /var/xdrago/monitor/log/.scan_nginx_arch*.pid touch /var/xdrago/monitor/log/.scan_nginx_arch.${_xSrl}.pid csf -df wait [ -e "/etc/csf/csfpost.d/synproxy.sh" ] && synproxy_reassert -p "443 80" --no-quic -q &> /dev/null fi if [ ! -e "/var/xdrago/monitor/log/.hackcheck.arch.${_xSrl}.pid" ]; then if [ -e "/var/xdrago/monitor/hackcheck.archive.log" ]; then mv -f /var/xdrago/monitor/hackcheck.archive.log /var/xdrago/monitor/log/.scan_nginx_legacy.archive.f88.${_tRee}.${_xSrl}.log fi if [ -e "/var/xdrago/monitor/log/hackcheck.archive.log" ]; then mv -f /var/xdrago/monitor/log/hackcheck.archive.log /var/xdrago/monitor/log/hackcheck.archive.f88.${_tRee}.${_xSrl}.log fi rm -f /var/xdrago/monitor/log/.hackcheck.arch*.pid touch /var/xdrago/monitor/log/.hackcheck.arch.${_xSrl}.pid csf -df wait [ -e "/etc/csf/csfpost.d/synproxy.sh" ] && synproxy_reassert -p "443 80" --no-quic -q &> /dev/null fi else mv -f /var/xdrago/monitor/check/scan_nginx.sh.old /var/xdrago/monitor/check/scan_nginx.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/java.sh.ctrl.f93.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/java.sh /var/xdrago/monitor/check/java.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/java.sh" -o /var/xdrago/monitor/check/java.sh if [ -e "/var/xdrago/monitor/check/java.sh" ]; then chmod 700 /var/xdrago/monitor/check/java.sh chown root:root /var/xdrago/monitor/check/java.sh touch ${_pthLog}/java.sh.ctrl.f93.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/java.sh.old /var/xdrago/monitor/check/java.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/mysql.sh.ctrl.f82.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/mysql.sh /var/xdrago/monitor/check/mysql.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/mysql.sh" -o /var/xdrago/monitor/check/mysql.sh if [ -e "/var/xdrago/monitor/check/mysql.sh" ]; then if [ -e "/root/.debug.cnf" ] && [ ! -e "/root/.default.cnf" ]; then _DO_NOTHING=YES else if [ -e "/root/.high_load.cnf" ] \ && [ ! -e "/root/.big_db.cnf" ] \ && [ ! -e "/root/.tg.cnf" ]; then sed -i "s/3600/300/g" /var/xdrago/monitor/check/mysql.sh elif [ -e "/root/.big_db.cnf" ] || [ -e "/root/.tg.cnf" ]; then _DO_NOTHING=YES else sed -i "s/3600/1800/g" /var/xdrago/monitor/check/mysql.sh fi fi chmod 700 /var/xdrago/monitor/check/mysql.sh chown root:root /var/xdrago/monitor/check/mysql.sh touch ${_pthLog}/mysql.sh.ctrl.f82.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/mysql.sh.old /var/xdrago/monitor/check/mysql.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/nginx.sh.ctrl.f92.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/nginx.sh /var/xdrago/monitor/check/nginx.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/nginx.sh" -o /var/xdrago/monitor/check/nginx.sh if [ -e "/var/xdrago/monitor/check/nginx.sh" ]; then chmod 700 /var/xdrago/monitor/check/nginx.sh chown root:root /var/xdrago/monitor/check/nginx.sh touch ${_pthLog}/nginx.sh.ctrl.f92.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/nginx.sh.old /var/xdrago/monitor/check/nginx.sh fi fi if [ ! -e "/var/xdrago/monitor/check/nginx_guard.sh" ]; then rm -f ${_pthLog}/nginx_guard.sh.ctrl.* fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/nginx_guard.sh.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/nginx_guard.sh /var/xdrago/monitor/check/nginx_guard.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/nginx_guard.sh" -o /var/xdrago/monitor/check/nginx_guard.sh if [ -e "/var/xdrago/monitor/check/nginx_guard.sh" ]; then chmod 700 /var/xdrago/monitor/check/nginx_guard.sh chown root:root /var/xdrago/monitor/check/nginx_guard.sh touch ${_pthLog}/nginx_guard.sh.ctrl.f99.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/nginx_guard.sh.old /var/xdrago/monitor/check/nginx_guard.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/php.sh.ctrl.f90.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/php.sh /var/xdrago/monitor/check/php.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/php.sh" -o /var/xdrago/monitor/check/php.sh if [ -e "/var/xdrago/monitor/check/php.sh" ]; then chmod 700 /var/xdrago/monitor/check/php.sh chown root:root /var/xdrago/monitor/check/php.sh touch ${_pthLog}/php.sh.ctrl.f90.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/php.sh.old /var/xdrago/monitor/check/php.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/valkey.sh.ctrl.f90.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/valkey.sh /var/xdrago/monitor/check/valkey.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/valkey.sh" -o /var/xdrago/monitor/check/valkey.sh if [ -e "/var/xdrago/monitor/check/valkey.sh" ]; then chmod 700 /var/xdrago/monitor/check/valkey.sh chown root:root /var/xdrago/monitor/check/valkey.sh touch ${_pthLog}/valkey.sh.ctrl.f90.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/valkey.sh.old /var/xdrago/monitor/check/valkey.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/redis.sh.ctrl.f92.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/redis.sh /var/xdrago/monitor/check/redis.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/redis.sh" -o /var/xdrago/monitor/check/redis.sh if [ -e "/var/xdrago/monitor/check/redis.sh" ]; then chmod 700 /var/xdrago/monitor/check/redis.sh chown root:root /var/xdrago/monitor/check/redis.sh touch ${_pthLog}/redis.sh.ctrl.f92.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/redis.sh.old /var/xdrago/monitor/check/redis.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/system.sh.ctrl.f84.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/system.sh /var/xdrago/monitor/check/system.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/system.sh" -o /var/xdrago/monitor/check/system.sh if [ -e "/var/xdrago/monitor/check/system.sh" ]; then chmod 700 /var/xdrago/monitor/check/system.sh chown root:root /var/xdrago/monitor/check/system.sh touch ${_pthLog}/system.sh.ctrl.f84.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/system.sh.old /var/xdrago/monitor/check/system.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/unbound.sh.ctrl.f88.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/unbound.sh /var/xdrago/monitor/check/unbound.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/unbound.sh" -o /var/xdrago/monitor/check/unbound.sh if [ -e "/var/xdrago/monitor/check/unbound.sh" ]; then chmod 700 /var/xdrago/monitor/check/unbound.sh chown root:root /var/xdrago/monitor/check/unbound.sh touch ${_pthLog}/unbound.sh.ctrl.f88.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/unbound.sh.old /var/xdrago/monitor/check/unbound.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/escapecheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/escapecheck.pl /var/xdrago/monitor/check/escapecheck.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/escapecheck.pl" -o /var/xdrago/monitor/check/escapecheck.pl if [ -e "/var/xdrago/monitor/check/escapecheck.pl" ]; then chmod 700 /var/xdrago/monitor/check/escapecheck.pl chown root:root /var/xdrago/monitor/check/escapecheck.pl touch ${_pthLog}/escapecheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/escapecheck.pl.old /var/xdrago/monitor/check/escapecheck.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/hackcheck.pl.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/hackcheck.pl /var/xdrago/monitor/check/hackcheck.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/hackcheck.pl" -o /var/xdrago/monitor/check/hackcheck.pl if [ -e "/var/xdrago/monitor/check/hackcheck.pl" ]; then chmod 700 /var/xdrago/monitor/check/hackcheck.pl chown root:root /var/xdrago/monitor/check/hackcheck.pl touch ${_pthLog}/hackcheck.pl.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/hackcheck.pl.old /var/xdrago/monitor/check/hackcheck.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/hackftp.pl.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/hackftp.pl /var/xdrago/monitor/check/hackftp.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/hackftp.pl" -o /var/xdrago/monitor/check/hackftp.pl if [ -e "/var/xdrago/monitor/check/hackftp.pl" ]; then chmod 700 /var/xdrago/monitor/check/hackftp.pl chown root:root /var/xdrago/monitor/check/hackftp.pl touch ${_pthLog}/hackftp.pl.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/hackftp.pl.old /var/xdrago/monitor/check/hackftp.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/locked_java.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/locked_java.pl /var/xdrago/monitor/check/locked_java.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/locked_java.pl" -o /var/xdrago/monitor/check/locked_java.pl if [ -e "/var/xdrago/monitor/check/locked_java.pl" ]; then chmod 700 /var/xdrago/monitor/check/locked_java.pl chown root:root /var/xdrago/monitor/check/locked_java.pl touch ${_pthLog}/locked_java.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/locked_java.pl.old /var/xdrago/monitor/check/locked_java.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/locked_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/locked_nginx.pl /var/xdrago/monitor/check/locked_nginx.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/locked_nginx.pl" -o /var/xdrago/monitor/check/locked_nginx.pl if [ -e "/var/xdrago/monitor/check/locked_nginx.pl" ]; then chmod 700 /var/xdrago/monitor/check/locked_nginx.pl chown root:root /var/xdrago/monitor/check/locked_nginx.pl touch ${_pthLog}/locked_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/locked_nginx.pl.old /var/xdrago/monitor/check/locked_nginx.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/segfault_alert.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/segfault_alert.pl /var/xdrago/monitor/check/segfault_alert.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/segfault_alert.pl" -o /var/xdrago/monitor/check/segfault_alert.pl if [ -e "/var/xdrago/monitor/check/segfault_alert.pl" ]; then chmod 700 /var/xdrago/monitor/check/segfault_alert.pl chown root:root /var/xdrago/monitor/check/segfault_alert.pl touch ${_pthLog}/segfault_alert.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/segfault_alert.pl.old /var/xdrago/monitor/check/segfault_alert.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/sqlcheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/sqlcheck.pl /var/xdrago/monitor/check/sqlcheck.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/sqlcheck.pl" -o /var/xdrago/monitor/check/sqlcheck.pl if [ -e "/var/xdrago/monitor/check/sqlcheck.pl" ]; then chmod 700 /var/xdrago/monitor/check/sqlcheck.pl chown root:root /var/xdrago/monitor/check/sqlcheck.pl touch ${_pthLog}/sqlcheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/sqlcheck.pl.old /var/xdrago/monitor/check/sqlcheck.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ ! -e "${_pthLog}/cv-phar-symlink.ctrl.${_tRee}.${_xSrl}.pid" ]; then if [ -x "/usr/local/bin/cv.phar" ] \ && [ -L "/usr/bin/cv" ]; then _CV_SYMLINK=$(readlink -n /usr/bin/cv 2>&1) _CV_SYMLINK=$(echo -n ${_CV_SYMLINK} | tr -d "\n" 2>&1) if [ "${_CV_SYMLINK}" != "/usr/local/bin/cv.phar" ]; then rm -f /usr/bin/cv ln -sfn /usr/local/bin/cv.phar /usr/bin/cv touch ${_pthLog}/cv-phar-symlink.ctrl.${_tRee}.${_xSrl}.pid fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ ! -e "${_pthLog}/drush8-classic-symlink.ctrl.${_tRee}.${_xSrl}.pid" ]; then if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -L "/usr/bin/drush8" ]; then _DRUSH_SYMLINK=$(readlink -n /usr/bin/drush8 2>&1) _DRUSH_SYMLINK=$(echo -n ${_DRUSH_SYMLINK} | tr -d "\n" 2>&1) if [ "${_DRUSH_SYMLINK}" != "/opt/tools/drush/8/drush/drush.php" ]; then rm -f /usr/bin/drush8 rm -f /usr/bin/drush ln -sfn /opt/tools/drush/8/drush/drush.php /usr/bin/drush8 ln -sfn /opt/tools/drush/8/drush/drush.php /usr/bin/drush touch ${_pthLog}/drush8-classic-symlink.ctrl.${_tRee}.${_xSrl}.pid fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/clean-boa-env.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then mv -f /etc/init.d/clean-boa-env /var/xdrago/clean-boa-env.old curl ${_crlGet} "${_urlHmr}/conf/var/clean-boa-env" -o /etc/init.d/clean-boa-env if [ -e "/etc/init.d/clean-boa-env" ]; then chmod 700 /etc/init.d/clean-boa-env chown root:root /etc/init.d/clean-boa-env touch ${_pthLog}/clean-boa-env.ctrl.f99.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/clean-boa-env.old /etc/init.d/clean-boa-env fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/mysql_backup.sh.ctrl.f92.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_backup.sh /var/xdrago/mysql_backup.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_backup.sh" -o /var/xdrago/mysql_backup.sh if [ -e "/var/xdrago/mysql_backup.sh" ]; then chmod 700 /var/xdrago/mysql_backup.sh chown root:root /var/xdrago/mysql_backup.sh touch ${_pthLog}/mysql_backup.sh.ctrl.f92.${_xSrl}.pid else mv -f /var/xdrago/mysql_backup.sh.old /var/xdrago/mysql_backup.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/unbound-helper.ctrl.f95.${_xSrl}.pid" ]; then mv -f /usr/libexec/unbound-helper /usr/libexec/unbound-helper.old curl ${_crlGet} "${_urlHmr}/conf/dns/unbound-helper" -o /usr/libexec/unbound-helper if [ -e "/usr/libexec/unbound-helper" ]; then chmod 755 /usr/libexec/unbound-helper chown root:root /usr/libexec/unbound-helper touch ${_pthLog}/unbound-helper.ctrl.f95.${_xSrl}.pid else mv -f /usr/libexec/unbound-helper.old /usr/libexec/unbound-helper fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/mysql_cleanup.sh.ctrl.f92.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_cleanup.sh /var/xdrago/mysql_cleanup.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_cleanup.sh" -o /var/xdrago/mysql_cleanup.sh if [ -e "/var/xdrago/mysql_cleanup.sh" ]; then chmod 700 /var/xdrago/mysql_cleanup.sh chown root:root /var/xdrago/mysql_cleanup.sh touch ${_pthLog}/mysql_cleanup.sh.ctrl.f92.${_xSrl}.pid else mv -f /var/xdrago/mysql_cleanup.sh.old /var/xdrago/mysql_cleanup.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/mysql_cluster_backup.sh.ctrl.f93.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_cluster_backup.sh /var/xdrago/mysql_cluster_backup.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_cluster_backup.sh" -o /var/xdrago/mysql_cluster_backup.sh if [ -e "/var/xdrago/mysql_cluster_backup.sh" ]; then chmod 700 /var/xdrago/mysql_cluster_backup.sh chown root:root /var/xdrago/mysql_cluster_backup.sh touch ${_pthLog}/mysql_cluster_backup.sh.ctrl.f93.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/mysql_cluster_backup.sh.old /var/xdrago/mysql_cluster_backup.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/runner.sh.ctrl.f87.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/runner.sh /var/xdrago/runner.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/runner.sh" -o /var/xdrago/runner.sh if [ -e "/var/xdrago/runner.sh" ]; then chmod 700 /var/xdrago/runner.sh chown root:root /var/xdrago/runner.sh touch ${_pthLog}/runner.sh.ctrl.f87.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/runner.sh.old /var/xdrago/runner.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/minute.sh.ctrl.f91.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/minute.sh /var/xdrago/minute.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/minute.sh" -o /var/xdrago/minute.sh if [ -e "/var/xdrago/minute.sh" ]; then chmod 700 /var/xdrago/minute.sh chown root:root /var/xdrago/minute.sh touch ${_pthLog}/minute.sh.ctrl.f91.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/minute.sh.old /var/xdrago/minute.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/second.sh.ctrl.f91.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/second.sh /var/xdrago/second.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/second.sh" -o /var/xdrago/second.sh if [ -e "/var/xdrago/second.sh" ]; then chmod 700 /var/xdrago/second.sh chown root:root /var/xdrago/second.sh touch ${_pthLog}/second.sh.ctrl.f91.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/second.sh.old /var/xdrago/second.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/ip_access.sh.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/ip_access.sh /var/xdrago/ip_access.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/ip_access.sh" -o /var/xdrago/ip_access.sh if [ -e "/var/xdrago/ip_access.sh" ]; then chmod 700 /var/xdrago/ip_access.sh chown root:root /var/xdrago/ip_access.sh touch ${_pthLog}/ip_access.sh.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/ip_access.sh.old /var/xdrago/ip_access.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/move_sql.sh.ctrl.f91.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/move_sql.sh /var/xdrago/move_sql.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/move_sql.sh" -o /var/xdrago/move_sql.sh if [ -e "/var/xdrago/move_sql.sh" ]; then chmod 700 /var/xdrago/move_sql.sh chown root:root /var/xdrago/move_sql.sh touch ${_pthLog}/move_sql.sh.ctrl.f91.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/move_sql.sh.old /var/xdrago/move_sql.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/mysql_repair.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_repair.sh /var/xdrago/mysql_repair.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_repair.sh" -o /var/xdrago/mysql_repair.sh if [ -e "/var/xdrago/mysql_repair.sh" ]; then chmod 700 /var/xdrago/mysql_repair.sh chown root:root /var/xdrago/mysql_repair.sh touch ${_pthLog}/mysql_repair.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/mysql_repair.sh.old /var/xdrago/mysql_repair.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/purge_binlogs.sh.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/purge_binlogs.sh /var/xdrago/purge_binlogs.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/purge_binlogs.sh" -o /var/xdrago/purge_binlogs.sh if [ -e "/var/xdrago/purge_binlogs.sh" ]; then chmod 700 /var/xdrago/purge_binlogs.sh chown root:root /var/xdrago/purge_binlogs.sh touch ${_pthLog}/purge_binlogs.sh.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/purge_binlogs.sh.old /var/xdrago/purge_binlogs.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/checksql.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/checksql.pl /var/xdrago/checksql.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/checksql.pl" -o /var/xdrago/checksql.pl if [ -e "/var/xdrago/checksql.pl" ]; then chmod 700 /var/xdrago/checksql.pl chown root:root /var/xdrago/checksql.pl touch ${_pthLog}/checksql.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/checksql.pl.old /var/xdrago/checksql.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/clear.sh.ctrl.f86.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/clear.sh /var/xdrago/clear.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/clear.sh" -o /var/xdrago/clear.sh if [ -e "/var/xdrago/clear.sh" ]; then chmod 700 /var/xdrago/clear.sh chown root:root /var/xdrago/clear.sh touch ${_pthLog}/clear.sh.ctrl.f86.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/clear.sh.old /var/xdrago/clear.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/autoupboa.ctrl.f97.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc autoupboa) if (( _CNT > 0 )); then echo "The autoupboa is running!" else if [ -e "${_optBin}/autoupboa" ]; then mv -f ${_optBin}/autoupboa ${_optBin}/autoupboa.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/autoupboa" -o ${_optBin}/autoupboa if [ -e "${_optBin}/autoupboa" ]; then chmod 700 ${_optBin}/autoupboa chown root:root ${_optBin}/autoupboa touch ${_pthLog}/autoupboa.ctrl.f97.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/autoupboa.old" ]; then mv -f ${_optBin}/autoupboa.old ${_optBin}/autoupboa fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/daily.sh.ctrl.f79.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/daily.sh /var/xdrago/daily.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/daily.sh" -o /var/xdrago/daily.sh if [ -e "/var/xdrago/daily.sh" ]; then chmod 700 /var/xdrago/daily.sh chown root:root /var/xdrago/daily.sh touch ${_pthLog}/daily.sh.ctrl.f79.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/daily.sh.old /var/xdrago/daily.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/graceful.sh.ctrl.f88.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/graceful.sh /var/xdrago/graceful.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/graceful.sh" -o /var/xdrago/graceful.sh if [ -e "/var/xdrago/graceful.sh" ]; then chmod 700 /var/xdrago/graceful.sh chown root:root /var/xdrago/graceful.sh touch ${_pthLog}/graceful.sh.ctrl.f88.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/graceful.sh.old /var/xdrago/graceful.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/usage.sh.ctrl.f85.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/usage.sh /var/xdrago/usage.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/usage.sh" -o /var/xdrago/usage.sh if [ -e "/var/xdrago/usage.sh" ]; then chmod 700 /var/xdrago/usage.sh chown root:root /var/xdrago/usage.sh touch ${_pthLog}/usage.sh.ctrl.f85.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/usage.sh.old /var/xdrago/usage.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/manage_ltd_users.sh.ctrl.f76.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/manage_ltd_users.sh /var/xdrago/manage_ltd_users.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/manage_ltd_users.sh" \ -o /var/xdrago/manage_ltd_users.sh if [ -e "/var/xdrago/manage_ltd_users.sh" ]; then chmod 700 /var/xdrago/manage_ltd_users.sh chown root:root /var/xdrago/manage_ltd_users.sh touch ${_pthLog}/manage_ltd_users.sh.ctrl.f76.${_tRee}.${_xSrl}.pid [ -e "/run/manage_ltd_users.pid" ] && rm -f /run/manage_ltd_users.pid else mv -f /var/xdrago/manage_ltd_users.sh.old /var/xdrago/manage_ltd_users.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/manage_solr_config.sh.ctrl.f92.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/manage_solr_config.sh /var/xdrago/manage_solr_config.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/manage_solr_config.sh" \ -o /var/xdrago/manage_solr_config.sh if [ -e "/var/xdrago/manage_solr_config.sh" ]; then chmod 700 /var/xdrago/manage_solr_config.sh chown root:root /var/xdrago/manage_solr_config.sh touch ${_pthLog}/manage_solr_config.sh.ctrl.f92.${_tRee}.${_xSrl}.pid rm -f /run/manage_solr_config.pid else mv -f /var/xdrago/manage_solr_config.sh.old /var/xdrago/manage_solr_config.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/proc_num_ctrl.pl.ctrl.f83.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/proc_num_ctrl.pl /var/xdrago/proc_num_ctrl.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/proc_num_ctrl.pl" \ -o /var/xdrago/proc_num_ctrl.pl if [ -e "/var/xdrago/proc_num_ctrl.pl" ]; then chmod 700 /var/xdrago/proc_num_ctrl.pl chown root:root /var/xdrago/proc_num_ctrl.pl touch ${_pthLog}/proc_num_ctrl.pl.ctrl.f83.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/proc_num_ctrl.pl.old /var/xdrago/proc_num_ctrl.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/fast_shutdown.ctrl.${_tRee}.${_xSrl}.pid" ]; then sed -i "s/.*opcache.fast_shutdown.*//g" /opt/etc/fpm/fpm-pool-commo*.conf _PHP_V="84 83 82 81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ] && [ -e "/opt/php${e}/bin/php" ]; then service php${e}-fpm reload &> /dev/null fi done _PHP_V="55 54 53" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ] && [ -e "/opt/php${e}/bin/php" ]; then service php${e}-fpm force-quit &> /dev/null fi done touch ${_pthLog}/fast_shutdown.ctrl.${_tRee}.${_xSrl}.pid fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${_pthLog}/guest-fire.sh.ctrl.f92.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/guest-fire.sh /var/xdrago/guest-fire.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/guest-fire.sh" \ -o /var/xdrago/guest-fire.sh if [ -e "/var/xdrago/guest-fire.sh" ]; then chmod 700 /var/xdrago/guest-fire.sh chown root:root /var/xdrago/guest-fire.sh touch ${_pthLog}/guest-fire.sh.ctrl.f92.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/guest-fire.sh.old /var/xdrago/guest-fire.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${_pthLog}/guest-water.sh.ctrl.f92.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/guest-water.sh /var/xdrago/guest-water.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/guest-water.sh" \ -o /var/xdrago/guest-water.sh if [ -e "/var/xdrago/guest-water.sh" ]; then chmod 700 /var/xdrago/guest-water.sh chown root:root /var/xdrago/guest-water.sh touch ${_pthLog}/guest-water.sh.ctrl.f92.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/guest-water.sh.old /var/xdrago/guest-water.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/scan_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then [ ! -d "/var/xdrago/monitor/log" ] && mkdir -p /var/xdrago/monitor/log mv -f /var/xdrago/monitor/check/scan_nginx.pl /var/xdrago/monitor/check/scan_nginx.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/scan_nginx.pl" \ -o /var/xdrago/monitor/check/scan_nginx.pl if [ -e "/var/xdrago/monitor/check/scan_nginx.pl" ]; then sed -i "s/default_critnumber =.*/default_critnumber = 399;/g" /var/xdrago/monitor/check/scan_nginx.pl wait sed -i "s/default_lines =.*/default_lines = 1999;/g" /var/xdrago/monitor/check/scan_nginx.pl wait _if_hosted_sys if [ "${_hostedSys}" = "YES" ]; then if [ -z "${_NGINX_DOS_IGNORE}" ]; then _NGINX_DOS_IGNORE="doccomment" fi fi if [ ! -z "${_NGINX_DOS_IGNORE}" ]; then _NGINX_DOS_IGNORE=${_NGINX_DOS_IGNORE//[^a-zA-Z0-9|-]/} sed -i "s/dontcount/${_NGINX_DOS_IGNORE}/g" /var/xdrago/monitor/check/scan_nginx.pl wait fi if [ ! -z "${_NGINX_DOS_STOP}" ]; then _NGINX_DOS_STOP=${_NGINX_DOS_STOP//[^a-zA-Z0-9|-]/} if [ ! -z "${_NGINX_DOS_STOP}" ]; then sed -i "s/foobar/${_NGINX_DOS_STOP}/g" /var/xdrago/monitor/check/scan_nginx.pl wait fi fi chmod 700 /var/xdrago/monitor/check/scan_nginx.pl chown root:root /var/xdrago/monitor/check/scan_nginx.pl touch ${_pthLog}/scan_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/scan_nginx.pl.old /var/xdrago/monitor/check/scan_nginx.pl fi fi if ! grep -q "whoami" /var/xdrago/conf/lshell.conf; then rm -f ${_pthLog}/lshell.ctrl.* fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/lshell.ctrl.f91.${_tRee}.${_xSrl}.pid" ]; then if [ -z "${_CUSTOM_CONFIG_LSHELL}" ] \ || [ "${_CUSTOM_CONFIG_LSHELL}" = "NO" ]; then mv -f /var/xdrago/conf/lshell.conf /var/xdrago/conf/lshell.conf.old curl ${_crlGet} "${_urlHmr}/tools/system/conf/lshell.conf" \ -o /var/xdrago/conf/lshell.conf if [ -e "/var/xdrago/conf/lshell.conf" ]; then chmod 644 /var/xdrago/conf/lshell.conf chown root:root /var/xdrago/conf/lshell.conf touch ${_pthLog}/lshell.ctrl.f91.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/lshell.conf.old /var/xdrago/conf/lshell.conf fi fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then _BROKEN_UPDATE_TEST=$(grep "Under Construction" /var/xdrago/conf/fpm-pool* 2>&1) if [ ! -z "${_BROKEN_UPDATE_TEST}" ]; then rm -f /var/xdrago/conf/fpm-pool* rm ${_pthLog}/multi.ctrl.* rm ${_pthLog}/legacy.ctrl.* rm ${_pthLog}/modern.ctrl.* rm ${_pthLog}/single.ctrl.* rm ${_pthLog}/common.ctrl.* fi _BROKEN_UPDATE_TEST=$(grep "404 Not Found" /var/xdrago/conf/fpm-pool* 2>&1) if [ ! -z "${_BROKEN_UPDATE_TEST}" ]; then rm -f /var/xdrago/conf/fpm-pool* rm ${_pthLog}/multi.ctrl.* rm ${_pthLog}/legacy.ctrl.* rm ${_pthLog}/modern.ctrl.* rm ${_pthLog}/single.ctrl.* rm ${_pthLog}/common.ctrl.* fi _BROKEN_UPDATE_TEST=$(grep "max_execution_time" /var/xdrago/conf/fpm-pool* 2>&1) if [ -z "${_BROKEN_UPDATE_TEST}" ]; then rm -f /var/xdrago/conf/fpm-pool* rm ${_pthLog}/multi.ctrl.* rm ${_pthLog}/legacy.ctrl.* rm ${_pthLog}/modern.ctrl.* rm ${_pthLog}/single.ctrl.* rm ${_pthLog}/common.ctrl.* fi _BROKEN_UPDATE_TEST=$(grep "max_accelerated_files" /var/xdrago/conf/fpm-pool* 2>&1) if [ ! -z "${_BROKEN_UPDATE_TEST}" ]; then rm -f /var/xdrago/conf/fpm-pool* rm ${_pthLog}/multi.ctrl.* rm ${_pthLog}/legacy.ctrl.* rm ${_pthLog}/modern.ctrl.* rm ${_pthLog}/single.ctrl.* rm ${_pthLog}/common.ctrl.* fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/common.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-common.conf /var/xdrago/conf/fpm-pool-common.conf.old curl ${_crlGet} "${_urlHmr}/conf/php/fpm-pool-common.conf" \ -o /var/xdrago/conf/fpm-pool-common.conf if [ -e "/var/xdrago/conf/fpm-pool-common.conf" ]; then sed -i "s/127.0.0.1/127.0.0.1,${_LOC_IP}/g" /var/xdrago/conf/fpm-pool-common.conf chmod 644 /var/xdrago/conf/fpm-pool-common.conf chown root:root /var/xdrago/conf/fpm-pool-common.conf touch ${_pthLog}/common.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/fpm-pool-common.conf.old /var/xdrago/conf/fpm-pool-common.conf fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/legacy.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-common-legacy.conf /var/xdrago/conf/fpm-pool-common-legacy.conf.old curl ${_crlGet} "${_urlHmr}/conf/php/fpm-pool-common-legacy.conf" \ -o /var/xdrago/conf/fpm-pool-common-legacy.conf if [ -e "/var/xdrago/conf/fpm-pool-common-legacy.conf" ]; then sed -i "s/127.0.0.1/127.0.0.1,${_LOC_IP}/g" /var/xdrago/conf/fpm-pool-common-legacy.conf chmod 644 /var/xdrago/conf/fpm-pool-common-legacy.conf chown root:root /var/xdrago/conf/fpm-pool-common-legacy.conf touch ${_pthLog}/legacy.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/fpm-pool-common-legacy.conf.old /var/xdrago/conf/fpm-pool-common-legacy.conf fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/modern.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-common-modern.conf /var/xdrago/conf/fpm-pool-common-modern.conf.old curl ${_crlGet} "${_urlHmr}/conf/php/fpm-pool-common-modern.conf" \ -o /var/xdrago/conf/fpm-pool-common-modern.conf if [ -e "/var/xdrago/conf/fpm-pool-common-modern.conf" ]; then sed -i "s/127.0.0.1/127.0.0.1,${_LOC_IP}/g" /var/xdrago/conf/fpm-pool-common-modern.conf chmod 644 /var/xdrago/conf/fpm-pool-common-modern.conf chown root:root /var/xdrago/conf/fpm-pool-common-modern.conf touch ${_pthLog}/modern.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/fpm-pool-common-modern.conf.old /var/xdrago/conf/fpm-pool-common-modern.conf fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/multi.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf /var/xdrago/conf/fpm-pool-foo-multi.conf.old curl ${_crlGet} "${_urlHmr}/conf/php/fpm-pool-foo-multi.conf" \ -o /var/xdrago/conf/fpm-pool-foo-multi.conf if [ -e "/var/xdrago/conf/fpm-pool-foo-multi.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo-multi.conf chown root:root /var/xdrago/conf/fpm-pool-foo-multi.conf touch ${_pthLog}/multi.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf.old /var/xdrago/conf/fpm-pool-foo-multi.conf fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/single.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo.conf /var/xdrago/conf/fpm-pool-foo.conf.old curl ${_crlGet} "${_urlHmr}/conf/php/fpm-pool-foo.conf" \ -o /var/xdrago/conf/fpm-pool-foo.conf if [ -e "/var/xdrago/conf/fpm-pool-foo.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo.conf chown root:root /var/xdrago/conf/fpm-pool-foo.conf touch ${_pthLog}/single.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/fpm-pool-foo.conf.old /var/xdrago/conf/fpm-pool-foo.conf fi fi if [ -e "/etc/ImageMagick-6/policy.xml" ] \ && [ -e "/var/xdrago" ] \ && [ ! -e "${_pthLog}/policymap-hf-06.ctrl.${_tRee}.${_xSrl}.pid" ]; then IsCurlBin=$(which curl 2>&1) chmod 755 ${IsCurlBin} &> /dev/null chgrp root ${IsCurlBin} &> /dev/null cp -af /etc/ImageMagick-6/policy.xml /var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old rm -f /var/xdrago/conf/etc-ImageMagick-6-policy.xml curl ${_crlGet} "${_urlHmr}/conf/etc/etc-ImageMagick-6-policy.xml" \ -o /var/xdrago/conf/etc-ImageMagick-6-policy.xml if [ -e "/var/xdrago/conf/etc-ImageMagick-6-policy.xml" ]; then cp -af /var/xdrago/conf/etc-ImageMagick-6-policy.xml /etc/ImageMagick-6/policy.xml chmod 644 /etc/ImageMagick-6/policy.xml chown root:root /etc/ImageMagick-6/policy.xml touch ${_pthLog}/policymap-hf-06.ctrl.${_tRee}.${_xSrl}.pid _PHP_V="84 83 82 81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ]; then service php${e}-fpm reload &> /dev/null fi done else if [ -e "/var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old" ]; then cp -af /var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old /etc/ImageMagick-6/policy.xml fi fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/dispatch.ctrl.${_tRee}.${_xSrl}.pid" ]; then sed -i "s/.*cache.*//g; s/.*cc drush.*//g; s/ *$//g; /^$/d" /data/disk/*/aegir.sh touch ${_pthLog}/dispatch.ctrl.${_tRee}.${_xSrl}.pid fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/xdrago/conf/control-readme.txt" ] \ && [ ! -e "${_pthLog}/control-readme.txt.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/control-readme.txt /var/xdrago/conf/control-readme.txt.old curl ${_crlGet} "${_urlHmr}/tools/system/conf/control-readme.txt" -o /var/xdrago/conf/control-readme.txt if [ -e "/var/xdrago/conf/control-readme.txt" ]; then chmod 644 /var/xdrago/conf/control-readme.txt chown root:root /var/xdrago/conf/control-readme.txt touch ${_pthLog}/control-readme.txt.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/control-readme.txt.old /var/xdrago/conf/control-readme.txt fi fi if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/hosting.cron.queue.ctrl.f96.${_tRee}.${_xSrl}.pid" ]; then _hQueueF="hosting_cron.module" _hQueueP="/var/xdrago/conf/${_hQueueF}" [ -e "${_hQueueP}" ] && _isPatchedTpl=$(grep "url_own" "${_hQueueP}") if [ ! -e "${_hQueueP}" ] || [[ ! "${_isPatchedTpl}" =~ "url_own" ]]; then curl ${_crlGet} "${_urlHmr}/patches/${_hQueueF}" -o ${_hQueueP} fi for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do _tUsr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ -n "${_tUsr}" ] && [ "${_tUsr}" != "arch" ]; then if [ -e "${_pthSysUsr}/log/hosting_cron_use_backend.txt" ]; then rm -f ${_pthSysUsr}/log/hosting_cron_use_backend.txt fi _hmPlr=$(cat ${_pthSysUsr}/.drush/hostmaster.alias.drushrc.php \ | grep "root'" \ | cut -d: -f2 \ | awk '{ print $3}' \ | sed "s/[\,']//g" 2>&1) _hmDir="${_hmPlr}/profiles/hostmaster/modules/aegir/hosting" _hmQmd="${_hmDir}/cron/hosting_cron.module" if [ -e "${_hmDir}/cron/hosting_cron.module.orig" ]; then rm -f ${_hmDir}/cron/hosting_cron.module.orig fi if [ -e "${_hmDir}/cron/hosting_cron.module.rej" ]; then rm -f ${_hmDir}/cron/hosting_cron.module.rej fi if [ -e "${_hmQmd}" ] && [ -e "${_hQueueP}" ]; then _isPatched=$(grep "url_own" "${_hmQmd}") if [[ ! "${_isPatched}" =~ "url_own" ]]; then cp -a ${_hQueueP} ${_hmDir}/cron/ if [ -e "${_hmDir}/cron/${_hQueueF}" ]; then sed -i "s/127.0.0.1/${_LOC_IP}/g" "${_hmDir}/cron/${_hQueueF}" fi fi fi fi done touch ${_pthLog}/hosting.cron.queue.ctrl.f96.${_tRee}.${_xSrl}.pid fi if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/hosting.cron.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do _tUsr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ -n "${_tUsr}" ] && [ "${_tUsr}" != "arch" ]; then if [ -e "${_pthSysUsr}/log/hosting_cron_use_backend.txt" ]; then rm -f ${_pthSysUsr}/log/hosting_cron_use_backend.txt fi fi done touch ${_pthLog}/hosting.cron.ctrl.f99.${_tRee}.${_xSrl}.pid fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/fpm-cli.ctrl.${_tRee}.${_xSrl}.pid" ]; then _usrGroup=users [ -e "/var/backups/off-run/" ] && cp -a /var/backups/off-run/run* /var/xdrago/ &> /dev/null for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do _tUsr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ "${_tUsr}" != "arch" ]; then if [ ! -e "${_pthSysUsr}/static/control/MyQuick.info" ] \ && [ ! -e "${_pthSysUsr}/static/control/MyClassic.info" ]; then echo ON > ${_pthSysUsr}/static/control/MyQuick.info fi if [ ! -e "${_pthSysUsr}/static/control/.disFastTrack.pid" ]; then rm -f ${_pthSysUsr}/static/control/FastTrack.info touch ${_pthSysUsr}/static/control/.disFastTrack.pid fi if [ ! -e "${_pthSysUsr}/static/control/FastTrack.info" ] \ && [ ! -e "${_pthSysUsr}/static/control/ClassicTrack.info" ]; then echo ON > ${_pthSysUsr}/static/control/ClassicTrack.info fi if [ -e "${_pthSysUsr}/static/control/fpm.info" ] \ && [ ! -e "${_pthSysUsr}/static/control/cli.info" ]; then cp ${_pthSysUsr}/static/control/fpm.info ${_pthSysUsr}/static/control/cli.info fi if [ -e "${_pthSysUsr}/log/CANCELLED" ] \ || [ -e "${_pthSysUsr}/log/proxied.pid" ] \ || [ ! -e "${_pthSysUsr}/static/control/cli.info" ]; then if [ -e "/var/xdrago/run-${_tUsr}" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then if [ ! -e "/var/backups/off-run" ]; then mkdir -p /var/backups/off-run/ fi mv -f /var/xdrago/run-${_tUsr} /var/backups/off-run/ fi else _dscUsr="/data/disk/${_tUsr}" _ngxCnf="${_dscUsr}/config/includes/nginx_vhost_common.conf" _NGINX_CNF_TEST=$(grep "foobaroff" ${_ngxCnf} 2>&1) if [[ "${_NGINX_CNF_TEST}" =~ "foobaroff" ]]; then _DO_NOTHING=YES else sed -i "s/args.*q=/args ~* \"foobaroff=/g" ${_ngxCnf} fi for _version in 81 82 83 84 74; do if [ -x "/opt/php${_version}/bin/php" ]; then if [ "${_version}" = "74" ]; then _useCli="7.4" _useFpm="7.4" else _useCli="8.${_version:1}" _useFpm="8.${_version:1}" fi break fi done if [ ! -e "${_dscUsr}/static/control/fpm.info" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then if [ -n "${_useFpm}" ]; then echo ${_useFpm} > ${_dscUsr}/static/control/fpm.info chown ${_tUsr}.ftp:${_usrGroup} ${_dscUsr}/static/control/fpm.info chmod 0644 ${_dscUsr}/static/control/fpm.info fi fi if [ ! -e "${_dscUsr}/static/control/cli.info" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then if [ -e "${_dscUsr}/static/control/fpm.info" ]; then cp -af ${_dscUsr}/static/control/fpm.info ${_dscUsr}/static/control/cli.info else if [ -n "${_useCli}" ]; then echo ${_useCli} > ${_dscUsr}/static/control/cli.info chown ${_tUsr}.ftp:${_usrGroup} ${_dscUsr}/static/control/cli.info chmod 0644 ${_dscUsr}/static/control/cli.info fi fi fi if [ ! -e "${_dscUsr}/static/control/.ctrl.${_tRee}.${_xSrl}.pid" ] \ && [ -e "/home/${_tUsr}.ftp/clients" ]; then mkdir -p ${_dscUsr}/static/control chmod 755 ${_dscUsr}/static/control if [ -e "/var/xdrago/conf/control-readme.txt" ]; then cp -af /var/xdrago/conf/control-readme.txt \ ${_dscUsr}/static/control/README.txt &> /dev/null chmod 0644 ${_dscUsr}/static/control/README.txt fi chown -R ${_tUsr}.ftp:${_usrGroup} ${_dscUsr}/static/control rm -f ${_dscUsr}/static/control/.ctrl.* echo OK > ${_dscUsr}/static/control/.ctrl.${_tRee}.${_xSrl}.pid fi fi fi done touch ${_pthLog}/fpm-cli.ctrl.${_tRee}.${_xSrl}.pid fi # Create the destination directory if it doesn't exist mkdir -p /var/backups/off-run/ # Loop through all files matching the pattern /var/xdrago/run-USER for _file in /var/xdrago/run-*; do # Skip iteration if no files match the pattern [ -e "${_file}" ] || continue # Extract the _USER from the filename _USER=${_file#/var/xdrago/run-} # Define the paths to check _USER_DIR="/data/disk/${_USER}" _CANCELLED_FILE="${_USER_DIR}/log/CANCELLED" _PROXIED_PID_FILE="${_USER_DIR}/log/proxied.pid" _CLI_INFO_FILE="${_USER_DIR}/static/control/cli.info" # Check the conditions if [ ! -d "${_USER_DIR}" ] || \ [ -f "${_CANCELLED_FILE}" ] || \ [ -f "${_PROXIED_PID_FILE}" ] || \ [ ! -f "${_CLI_INFO_FILE}" ]; then # Move the file if any condition is met mv -f "${_file}" /var/backups/off-run/ fi if grep -q "renice 0" "${_file}"; then sed -i "s/renice 0/renice 9/g" "${_file}" fi done if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "${_provLeIncFull}" ] \ && [ -e "${_hoLeIncFull}" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/hosting_le_vt.ctrl.${_tRee}.${_xSrl}.pid" ]; then _leBasePath="profiles/hostmaster/modules/aegir/hosting_le" _lePath="${_leBasePath}/drush/${_provLeInc}" _leVhPath="${_leBasePath}/hosting_le_vhost/drush/${_hoLeInc}" for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do if [ -e "${_pthSysUsr}/config/server_master/nginx/vhost.d" ] \ && [ -e "${_pthSysUsr}/static/control/cli.info" ] \ && [ ! -e "${_pthSysUsr}/log/proxied.pid" ] \ && [ ! -e "${_pthSysUsr}/log/CANCELLED" ]; then _tUsr= _validReg= _validIPr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) _dscUsr="/data/disk/${_tUsr}" _hmPf=$(cat ${_dscUsr}/.drush/hostmaster.alias.drushrc.php \ | grep "root'" \ | cut -d: -f2 \ | awk '{ print $3}' \ | sed "s/[\,']//g" 2>&1) _locFile="${_hmPf}/${_lePath}" if [ -e "${_locFile}" ] && [ -e "${_provLeIncFull}" ]; then cp -af ${_provLeIncFull} ${_locFile} chown ${_tUsr}:users ${_locFile} chmod 0644 ${_locFile} fi _locVhFile="${_hmPf}/${_leVhPath}" if [ -e "${_locVhFile}" ] && [ -e "${_hoLeIncFull}" ]; then cp -af ${_hoLeIncFull} ${_locVhFile} chown ${_tUsr}:users ${_locVhFile} chmod 0644 ${_locVhFile} fi _leRoot="${_dscUsr}/tools/le" _exeLe="${_leRoot}/dehydrated" _dehydFull="${_leRoot}/${_dehydName}" _legacyLeShFile="${_leRoot}/letsencrypt.sh" _lockLeFile="${_leRoot}/lock" _configIni="${_leRoot}/config" _acctsDir="${_leRoot}/accounts" _acctsDemoDir="${_leRoot}/accounts-demo" _demoPid="${_leRoot}/.ctrl/ssl-demo-mode.pid" _normalRegPid="${_leRoot}/.ctrl/normal-re6-register.pid" _forcedRegPid="${_leRoot}/.ctrl/forced-re6-register.pid" _onDemandRegPid="${_leRoot}/.ctrl/onDemand-register.pid" _validIdn=$(grep "letsencrypt" ${_acctsDir}/*/account_id.json 2>&1) _validReg=$(grep "valid" ${_acctsDir}/*/registration_info.json 2>&1) _validIPr=$(grep "${_LOC_IP}" ${_acctsDir}/*/registration_info.json 2>&1) _HOUR=$(date +%H 2>&1) _HOUR=${_HOUR//[^0-9-]/} if [ -e "${_dehydSrcPath}" ]; then cp -af ${_dehydSrcPath} ${_dehydFull} chown ${_tUsr}:users ${_dehydFull} chmod 0700 ${_dehydFull} fi if [ -e "${_dehydFull}" ] \ && [ ! -e "${_normalRegPid}" ]; then if [ "${_HOUR}" = "5" ] \ || [ "${_HOUR}" = "17" ] \ || [ -e "${_onDemandRegPid}" ]; then su -s /bin/bash - ${_tUsr} -c "bash ${_exeLe} --register --accept-terms" wait touch ${_normalRegPid} fi fi if [ -e "${_lockLeFile}" ]; then rm -f ${_lockLeFile} sleep 1 fi if [ -e "${_demoPid}" ]; then rm -f ${_demoPid} fi if [ "${_HOUR}" = "11" ] \ || [ "${_HOUR}" = "23" ] \ || [ -e "${_onDemandRegPid}" ]; then if [ -e "${_legacyLeShFile}" ] \ || [ -e "${_acctsDemoDir}" ] \ || [[ ! "${_validIdn}" =~ "letsencrypt" ]] \ || [[ ! "${_validReg}" =~ "valid" ]] \ || [[ ! "${_validIPr}" =~ "${_LOC_IP}" ]] \ || [ ! -e "${_forcedRegPid}" ]; then rm -f ${_legacyLeShFile} rm -rf ${_acctsDemoDir} rm -rf ${_acctsDir} rm -f ${_leRoot}/.ctrl/.forced* rm -f ${_leRoot}/.ctrl/.normal* rm -f ${_leRoot}/.ctrl/forced* rm -f ${_leRoot}/.ctrl/normal* if [ -e "${_exeLe}" ]; then su -s /bin/bash - ${_tUsr} -c "bash ${_exeLe} --register --accept-terms" wait touch ${_forcedRegPid} touch ${_normalRegPid} fi fi fi fi done touch ${_pthLog}/hosting_le_vt.ctrl.${_tRee}.${_xSrl}.pid fi if ! grep -q "defunct" /opt/local/bin/websh; then rm -f ${_pthLog}/websh.ctrl.* fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_pthLog}/websh.ctrl.f72.${_tRee}.${_xSrl}.pid" ]; then mv -f /opt/local/bin/websh /var/xdrago/websh.sh.old curl ${_crlGet} "${_urlHmr}/helpers/websh.sh.txt" -o /opt/local/bin/websh if [ -e "/opt/local/bin/websh" ] \ && grep -i '_forward_to_dash' /opt/local/bin/websh &> /dev/null; then chmod 755 /opt/local/bin/websh chown root:root /opt/local/bin/websh [ -x "/bin/websh" ] && [ ! -L "/bin/websh" ] && ln -sfn /opt/local/bin/websh /bin/websh touch ${_pthLog}/websh.ctrl.f72.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/websh.sh.old /opt/local/bin/websh fi _WEB_SH="$(readlink -n /bin/sh)" if [ -x "/opt/local/bin/websh" ] \ && grep -i '_forward_to_dash' /opt/local/bin/websh &> /dev/null; then if [ "${_WEB_SH}" != "/opt/local/bin/websh" ]; then ln -sfn /opt/local/bin/websh /bin/sh if [ -e "/usr/bin/sh" ]; then ln -sfn /opt/local/bin/websh /usr/bin/sh fi [ -x "/bin/websh" ] && [ ! -L "/bin/websh" ] && ln -sfn /opt/local/bin/websh /bin/websh fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -x "/etc/cron.hourly/systemtime" ] \ && [ ! -e "${_pthLog}/systemtime.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then curl ${_crlGet} "${_urlHmr}/helpers/systemtime" -o /etc/cron.hourly/systemtime if [ -e "/etc/cron.hourly/systemtime" ]; then chmod 755 /etc/cron.hourly/systemtime chown root:root /etc/cron.hourly/systemtime service cron restart touch ${_pthLog}/systemtime.ctrl.f95.${_tRee}.${_xSrl}.pid fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/synproxy.ctrl.f93.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc synproxy_rollback) if (( _CNT > 0 )); then echo "The synproxy_rollback is running!" else if [ -e "${_optBin}/synproxy" ]; then mv -f ${_optBin}/synproxy ${_optBin}/synproxy.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/synproxy" -o ${_optBin}/synproxy if [ -e "${_optBin}/synproxy" ]; then chmod 700 ${_optBin}/synproxy chown root:root ${_optBin}/synproxy touch ${_pthLog}/synproxy.ctrl.f93.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/synproxy.old" ]; then mv -f ${_optBin}/synproxy.old ${_optBin}/synproxy fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/synproxy_rollback.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc synproxy_rollback) if (( _CNT > 0 )); then echo "The synproxy_rollback is running!" else if [ -e "${_optBin}/synproxy_rollback" ]; then mv -f ${_optBin}/synproxy_rollback ${_optBin}/synproxy_rollback.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/synproxy_rollback" -o ${_optBin}/synproxy_rollback if [ -e "${_optBin}/synproxy_rollback" ]; then chmod 700 ${_optBin}/synproxy_rollback chown root:root ${_optBin}/synproxy_rollback touch ${_pthLog}/synproxy_rollback.ctrl.f94.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/synproxy_rollback.old" ]; then mv -f ${_optBin}/synproxy_rollback.old ${_optBin}/synproxy_rollback fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/synproxy_reassert.ctrl.f88.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc synproxy_rollback) if (( _CNT > 0 )); then echo "The synproxy_rollback is running!" else if [ -e "${_optBin}/synproxy_reassert" ]; then mv -f ${_optBin}/synproxy_reassert ${_optBin}/synproxy_reassert.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/synproxy_reassert" -o ${_optBin}/synproxy_reassert if [ -e "${_optBin}/synproxy_reassert" ]; then chmod 700 ${_optBin}/synproxy_reassert chown root:root ${_optBin}/synproxy_reassert touch ${_pthLog}/synproxy_reassert.ctrl.f88.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/synproxy_reassert.old" ]; then mv -f ${_optBin}/synproxy_reassert.old ${_optBin}/synproxy_reassert fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/synproxy_hook_fix.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc synproxy_rollback) if (( _CNT > 0 )); then echo "The synproxy_rollback is running!" else if [ -e "${_optBin}/synproxy_hook_fix" ]; then mv -f ${_optBin}/synproxy_hook_fix ${_optBin}/synproxy_hook_fix.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/synproxy_hook_fix" -o ${_optBin}/synproxy_hook_fix if [ -e "${_optBin}/synproxy_hook_fix" ]; then chmod 700 ${_optBin}/synproxy_hook_fix chown root:root ${_optBin}/synproxy_hook_fix touch ${_pthLog}/synproxy_hook_fix.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/synproxy_hook_fix.old" ]; then mv -f ${_optBin}/synproxy_hook_fix.old ${_optBin}/synproxy_hook_fix fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/synproxy_snapshot.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc synproxy_rollback) if (( _CNT > 0 )); then echo "The synproxy_rollback is running!" else if [ -e "${_optBin}/synproxy_snapshot" ]; then mv -f ${_optBin}/synproxy_snapshot ${_optBin}/synproxy_snapshot.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/synproxy_snapshot" -o ${_optBin}/synproxy_snapshot if [ -e "${_optBin}/synproxy_snapshot" ]; then chmod 700 ${_optBin}/synproxy_snapshot chown root:root ${_optBin}/synproxy_snapshot touch ${_pthLog}/synproxy_snapshot.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/synproxy_snapshot.old" ]; then mv -f ${_optBin}/synproxy_snapshot.old ${_optBin}/synproxy_snapshot fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/synproxy_status.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc synproxy_rollback) if (( _CNT > 0 )); then echo "The synproxy_rollback is running!" else if [ -e "${_optBin}/synproxy_status" ]; then mv -f ${_optBin}/synproxy_status ${_optBin}/synproxy_status.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/synproxy_status" -o ${_optBin}/synproxy_status if [ -e "${_optBin}/synproxy_status" ]; then chmod 700 ${_optBin}/synproxy_status chown root:root ${_optBin}/synproxy_status touch ${_pthLog}/synproxy_status.ctrl.f99.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/synproxy_status.old" ]; then mv -f ${_optBin}/synproxy_status.old ${_optBin}/synproxy_status fi fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/synproxy_monitor.ctrl.f98.${_tRee}.${_xSrl}.pid" ]; then _CNT=$(pgrep -fc synproxy_rollback) if (( _CNT > 0 )); then echo "The synproxy_rollback is running!" else if [ -e "${_optBin}/synproxy_monitor" ]; then mv -f ${_optBin}/synproxy_monitor ${_optBin}/synproxy_monitor.old fi curl ${_crlGet} "${_urlHmr}/tools/bin/synproxy_monitor" -o ${_optBin}/synproxy_monitor if [ -e "${_optBin}/synproxy_monitor" ]; then chmod 700 ${_optBin}/synproxy_monitor chown root:root ${_optBin}/synproxy_monitor touch ${_pthLog}/synproxy_monitor.ctrl.f98.${_tRee}.${_xSrl}.pid else if [ -e "${_optBin}/synproxy_monitor.old" ]; then mv -f ${_optBin}/synproxy_monitor.old ${_optBin}/synproxy_monitor fi fi fi fi _Dir="/data/all/000/modules" _REDIS_T_VERSION=8.x-1.8.2 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_nine_ten _get_dev_contrib "redis_nine_ten-${_REDIS_T_VERSION}.tar.gz" echo update > ${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_nine_ten.ctrl.${_xSrl}.log fi fi _Dir="/data/all/000/modules" _REDIS_C_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_compr _get_dev_contrib "redis_compr-${_REDIS_C_VERSION}.tar.gz" echo update > ${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_compr.ctrl.${_xSrl}.log fi fi _Dir="/data/all/000/modules" _REDIS_L_VERSION=7.x-3.19.1 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_edge _get_dev_contrib "redis_edge-${_REDIS_L_VERSION}.tar.gz" echo update > ${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_edge.ctrl.${_xSrl}.log fi fi _Dir="/data/all/000/modules" _REDIS_N_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_eight _get_dev_contrib "redis_eight-${_REDIS_N_VERSION}.tar.gz" echo update > ${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_eight.ctrl.${_xSrl}.log fi fi } _fix_core_dgd() { # sed -i "s/^_PERMISSIONS_FIX=.*/_PERMISSIONS_FIX=YES/g" ${_barCnf} _saCoreS="${_saCoreN}-D7" _saIncDb="includes/database/database.inc" _saPatch="/var/xdrago/conf/${_saCoreS}.patch" _saQCoreN="${_saCoreN}" _saQCoreS="${_saQCoreN}-D8" _saQIncDb="core/includes/database.inc" _saQPatch="/var/xdrago/conf/${_saQCoreS}.patch" _saXCoreN="${_saCoreN}" _saXCoreS="${_saXCoreN}-D6" _saXIncDb="includes/database.inc" _saXPatch="/var/xdrago/conf/${_saXCoreS}.patch" _saBCoreP="${_saCoreN}-provision" _saBPatch="/var/xdrago/conf/${_saBCoreP}.patch" # SA-CORE D8 patch if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_saQPatch}" ]; then mkdir -p /var/xdrago/conf curl ${_crlGet} "${_urlHmr}/patches/8-core/${_saQCoreS}.patch" -o ${_saQPatch} fi # SA-CORE D7 patch if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_saPatch}" ]; then mkdir -p /var/xdrago/conf curl ${_crlGet} "${_urlHmr}/patches/7-core/${_saCoreS}.patch" -o ${_saPatch} fi # SA-CORE D6 patch # if [ -e "/var/xdrago" ] \ # && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ # && [ ! -e "${_saXPatch}" ]; then # mkdir -p /var/xdrago/conf # curl ${_crlGet} "${_urlHmr}/patches/6-core/${_saXCoreS}.patch" -o ${_saXPatch} # fi # SA-CORE for Octopus hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -d "/data/u" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/hostmaster-octopus-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /data/disk/*/aegir/distro/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/hostmaster-octopus-${_saCoreN}-fixed-d7.log fi cd fi # SA-CORE for Barracuda hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/hostmaster-barracuda-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /var/aegir/host_master/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done for _File in `find /var/aegir/hostmaster*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/hostmaster-barracuda-${_saCoreN}-fixed-d7.log fi cd fi # SA-CORE for built-in D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saPatch}" ] \ && [ ! -e "${_pthLog}/${_saCoreN}-fixed-d7.log" ]; then if [ -d "/data/all/000/core" ]; then for _Core in `find /data/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for _Core in `find /data/disk/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null done fi touch ${_pthLog}/${_saCoreN}-fixed-d7.log cd fi # SA-CORE for ancient D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /data/all/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saCoreN}-fixed-d7.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saCoreN}-fixed-d7eee.log" ]; then for _File in `find /data/disk/all/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saCoreN}-fixed-d7eee.log fi cd fi # SA-CORE for custom D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/batch-custom-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /data/disk/*/static/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done fi cd touch ${_pthLog}/batch-custom-${_saCoreN}-fixed-d7.log fi # SA-CORE for D8 platforms in ~/static if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saQPatch}" ]; then if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/batch-custom-${_saQCoreN}-fixed-d8.log" ]; then for _File in `find /data/disk/*/static/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done fi cd touch ${_pthLog}/batch-custom-${_saQCoreN}-fixed-d8.log fi # SA-CORE for built-in D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saXPatch}" ] \ && [ ! -e "${_pthLog}/${_saXCoreN}-finally-fixed-d6.log" ]; then if [ -d "/data/all/000/core" ]; then for _Core in `find /data/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for _Core in `find /data/disk/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null done fi touch ${_pthLog}/${_saXCoreN}-finally-fixed-d6.log cd fi # SA-CORE for ancient D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saXPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6.log" ]; then for _File in `find /data/all/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6eee.log" ]; then for _File in `find /data/disk/all/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6eee.log fi cd fi # SA-CORE for custom D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ -e "${_saXPatch}" ]; then if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/batch-custom-${_saXCoreN}-finally-fixed-d6.log" ]; then for _File in `find /data/disk/*/static/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/*/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done fi cd touch ${_pthLog}/batch-custom-${_saXCoreN}-finally-fixed-d6.log fi } _fix_ping_perms() { if [ -e "/bin/ping" ]; then _PING_TEST=$(ls -la /bin/ping | grep rwsr-xr-x 2>&1) if [ -z "${_PING_TEST}" ]; then chown root:root /bin/ping chmod 4755 /bin/ping fi fi } _fix_fpm_process_max() { if [ ! -e "${_pthLog}/process.max.ctrl.${_tRee}.${_xSrl}.pid" ]; then sed -i "s/process.max =.*/process.max = 0/g" /opt/php*/etc/php*-fpm.conf touch ${_pthLog}/process.max.ctrl.${_tRee}.${_xSrl}.pid fi } _fix_node_in_lshell_access() { if [ ! -e "${_pthLog}/node.lshell-fix-npx.ctrl.${_tRee}.${_xSrl}.pid" ] \ && [ -e "/etc/lshell.conf" ]; then _PrTestPhantom=$(grep "PHANTOM" /root/.*.octopus.cnf 2>&1) _PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) if [[ "${_PrTestPhantom}" =~ "PHANTOM" ]] \ || [[ "${_PrTestCluster}" =~ "CLUSTER" ]] \ || [ -e "/root/.allow.node.lshell.cnf" ]; then _ALLOW_NODE=YES else _ALLOW_NODE=NO sed -i \ -e "s/, 'node', 'npm', 'npx',/,/gi" \ -e "s/, 'scp',/,/gi" \ /etc/lshell.conf /var/xdrago/conf/lshell.conf fi touch ${_pthLog}/node.lshell-fix-npx.ctrl.${_tRee}.${_xSrl}.pid fi } _fix_php_in_lshell_access() { if [ ! -e "${_pthLog}/php.lshell-fix-php.ctrl.${_tRee}.${_xSrl}.pid" ] \ && [ -e "/etc/lshell.conf" ]; then _PrTestPhantom=$(grep "PHANTOM" /root/.*.octopus.cnf 2>&1) _PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) if [[ "${_PrTestPhantom}" =~ "PHANTOM" ]] \ || [[ "${_PrTestCluster}" =~ "CLUSTER" ]] \ || [ -e "/root/.allow.php.lshell.cnf" ]; then _ALLOW_PHP=YES else _ALLOW_PHP=NO sed -i \ -e "s/, 'php.*':.*php',/,/gi" \ -e "s/, '\/opt\/php.*',/,/gi" \ /etc/lshell.conf /var/xdrago/conf/lshell.conf fi touch ${_pthLog}/php.lshell-fix-php.ctrl.${_tRee}.${_xSrl}.pid fi } _if_fix_lshell() { if [ ! -e "/usr/local/etc/lshell.conf" ] \ && [ ! -L "/usr/local/etc/lshell.conf" ] \ && [ -e "/etc/lshell.conf" ]; then [ ! -d "/usr/local/etc" ] && mkdir -p /usr/local/etc ln -sfn /etc/lshell.conf /usr/local/etc/lshell.conf fi _LSHELL_VRN=0.10 _PATH_LSHELL="${_usrBin}/lshell" _LSHELL_CHK_VRN=0.10 _LSHELL_FORCE_REINSTALL=NO _isLshell=$(which lshell 2>&1) _LSHELL_ITD=$(${_isLshell} --version 2>&1 \ | tr -d "\n" \ | cut -d"-" -f2 \ | awk '{ print $1}' 2>&1) if [ -z "${_isLshell}" ] \ || [ -z "${_PATH_LSHELL}" ] \ || [ "${_LSHELL_ITD}" != "${_LSHELL_CHK_VRN}" ] \ || [[ "${_LSHELL_ITD}" =~ "Traceback" ]] \ || [[ "${_LSHELL_ITD}" =~ "bad interpreter" ]] \ || [[ "${_LSHELL_ITD}" =~ "ImportError" ]]; then _LSHELL_FORCE_REINSTALL=YES fi if [ "${_LSHELL_FORCE_REINSTALL}" = "YES" ]; then [ -f "/etc/lshell.conf" ] && cp -af /etc/lshell.conf /etc/lshell.conf-bak-${_LSHELL_VRN} _apt_clean_update apt-get install python3-pip ${_aptYesUnth} if [ -x "/usr/bin/pip3" ]; then _usePip=/usr/bin/pip3 elif [ -x "/usr/local/bin/pip3" ]; then _usePip=/usr/local/bin/pip3 fi _PIP_TEST=$(${_usePip} --version 2>&1) if [[ "${_PIP_TEST}" =~ "python 3.11" ]] \ || [[ "${_PIP_TEST}" =~ "python 3.12" ]]; then ${_usePip} install --upgrade pip --root-user-action ignore else ${_usePip} install --upgrade pip fi cd /var/opt rm -rf lshell* _get_dev_src "lshell-${_LSHELL_VRN}.tar.gz" for _Files in `find /var/opt/lshell-${_LSHELL_VRN} -type f`; do sed -i "s/kicked/logged/g" ${_Files} &> /dev/null wait sed -i "s/Kicked/Logged/g" ${_Files} &> /dev/null wait done rm -rf /usr/local/lib/python*/site-packages/lshell* rm -rf /usr/local/lib/python*/dist-packages/lshell* cd /var/opt/lshell-${_LSHELL_VRN} _PIP_TEST=$(${_usePip} --version 2>&1) if [[ "${_PIP_TEST}" =~ "python 3.11" ]] \ || [[ "${_PIP_TEST}" =~ "python 3.12" ]]; then ${_usePip} install . --break-system-packages --root-user-action ignore else ${_usePip} install . fi [ -f "/etc/lshell.conf-bak-${_LSHELL_VRN}" ] && cp -af /etc/lshell.conf-bak-${_LSHELL_VRN} /etc/lshell.conf rm -f /etc/logrotate.d/lshell addgroup --system lshellg &> /dev/null addgroup --system ltd-shell-more &> /dev/null mkdir -p /var/log/lsh chown :lshellg /var/log/lsh chmod 770 /var/log/lsh &> /dev/null who | awk '$1 !~ /root/{ cmd="pkill -KILL -u " $1; system(cmd) }' touch ${_pthLog}/lshell-fix-build-${_LSHELL_VRN}.log fi if [ -e "${_usrBin}/lshell" ]; then chown root:users ${_usrBin}/lshell chmod 750 ${_usrBin}/lshell if [ ! -L "/usr/bin/lshell" ]; then ln -sfn ${_usrBin}/lshell /usr/bin/lshell &> /dev/null fi fi } _fix_stop_solr() { _restartSolr=FALSE if [ -x "/etc/init.d/solr9" ] && [ -e "/etc/default/solr9.in.sh" ]; then _SOLR9_STOP_TEST=$(grep "SOLR_STOP_PORT=19099" /etc/default/solr9.in.sh 2>&1) if [[ ! "${_SOLR9_STOP_TEST}" =~ "SOLR_STOP_PORT=19099" ]]; then sed -i "s/^SOLR_STOP_.*//g" /etc/default/solr9.in.sh wait echo "SOLR_STOP_PORT=19099" >> /etc/default/solr9.in.sh echo "SOLR_STOP_KEY=mycustomkey9" >> /etc/default/solr9.in.sh _restartSolr=TRUE fi fi if [ -x "/etc/init.d/solr7" ] && [ -e "/etc/default/solr7.in.sh" ]; then _SOLR7_STOP_TEST=$(grep "SOLR_STOP_PORT=17077" /etc/default/solr7.in.sh 2>&1) if [[ ! "${_SOLR7_STOP_TEST}" =~ "SOLR_STOP_PORT=17077" ]]; then sed -i "s/^SOLR_STOP_.*//g" /etc/default/solr7.in.sh wait echo "SOLR_STOP_PORT=17077" >> /etc/default/solr7.in.sh echo "SOLR_STOP_KEY=mycustomkey7" >> /etc/default/solr7.in.sh _restartSolr=TRUE fi fi _ctrl_jetty_nr=$(ls -la /tmp/jetty-0.0.0.0-8099-solr.war* | wc -l 2>&1) if [[ ! "${_ctrl_jetty_nr}" =~ "No such file" ]] && [ "${_ctrl_jetty_nr}" -gt 8 ]; then _restartSolr=TRUE fi if [ "${_restartSolr}" = "TRUE" ]; then if [ ! -x "/etc/init.d/jenkins" ] && [ ! -e "/var/lib/jenkins" ]; then rm -rf /tmp/jetty-* killall -9 java echo "_restartSolr at $(date)" >> ${_pthLog}/_fix_stop_solr.log fi fi } _fix_log4j_solr7() { _LOG4J_VRN=2.17.1 _DO_SOLR_RESTART= if [ -x "/etc/init.d/solr7" ] && [ -e "/etc/default/solr7.in.sh" ]; then if [ -e "/opt/solr-7.7.3" ] \ && [ ! -e "/opt/solr-7.7.3/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* _get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.7.3/ mv -f /opt/solr-7.7.3/server/lib/ext/log4j* /var/backups/log4j/solr-7.7.3/ rm -f /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.7.3/server/lib/ext/log4j* chown root:root /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi if [ -e "/opt/solr-7.6.0" ] \ && [ ! -e "/opt/solr-7.6.0/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* _get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.6.0/ mv -f /opt/solr-7.6.0/server/lib/ext/log4j* /var/backups/log4j/solr-7.6.0/ rm -f /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.6.0/server/lib/ext/log4j* chown root:root /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi _RESULT_LOG4J=$(grep "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" /etc/default/solr7.in.sh 2>&1) if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]]; then echo "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" >> /etc/default/solr7.in.sh fi if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]] || [ ! -z "${_DO_SOLR_RESTART}" ]; then #pkill -9 -f solr7 service solr7 restart &> /dev/null fi fi } _fix_authorized_keys() { if [ ! -e "${_pthLog}/_fix_authorized_keys.ctrl.${_tRee}.${_xSrl}.pid" ]; then chmod 0600 /home/*/.ssh/authorized_keys &> /dev/null chmod 0700 /home/*/.ssh &> /dev/null touch ${_pthLog}/_fix_authorized_keys.ctrl.${_tRee}.${_xSrl}.pid fi } _fix_tcp() { _TCP_FIX=$(grep "tcp_challenge_ack_limit" /etc/sysctl.conf 2>&1) if [ -z "${_TCP_FIX}" ]; then echo "net.ipv4.tcp_challenge_ack_limit = 1073741823" >> /etc/sysctl.conf fi } _fix_aio() { _AIO_FIX=$(grep "fs.aio-max-nr" /etc/sysctl.conf 2>&1) if [ -z "${_AIO_FIX}" ]; then echo "fs.aio-max-nr = 2097152" >> /etc/sysctl.conf fi } _fix_console_print() { _PRK_FIX=$(grep "kernel.printk" /etc/sysctl.conf 2>&1) if [ -z "${_PRK_FIX}" ]; then echo "kernel.printk = 4 1 1 7" >> /etc/sysctl.conf fi } _fix_java_symlinks() { if [ "${_OS_CODE}" = "jessie" ] && [ -x "/usr/lib/jvm/java-7-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-7-openjdk/jre/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_OS_CODE} fi fi if [ "${_OS_CODE}" = "stretch" ] && [ -x "/usr/lib/jvm/java-8-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-8-openjdk/jre/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_OS_CODE} fi fi if [ "${_OS_CODE}" = "daedalus" ] || [ "${_OS_CODE}" = "chimaera" ]; then if [ ! -e "/usr/lib/jvm/java-17-openjdk" ] \ && [ -d "/usr/lib/jvm/java-17-openjdk-amd64" ]; then ln -sfn /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/java-17-openjdk fi if [ ! -e "/usr/bin/java17" ] \ && [ -e "/usr/lib/jvm/java-17-openjdk-amd64/bin/java" ]; then ln -sfn /usr/lib/jvm/java-17-openjdk-amd64/bin/java /usr/bin/java17 fi if [ ! -e "/usr/lib/jvm/java-11-openjdk" ] \ && [ -d "/usr/lib/jvm/java-11-openjdk-amd64" ]; then ln -sfn /usr/lib/jvm/java-11-openjdk-amd64 /usr/lib/jvm/java-11-openjdk fi if [ ! -e "/usr/bin/java11" ] \ && [ -e "/usr/lib/jvm/java-11-openjdk-amd64/bin/java" ]; then ln -sfn /usr/lib/jvm/java-11-openjdk-amd64/bin/java /usr/bin/java11 fi if [ -x "/etc/init.d/jenkins" ] && [ -e "/var/lib/jenkins" ]; then _LOOK_LIKE_JENKINS=TRUE elif [ -e "/root/.look.like.jenkins.cnf" ]; then _LOOK_LIKE_JENKINS=TRUE else _LOOK_LIKE_JENKINS=FALSE fi if [ "${_LOOK_LIKE_JENKINS}" = "TRUE" ] || [ "${_OS_CODE}" = "daedalus" ]; then if [ -x "/usr/lib/jvm/java-17-openjdk/bin/java" ] \ && [ ! -e "/var/log/.fixed-java17-symlinks.log" ]; then if [ -e "/usr/lib/jvm/java-1.17.0-openjdk-amd64" ]; then rm -f /usr/lib/jvm/default-java ln -sfn /usr/lib/jvm/java-1.17.0-openjdk-amd64 /usr/lib/jvm/default-java fi ln -sfn /usr/lib/jvm/java-17-openjdk/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java touch /var/log/.fixed-java17-symlinks.log echo "Fixed Java 17 symlinks for ${_OS_CODE}" fi else if [ -x "/usr/lib/jvm/java-11-openjdk/bin/java" ]; then if [ -e "/usr/lib/jvm/java-1.11.0-openjdk-amd64" ]; then rm -f /usr/lib/jvm/default-java ln -sfn /usr/lib/jvm/java-1.11.0-openjdk-amd64 /usr/lib/jvm/default-java fi if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-11-openjdk/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo "Fixed Java 11 symlinks for ${_OS_CODE}" fi fi fi else if [ -x "/usr/lib/jvm/java-11-openjdk/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-11-openjdk/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo "Fixed Java 11 symlinks for ${_OS_CODE}" fi fi fi } _fix_composer_version() { _COMPOSER_VRN=2.8.2 if [ -x "/usr/local/bin/composer" ]; then _COMPOSER_IS=$(composer --no-interaction --version 2>&1 \ | tr -d "\n" \ | cut -d" " -f35 \ | awk '{ print $1}' 2>&1) if [ "${_COMPOSER_IS}" != "${_COMPOSER_VRN}" ]; then composer self-update ${_COMPOSER_VRN} &> /dev/null fi fi } _fix_sftp_server() { if [ -e "/etc/ssh/sshd_config" ]; then _SFTP_UMASK_TEST=$(grep "sftp-server -u 0002" /etc/ssh/sshd_config 2>&1) if [[ ! "${_SFTP_UMASK_TEST}" =~ "sftp-server -u 0002" ]]; then sed -i "s/^Subsystem.*//g" /etc/ssh/sshd_config echo "Subsystem sftp /usr/lib/openssh/sftp-server -u 0002" >> /etc/ssh/sshd_config sed -i "/^$/d" /etc/ssh/sshd_config service ssh restart 2> /dev/null fi fi } _fix_wkhtml_perms() { _WKHTML_ARRAY="/usr/local/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf-0.12.4 \ /usr/local/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage-0.12.4" for _WKHTML_ITEM in ${_WKHTML_ARRAY}; do if [ -x "${_WKHTML_ITEM}" ]; then _PERM_TEST=$(ls -la ${_WKHTML_ITEM} | grep rwxr-xr-x 2>&1) if [ -z "${_PERM_TEST}" ]; then chgrp root ${_WKHTML_ITEM} &> /dev/null chmod 755 ${_WKHTML_ITEM} &> /dev/null fi fi done } _fix_wkhtml() { if [ -x "/usr/local/bin/wkhtmltopdf" ] \ && [ -L "/usr/bin/wkhtmltopdf" ]; then rm -f /usr/bin/wkhtmltopdf cp -af /usr/local/bin/wkhtmltopdf /usr/bin/wkhtmltopdf chgrp root /usr/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/bin/wkhtmltopdf &> /dev/null fi if [ -x "/usr/local/bin/wkhtmltoimage" ] \ && [ -L "/usr/bin/wkhtmltoimage" ]; then rm -f /usr/bin/wkhtmltoimage cp -af /usr/local/bin/wkhtmltoimage /usr/bin/wkhtmltoimage chgrp root /usr/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/bin/wkhtmltoimage &> /dev/null fi if [ -x "/usr/local/bin/wkhtmltopdf" ] \ && [ ! -e "/usr/bin/wkhtmltopdf" ]; then cp -af /usr/local/bin/wkhtmltopdf /usr/bin/wkhtmltopdf chgrp root /usr/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/bin/wkhtmltopdf &> /dev/null fi if [ -x "/usr/local/bin/wkhtmltoimage" ] \ && [ ! -e "/usr/bin/wkhtmltoimage" ]; then cp -af /usr/local/bin/wkhtmltoimage /usr/bin/wkhtmltoimage chgrp root /usr/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/bin/wkhtmltoimage &> /dev/null fi if [ ! -x "/usr/local/bin/wkhtmltopdf" ] \ && [ -x "/usr/bin/wkhtmltopdf" ]; then rm -f /usr/local/bin/wkhtmltopdf cp -af /usr/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf chgrp root /usr/local/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/local/bin/wkhtmltopdf &> /dev/null fi if [ ! -x "/usr/local/bin/wkhtmltoimage" ] \ && [ -x "/usr/bin/wkhtmltoimage" ]; then rm -f /usr/local/bin/wkhtmltoimage cp -af /usr/bin/wkhtmltoimage /usr/local/bin/wkhtmltoimage chgrp root /usr/local/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/local/bin/wkhtmltoimage &> /dev/null fi } _fix_eldir() { if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ ! -e "${_eldirP}" ]; then mkdir -p /var/xdrago/conf curl ${_crlGet} "${_urlHmr}/patches/${_eldirF}" -o ${_eldirP} fi } _if_drupal_patches_update() { if [ -e "/var/xdrago" ]; then _BROKEN_UPDATE_TEST_A=$(grep "Under Construction" /data/conf/patches/* 2>&1) _BROKEN_UPDATE_TEST_B=$(grep "404 Not Found" /data/conf/patches/* 2>&1) if [ ! -z "${_BROKEN_UPDATE_TEST_A}" ] \ || [ ! -z "${_BROKEN_UPDATE_TEST_B}" ] \ || [ ! -e "/data/conf/patches/ctrl.f96.${_tRee}.${_xSrl}.pid" ]; then mkdir -p /data/conf/patches rm -f /data/conf/patches/* touch /data/conf/patches/ctrl.f96.${_tRee}.${_xSrl}.pid fi fi } _fix_drupal_core_ten() { if [ -e "/var/xdrago" ]; then if [ ! -e "${_tenCorePatchPath}" ]; then mkdir -p /data/conf/patches curl ${_crlGet} "${_urlHmr}/patches/${_tenCorePatchFname}" -o ${_tenCorePatchPath} fi if [ ! -e "${_tenConsolePatchPath}" ]; then mkdir -p /data/conf/patches curl ${_crlGet} "${_urlHmr}/patches/${_tenConsolePatchFname}" -o ${_tenConsolePatchPath} fi fi } _fix_drupal_core_eleven() { if [ -e "/var/xdrago" ]; then if [ ! -e "${_elevenCorePatchPath}" ]; then mkdir -p /data/conf/patches curl ${_crlGet} "${_urlHmr}/patches/${_elevenCorePatchFname}" -o ${_elevenCorePatchPath} fi if [ ! -e "${_elevenConsolePatchPath}" ]; then mkdir -p /data/conf/patches curl ${_crlGet} "${_urlHmr}/patches/${_elevenConsolePatchFname}" -o ${_elevenConsolePatchPath} fi if [ ! -e "${_elevenValidatorPatchPath}" ]; then mkdir -p /data/conf/patches curl ${_crlGet} "${_urlHmr}/patches/${_elevenValidatorPatchFname}" -o ${_elevenValidatorPatchPath} fi fi } _fix_pure_ftpd() { if [ -e "/usr/local/etc/pure-ftpd.conf" ]; then _PAM_AUTH=$(grep "^PAMAuthentication" /usr/local/etc/pure-ftpd.conf 2>&1) if [ ! -z "${_PAM_AUTH}" ]; then sed -i "s/^PAMAuthentication/# PAMAuthentication/g" /usr/local/etc/pure-ftpd.conf killall -9 pure-ftpd &> /dev/null fi fi } _fix_hosting_le() { if [ -d "/var/xdrago/conf" ]; then if [ ! -e "${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid" ] \ || [ -e "/var/xdrago/${_provLeInc}" ] \ || [ -e "/var/xdrago/${_hoLeInc}" ] \ || [ -e "/var/xdrago/${_dehydName}" ] \ || [ -e "/root/${_provLeInc}" ] \ || [ -e "/root/hosting_le_vhost.drush.inc.ctrl.${_tRee}.${_xSrl}.pid" ] \ || [ -e "/root/${_hoLeInc}" ] \ || [ -e "${_legacyLeSh}" ] \ || [ ! -e "${_dehydSrcPath}" ] \ || [ ! -e "${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid" ]; then mkdir -p /var/xdrago/conf rm -f /var/xdrago/*.drush.inc* rm -f /root/*.drush.inc* rm -f ${_legacyLeSh} rm -f ${_dehydSrcPath}.ctrl.${_tRee}.${_xSrl}.pid rm -f ${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid rm -f ${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid curl ${_crlGet} "${_urlHmr}/helpers/${_dehydName}" -o ${_dehydSrcPath}.ctrl.${_tRee}.${_xSrl}.pid cp -af ${_dehydSrcPath}.ctrl.${_tRee}.${_xSrl}.pid ${_dehydSrcPath} curl ${_crlGet} "${_urlHmr}/patches/${_hoLeInc}" -o ${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid cp -af ${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid ${_hoLeIncFull} curl ${_crlGet} "${_urlHmr}/patches/${_provLeInc}" -o ${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid cp -af ${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid ${_provLeIncFull} fi fi } _fix_newrelic() { _PHP_EXT_DIR_74="/opt/php74/lib/php/extensions/no-debug-non-zts-20190902" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20190902.so" if [ -e "${_PHP_EXT_DIR_74}" ] \ && [ -e "${_NR_SO}" ] \ && [ ! -e "${_PHP_EXT_DIR_74}/newrelic.so" ]; then ln -sfn ${_NR_SO} ${_PHP_EXT_DIR_74}/newrelic.so service php74-fpm reload fi _PHP_EXT_DIR_71="/opt/php71/lib/php/extensions/no-debug-non-zts-20160303" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20160303.so" if [ -e "${_PHP_EXT_DIR_71}" ] \ && [ ! -e "${_NR_SO}" ] \ && [ -L "${_PHP_EXT_DIR_71}/newrelic.so" ]; then rm -f ${_PHP_EXT_DIR_71}/newrelic.so service php71-fpm reload fi _PHP_EXT_DIR_70="/opt/php70/lib/php/extensions/no-debug-non-zts-20151012" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20151012.so" if [ -e "${_PHP_EXT_DIR_70}" ] \ && [ ! -e "${_NR_SO}" ] \ && [ -L "${_PHP_EXT_DIR_70}/newrelic.so" ]; then rm -f ${_PHP_EXT_DIR_70}/newrelic.so service php70-fpm reload fi _PHP_EXT_DIR_56="/opt/php56/lib/php/extensions/no-debug-non-zts-20131226" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20131226.so" if [ -e "${_PHP_EXT_DIR_56}" ] \ && [ ! -e "${_NR_SO}" ] \ && [ -L "${_PHP_EXT_DIR_56}/newrelic.so" ]; then rm -f ${_PHP_EXT_DIR_56}/newrelic.so service php56-fpm reload fi } _fix_leftovers() { if [ -e "/data/disk/arch/static/control" ]; then rm -rf /data/disk/arch/static fi } _force_rebuild() { if [ ! -e "${_pthLog}/forced.rebuild.glibc.txt" ]; then echo "_GIT_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_NGX_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_PHP_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_SSH_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_SSL_FORCE_REINSTALL=YES" >> ${_barCnf} rm -f ${_pthLog}/pure-ftpd-build* rm -f ${_pthLog}/mss-build* rm -f ${_pthLog}/lshell-build* rm -f ${_pthLog}/redis-* rm -f ${_pthLog}/valkey-* touch ${_pthLog}/forced.rebuild.glibc.txt fi } # # Detect, remove, and report broken symlinks _check_and_remove_broken_symlinks() { local _dir=$1 # Find broken symlinks in the directory _broken_symlinks=$(find "${_dir}" -maxdepth 1 -type l ! -exec test -e {} \; -print) if [ -n "${_broken_symlinks}" ]; then if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Removing the following broken symlinks from ${_dir}:" echo "CLNP: ${_broken_symlinks}" fi for _symlink in ${_broken_symlinks}; do rm "${_symlink}" if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Removed broken symlink: ${_symlink}" fi done # Set the _ifAnySymlinksCleaned variable to true since we removed broken symlinks _ifAnySymlinksCleaned=YES else if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: No broken symlinks found in ${_dir}" fi fi } # # Check and move disallowed versions _check_and_move() { local _dir=$1 # Determine the name of the backup subdirectory based on the source directory local _backup_dir="${_backLegBase}$(echo "${_dir}" | tr '/' '_')" # Find any libcurl.so files in the directory, excluding the allowed version and those without a complete version number _found_versions=$(find "${_dir}" -maxdepth 1 -type f -name "libcurl.so.*" ! -name "${_allowedFile}" | grep -E "libcurl\.so\.[0-9]+\.[0-9]+\.[0-9]+$") if [ -n "${_found_versions}" ]; then if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Moving the following disallowed versions from ${_dir} to ${_backup_dir}:" echo "CLNP: ${_found_versions}" fi # Create the backup directory if it doesn't exist mkdir -p "${_backup_dir}" # Move each found version to the backup directory for _file in ${_found_versions}; do mv -f "${_file}" "${_backup_dir}/" if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Moved ${_file} to ${_backup_dir}/" fi done # Set the _ifAnyFilesCleaned variable to true since we moved files _ifAnyFilesCleaned=YES else if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Only the allowed version (${_allowedFile}) is present in ${_dir}" fi fi } _if_reinstall_curl() { _CURL_VRN=8.16.0 _CURL_INSTALL_REQUIRED=NO if ! command -v lsb_release &> /dev/null; then apt-get update -qq &> /dev/null apt-get install lsb-release ${_aptYesUnth} -qq &> /dev/null fi _OS_CODE=$(lsb_release -ar 2>/dev/null | grep -i codename | cut -s -f2) [ "${_OS_CODE}" = "wheezy" ] && _CURL_VRN=7.50.1 [ "${_OS_CODE}" = "jessie" ] && _CURL_VRN=7.71.1 [ "${_OS_CODE}" = "stretch" ] && _CURL_VRN=8.2.1 if [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ] \ && [ "${_OS_CODE}" != "jessie" ] \ && [ "${_OS_CODE}" != "stretch" ]; then # Target version _allowedFile="libcurl.so.4.8.0" # Directories to check _dirsToClean=("/usr/lib" "/usr/local/lib" "/usr/lib/x86_64-linux-gnu") # Backup base directory _backLegBase="/var/backups/legacy-libcurl-boa-${_NOW}" # Variable to track if any files were moved _ifAnyFilesCleaned=NO # Variable to track if any broken symlinks were found and removed _ifAnySymlinksCleaned=NO # Iterate over the directories and apply the _check_and_move function for _dir in "${_dirsToClean[@]}"; do _check_and_move "${_dir}" done # Iterate over the directories and apply the _check_and_remove_broken_symlinks function for _dir in "${_dirsToClean[@]}"; do _check_and_remove_broken_symlinks "${_dir}" done # Export the _ifAnyFilesCleaned variable for later use export _ifAnyFilesCleaned # Export the _ifAnySymlinksCleaned variable for later use export _ifAnySymlinksCleaned fi if [ "${_ifAnySymlinksCleaned}" = "YES" ] \ || [ "${_ifAnyFilesCleaned}" = "YES" ]; then ldconfig 2> /dev/null _CURL_INSTALL_REQUIRED=YES _bkLibcurlPre="/var/backups/legacy-libcurl-pre-${_CURL_VRN}-${_NOW}" mkdir -p ${_bkLibcurlPre} mv -f /usr/lib/x86_64-linux-gnu/libcurl.so* ${_bkLibcurlPre}/ &> /dev/null mv -f /usr/lib/x86_64-linux-gnu/libcurl.la ${_bkLibcurlPre}/ &> /dev/null mv -f /usr/lib/x86_64-linux-gnu/libcurl.a ${_bkLibcurlPre}/ &> /dev/null fi _isCurl=$(curl --version 2>&1) if [[ ! "${_isCurl}" =~ "OpenSSL" ]] \ || [[ "${_isCurl}" =~ "libcurl.so.4" ]] \ || [ -z "${_isCurl}" ] \ || [ "${_ifAnySymlinksCleaned}" = "YES" ] \ || [ "${_ifAnyFilesCleaned}" = "YES" ] \ || [ "${_CURL_INSTALL_REQUIRED}" = "YES" ]; then if [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then echo "OOPS: cURL is broken! Re-installing.." fi if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections 2> /dev/null _apt_clean_update # Check for libssl1.0-dev and remove conditionally if dpkg-query -W -f='${Status}' libssl1.0-dev 2>/dev/null | grep -q "install ok installed"; then apt-get remove libssl1.0-dev -y --purge --auto-remove -qq 2>/dev/null fi apt-get autoremove -y 2> /dev/null apt-get install libssl-dev ${_aptYesUnth} -qq 2> /dev/null apt-get install libc-client2007e libc-client2007e-dev ${_aptYesUnth}-qq 2> /dev/null apt-get build-dep curl ${_aptYesUnth} 2> /dev/null if [ ! -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then apt-get install curl --reinstall ${_aptYesUnth} -qq 2> /dev/null fi if [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then echo "INFO: Installing curl from sources..." mkdir -p /var/opt rm -rf /var/opt/curl* cd /var/opt wget ${_wgetGet} http://files.aegir.cc/dev/src/curl-${_CURL_VRN}.tar.gz &> /dev/null tar -xzf curl-${_CURL_VRN}.tar.gz &> /dev/null if [ -e "/root/.install.modern.openssl.cnf" ] \ && [ -x "/usr/local/ssl3/bin/openssl" ]; then _SSL_BINARY=/usr/local/ssl3/bin/openssl else _SSL_BINARY=/usr/local/ssl/bin/openssl fi if [ -e "/usr/local/ssl3/lib64/libssl.so.3" ]; then _SSL_PATH="/usr/local/ssl3" _SSL_LIB_PATH="${_SSL_PATH}/lib64" else _SSL_PATH="/usr/local/ssl" _SSL_LIB_PATH="${_SSL_PATH}/lib" fi _PKG_CONFIG_PATH="${_SSL_LIB_PATH}/pkgconfig" if [ -e "${_PKG_CONFIG_PATH}" ] \ && [ -e "/var/opt/curl-${_CURL_VRN}" ]; then cd /var/opt/curl-${_CURL_VRN} LIBS="-ldl -lpthread" PKG_CONFIG_PATH="${_PKG_CONFIG_PATH}" ./configure \ --with-openssl \ --with-zlib=/usr \ --prefix=/usr/local &> /dev/null make -j $(nproc) --quiet &> /dev/null make --quiet install &> /dev/null ldconfig 2> /dev/null fi fi if [ -x "/usr/local/bin/curl" ] && [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then _CURL_ITD=$(/usr/local/bin/curl --version 2>&1 \ | tr -d "\n" \ | cut -d" " -f2 \ | awk '{ print $1}' 2>&1) if [[ ! "${_CURL_ITD}" =~ OpenSSL ]]; then echo "ERRR: /usr/local/bin/curl is broken" echo "ERRR: Please install cURL and debug manually" else echo "GOOD: /usr/local/bin/curl works" echo "curl hold" | dpkg --set-selections &> /dev/null if [ -x "/usr/local/bin/curl" ]; then if [ -x "/usr/bin/curl" ] && [ ! -L "/usr/bin/curl" ]; then mv -f /usr/bin/curl /usr/bin/old-curl-$(date +%y%m%d-%H%M%S) fi ln -sfn /usr/local/bin/curl /usr/bin/curl fi if [ ! -e "${_SSL_PATH}/certs/ca-certificates.crt" ]; then cp -af /etc/ssl/certs/* ${_SSL_PATH}/certs/ &> /dev/null fi if [ -e "/usr/local/lib/libcurl.so.4.8.0" ]; then ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/libcurl.so ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/libcurl.so.4 ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/libcurl.so.4.8.0 ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/x86_64-linux-gnu/libcurl.so ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/x86_64-linux-gnu/libcurl.so.4 ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0 fi if [ -e "/usr/local/lib/libcurl.a" ]; then ln -sfn /usr/local/lib/libcurl.a /usr/lib/x86_64-linux-gnu/libcurl.a ln -sfn /usr/local/lib/libcurl.a /usr/lib/libcurl.a fi if [ -e "/usr/local/lib/libcurl.la" ]; then ln -sfn /usr/local/lib/libcurl.la /usr/lib/x86_64-linux-gnu/libcurl.la ln -sfn /usr/local/lib/libcurl.la /usr/lib/libcurl.la fi ldconfig 2> /dev/null if [ -e "/usr/local/include/curl/curl.h" ] \ && [ -e "/usr/local/include/curl/easy.h" ] \ && [ -d "/usr/include/x86_64-linux-gnu/curl" ] \ && [ ! -L "/usr/include/x86_64-linux-gnu/curl" ]; then _apt_clean_update if dpkg-query -W -f='${Status}' libcurl4-openssl-dev 2>/dev/null | grep -q "install ok installed"; then apt-get remove libcurl4-openssl-dev -y --purge --auto-remove -qq 2> /dev/null fi ln -sfn /usr/local/include/curl /usr/include/x86_64-linux-gnu/curl ldconfig 2> /dev/null fi fi fi fi } _if_boa_key_tools_update_allowed() { if [ -e "/root/.run-to-daedalus.cnf" ] \ || [ -e "/root/.run-to-chimaera.cnf" ] \ || [ -e "/root/.run-to-beowulf.cnf" ]; then _BOA_KEY_TOOLS_UPDATE_ALLOWED=NO else _BOA_KEY_TOOLS_UPDATE_ALLOWED=YES fi } _update_boa_tools() { mkdir -p ${_usrBin} if [ -e "${_pthLog}" ] && [ ! -e "${_pthLog}/updateFx30.ctrl.${_tRee}.${_xSrl}.pid" ]; then _fxPp="fix-drupal-platform-permissions.sh" _fxSp="fix-drupal-site-permissions.sh" _fxPo="fix-drupal-platform-ownership.sh" _fxSo="fix-drupal-site-ownership.sh" _fxLo="lock-local-drush-permissions.sh" curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxPp}" -o ${_usrBin}/${_fxPp} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxSp}" -o ${_usrBin}/${_fxSp} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxPo}" -o ${_usrBin}/${_fxPo} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxSo}" -o ${_usrBin}/${_fxSo} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxLo}" -o ${_usrBin}/${_fxLo} chmod 700 ${_usrBin}/${_fxPp} chmod 700 ${_usrBin}/${_fxSp} chmod 700 ${_usrBin}/${_fxPo} chmod 700 ${_usrBin}/${_fxSo} chmod 700 ${_usrBin}/${_fxLo} touch ${_pthLog}/updateFx30.ctrl.${_tRee}.${_xSrl}.pid fi mkdir -p ${_optBin} _boaBins="aptcleanup \ autobeowulf \ autochimaera \ autodaedalus \ autoinit \ autoupboa \ backboa \ backchain \ barracuda \ boa \ codebasecheck \ copydbackup \ dcysetup \ dhcpfix \ duobackboa \ fancynow \ ffdevuan \ ffmirror \ killer \ loadguard \ lock.inc \ memorytuner \ mergecsf \ multiback \ mybackup \ mycnfup \ mysqltuner5 \ mysqltuner8 \ octopus \ perftest \ randpass \ setprio \ smtpgapps \ sqlclean \ sqlmagic \ syncpass \ synproxy \ synproxy_hook_fix \ synproxy_monitor \ synproxy_reassert \ synproxy_rollback \ synproxy_snapshot \ synproxy_status \ thinkdifferent \ verifyvhostsdns \ vhostcheck \ vmnetfix \ weblogx \ webserver \ websh \ xboa \ xcopy" for _cbn in ${_boaBins}; do if [ -e "${_optBin}/${_cbn}" ]; then _CNT=$(pgrep -fc /local/bin/${_cbn}) if (( _CNT > 0 )); then echo "The ${_cbn} is running!" else _CNT=$(pgrep -fc /var/xdrago/daily.sh) if [ "${_cbn}" = "weblogx" ] && (( _CNT > 0 )); then echo "The ${_cbn} and daily.sh is running!" else rm -f ${_optBin}/${_cbn}.new if [ "${_cbn}" = "mysqltuner5" ] || [ "${_cbn}" = "mysqltuner8" ]; then curl ${_crlGet} "${_urlHmr}/helpers/${_cbn}" -o ${_optBin}/${_cbn}.new else curl ${_crlGet} "${_urlHmr}/${_tBn}/${_cbn}" -o ${_optBin}/${_cbn}.new fi mv -f ${_optBin}/${_cbn} ${_optBin}/${_cbn}.prev mv -f ${_optBin}/${_cbn}.new ${_optBin}/${_cbn} if [ -e "${_optBin}/${_cbn}" ]; then chmod 755 ${_optBin}/${_cbn} rm -f ${_optBin}/${_cbn}.prev else mv -f ${_optBin}/${_cbn}.prev ${_optBin}/${_cbn} fi fi fi else if [ "${_cbn}" = "mysqltuner5" ] || [ "${_cbn}" = "mysqltuner8" ]; then curl ${_crlGet} "${_urlHmr}/helpers/${_cbn}" -o ${_optBin}/${_cbn} else curl ${_crlGet} "${_urlHmr}/${_tBn}/${_cbn}" -o ${_optBin}/${_cbn} fi fi done if [ ! -e "/data/u" ] && [ -e "${_optBin}/killer" ] && [ ! -e "${_usrBin}/vmnetfix" ]; then rm -f ${_usrBin}/{aptcleanup*,autoinit*,backchain*,barracuda*,boa*,dhcpfix*,killer*,loadguard*,octopus*,vmnetfix*,webserver*,websh*} ln -sfn ${_optBin}/aptcleanup ${_usrBin}/aptcleanup ln -sfn ${_optBin}/autoinit ${_usrBin}/autoinit ln -sfn ${_optBin}/backchain ${_usrBin}/backchain ln -sfn ${_optBin}/barracuda ${_usrBin}/barracuda ln -sfn ${_optBin}/boa ${_usrBin}/boa ln -sfn ${_optBin}/dhcpfix ${_usrBin}/dhcpfix ln -sfn ${_optBin}/killer ${_usrBin}/killer ln -sfn ${_optBin}/loadguard ${_usrBin}/loadguard ln -sfn ${_optBin}/octopus ${_usrBin}/octopus ln -sfn ${_optBin}/vmnetfix ${_usrBin}/vmnetfix ln -sfn ${_optBin}/webserver ${_usrBin}/webserver ln -sfn ${_optBin}/websh ${_usrBin}/websh fi if [ -e "/data/u" ]; then if [ ! -e "${_usrBin}/dcysetup" ] && [ -e "${_optBin}/dcysetup" ]; then ln -sfn ${_optBin}/dcysetup ${_usrBin}/dcysetup fi if [ ! -e "${_usrBin}/multiback" ] && [ -e "${_optBin}/multiback" ]; then ln -sfn ${_optBin}/multiback ${_usrBin}/multiback fi if [ ! -e "${_usrBin}/mybackup" ] && [ -e "${_optBin}/mybackup" ]; then ln -sfn ${_optBin}/mybackup ${_usrBin}/mybackup fi fi echo "=== BOA executables permissions setup ===" echo "Last updated: $(date)" echo "Groups are organized by function." # _AUTO (700): automatic install/upgrade helpers chmod 700 ${_optBin}/{autobeowulf,autochimaera,autodaedalus,autoinit,autoupboa} # _BACKUP (700): backup helpers chmod 700 ${_optBin}/{backboa,copydbackup,dcysetup,duobackboa,multiback} # _CORE (700): core BOA tools chmod 700 ${_optBin}/{barracuda,boa,ffdevuan,ffmirror,killer,octopus,webserver} chmod 700 ${_optBin}/{syncpass,weblogx,xboa,xcopy,loadguard,lock.inc} # _DB (700): performance and DB tuners chmod 700 ${_optBin}/{memorytuner,mycnfup,mysqltuner5,mysqltuner8,perftest} # _MAIL (700): mail + priority tools chmod 700 ${_optBin}/{setprio,smtpgapps} # _NET (700): network protection chmod 700 ${_optBin}/synproxy* # _SYS (700): system utilities chmod 700 ${_optBin}/{dhcpfix,mergecsf,vmnetfix,fancynow,codebasecheck} # _SYS (700): cleanup tools chmod 700 ${_optBin}/{aptcleanup,sqlclean,verifyvhostsdns,vhostcheck} # _MISC (755): misc user-space utilities chmod 755 ${_optBin}/{backchain,mybackup,randpass,sqlmagic,thinkdifferent,websh} echo "Permissions applied successfully" echo "=== End of BOA executables permissions setup ===" } # Ensure /usr/sbin/ipset and /sbin/ipset both resolve to the actual ipset binary. _ensure_ipset_symlinks() { _IPSET_REAL="$(command -v ipset 2>/dev/null || true)" if [ -z "${_IPSET_REAL}" ]; then if [ "${_DEBUG_MODE}" = "YES" ]; then echo "ipset not installed; skipping symlink fixes" fi return 0 fi # Resolve through any intermediate symlinks. if [ -L "${_IPSET_REAL}" ]; then _IPSET_REAL="$(readlink -f "${_IPSET_REAL}")" fi for _CAND in /usr/sbin/ipset /sbin/ipset; do _PARENT="$(dirname "${_CAND}")" [ -d "${_PARENT}" ] || mkdir -p "${_PARENT}" # If the candidate *is* the real file, nothing to do. if [ "${_CAND}" = "${_IPSET_REAL}" ]; then continue fi # If it exists, check whether it already resolves to the right target. if [ -e "${_CAND}" ] || [ -L "${_CAND}" ]; then _TARGET="$(readlink -f "${_CAND}" 2>/dev/null || true)" if [ "${_TARGET}" = "${_IPSET_REAL}" ]; then continue fi fi ln -sfn "${_IPSET_REAL}" "${_CAND}" if [ "${_DEBUG_MODE}" = "YES" ]; then echo "Linked ${_CAND} -> ${_IPSET_REAL}" fi done } _if_update_boa_key_tools_only() { sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait _check_dns_settings _if_reinstall_curl _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "ERROR: cURL libs are out of sync! Re-installing.." _if_reinstall_curl fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else _urlHmr="http://${_USE_MIR}/versions/${_tRee}/boa/aegir" fi _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install lsb-release ${_aptYesUnth} &> /dev/null fi _IPSET_TEST=$(which ipset 2> /dev/null) if [ ! -x "${_IPSET_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update if [ -L "/sbin/ipset" ]; then rm -f /sbin/ipset fi if [ -L "/usr/sbin/ipset" ]; then rm -f /usr/sbin/ipset fi apt-get install ipset ${_aptYesUnth} &> /dev/null fi _ensure_ipset_symlinks if [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -x "/etc/csf/csfpost.sh" ]; then echo "" > /etc/csf/csfpost.sh echo "iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh echo "iptables -t raw -A OUTPUT -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh chmod 700 /etc/csf/csfpost.sh _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then service clean-boa-env start &> /dev/null _if_fix_iptables_symlinks ### csf -uf ### wait _NFTABLES_TEST=$(iptables -V) if [[ "${_NFTABLES_TEST}" =~ "nf_tables" ]]; then if [ -e "/usr/sbin/iptables-legacy" ]; then update-alternatives --set iptables /usr/sbin/iptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ip6tables-legacy" ]; then update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy &> /dev/null fi if [ -e "/usr/sbin/arptables-legacy" ]; then update-alternatives --set arptables /usr/sbin/arptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ebtables-legacy" ]; then update-alternatives --set ebtables /usr/sbin/ebtables-legacy &> /dev/null fi fi sed -i "s/.*DHCP.*//g" /etc/csf/csf.allow wait sed -i "/^$/d" /etc/csf/csf.allow if [ -e "/var/log/daemon.log" ]; then _DHCP_LOG="/var/log/daemon.log" else _DHCP_LOG="/var/log/syslog" fi grep DHCPREQUEST "${_DHCP_LOG}" | awk '{print $12}' | sort -u | while read -r _IP; do if [[ ${_IP} =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then IFS='.' read -r oct1 oct2 oct3 oct4 <<< "${_IP}" if (( oct1 <= 255 && oct2 <= 255 && oct3 <= 255 && oct4 <= 255 )); then echo "udp|out|d=67|d=${_IP} # Local DHCP out" >> /etc/csf/csf.allow fi fi done if [ -e "/etc/csf/csfpost.d/synproxy.sh" ]; then csf -ra &> /dev/null synproxy_reassert -p "443 80" --no-quic -q &> /dev/null else csf -r &> /dev/null fi ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null [ -e "/etc/csf/csfpost.d/synproxy.sh" ] && synproxy_reassert -p "443 80" --no-quic -q &> /dev/null fi fi fi fi if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.conf" ]; then _CC_SRC_TEST=$(grep 'CC_SRC\ =' /etc/csf/csf.conf 2>&1) echo _CC_SRC_TEST 1 is "${_CC_SRC_TEST}" if [[ ! ${_CC_SRC_TEST} =~ CC_SRC\ =\ \"2\" ]]; then echo _CC_SRC_TEST 2 is "${_CC_SRC_TEST}" service clean-boa-env start &> /dev/null _if_fix_iptables_symlinks ### csf -uf ### wait _NFTABLES_TEST=$(iptables -V) if [[ "${_NFTABLES_TEST}" =~ "nf_tables" ]]; then if [ -e "/usr/sbin/iptables-legacy" ]; then update-alternatives --set iptables /usr/sbin/iptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ip6tables-legacy" ]; then update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy &> /dev/null fi if [ -e "/usr/sbin/arptables-legacy" ]; then update-alternatives --set arptables /usr/sbin/arptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ebtables-legacy" ]; then update-alternatives --set ebtables /usr/sbin/ebtables-legacy &> /dev/null fi fi sed -i "s/^CC_SRC .*/CC_SRC = \"2\"/g" /etc/csf/csf.conf wait sed -i "s/^AUTO_UPDATES .*/AUTO_UPDATES = \"0\"/g" /etc/csf/csf.conf if [ -e "/etc/csf/csfpost.d/synproxy.sh" ]; then csf -ra &> /dev/null synproxy_reassert -p "443 80" --no-quic -q &> /dev/null else csf -r &> /dev/null fi fi fi _BOA_TOOLS_UPDATE=NO if [ -e "${_pthLog}" ]; then if [ ! -x "/opt/local/bin/xcopy" ] \ || [ ! -e "${_boaToolsPid}" ]; then _BOA_TOOLS_UPDATE=YES fi fi [ ! -e "/var/aegir/.drush/hm.alias.drushrc.php" ] && _BOA_TOOLS_UPDATE=YES if [ "${_BOA_TOOLS_UPDATE}" = "YES" ]; then _update_boa_tools [ -e "${_pthLog}" ] && rm -f ${_pthLog}/updateBOAtools*.pid [ -e "${_pthLog}" ] && touch ${_boaToolsPid} if [ "${1}" = "verbose" ] || [ -z "${1}" ]; then echo echo "BOA Meta Installers setup completed" echo "Please check INSTALL.md and UPGRADE.md at https://github.com/omega8cc/boa" echo "Bye" echo fi fi } _boa_setup() { _BENG_VS=NO _VMFAMILY=NO _RANDOMIZE=NO _VM_TEST="$(uname -a)" if [[ "${_VM_TEST}" =~ "-beng" ]]; then _BENG_VS=YES _RANDOMIZE=YES fi _if_hosted_sys if [ "${_hostedSys}" = "YES" ]; then _VMFAMILY=HOSTED fi sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait _check_dns_settings if [ -e "/var/aegir/.drush/hm.alias.drushrc.php" ]; then [ ! -e "/run/unbound" ] && mkdir -p /run/unbound [ -e "/run/unbound" ] && chown -R unbound:unbound /run/unbound fi if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _APT_CONFIG_FILE="/etc/apt/apt.conf.d/99ignorestrict" # Desired configuration content _DESIRED_APT_CONFIG='Acquire::AllowInsecureRepositories "true"; APT::Get::AllowUnauthenticated "true"; Aptitude::CmdLine::Fix-Broken "true";' # Remove leading whitespace from each line _CLEANED_DESIRED_APT_CONFIG=$(echo "${_DESIRED_APT_CONFIG}" | sed 's/^[[:space:]]\+//') # Normalize the existing file content if [[ -f "${_APT_CONFIG_FILE}" ]]; then _CURRENT_APT_CONFIG=$(tr -d '[:space:]' < "${_APT_CONFIG_FILE}") else _CURRENT_APT_CONFIG="" fi # Normalize the cleaned desired configuration content _NORMALIZED_DESIRED_APT_CONFIG=$(echo "${_CLEANED_DESIRED_APT_CONFIG}" | tr -d '[:space:]') # Compare normalized contents and update if necessary if [[ "${_CURRENT_APT_CONFIG}" != "${_NORMALIZED_DESIRED_APT_CONFIG}" ]]; then echo "${_CLEANED_DESIRED_APT_CONFIG}" | sudo tee "${_APT_CONFIG_FILE}" > /dev/null fi _apt_clean_update if [ ! -e "/var/aegir/.drush/hm.alias.drushrc.php" ] && [ ! -e "/var/xdrago/manage_solr_config.sh" ]; then # apt-get remove unscd -y --purge --auto-remove -qq &> /dev/null # apt-get remove dbus -y --purge --auto-remove -qq &> /dev/null # if [ -e "/usr/share/dbus-1" ]; then # rm -f /usr/share/dbus-1/*/*freedesktop* # fi userdel -r debian &> /dev/null sed -i "s/^#startup_message off/startup_message off/g" /etc/screenrc &> /dev/null fi _isScreen=$(screen --version 2>&1) if [[ ! "${_isScreen}" =~ "GNU" ]] || [ -z "${_isScreen}" ]; then apt-get install screen -y &> /dev/null apt-get install net-tools -y &> /dev/null apt-get install hostname -y &> /dev/null apt-get install ntpdate -y &> /dev/null fi _if_reinstall_curl _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "ERROR: cURL libs are out of sync! Re-installing.." _if_reinstall_curl fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else _urlHmr="http://${_USE_MIR}/versions/${_tRee}/boa/aegir" fi _if_clean_boa_env _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install lsb-release ${_aptYesUnth} fi ### Fix or install VM system detection _fix_or_install_virt_what _BOA_TOOLS_UPDATE=NO if [ -e "${_pthLog}" ] && [ ! -e "${_boaToolsPid}" ]; then _BOA_TOOLS_UPDATE=YES fi [ ! -e "/var/aegir/.drush/hm.alias.drushrc.php" ] && _BOA_TOOLS_UPDATE=YES if [ "${_BOA_TOOLS_UPDATE}" = "YES" ]; then _update_boa_tools [ -e "${_pthLog}" ] && rm -f ${_pthLog}/updateBOAtools*.pid [ -e "${_pthLog}" ] && touch ${_boaToolsPid} echo echo "BOA Meta Installers setup completed" echo "Please check INSTALL.md and UPGRADE.md at https://github.com/omega8cc/boa" echo "Bye" echo fi } _count_cpu() { _CPU_INFO=$(grep -c processor /proc/cpuinfo 2>&1) _CPU_INFO=${_CPU_INFO//[^0-9]/} _NPROC_TEST=$(which nproc 2>&1) if [ -z "${_NPROC_TEST}" ]; then _CPU_NR="${_CPU_INFO}" else _CPU_NR=$(nproc 2>&1) fi _CPU_NR=${_CPU_NR//[^0-9]/} if [ ! -z "${_CPU_NR}" ] \ && [ ! -z "${_CPU_INFO}" ] \ && [ "${_CPU_NR}" -gt "${_CPU_INFO}" ] \ && [ "${_CPU_INFO}" -gt 0 ]; then _CPU_NR="${_CPU_INFO}" fi if [ -z "${_CPU_NR}" ] || [ "${_CPU_NR}" -lt 1 ]; then _CPU_NR=1 fi mkdir -p /data/all chmod 755 /data/all echo ${_CPU_NR} > /data/all/cpuinfo chmod 644 /data/all/cpuinfo } _sysctl_update() { if [ ! -e "/root/.no.sysctl.update.cnf" ] \ && [ ! -e "/var/backups/.sysctl.conf.mod-disable-ipv6-${_xSrl}.log" ]; then mkdir -p /var/backups cd /var/backups rm -f /var/backups/sysctl.conf curl ${_crlGet} "${_urlHmr}/conf/var/sysctl.conf" -o sysctl.conf if [ -e "/var/backups/sysctl.conf" ]; then cp -af /var/backups/sysctl.conf /etc/sysctl.conf fi if [ -e "/etc/security/limits.conf" ]; then _IF_NF=$(grep '2097152' /etc/security/limits.conf 2>&1) if [ ! -z "${_IF_NF}" ]; then sed -i "s/.*2097152.*//g" /etc/security/limits.conf wait fi _IF_NF=$(grep '524288' /etc/security/limits.conf 2>&1) if [ -z "${_IF_NF}" ]; then echo "* hard nofile 524288" >> /etc/security/limits.conf echo "* soft nofile 524288" >> /etc/security/limits.conf echo "root hard nofile 1048576" >> /etc/security/limits.conf echo "root soft nofile 1048576" >> /etc/security/limits.conf fi _IF_NF=$(grep '65556' /etc/security/limits.conf 2>&1) if [ -z "${_IF_NF}" ]; then echo "* hard nproc 65556" >> /etc/security/limits.conf echo "* soft nproc 65556" >> /etc/security/limits.conf fi fi if [ -e "/boot/grub/grub.cfg" ] || [ -e "/boot/grub/menu.lst" ]; then #echo never > /sys/kernel/mm/transparent_hugepage/enabled if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi else if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi fi if [ -e "/etc/default/nginx" ]; then _IF_ULNX=$(grep '524288' /etc/default/nginx 2>&1) if [ -z "${_IF_ULNX}" ]; then sed -i "s/^ULIMIT=.*//gi" /etc/default/nginx wait echo ULIMIT=\"-n 524288\" >> /etc/default/nginx ulimit -n 524288 &> /dev/null service nginx restart &> /dev/null fi fi if [ -e "/etc/security/limits.d" ] \ && [ ! -e "/etc/security/limits.d/solr9.conf" ]; then echo "sshd soft nofile 524288" > /etc/security/limits.d/sshd.conf echo "sshd hard nofile 999999" >> /etc/security/limits.d/sshd.conf echo "redis soft nofile 65535" > /etc/security/limits.d/redis.conf echo "redis hard nofile 524288" >> /etc/security/limits.d/redis.conf echo "nginx soft nofile 524288" > /etc/security/limits.d/nginx.conf echo "nginx hard nofile 999999" >> /etc/security/limits.d/nginx.conf echo "jetty9 soft nofile 65535" > /etc/security/limits.d/jetty9.conf echo "jetty9 hard nofile 524288" >> /etc/security/limits.d/jetty9.conf echo "solr7 soft nofile 65535" > /etc/security/limits.d/solr7.conf echo "solr7 hard nofile 524288" >> /etc/security/limits.d/solr7.conf echo "solr9 soft nofile 65535" > /etc/security/limits.d/solr9.conf echo "solr9 hard nofile 524288" >> /etc/security/limits.d/solr9.conf echo "@www-data soft nofile 65535" > /etc/security/limits.d/www.conf echo "@www-data hard nofile 524288" >> /etc/security/limits.d/www.conf if [ -e "/etc/init.d/valkey-server" ]; then service valkey-server restart &> /dev/null elif [ -e "/etc/init.d/redis-server" ]; then service redis-server restart &> /dev/null fi service nginx restart &> /dev/null service ssh restart &> /dev/null _PHP_V="84 83 82 81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ]; then service php${e}-fpm reload &> /dev/null fi done fi touch /var/backups/.sysctl.conf.mod-disable-ipv6-${_xSrl}.log fi } ### ### Load + normalize _INCIDENT_REPORT ### ### Legacy values: ### NO becomes OFF (see below) ### YES becomes MINI (see below) ### ### Current values: ### OFF == Total silence, no email alerts ### ALL == Very noisy, good for debugging ### MINI == Only the most important alerts (default) ### CRIT == Only critical if _lvl=ALERT ### _normalize_incident_report() { : "${_INCIDENT_REPORT:=MINI}" _INCIDENT_REPORT="${_INCIDENT_REPORT^^}" _INCIDENT_REPORT="${_INCIDENT_REPORT//[^A-Z]/}" ### ### Map legacy + validate ### case "${_INCIDENT_REPORT}" in NO) _INCIDENT_REPORT="OFF" ;; YES) _INCIDENT_REPORT="MINI" ;; OFF|ALL|MINI|CRIT) : ;; *) _INCIDENT_REPORT="MINI" ;; esac } # Function to notify about still running backup _backup_waiting_notify() { _hName="$(cat /etc/hostname 2>/dev/null | tr -d '\n' || hostname -f 2>/dev/null)" _templog="${_bLogB}" cat /root/.remote_backups/schedule/backup_schedule.txt > ${_templog} ps axf | grep multiback >> ${_templog} ps axf | grep duplicity >> ${_templog} ls -la /tmp/duplicity-*-tempdir >> ${_templog} tree /root/.cache/duplicity >> ${_templog} ls -laR /root/.cache/duplicity >> ${_templog} grep "Out of memory: Killed process.*duplicity" /var/log/iptables.log >> ${_templog} boa info >> ${_templog} if [ -n "${_MY_EMAIL}" ] && [ "${_INCIDENT_REPORT}" != "OFF" ]; then s-nail -s "Multiback Waiting Report for [${_hName}] on $(date)" ${_MY_EMAIL} < ${_templog} fi } ###--------------------### if [ "$(id -u)" -eq 0 ]; then _find_correct_ip _find_server_city [ ! -e "/var/aegir/.drush/hm.alias.drushrc.php" ] && _locales_check_fix_early _os_detection_minimal _find_fast_mirror_early if command -v curl &> /dev/null; then _verify_boa_keys fi ### Prefer Devuan apt sources if [ -d "/var/aegir" ] && [ ! -e "/etc/apt/preferences.d/99-prefer-devuan" ]; then if grep -qi 'ID=devuan' /etc/os-release 2>/dev/null; then _prefer_devuan_repositories fi fi ### Fix VM system detection _fix_or_install_virt_what if [ -e "${_barCnf}" ]; then source ${_barCnf} _normalize_incident_report fi ### Notify if multiback backups seem to run for too long _DCY=$(pgrep -fc duplicity) _MLT=$(pgrep -fc multiback) if (( _DCY > 0 )) && (( _MLT > 0 )); then _bLogA="/var/backups/multiback_waiting_queue.log" _bLogB="/var/backups/tmp_multiback_waiting_queue.log" if [ ! -e "${_bLogA}" ] && [ ! -e "${_bLogB}" ]; then _backup_waiting_notify fi fi ### Make local OpenSSL new/legacy ssl/certs symlinked to system ssl/certs if [ -d "/var/aegir" ]; then _fix_sync_system_ssl_certs fi ### Fix Solr 4/7/9 conflicting ports if [ -d "/var/aegir" ]; then [ -e "/opt/solr4/solr.xml" ] && _fix_stop_solr fi ### CVE-2021-44228 Log4j 2 Vulnerability ### CVE-2021-45046 Log4j 2 Vulnerability ### CVE-2021-45105 Log4j 2 Vulnerability _fix_log4j_solr7 ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null [ -e "/etc/csf/csfpost.d/synproxy.sh" ] && synproxy_reassert -p "443 80" --no-quic -q &> /dev/null fi fi ### More aggressive mitigation affecting network performance # if [ -e "/proc/sys/net/ipv4/tcp_sack" ]; then # _SACK_TEST=$(cat /proc/sys/net/ipv4/tcp_sack 2>&1) # _SACK_TEST=$(echo -n ${_SACK_TEST} | tr -d "\n" 2>&1) # if [[ "${_SACK_TEST}" =~ "1" ]]; then # echo "0" > /proc/sys/net/ipv4/tcp_sack # fi # fi ### Block known attackers IPs _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then _IP_BLOCK="185.206.225.30 185.253.97.238" for _IP in ${_IP_BLOCK}; do _FW_TEST=$(csf -g ${_IP} 2>&1) if [[ "${_FW_TEST}" =~ "DENY Match:${_IP} Setting" ]] \ && [[ "${_FW_TEST}" =~ "csf.deny: ${_IP}" ]]; then echo "${_IP} already denied for Flooding user/password" else csf -d ${_IP} Flooding user/password [ -e "/etc/csf/csfpost.d/synproxy.sh" ] && synproxy_reassert -p "443 80" --no-quic -q &> /dev/null fi done fi ### Linux kernel CVE-2017-2636 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-n_hdlc.conf" ]; then echo "install n_hdlc /bin/true" > /etc/modprobe.d/blacklist-n_hdlc.conf rmmod n_hdlc &> /dev/null fi ### Linux kernel CVE-2017-6074 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-dccp-all.conf" ]; then echo "install dccp /bin/true" > /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_diag /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv4 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv6 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_probe /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf rmmod dccp &> /dev/null rmmod dccp_diag &> /dev/null rmmod dccp_ipv4 &> /dev/null rmmod dccp_ipv6 &> /dev/null rmmod dccp_probe &> /dev/null fi if [ ! -e "/data/all/cpuinfo" ]; then _count_cpu fi _if_boa_key_tools_update_allowed if [ "${_BOA_KEY_TOOLS_UPDATE_ALLOWED}" = "YES" ] \ && [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \ && [ -e "/var/xdrago" ]; then if [ ! -z "${_SKYNET_MODE}" ] && [ "${_SKYNET_MODE}" = "OFF" ]; then if [ -n "${SSH_TTY+x}" ]; then echo echo "STATUS: BOA Skynet Agent is Inactive!" echo echo "HINT: Please remove the _SKYNET_MODE=OFF line from" echo "HINT: ${_barCnf} to enable me again." echo echo "NOTE: Critically important BOA tools will be still updated" echo _if_update_boa_key_tools_only verbose exit 0 else _if_update_boa_key_tools_only silent exit 0 fi else if [ -n "${SSH_TTY+x}" ]; then echo echo "STATUS: BOA Skynet Agent is Active, OK!" echo echo "HINT: You can add the _SKYNET_MODE=OFF line in" echo "HINT: ${_barCnf} to disable me, if needed." echo fi fi else if [ -z "$STY" ]; then _SCREEN_INIT=YES fi fi if [ -d "/.newrelic" ]; then rm -rf /.newrelic fi chmod a+w /dev/null if [ ! -e "/dev/fd" ]; then if [ -e "/proc/self/fd" ]; then rm -rf /dev/fd ln -sfn /proc/self/fd /dev/fd fi fi if [ "${_BOA_KEY_TOOLS_UPDATE_ALLOWED}" = "YES" ]; then _boa_setup fi if [ "${_BOA_KEY_TOOLS_UPDATE_ALLOWED}" = "YES" ] \ && [ -e "/var/log/barracuda_log.txt" ]; then _fix_sftp_server _fix_ping_perms _fix_fpm_process_max _if_fix_lshell _fix_node_in_lshell_access # _fix_php_in_lshell_access _fix_authorized_keys _fix_tcp _fix_aio _fix_console_print _fix_java_symlinks _fix_composer_version _fix_wkhtml _fix_wkhtml_perms _fix_eldir _if_drupal_patches_update _fix_drupal_core_ten _fix_drupal_core_eleven _fix_pure_ftpd _fix_hosting_le _fix_newrelic _fix_leftovers _update_agents _sysctl_update # _saCoreN="SA-CORE-2018-002" # _fix_core_dgd # sleep 3 # _saCoreN="SA-CORE-2018-004" # _fix_core_dgd # sleep 3 # _saCoreN="SA-CORE-2018-006" # _fix_core_dgd # sleep 3 # _saCoreN="SA-CORE-2019-004" # _fix_core_dgd # sleep 3 # _saCoreN="3143016-83" # _fix_core_dgd fi if [ ! -e "/etc/ssl/private/4096.dhp" ] && [ -d "/var/xdrago" ]; then echo "Generating 4096.dhp -- it may take a very long time..." openssl dhparam -out /etc/ssl/private/4096.dhp 4096 > /dev/null 2>&1 & fi if [ -e "/etc/ssl/private/4096.dhp" ]; then chown -R root:ssl-cert /etc/ssl/private chmod 640 /etc/ssl/private/* chmod 710 /etc/ssl/private fi if [ ! -e "/root/.upstart.cnf" ]; then service cron reload &> /dev/null fi if [ "${_SCREEN_INIT}" = "YES" ]; then if [ "${_DEBUG_MODE}" != "YES" ]; then clear fi echo echo "The system is ready for BOA installation!" echo echo "We will start screen session for you automatically" echo "to avoid problems with dropped SSH connections" echo "during BOA stack installation, which may take up to" echo "45-60 minutes, depending on your server speed." echo echo "If your connection will drop, simply log in again" echo "and re-attach your session with 'screen -R' command." echo echo "Enjoy!" echo if [ -x "/usr/sbin/aa-teardown" ]; then aa-teardown &> /dev/null fi else exit 0 fi else echo "ERROR: This script should be run as a root user" exit 1 fi