#!/bin/bash ###----------------------------------------### ### ### BOA Meta Installer ### ### Copyright (C) 2010-2025 Omega8.cc ### noc@omega8.cc www.omega8.cc ### ### This program is free software. You can ### redistribute it and/or modify it under ### the terms of the GNU GPL as published by ### the Free Software Foundation, version 2 ### or later. ### ### This program is distributed in the hope ### that it will be useful, but WITHOUT ANY ### WARRANTY; without even the implied ### warranty of MERCHANTABILITY or FITNESS ### FOR A PARTICULAR PURPOSE. See the GNU GPL ### for more details. ### ### You should have received a copy of the ### GNU GPL along with this program. ### If not, see http://www.gnu.org/licenses/ ### ### Code: https://github.com/omega8cc/boa ### ###----------------------------------------### ###----------------------------------------### ### How To: run it with bash, not with sh ### ###----------------------------------------### ### ### $ wget -qO- http://files.aegir.cc/BOA.sh.txt | bash ### ###----------------------------------------### ### DON'T EDIT ANYTHING BELOW THIS LINE ### ###----------------------------------------### export HOME=/root export SHELL=/bin/bash export PATH=/usr/local/bin:/usr/local/sbin:/opt/local/bin:/usr/bin:/usr/sbin:/bin:/sbin export _tRee=lts export _xSrl=550ltsT04 ### ### Avoid too many questions ### export DEBIAN_FRONTEND=noninteractive export APT_LISTCHANGES_FRONTEND=none if [ -z "${TERM+x}" ]; then export TERM=vt100 fi _NOW=$(date +%y%m%d-%H%M%S 2>&1) export _NOW=${_NOW//[^0-9-]/} _TODAY=$(date +%y%m%d 2>&1) export _TODAY=${_TODAY//[^0-9]/} # _barCnf="/root/.barracuda.cnf" _crlGet="-L --max-redirs 3 -k -s --retry 9 --retry-delay 9 -A iCab" _wgetGet="--max-redirect=3 --no-check-certificate -q --tries=9 --wait=9 --user-agent='iCab'" _aptAllow="--allow-unauthenticated" _aptYesUnth="-y ${_aptAllow}" _optBin="/opt/local/bin" _usrBin="/usr/local/bin" _pthLog="/var/xdrago/log" if [ ! -e "${_pthLog}" ] && [ -e "/var/xdrago_wait/log" ]; then _pthLog="/var/xdrago_wait/log" fi _tBn="tools/bin" _vBs="/var/backups" # _eldirF="0001-Print-site_footer-if-defined.patch" _eldirP="/var/xdrago/conf/${_eldirF}" # _dctpF="drupal-ten-aegir-01.patch" _dctpP="/data/conf/patches/${_dctpF}" # _dctrF="drupal-ten-aegir-02.patch" _dctrP="/data/conf/patches/${_dctrF}" # _provLeInc="provision_hosting_le.drush.inc" _provLeIncFull="/var/xdrago/conf/${_provLeInc}" # _hoLeInc="hosting_le_vhost.drush.inc" _hoLeIncFull="/var/xdrago/conf/${_hoLeInc}" # _dehydName="dehydrated" _dehydSrcPath="/var/xdrago/conf/${_dehydName}" _legacyLeSh="/var/xdrago/conf/letsencrypt.sh" _DEBUG_MODE=$([ -e "/root/.debug-barracuda-installer.cnf" ] && echo "YES" || echo "NO") _os_detection_minimal() { _APT_UPDATE="apt-get update" _OS_CODE=$(lsb_release -ar 2>/dev/null | grep -i codename | cut -s -f2 2>&1) _OS_LIST="daedalus chimaera beowulf buster bullseye bookworm" for e in ${_OS_LIST}; do if [ "${e}" = "${_OS_CODE}" ]; then _APT_UPDATE="apt-get update --allow-releaseinfo-change" fi done } _apt_clean_update() { ${_APT_UPDATE} -qq &> /dev/null } _CHECK_HOST=$(uname -n 2>&1) _if_hosted_sys() { if [ -e "/root/.host8.cnf" ] \ || [[ "${_CHECK_HOST}" =~ ".aegir.cc"($) ]]; then _hostedSys=YES else _hostedSys=NO fi } # # Find correct IP. _find_correct_ip() { if [ -e "/root/.found_correct_ipv4.cnf" ]; then _LOC_IP=$(cat /root/.found_correct_ipv4.cnf 2>&1) _LOC_IP=$(echo -n ${_LOC_IP} | tr -d "\n" 2>&1) else _LOC_IP=$(curl ${_crlGet} https://api.ipify.org \ | sed 's/[^0-9\.]//g' 2>&1) if [ -z "${_LOC_IP}" ]; then _LOC_IP=$(curl ${_crlGet} http://ipv4.icanhazip.com \ | sed 's/[^0-9\.]//g' 2>&1) fi if [ ! -z "${_LOC_IP}" ]; then echo ${_LOC_IP} > /root/.found_correct_ipv4.cnf fi fi } _fix_dns_settings() { mkdir -p ${_vBs} rm -f ${_vBs}/resolv.conf.tmp if [ -e "/etc/resolv.conf" ]; then if [ -L "/etc/resolv.conf" ]; then _rslvT=`readlink -n /etc/resolv.conf` if [ ! -e "${_rslvT}" ]; then rm -f /etc/resolv.conf fi fi if [ -e "/etc/resolv.conf" ]; then cp -a /etc/resolv.conf ${_vBs}/resolv.conf.tmp fi fi if [ ! -e "${_vBs}/resolv.conf.tmp" ]; then echo "nameserver 127.0.0.1" > ${_vBs}/resolv.conf.tmp echo "nameserver 1.1.1.1" >> ${_vBs}/resolv.conf.tmp echo "nameserver 1.0.0.1" >> ${_vBs}/resolv.conf.tmp echo "nameserver 8.8.8.8" >> ${_vBs}/resolv.conf.tmp echo "nameserver 8.8.4.4" >> ${_vBs}/resolv.conf.tmp fi if [ ! -e "${_vBs}/resolv.conf.vanilla" ] \ && [ -e "${_vBs}/resolv.conf.tmp" ]; then if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${_vBs}/resolv.conf.tmp /etc/resolv.conf cp -a ${_vBs}/resolv.conf.tmp ${_vBs}/resolv.conf.vanilla fi fi sed -i "/^$/d" ${_vBs}/resolv.conf.vanilla &> /dev/null if [ -e "${_vBs}/resolv.conf.vanilla" ]; then if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${_vBs}/resolv.conf.vanilla /etc/resolv.conf fi else if [ -e "${_vBs}/resolv.conf.tmp" ] \ && [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${_vBs}/resolv.conf.tmp /etc/resolv.conf fi fi } _check_dns_settings() { if [ -e "/root/.use.default.nameservers.cnf" ]; then _USE_DEFAULT_DNS=YES fi if [ -e "/root/.use.local.nameservers.cnf" ]; then _USE_PROVIDER_DNS=YES else _REMOTE_DNS_TEST=$(host files.aegir.cc 1.1.1.1 -w 10 2>&1) fi if [[ "${_REMOTE_DNS_TEST}" =~ "no servers could be reached" ]] \ || [[ "${_REMOTE_DNS_TEST}" =~ "Host files.aegir.cc not found" ]] \ || [ "${_USE_DEFAULT_DNS}" = "YES" ] \ || [ "${_USE_PROVIDER_DNS}" = "YES" ]; then if [ "${_USE_DEFAULT_DNS}" = "YES" ] \ || [ "${_USE_PROVIDER_DNS}" = "YES" ] \ || [ ! -e "${_vBs}/resolv.conf.vanilla" ]; then _fix_dns_settings if [ -e "/etc/init.d/postfix" ]; then service postfix restart &> /dev/null fi fi fi } _find_fast_mirror_early() { _isNetc=$(which netcat 2>&1) if [ ! -x "${_isNetc}" ] || [ -z "${_isNetc}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install netcat ${_aptYesUnth} &> /dev/null apt-get install netcat-traditional ${_aptYesUnth} &> /dev/null fi _ffMirr=$(which ffmirror 2>&1) if [ -x "${_ffMirr}" ]; then _ffList="/var/backups/boa-mirrors-2025-01.txt" mkdir -p /var/backups if [ ! -e "${_ffList}" ]; then echo "eu.files.aegir.cc" > ${_ffList} echo "us.files.aegir.cc" >> ${_ffList} echo "ao.files.aegir.cc" >> ${_ffList} fi if [ -e "${_ffList}" ]; then _BROKEN_FFMIRR_TEST=$(grep "stuff" ${_ffMirr} 2>&1) if [[ "${_BROKEN_FFMIRR_TEST}" =~ "stuff" ]]; then _CHECK_MIRROR=$(bash ${_ffMirr} < ${_ffList} 2>&1) _USE_MIR="${_CHECK_MIRROR}" [[ "${_USE_MIR}" =~ "printf" ]] && _USE_MIR="files.aegir.cc" else _USE_MIR="files.aegir.cc" fi else _USE_MIR="files.aegir.cc" fi else _USE_MIR="files.aegir.cc" fi _urlDev="http://${_USE_MIR}/dev" _urlHmr="http://${_USE_MIR}/versions/${_tRee}/boa/aegir" } _extract_archive() { if [ ! -z "$1" ]; then case $1 in *.tar.bz2) tar xjf $1 ;; *.tar.gz) tar xzf $1 ;; *.tar.xz) tar xvf $1 ;; *.bz2) bunzip2 $1 ;; *.rar) unrar x $1 ;; *.gz) gunzip -q $1 ;; *.tar) tar xf $1 ;; *.tbz2) tar xjf $1 ;; *.tgz) tar xzf $1 ;; *.zip) unzip -qq $1 ;; *.Z) uncompress $1 ;; *.7z) 7z x $1 ;; *) echo "'$1' cannot be extracted via >extract<" ;; esac rm -f $1 fi } # # Download and extract from dev/contrib mirror. _get_dev_contrib() { if [ ! -z "$1" ]; then _max_attempts=10 _attempt_num=1 _success=0 while [ ${_attempt_num} -le ${_max_attempts} ]; do [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} of ${_max_attempts}: Downloading $1..." if curl ${_crlGet} "${_urlDev}/${_tRee}/contrib/$1" -o "$1"; then _success=1 break else [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} failed." _attempt_num=$((_attempt_num+1)) if [ ${_attempt_num} -le ${_max_attempts} ]; then [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Retrying in 9 seconds..." sleep 9 fi fi done if [ ${_success} -eq 1 ]; then _extract_archive "$1" else echo "OOPS: Failed to download ${_urlDev}/${_tRee}/contrib/$1 after ${_max_attempts} attempts" return 1 # Exit the function but continue the script fi fi } # # Download and extract archive from dev/src mirror. _get_dev_src() { if [ ! -z "$1" ]; then _max_attempts=10 _attempt_num=1 _success=0 while [ ${_attempt_num} -le ${_max_attempts} ]; do [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} of ${_max_attempts}: Downloading $1..." if curl ${_crlGet} "${_urlDev}/src/$1" -o "$1"; then _success=1 break else [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Attempt ${_attempt_num} failed." _attempt_num=$((_attempt_num+1)) if [ ${_attempt_num} -le ${_max_attempts} ]; then [ "${_DEBUG_MODE}" = "YES" ] && echo "DNLD: Retrying in 9 seconds..." sleep 9 fi fi done if [ ${_success} -eq 1 ]; then _extract_archive "$1" else echo "OOPS: Failed to download ${_urlDev}/src/$1 after ${_max_attempts} attempts" return 1 # Exit the function but continue the script fi fi } _if_clean_boa_env() { if [ ! -x "/etc/init.d/clean-boa-env" ]; then curl ${_crlGet} "${_urlHmr}/conf/var/clean-boa-env" -o /etc/init.d/clean-boa-env if [ -e "/etc/init.d/clean-boa-env" ]; then chmod 700 /etc/init.d/clean-boa-env chown root:root /etc/init.d/clean-boa-env update-rc.d clean-boa-env defaults &> /dev/null fi fi } _locales_check_fix_early() { _isLoc=$(which locale 2>&1) if [ ! -x "${_isLoc}" ] || [ -z "${_isLoc}" ]; then _INITINS="/usr/bin/apt-get ${_aptAllow} -y install" apt-get update -qq &> /dev/null ${_INITINS} locales locales-all &> /dev/null fi _LOC_TEST=$(locale 2>&1) if [[ "${_LOC_TEST}" =~ LANG=.*UTF-8 ]]; then _LOCALE_TEST=OK fi if [[ "${_LOC_TEST}" =~ "Cannot" ]]; then _LOCALE_TEST=BROKEN fi if [ "${_LOCALE_TEST}" = "BROKEN" ]; then _LOCALE_GEN_TEST=$(grep -v "^#" /etc/locale.gen 2>&1) if [[ ! "${_LOCALE_GEN_TEST}" =~ "en_US.UTF-8 UTF-8" ]]; then echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen fi sed -i "/^$/d" /etc/locale.gen locale-gen &> /dev/null locale-gen en_US.UTF-8 &> /dev/null # Explicitly enforce all locale settings update-locale \ LANG=en_US.UTF-8 \ LC_CTYPE=en_US.UTF-8 \ LC_COLLATE=POSIX \ LC_NUMERIC=POSIX \ LC_TIME=en_US.UTF-8 \ LC_MONETARY=en_US.UTF-8 \ LC_MESSAGES=en_US.UTF-8 \ LC_PAPER=en_US.UTF-8 \ LC_NAME=en_US.UTF-8 \ LC_ADDRESS=en_US.UTF-8 \ LC_TELEPHONE=en_US.UTF-8 \ LC_MEASUREMENT=en_US.UTF-8 \ LC_IDENTIFICATION=en_US.UTF-8 \ LC_ALL= &> /dev/null # Define all locale settings on the fly to prevent unnecessary # warnings during installation of packages. export LANG=en_US.UTF-8 &> /dev/null export LC_CTYPE=en_US.UTF-8 &> /dev/null export LC_COLLATE=POSIX &> /dev/null export LC_NUMERIC=POSIX &> /dev/null export LC_TIME=en_US.UTF-8 &> /dev/null export LC_MONETARY=en_US.UTF-8 &> /dev/null export LC_MESSAGES=en_US.UTF-8 &> /dev/null export LC_PAPER=en_US.UTF-8 &> /dev/null export LC_NAME=en_US.UTF-8 &> /dev/null export LC_ADDRESS=en_US.UTF-8 &> /dev/null export LC_TELEPHONE=en_US.UTF-8 &> /dev/null export LC_MEASUREMENT=en_US.UTF-8 &> /dev/null export LC_IDENTIFICATION=en_US.UTF-8 &> /dev/null export LC_ALL= &> /dev/null else _LOCALE_GEN_TEST=$(grep -v "^#" /etc/locale.gen 2>&1) if [[ ! "${_LOCALE_GEN_TEST}" =~ "en_US.UTF-8 UTF-8" ]]; then echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen fi sed -i "/^$/d" /etc/locale.gen locale-gen &> /dev/null locale-gen en_US.UTF-8 &> /dev/null # Explicitly enforce locale settings required for consistency update-locale \ LANG=en_US.UTF-8 \ LC_CTYPE=en_US.UTF-8 \ LC_COLLATE=POSIX \ LC_NUMERIC=POSIX \ LC_ALL= &> /dev/null # Define locale settings required for consistency also on the fly export LC_COLLATE=POSIX &> /dev/null export LC_NUMERIC=POSIX &> /dev/null export LC_ALL= &> /dev/null fi _LOCALES_BASHRC_TEST=$(grep LC_COLLATE /root/.bashrc 2>&1) if [[ ! "${_LOCALES_BASHRC_TEST}" =~ "LC_COLLATE" ]]; then printf "\n" >> /root/.bashrc echo "export LANG=en_US.UTF-8" >> /root/.bashrc echo "export LC_CTYPE=en_US.UTF-8" >> /root/.bashrc echo "export LC_COLLATE=POSIX" >> /root/.bashrc echo "export LC_NUMERIC=POSIX" >> /root/.bashrc echo "export LC_TIME=en_US.UTF-8" >> /root/.bashrc echo "export LC_MONETARY=en_US.UTF-8" >> /root/.bashrc echo "export LC_MESSAGES=en_US.UTF-8" >> /root/.bashrc echo "export LC_PAPER=en_US.UTF-8" >> /root/.bashrc echo "export LC_NAME=en_US.UTF-8" >> /root/.bashrc echo "export LC_ADDRESS=en_US.UTF-8" >> /root/.bashrc echo "export LC_TELEPHONE=en_US.UTF-8" >> /root/.bashrc echo "export LC_MEASUREMENT=en_US.UTF-8" >> /root/.bashrc echo "export LC_IDENTIFICATION=en_US.UTF-8" >> /root/.bashrc echo "export LC_ALL=" >> /root/.bashrc printf "\n" >> /root/.bashrc fi } _if_fix_iptables_symlinks() { ### ### Fix for iptables paths backward compatibility ### if [ -x "/sbin/iptables" ] && [ ! -e "/usr/sbin/iptables" ]; then ln -s /sbin/iptables /usr/sbin/iptables fi if [ -x "/usr/sbin/iptables" ] && [ ! -e "/sbin/iptables" ]; then ln -s /usr/sbin/iptables /sbin/iptables fi if [ -x "/sbin/iptables-save" ] && [ ! -e "/usr/sbin/iptables-save" ]; then ln -s /sbin/iptables-save /usr/sbin/iptables-save fi if [ -x "/usr/sbin/iptables-save" ] && [ ! -e "/sbin/iptables-save" ]; then ln -s /usr/sbin/iptables-save /sbin/iptables-save fi if [ -x "/sbin/iptables-restore" ] && [ ! -e "/usr/sbin/iptables-restore" ]; then ln -s /sbin/iptables-restore /usr/sbin/iptables-restore fi if [ -x "/usr/sbin/iptables-restore" ] && [ ! -e "/sbin/iptables-restore" ]; then ln -s /usr/sbin/iptables-restore /sbin/iptables-restore fi if [ -x "/sbin/ip6tables" ] && [ ! -e "/usr/sbin/ip6tables" ]; then ln -s /sbin/ip6tables /usr/sbin/ip6tables fi if [ -x "/usr/sbin/ip6tables" ] && [ ! -e "/sbin/ip6tables" ]; then ln -s /usr/sbin/ip6tables /sbin/ip6tables fi if [ -x "/sbin/ip6tables-save" ] && [ ! -e "/usr/sbin/ip6tables-save" ]; then ln -s /sbin/ip6tables-save /usr/sbin/ip6tables-save fi if [ -x "/usr/sbin/ip6tables-save" ] && [ ! -e "/sbin/ip6tables-save" ]; then ln -s /usr/sbin/ip6tables-save /sbin/ip6tables-save fi if [ -x "/sbin/ip6tables-restore" ] && [ ! -e "/usr/sbin/ip6tables-restore" ]; then ln -s /sbin/ip6tables-restore /usr/sbin/ip6tables-restore fi if [ -x "/usr/sbin/ip6tables-restore" ] && [ ! -e "/sbin/ip6tables-restore" ]; then ln -s /usr/sbin/ip6tables-restore /sbin/ip6tables-restore fi ### ### Fix for iptables paths backward compatibility ### } _update_agents() { _if_hosted_sys if [ "${_hostedSys}" = "YES" ]; then if [ ! -e "/root/.extended.firewall.exceptions.cnf" ]; then echo host8 > /root/.extended.firewall.exceptions.cnf fi fi if [ "${_VMFAMILY}" = "HOSTED" ] \ && [ -e "/var/aegir/drush" ] \ && [ -d "/data/u" ] \ && [ -e "/var/xdrago" ]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ON > /root/.fast.cron.cnf _PrTestPower=$(grep "POWER" /root/.*.octopus.cnf 2>&1) _PrTestPhantom=$(grep "PHANTOM" /root/.*.octopus.cnf 2>&1) _PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) InTest=$(ls /data/disk/*/static/control/cli.info | wc -l 2>&1) _SQL_PSWD=$(cat /root/.my.pass.txt 2>&1) _SQL_PSWD=$(echo -n ${_SQL_PSWD} | tr -d "\n" 2>&1) if [ "${InTest}" -lt "9" ] \ && [[ ! "${_PrTestPower}" =~ "POWER" ]] \ && [[ ! "${_PrTestPhantom}" =~ "PHANTOM" ]] \ && [[ ! "${_PrTestCluster}" =~ "CLUSTER" ]]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf [ -e "/root/.tg.cnf" ] && rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 100;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -ge "9" ] && [ "${InTest}" -le "50" ]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf [ -e "/root/.tg.cnf" ] && rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -gt "50" ]; then [ -e "/root/.fast.cron.cnf" ] && rm -f /root/.fast.cron.cnf [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.hr.monitor.cnf" ] && echo ${InTest} > /root/.hr.monitor.cnf [ ! -e "/root/.slow.cron.cnf" ] && echo ${InTest} > /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${_PrTestPower}" =~ "POWER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${_PrTestPhantom}" =~ "PHANTOM" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${_PrTestCluster}" =~ "CLUSTER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi mysql -u root -e "SET GLOBAL optimizer_switch='derived_merge=off';" mysql -u root -e "SET GLOBAL sort_buffer_size = 262144;" if [ -e "/root/.tg.cnf" ]; then if [ ! -e "/root/.fixed_fpm_workers.pid" ]; then sed -i "s/^_PHP_FPM_WORKERS=.*/_PHP_FPM_WORKERS=100/g" ${_barCnf} touch /root/.fixed_fpm_workers.pid fi fi if [ ! -e "/root/.high_traffic.cnf" ]; then echo ${InTest} > /root/.high_traffic.cnf echo ${InTest} > /root/.no.swap.clear.cnf fi if [ "${_RANDOMIZE}" = "YES" ]; then if [ ! -e "/root/.randomize_duplicity_full_backup_day.cnf" ]; then echo ${InTest} > /root/.randomize_duplicity_full_backup_day.cnf fi if [ ! -e "/root/.skip_duplicity_monthly_cleanup.cnf" ]; then echo ${InTest} > /root/.skip_duplicity_monthly_cleanup.cnf fi else [ -e "/root/.randomize_duplicity_full_backup_day.cnf" ] && rm -f /root/.randomize_duplicity_full_backup_day.cnf [ -e "/root/.skip_duplicity_monthly_cleanup.cnf" ] && rm -f /root/.skip_duplicity_monthly_cleanup.cnf fi [ -e "/root/.my.batch_innodb.cnf" ] && rm -f /root/.my.batch_innodb.cnf [ -e "/root/.batch_innodb.cnf" ] && rm -f /root/.batch_innodb.cnf [ -e "/root/.force.drupalgeddon.cnf" ] && rm -f /root/.force.drupalgeddon.cnf [ -e "/root/.skip_cleanup.cnf" ] && rm -f /root/.skip_cleanup.cnf [ -e "/root/.giant_traffic.cnf" ] && rm -f /root/.giant_traffic.cnf [ -e "/root/.default.cnf" ] && rm -f /root/.default.cnf [ -e "/root/.debug.cnf" ] && rm -f /root/.debug.cnf if [ -e "/data/conf/override.global.inc" ] \ && [ ! -e "/data/conf/.prev6.override.global.inc.off" ]; then mv -f /data/conf/override.global.inc /data/conf/.prev6.override.global.inc.off fi # if [ ! -e "/data/conf/override.global.inc" ]; then # echo " /data/conf/override.global.inc.tmp # echo "" >> /data/conf/override.global.inc.tmp # echo "\$use_redis = TRUE;" >> /data/conf/override.global.inc.tmp # chmod 644 /data/conf/override.global.inc.tmp # mv -f /data/conf/override.global.inc.tmp /data/conf/override.global.inc # fi fi if [ -e "/var/aegir/drush" ]; then [ ! -e "/var/xdrago/monitor/check" ] && mkdir -p /var/xdrago/monitor/check [ ! -e "/var/xdrago/monitor/log" ] && mkdir -p /var/xdrago/monitor/log [ ! -e "/var/xdrago/checksql.pl" ] && rm -f ${_pthLog}/checksql.pl.ctrl.*.pid [ ! -e "/var/xdrago/clear.sh" ] && rm -f ${_pthLog}/clear.sh.ctrl.*.pid [ ! -e "/var/xdrago/daily.sh" ] && rm -f ${_pthLog}/daily.sh.ctrl.*.pid [ ! -e "/var/xdrago/graceful.sh" ] && rm -f ${_pthLog}/graceful.sh.ctrl.*.pid [ ! -e "/var/xdrago/guest-fire.sh" ] && rm -f ${_pthLog}/guest-fire.sh.ctrl.*.pid [ ! -e "/var/xdrago/guest-water.sh" ] && rm -f ${_pthLog}/guest-water.sh.ctrl.*.pid [ ! -e "/var/xdrago/ip_access.sh" ] && rm -f ${_pthLog}/ip_access.sh.ctrl.*.pid [ ! -e "/var/xdrago/manage_ltd_users.sh" ] && rm -f ${_pthLog}/manage_ltd_users.sh.ctrl.*.pid [ ! -e "/var/xdrago/manage_solr_config.sh" ] && rm -f ${_pthLog}/manage_solr_config.sh.ctrl.*.pid [ ! -e "/var/xdrago/minute.sh" ] && rm -f ${_pthLog}/minute.sh.ctrl.*.pid [ ! -e "/var/xdrago/move_sql.sh" ] && rm -f ${_pthLog}/move_sql.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_backup.sh" ] && rm -f ${_pthLog}/mysql_backup.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_cleanup.sh" ] && rm -f ${_pthLog}/mysql_cleanup.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_cluster_backup.sh" ] && rm -f ${_pthLog}/mysql_cluster_backup.sh.ctrl.*.pid [ ! -e "/var/xdrago/mysql_repair.sh" ] && rm -f ${_pthLog}/mysql_repair.sh.ctrl.*.pid [ ! -e "/var/xdrago/proc_num_ctrl.pl" ] && rm -f ${_pthLog}/proc_num_ctrl.pl.ctrl.*.pid [ ! -e "/var/xdrago/purge_binlogs.sh" ] && rm -f ${_pthLog}/purge_binlogs.sh.ctrl.*.pid [ ! -e "/var/xdrago/runner.sh" ] && rm -f ${_pthLog}/runner.sh.ctrl.*.pid [ ! -e "/var/xdrago/second.sh" ] && rm -f ${_pthLog}/second.sh.ctrl.*.pid [ ! -e "/var/xdrago/usage.sh" ] && rm -f ${_pthLog}/usage.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/java.sh" ] && rm -f ${_pthLog}/java.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/mysql.sh" ] && rm -f ${_pthLog}/mysql.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/nginx.sh" ] && rm -f ${_pthLog}/nginx.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/php.sh" ] && rm -f ${_pthLog}/php.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/redis.sh" ] && rm -f ${_pthLog}/redis.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/scan_nginx.sh" ] && rm -f ${_pthLog}/scan_nginx.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/system.sh" ] && rm -f ${_pthLog}/system.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/unbound.sh" ] && rm -f ${_pthLog}/unbound.sh.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/escapecheck.pl" ] && rm -f ${_pthLog}/escapecheck.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/hackcheck.pl" ] && rm -f ${_pthLog}/hackcheck.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/hackftp.pl" ] && rm -f ${_pthLog}/hackftp.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/locked_java.pl" ] && rm -f ${_pthLog}/locked_java.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/locked_nginx.pl" ] && rm -f ${_pthLog}/locked_nginx.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/scan_nginx.pl" ] && rm -f ${_pthLog}/scan_nginx.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/segfault_alert.pl" ] && rm -f ${_pthLog}/segfault_alert.pl.ctrl.*.pid [ ! -e "/var/xdrago/monitor/check/sqlcheck.pl" ] && rm -f ${_pthLog}/sqlcheck.pl.ctrl.*.pid [ -e "/var/xdrago/proc_num_ctrl.cgi" ] && rm -f /var/xdrago/proc_num_ctrl.cgi [ -e "/var/xdrago/checksql.cgi" ] && rm -f /var/xdrago/checksql.cgi [ -e "/var/xdrago/mysql_hourly.sh" ] && rm -f /var/xdrago/mysql_hourly.sh [ -e "/var/xdrago/monitor/check/sqlcheck" ] && rm -f ${_pthLog}/*.ctrl.*.pid [ -e "/var/xdrago/monitor/check/sqlcheck" ] && rm -f /var/xdrago/monitor/check/* [ -e "/var/xdrago/monitor/hackcheck.archive.log" ] && rm -f /var/xdrago/monitor/.scan_nginx_arch* [ -e "/var/xdrago/monitor/hackcheck.archive.log" ] && mv -f /var/xdrago/monitor/*.log /var/xdrago/monitor/log/ fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/scan_nginx.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/scan_nginx.sh /var/xdrago/monitor/check/scan_nginx.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/scan_nginx.sh" -o /var/xdrago/monitor/check/scan_nginx.sh if [ -e "/var/xdrago/monitor/check/scan_nginx.sh" ]; then chmod 700 /var/xdrago/monitor/check/scan_nginx.sh chown root:root /var/xdrago/monitor/check/scan_nginx.sh touch ${_pthLog}/scan_nginx.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/scan_nginx.sh.old /var/xdrago/monitor/check/scan_nginx.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/java.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/java.sh /var/xdrago/monitor/check/java.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/java.sh" -o /var/xdrago/monitor/check/java.sh if [ -e "/var/xdrago/monitor/check/java.sh" ]; then chmod 700 /var/xdrago/monitor/check/java.sh chown root:root /var/xdrago/monitor/check/java.sh touch ${_pthLog}/java.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/java.sh.old /var/xdrago/monitor/check/java.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/mysql.sh.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/mysql.sh /var/xdrago/monitor/check/mysql.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/mysql.sh" -o /var/xdrago/monitor/check/mysql.sh if [ -e "/var/xdrago/monitor/check/mysql.sh" ]; then if [ -e "/root/.debug.cnf" ] && [ ! -e "/root/.default.cnf" ]; then _DO_NOTHING=YES else if [ -e "/root/.high_load.cnf" ] \ && [ ! -e "/root/.big_db.cnf" ] \ && [ ! -e "/root/.tg.cnf" ]; then sed -i "s/3600/300/g" /var/xdrago/monitor/check/mysql.sh elif [ -e "/root/.big_db.cnf" ] || [ -e "/root/.tg.cnf" ]; then _DO_NOTHING=YES else sed -i "s/3600/1800/g" /var/xdrago/monitor/check/mysql.sh fi fi chmod 700 /var/xdrago/monitor/check/mysql.sh chown root:root /var/xdrago/monitor/check/mysql.sh touch ${_pthLog}/mysql.sh.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/mysql.sh.old /var/xdrago/monitor/check/mysql.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/nginx.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/nginx.sh /var/xdrago/monitor/check/nginx.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/nginx.sh" -o /var/xdrago/monitor/check/nginx.sh if [ -e "/var/xdrago/monitor/check/nginx.sh" ]; then chmod 700 /var/xdrago/monitor/check/nginx.sh chown root:root /var/xdrago/monitor/check/nginx.sh touch ${_pthLog}/nginx.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/nginx.sh.old /var/xdrago/monitor/check/nginx.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/php.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/php.sh /var/xdrago/monitor/check/php.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/php.sh" -o /var/xdrago/monitor/check/php.sh if [ -e "/var/xdrago/monitor/check/php.sh" ]; then chmod 700 /var/xdrago/monitor/check/php.sh chown root:root /var/xdrago/monitor/check/php.sh touch ${_pthLog}/php.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/php.sh.old /var/xdrago/monitor/check/php.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/redis.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/redis.sh /var/xdrago/monitor/check/redis.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/redis.sh" -o /var/xdrago/monitor/check/redis.sh if [ -e "/var/xdrago/monitor/check/redis.sh" ]; then chmod 700 /var/xdrago/monitor/check/redis.sh chown root:root /var/xdrago/monitor/check/redis.sh touch ${_pthLog}/redis.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/redis.sh.old /var/xdrago/monitor/check/redis.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/system.sh.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/system.sh /var/xdrago/monitor/check/system.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/system.sh" -o /var/xdrago/monitor/check/system.sh if [ -e "/var/xdrago/monitor/check/system.sh" ]; then chmod 700 /var/xdrago/monitor/check/system.sh chown root:root /var/xdrago/monitor/check/system.sh touch ${_pthLog}/system.sh.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/system.sh.old /var/xdrago/monitor/check/system.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/unbound.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/unbound.sh /var/xdrago/monitor/check/unbound.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/unbound.sh" -o /var/xdrago/monitor/check/unbound.sh if [ -e "/var/xdrago/monitor/check/unbound.sh" ]; then chmod 700 /var/xdrago/monitor/check/unbound.sh chown root:root /var/xdrago/monitor/check/unbound.sh touch ${_pthLog}/unbound.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/unbound.sh.old /var/xdrago/monitor/check/unbound.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/escapecheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/escapecheck.pl /var/xdrago/monitor/check/escapecheck.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/escapecheck.pl" -o /var/xdrago/monitor/check/escapecheck.pl if [ -e "/var/xdrago/monitor/check/escapecheck.pl" ]; then chmod 700 /var/xdrago/monitor/check/escapecheck.pl chown root:root /var/xdrago/monitor/check/escapecheck.pl touch ${_pthLog}/escapecheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/escapecheck.pl.old /var/xdrago/monitor/check/escapecheck.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/hackcheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/hackcheck.pl /var/xdrago/monitor/check/hackcheck.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/hackcheck.pl" -o /var/xdrago/monitor/check/hackcheck.pl if [ -e "/var/xdrago/monitor/check/hackcheck.pl" ]; then chmod 700 /var/xdrago/monitor/check/hackcheck.pl chown root:root /var/xdrago/monitor/check/hackcheck.pl touch ${_pthLog}/hackcheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/hackcheck.pl.old /var/xdrago/monitor/check/hackcheck.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/hackftp.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/hackftp.pl /var/xdrago/monitor/check/hackftp.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/hackftp.pl" -o /var/xdrago/monitor/check/hackftp.pl if [ -e "/var/xdrago/monitor/check/hackftp.pl" ]; then chmod 700 /var/xdrago/monitor/check/hackftp.pl chown root:root /var/xdrago/monitor/check/hackftp.pl touch ${_pthLog}/hackftp.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/hackftp.pl.old /var/xdrago/monitor/check/hackftp.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/locked_java.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/locked_java.pl /var/xdrago/monitor/check/locked_java.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/locked_java.pl" -o /var/xdrago/monitor/check/locked_java.pl if [ -e "/var/xdrago/monitor/check/locked_java.pl" ]; then chmod 700 /var/xdrago/monitor/check/locked_java.pl chown root:root /var/xdrago/monitor/check/locked_java.pl touch ${_pthLog}/locked_java.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/locked_java.pl.old /var/xdrago/monitor/check/locked_java.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/locked_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/locked_nginx.pl /var/xdrago/monitor/check/locked_nginx.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/locked_nginx.pl" -o /var/xdrago/monitor/check/locked_nginx.pl if [ -e "/var/xdrago/monitor/check/locked_nginx.pl" ]; then chmod 700 /var/xdrago/monitor/check/locked_nginx.pl chown root:root /var/xdrago/monitor/check/locked_nginx.pl touch ${_pthLog}/locked_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/locked_nginx.pl.old /var/xdrago/monitor/check/locked_nginx.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/segfault_alert.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/segfault_alert.pl /var/xdrago/monitor/check/segfault_alert.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/segfault_alert.pl" -o /var/xdrago/monitor/check/segfault_alert.pl if [ -e "/var/xdrago/monitor/check/segfault_alert.pl" ]; then chmod 700 /var/xdrago/monitor/check/segfault_alert.pl chown root:root /var/xdrago/monitor/check/segfault_alert.pl touch ${_pthLog}/segfault_alert.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/segfault_alert.pl.old /var/xdrago/monitor/check/segfault_alert.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/sqlcheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/monitor/check/sqlcheck.pl /var/xdrago/monitor/check/sqlcheck.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/sqlcheck.pl" -o /var/xdrago/monitor/check/sqlcheck.pl if [ -e "/var/xdrago/monitor/check/sqlcheck.pl" ]; then chmod 700 /var/xdrago/monitor/check/sqlcheck.pl chown root:root /var/xdrago/monitor/check/sqlcheck.pl touch ${_pthLog}/sqlcheck.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/sqlcheck.pl.old /var/xdrago/monitor/check/sqlcheck.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ ! -e "${_pthLog}/drush8-symlink.ctrl.${_tRee}.${_xSrl}.pid" ]; then if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -L "/usr/bin/drush8" ]; then _DRUSH_SYMLINK=$(readlink -n /usr/bin/drush8 2>&1) _DRUSH_SYMLINK=$(echo -n ${_DRUSH_SYMLINK} | tr -d "\n" 2>&1) if [ "${_DRUSH_SYMLINK}" != "/opt/tools/drush/8/drush/drush.php" ]; then rm -f /usr/bin/drush8 rm -f /usr/bin/drush ln -s /opt/tools/drush/8/drush/drush.php /usr/bin/drush8 ln -s /opt/tools/drush/8/drush/drush.php /usr/bin/drush touch ${_pthLog}/drush8-symlink.ctrl.${_tRee}.${_xSrl}.pid fi fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/clean-boa-env.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /etc/init.d/clean-boa-env /var/xdrago/clean-boa-env.old curl ${_crlGet} "${_urlHmr}/conf/var/clean-boa-env" -o /etc/init.d/clean-boa-env if [ -e "/etc/init.d/clean-boa-env" ]; then chmod 700 /etc/init.d/clean-boa-env chown root:root /etc/init.d/clean-boa-env touch ${_pthLog}/clean-boa-env.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/clean-boa-env.old /etc/init.d/clean-boa-env fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/mysql_backup.sh.ctrl.f95.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_backup.sh /var/xdrago/mysql_backup.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_backup.sh" -o /var/xdrago/mysql_backup.sh if [ -e "/var/xdrago/mysql_backup.sh" ]; then chmod 700 /var/xdrago/mysql_backup.sh chown root:root /var/xdrago/mysql_backup.sh touch ${_pthLog}/mysql_backup.sh.ctrl.f95.${_xSrl}.pid else mv -f /var/xdrago/mysql_backup.sh.old /var/xdrago/mysql_backup.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/unbound-helper.ctrl.f95.${_xSrl}.pid" ]; then mv -f /usr/libexec/unbound-helper /usr/libexec/unbound-helper.old curl ${_crlGet} "${_urlHmr}/conf/dns/unbound-helper" -o /usr/libexec/unbound-helper if [ -e "/usr/libexec/unbound-helper" ]; then chmod 755 /usr/libexec/unbound-helper chown root:root /usr/libexec/unbound-helper touch ${_pthLog}/unbound-helper.ctrl.f95.${_xSrl}.pid else mv -f /usr/libexec/unbound-helper.old /usr/libexec/unbound-helper fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/mysql_cleanup.sh.ctrl.f95.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_cleanup.sh /var/xdrago/mysql_cleanup.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_cleanup.sh" -o /var/xdrago/mysql_cleanup.sh if [ -e "/var/xdrago/mysql_cleanup.sh" ]; then chmod 700 /var/xdrago/mysql_cleanup.sh chown root:root /var/xdrago/mysql_cleanup.sh touch ${_pthLog}/mysql_cleanup.sh.ctrl.f95.${_xSrl}.pid else mv -f /var/xdrago/mysql_cleanup.sh.old /var/xdrago/mysql_cleanup.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/mysql_cluster_backup.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_cluster_backup.sh /var/xdrago/mysql_cluster_backup.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_cluster_backup.sh" -o /var/xdrago/mysql_cluster_backup.sh if [ -e "/var/xdrago/mysql_cluster_backup.sh" ]; then chmod 700 /var/xdrago/mysql_cluster_backup.sh chown root:root /var/xdrago/mysql_cluster_backup.sh touch ${_pthLog}/mysql_cluster_backup.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/mysql_cluster_backup.sh.old /var/xdrago/mysql_cluster_backup.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/runner.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/runner.sh /var/xdrago/runner.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/runner.sh" -o /var/xdrago/runner.sh if [ -e "/var/xdrago/runner.sh" ]; then chmod 700 /var/xdrago/runner.sh chown root:root /var/xdrago/runner.sh touch ${_pthLog}/runner.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/runner.sh.old /var/xdrago/runner.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/minute.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/minute.sh /var/xdrago/minute.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/minute.sh" -o /var/xdrago/minute.sh if [ -e "/var/xdrago/minute.sh" ]; then chmod 700 /var/xdrago/minute.sh chown root:root /var/xdrago/minute.sh touch ${_pthLog}/minute.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/minute.sh.old /var/xdrago/minute.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/second.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/second.sh /var/xdrago/second.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/second.sh" -o /var/xdrago/second.sh if [ -e "/var/xdrago/second.sh" ]; then chmod 700 /var/xdrago/second.sh chown root:root /var/xdrago/second.sh touch ${_pthLog}/second.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/second.sh.old /var/xdrago/second.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/ip_access.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/ip_access.sh /var/xdrago/ip_access.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/ip_access.sh" -o /var/xdrago/ip_access.sh if [ -e "/var/xdrago/ip_access.sh" ]; then chmod 700 /var/xdrago/ip_access.sh chown root:root /var/xdrago/ip_access.sh touch ${_pthLog}/ip_access.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/ip_access.sh.old /var/xdrago/ip_access.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/move_sql.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/move_sql.sh /var/xdrago/move_sql.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/move_sql.sh" -o /var/xdrago/move_sql.sh if [ -e "/var/xdrago/move_sql.sh" ]; then chmod 700 /var/xdrago/move_sql.sh chown root:root /var/xdrago/move_sql.sh touch ${_pthLog}/move_sql.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/move_sql.sh.old /var/xdrago/move_sql.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/mysql_repair.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/mysql_repair.sh /var/xdrago/mysql_repair.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/mysql_repair.sh" -o /var/xdrago/mysql_repair.sh if [ -e "/var/xdrago/mysql_repair.sh" ]; then chmod 700 /var/xdrago/mysql_repair.sh chown root:root /var/xdrago/mysql_repair.sh touch ${_pthLog}/mysql_repair.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/mysql_repair.sh.old /var/xdrago/mysql_repair.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/purge_binlogs.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/purge_binlogs.sh /var/xdrago/purge_binlogs.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/purge_binlogs.sh" -o /var/xdrago/purge_binlogs.sh if [ -e "/var/xdrago/purge_binlogs.sh" ]; then chmod 700 /var/xdrago/purge_binlogs.sh chown root:root /var/xdrago/purge_binlogs.sh touch ${_pthLog}/purge_binlogs.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/purge_binlogs.sh.old /var/xdrago/purge_binlogs.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/checksql.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/checksql.pl /var/xdrago/checksql.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/checksql.pl" -o /var/xdrago/checksql.pl if [ -e "/var/xdrago/checksql.pl" ]; then chmod 700 /var/xdrago/checksql.pl chown root:root /var/xdrago/checksql.pl touch ${_pthLog}/checksql.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/checksql.pl.old /var/xdrago/checksql.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/clear.sh.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/clear.sh /var/xdrago/clear.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/clear.sh" -o /var/xdrago/clear.sh if [ -e "/var/xdrago/clear.sh" ]; then chmod 700 /var/xdrago/clear.sh chown root:root /var/xdrago/clear.sh touch ${_pthLog}/clear.sh.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/clear.sh.old /var/xdrago/clear.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/daily.sh.ctrl.f90.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/daily.sh /var/xdrago/daily.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/daily.sh" -o /var/xdrago/daily.sh if [ -e "/var/xdrago/daily.sh" ]; then chmod 700 /var/xdrago/daily.sh chown root:root /var/xdrago/daily.sh touch ${_pthLog}/daily.sh.ctrl.f90.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/daily.sh.old /var/xdrago/daily.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/graceful.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/graceful.sh /var/xdrago/graceful.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/graceful.sh" -o /var/xdrago/graceful.sh if [ -e "/var/xdrago/graceful.sh" ]; then chmod 700 /var/xdrago/graceful.sh chown root:root /var/xdrago/graceful.sh touch ${_pthLog}/graceful.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/graceful.sh.old /var/xdrago/graceful.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/usage.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/usage.sh /var/xdrago/usage.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/usage.sh" -o /var/xdrago/usage.sh if [ -e "/var/xdrago/usage.sh" ]; then chmod 700 /var/xdrago/usage.sh chown root:root /var/xdrago/usage.sh touch ${_pthLog}/usage.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/usage.sh.old /var/xdrago/usage.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/manage_ltd_users.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/manage_ltd_users.sh /var/xdrago/manage_ltd_users.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/manage_ltd_users.sh" \ -o /var/xdrago/manage_ltd_users.sh if [ -e "/var/xdrago/manage_ltd_users.sh" ]; then chmod 700 /var/xdrago/manage_ltd_users.sh chown root:root /var/xdrago/manage_ltd_users.sh touch ${_pthLog}/manage_ltd_users.sh.ctrl.f95.${_tRee}.${_xSrl}.pid [ -e "/run/manage_ltd_users.pid" ] && rm -f /run/manage_ltd_users.pid else mv -f /var/xdrago/manage_ltd_users.sh.old /var/xdrago/manage_ltd_users.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/manage_solr_config.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/manage_solr_config.sh /var/xdrago/manage_solr_config.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/manage_solr_config.sh" \ -o /var/xdrago/manage_solr_config.sh if [ -e "/var/xdrago/manage_solr_config.sh" ]; then chmod 700 /var/xdrago/manage_solr_config.sh chown root:root /var/xdrago/manage_solr_config.sh touch ${_pthLog}/manage_solr_config.sh.ctrl.f95.${_tRee}.${_xSrl}.pid rm -f /run/manage_solr_config.pid else mv -f /var/xdrago/manage_solr_config.sh.old /var/xdrago/manage_solr_config.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/proc_num_ctrl.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/proc_num_ctrl.pl /var/xdrago/proc_num_ctrl.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/proc_num_ctrl.pl" \ -o /var/xdrago/proc_num_ctrl.pl if [ -e "/var/xdrago/proc_num_ctrl.pl" ]; then chmod 700 /var/xdrago/proc_num_ctrl.pl chown root:root /var/xdrago/proc_num_ctrl.pl touch ${_pthLog}/proc_num_ctrl.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/proc_num_ctrl.pl.old /var/xdrago/proc_num_ctrl.pl fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/fast_shutdown.ctrl.${_tRee}.${_xSrl}.pid" ]; then sed -i "s/.*opcache.fast_shutdown.*//g" /opt/etc/fpm/fpm-pool-common.conf _PHP_V="83 82 81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ] && [ -e "/opt/php${e}/bin/php" ]; then service php${e}-fpm reload &> /dev/null fi done _PHP_V="55 54 53" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ] && [ -e "/opt/php${e}/bin/php" ]; then service php${e}-fpm force-quit &> /dev/null fi done touch ${_pthLog}/fast_shutdown.ctrl.${_tRee}.${_xSrl}.pid fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${_pthLog}/guest-fire.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/guest-fire.sh /var/xdrago/guest-fire.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/guest-fire.sh" \ -o /var/xdrago/guest-fire.sh if [ -e "/var/xdrago/guest-fire.sh" ]; then chmod 700 /var/xdrago/guest-fire.sh chown root:root /var/xdrago/guest-fire.sh touch ${_pthLog}/guest-fire.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/guest-fire.sh.old /var/xdrago/guest-fire.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${_pthLog}/guest-water.sh.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/guest-water.sh /var/xdrago/guest-water.sh.old curl ${_crlGet} "${_urlHmr}/tools/system/guest-water.sh" \ -o /var/xdrago/guest-water.sh if [ -e "/var/xdrago/guest-water.sh" ]; then chmod 700 /var/xdrago/guest-water.sh chown root:root /var/xdrago/guest-water.sh touch ${_pthLog}/guest-water.sh.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/guest-water.sh.old /var/xdrago/guest-water.sh fi fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/scan_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid" ]; then [ ! -d "/var/xdrago/monitor/log" ] && mkdir -p /var/xdrago/monitor/log mv -f /var/xdrago/monitor/check/scan_nginx.pl /var/xdrago/monitor/check/scan_nginx.pl.old curl ${_crlGet} "${_urlHmr}/tools/system/monitor/check/scan_nginx.pl" \ -o /var/xdrago/monitor/check/scan_nginx.pl if [ -e "/var/xdrago/monitor/check/scan_nginx.pl" ]; then sed -i "s/default_critnumber =.*/default_critnumber = 399;/g" /var/xdrago/monitor/check/scan_nginx.pl wait sed -i "s/default_lines =.*/default_lines = 1999;/g" /var/xdrago/monitor/check/scan_nginx.pl wait _if_hosted_sys if [ "${_hostedSys}" = "YES" ]; then if [ -z "${_NGINX_DOS_IGNORE}" ]; then _NGINX_DOS_IGNORE="doccomment" fi fi if [ ! -z "${_NGINX_DOS_IGNORE}" ]; then _NGINX_DOS_IGNORE=${_NGINX_DOS_IGNORE//[^a-zA-Z0-9|-]/} sed -i "s/dontcount/${_NGINX_DOS_IGNORE}/g" /var/xdrago/monitor/check/scan_nginx.pl wait fi if [ ! -z "${_NGINX_DOS_STOP}" ]; then _NGINX_DOS_STOP=${_NGINX_DOS_STOP//[^a-zA-Z0-9|-]/} if [ ! -z "${_NGINX_DOS_STOP}" ]; then sed -i "s/foobar/${_NGINX_DOS_STOP}/g" /var/xdrago/monitor/check/scan_nginx.pl wait fi fi chmod 700 /var/xdrago/monitor/check/scan_nginx.pl chown root:root /var/xdrago/monitor/check/scan_nginx.pl if [ ! -e "/var/xdrago/monitor/log/.scan_nginx_arch.${_xSrl}.pid" ]; then if [ -e "/var/xdrago/monitor/scan_nginx.archive.log" ]; then mv -f /var/xdrago/monitor/scan_nginx.archive.log /var/xdrago/monitor/log/scan_nginx_legacy.archive.${_xSrl}.log fi if [ -e "/var/xdrago/monitor/log/scan_nginx.archive.log" ]; then mv -f /var/xdrago/monitor/log/scan_nginx.archive.log /var/xdrago/monitor/log/scan_nginx.archive.${_xSrl}.log fi rm -f /var/xdrago/monitor/log/.scan_nginx_arch* touch /var/xdrago/monitor/log/.scan_nginx_arch.${_xSrl}.pid csf -df wait fi touch ${_pthLog}/scan_nginx.pl.ctrl.f95.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/monitor/check/scan_nginx.pl.old /var/xdrago/monitor/check/scan_nginx.pl fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/lshell.ctrl.f92.${_tRee}.${_xSrl}.pid" ]; then if [ -z "${_CUSTOM_CONFIG_LSHELL}" ] \ || [ "${_CUSTOM_CONFIG_LSHELL}" = "NO" ]; then mv -f /var/xdrago/conf/lshell.conf /var/xdrago/conf/lshell.conf.old curl ${_crlGet} "${_urlHmr}/tools/system/conf/lshell.conf" \ -o /var/xdrago/conf/lshell.conf if [ -e "/var/xdrago/conf/lshell.conf" ]; then chmod 644 /var/xdrago/conf/lshell.conf chown root:root /var/xdrago/conf/lshell.conf touch ${_pthLog}/lshell.ctrl.f92.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/lshell.conf.old /var/xdrago/conf/lshell.conf fi fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/multi.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf /var/xdrago/conf/fpm-pool-foo-multi.conf.old curl ${_crlGet} "${_urlHmr}/conf/php/fpm-pool-foo-multi.conf" \ -o /var/xdrago/conf/fpm-pool-foo-multi.conf if [ -e "/var/xdrago/conf/fpm-pool-foo-multi.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo-multi.conf chown root:root /var/xdrago/conf/fpm-pool-foo-multi.conf touch ${_pthLog}/multi.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf.old /var/xdrago/conf/fpm-pool-foo-multi.conf fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/single.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo.conf /var/xdrago/conf/fpm-pool-foo.conf.old curl ${_crlGet} "${_urlHmr}/conf/php/fpm-pool-foo.conf" \ -o /var/xdrago/conf/fpm-pool-foo.conf if [ -e "/var/xdrago/conf/fpm-pool-foo.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo.conf chown root:root /var/xdrago/conf/fpm-pool-foo.conf touch ${_pthLog}/single.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/fpm-pool-foo.conf.old /var/xdrago/conf/fpm-pool-foo.conf fi fi if [ -e "/etc/ImageMagick-6/policy.xml" ] \ && [ -e "/var/xdrago" ] \ && [ ! -e "${_pthLog}/policymap-hf-06.ctrl.${_tRee}.${_xSrl}.pid" ]; then IsCurlBin=$(which curl 2>&1) chmod 755 ${IsCurlBin} &> /dev/null chgrp root ${IsCurlBin} &> /dev/null cp -af /etc/ImageMagick-6/policy.xml /var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old rm -f /var/xdrago/conf/etc-ImageMagick-6-policy.xml curl ${_crlGet} "${_urlHmr}/conf/etc/etc-ImageMagick-6-policy.xml" \ -o /var/xdrago/conf/etc-ImageMagick-6-policy.xml if [ -e "/var/xdrago/conf/etc-ImageMagick-6-policy.xml" ]; then cp -af /var/xdrago/conf/etc-ImageMagick-6-policy.xml /etc/ImageMagick-6/policy.xml chmod 644 /etc/ImageMagick-6/policy.xml chown root:root /etc/ImageMagick-6/policy.xml touch ${_pthLog}/policymap-hf-06.ctrl.${_tRee}.${_xSrl}.pid _PHP_V="83 82 81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ]; then service php${e}-fpm reload &> /dev/null fi done else if [ -e "/var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old" ]; then cp -af /var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old /etc/ImageMagick-6/policy.xml fi fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/dispatch.ctrl.${_tRee}.${_xSrl}.pid" ]; then sed -i "s/.*cache.*//g; s/.*cc drush.*//g; s/ *$//g; /^$/d" /data/disk/*/aegir.sh touch ${_pthLog}/dispatch.ctrl.${_tRee}.${_xSrl}.pid fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/xdrago/conf/control-readme.txt" ] \ && [ ! -e "${_pthLog}/control-readme.txt.ctrl.${_tRee}.${_xSrl}.pid" ]; then mv -f /var/xdrago/conf/control-readme.txt /var/xdrago/conf/control-readme.txt.old curl ${_crlGet} "${_urlHmr}/tools/system/conf/control-readme.txt" -o /var/xdrago/conf/control-readme.txt if [ -e "/var/xdrago/conf/control-readme.txt" ]; then chmod 644 /var/xdrago/conf/control-readme.txt chown root:root /var/xdrago/conf/control-readme.txt touch ${_pthLog}/control-readme.txt.ctrl.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/conf/control-readme.txt.old /var/xdrago/conf/control-readme.txt fi fi if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/hosting.cron.queue.ctrl.f96.${_tRee}.${_xSrl}.pid" ]; then _hQueueF="hosting_cron.module" _hQueueP="/var/xdrago/conf/${_hQueueF}" _find_correct_ip [ -e "${_hQueueP}" ] && _isPatchedTpl=$(grep "url_own" "${_hQueueP}") if [ ! -e "${_hQueueP}" ] || [[ ! "${_isPatchedTpl}" =~ "url_own" ]]; then curl ${_crlGet} "${_urlHmr}/patches/${_hQueueF}" -o ${_hQueueP} fi for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do _tUsr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ -n "${_tUsr}" ] && [ "${_tUsr}" != "arch" ]; then if [ -e "${_pthSysUsr}/log/hosting_cron_use_backend.txt" ]; then rm -f ${_pthSysUsr}/log/hosting_cron_use_backend.txt fi _hmPlr=$(cat ${_pthSysUsr}/.drush/hostmaster.alias.drushrc.php \ | grep "root'" \ | cut -d: -f2 \ | awk '{ print $3}' \ | sed "s/[\,']//g" 2>&1) _hmDir="${_hmPlr}/profiles/hostmaster/modules/aegir/hosting" _hmQmd="${_hmDir}/cron/hosting_cron.module" if [ -e "${_hmDir}/cron/hosting_cron.module.orig" ]; then rm -f ${_hmDir}/cron/hosting_cron.module.orig fi if [ -e "${_hmDir}/cron/hosting_cron.module.rej" ]; then rm -f ${_hmDir}/cron/hosting_cron.module.rej fi if [ -e "${_hmQmd}" ] && [ -e "${_hQueueP}" ]; then _isPatched=$(grep "url_own" "${_hmQmd}") if [[ ! "${_isPatched}" =~ "url_own" ]]; then cp -a ${_hQueueP} ${_hmDir}/cron/ if [ -e "${_hmDir}/cron/${_hQueueF}" ]; then sed -i "s/127.0.0.1/${_LOC_IP}/g" "${_hmDir}/cron/${_hQueueF}" fi fi fi fi done touch ${_pthLog}/hosting.cron.queue.ctrl.f96.${_tRee}.${_xSrl}.pid fi if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/hosting.cron.ctrl.f99.${_tRee}.${_xSrl}.pid" ]; then for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do _tUsr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ -n "${_tUsr}" ] && [ "${_tUsr}" != "arch" ]; then if [ -e "${_pthSysUsr}/log/hosting_cron_use_backend.txt" ]; then rm -f ${_pthSysUsr}/log/hosting_cron_use_backend.txt fi fi done touch ${_pthLog}/hosting.cron.ctrl.f99.${_tRee}.${_xSrl}.pid fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/fpm-cli.ctrl.${_tRee}.${_xSrl}.pid" ]; then _usrGroup=users [ -e "/var/backups/off-run/" ] && cp -a /var/backups/off-run/run* /var/xdrago/ &> /dev/null for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do _tUsr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ "${_tUsr}" != "arch" ]; then if [ ! -e "${_pthSysUsr}/static/control/MyQuick.info" ] \ && [ ! -e "${_pthSysUsr}/static/control/MyClassic.info" ]; then echo ON > ${_pthSysUsr}/static/control/MyQuick.info fi if [ ! -e "${_pthSysUsr}/static/control/.disFastTrack.pid" ]; then rm -f ${_pthSysUsr}/static/control/FastTrack.info touch ${_pthSysUsr}/static/control/.disFastTrack.pid fi if [ ! -e "${_pthSysUsr}/static/control/FastTrack.info" ] \ && [ ! -e "${_pthSysUsr}/static/control/ClassicTrack.info" ]; then echo ON > ${_pthSysUsr}/static/control/ClassicTrack.info fi if [ -e "${_pthSysUsr}/static/control/fpm.info" ] \ && [ ! -e "${_pthSysUsr}/static/control/cli.info" ]; then cp ${_pthSysUsr}/static/control/fpm.info ${_pthSysUsr}/static/control/cli.info fi if [ -e "${_pthSysUsr}/log/CANCELLED" ] \ || [ -e "${_pthSysUsr}/log/proxied.pid" ] \ || [ ! -e "${_pthSysUsr}/static/control/cli.info" ]; then if [ -e "/var/xdrago/run-${_tUsr}" ] \ && [ -e "/var/aegir/drush" ]; then if [ ! -e "/var/backups/off-run" ]; then mkdir -p /var/backups/off-run/ fi mv -f /var/xdrago/run-${_tUsr} /var/backups/off-run/ fi else _dscUsr="/data/disk/${_tUsr}" _ngxCnf="${_dscUsr}/config/includes/nginx_vhost_common.conf" _NGINX_CNF_TEST=$(grep "foobaroff" ${_ngxCnf} 2>&1) if [[ "${_NGINX_CNF_TEST}" =~ "foobaroff" ]]; then _DO_NOTHING=YES else sed -i "s/args.*q=/args ~* \"foobaroff=/g" ${_ngxCnf} fi for _version in 81 82 83 74; do if [ -x "/opt/php${_version}/bin/php" ]; then if [ "${_version}" = "74" ]; then _useCli="7.4" _useFpm="7.4" else _useCli="8.${_version:1}" _useFpm="8.${_version:1}" fi break fi done if [ ! -e "${_dscUsr}/static/control/fpm.info" ] \ && [ -e "/var/aegir/drush" ]; then if [ -n "${_useFpm}" ]; then echo ${_useFpm} > ${_dscUsr}/static/control/fpm.info chown ${_tUsr}.ftp:${_usrGroup} ${_dscUsr}/static/control/fpm.info chmod 0644 ${_dscUsr}/static/control/fpm.info fi fi if [ ! -e "${_dscUsr}/static/control/cli.info" ] \ && [ -e "/var/aegir/drush" ]; then if [ -e "${_dscUsr}/static/control/fpm.info" ]; then cp -af ${_dscUsr}/static/control/fpm.info ${_dscUsr}/static/control/cli.info else if [ -n "${_useCli}" ]; then echo ${_useCli} > ${_dscUsr}/static/control/cli.info chown ${_tUsr}.ftp:${_usrGroup} ${_dscUsr}/static/control/cli.info chmod 0644 ${_dscUsr}/static/control/cli.info fi fi fi if [ ! -e "${_dscUsr}/static/control/.ctrl.${_tRee}.${_xSrl}.pid" ] \ && [ -e "/home/${_tUsr}.ftp/clients" ]; then mkdir -p ${_dscUsr}/static/control chmod 755 ${_dscUsr}/static/control if [ -e "/var/xdrago/conf/control-readme.txt" ]; then cp -af /var/xdrago/conf/control-readme.txt \ ${_dscUsr}/static/control/README.txt &> /dev/null chmod 0644 ${_dscUsr}/static/control/README.txt fi chown -R ${_tUsr}.ftp:${_usrGroup} ${_dscUsr}/static/control rm -f ${_dscUsr}/static/control/.ctrl.* echo OK > ${_dscUsr}/static/control/.ctrl.${_tRee}.${_xSrl}.pid fi fi fi done touch ${_pthLog}/fpm-cli.ctrl.${_tRee}.${_xSrl}.pid fi # Create the destination directory if it doesn't exist mkdir -p /var/backups/off-run/ # Loop through all files matching the pattern /var/xdrago/run-USER for _file in /var/xdrago/run-*; do # Skip iteration if no files match the pattern [ -e "${_file}" ] || continue # Extract the _USER from the filename _USER=${_file#/var/xdrago/run-} # Define the paths to check _USER_DIR="/data/disk/${_USER}" _CANCELLED_FILE="${_USER_DIR}/log/CANCELLED" _PROXIED_PID_FILE="${_USER_DIR}/log/proxied.pid" _CLI_INFO_FILE="${_USER_DIR}/static/control/cli.info" # Check the conditions if [ ! -d "${_USER_DIR}" ] || \ [ -f "${_CANCELLED_FILE}" ] || \ [ -f "${_PROXIED_PID_FILE}" ] || \ [ ! -f "${_CLI_INFO_FILE}" ]; then # Move the file if any condition is met mv -f "${_file}" /var/backups/off-run/ fi done if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "${_provLeIncFull}" ] \ && [ -e "${_hoLeIncFull}" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/hosting_le_vt.ctrl.${_tRee}.${_xSrl}.pid" ]; then _leBasePath="profiles/hostmaster/modules/aegir/hosting_le" _lePath="${_leBasePath}/drush/${_provLeInc}" _leVhPath="${_leBasePath}/hosting_le_vhost/drush/${_hoLeInc}" for _pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do if [ -e "${_pthSysUsr}/config/server_master/nginx/vhost.d" ] \ && [ -e "${_pthSysUsr}/static/control/cli.info" ] \ && [ ! -e "${_pthSysUsr}/log/proxied.pid" ] \ && [ ! -e "${_pthSysUsr}/log/CANCELLED" ]; then _tUsr= _validReg= _validIPr= _tUsr=$(echo ${_pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) _dscUsr="/data/disk/${_tUsr}" _hmPf=$(cat ${_dscUsr}/.drush/hostmaster.alias.drushrc.php \ | grep "root'" \ | cut -d: -f2 \ | awk '{ print $3}' \ | sed "s/[\,']//g" 2>&1) _locFile="${_hmPf}/${_lePath}" if [ -e "${_locFile}" ] && [ -e "${_provLeIncFull}" ]; then cp -af ${_provLeIncFull} ${_locFile} chown ${_tUsr}:users ${_locFile} chmod 0644 ${_locFile} fi _locVhFile="${_hmPf}/${_leVhPath}" if [ -e "${_locVhFile}" ] && [ -e "${_hoLeIncFull}" ]; then cp -af ${_hoLeIncFull} ${_locVhFile} chown ${_tUsr}:users ${_locVhFile} chmod 0644 ${_locVhFile} fi _leRoot="${_dscUsr}/tools/le" _exeLe="${_leRoot}/dehydrated" _dehydFull="${_leRoot}/${_dehydName}" _legacyLeShFile="${_leRoot}/letsencrypt.sh" _lockLeFile="${_leRoot}/lock" _configIni="${_leRoot}/config" _acctsDir="${_leRoot}/accounts" _acctsDemoDir="${_leRoot}/accounts-demo" _demoPid="${_leRoot}/.ctrl/ssl-demo-mode.pid" _normalRegPid="${_leRoot}/.ctrl/normal-re6-register.pid" _forcedRegPid="${_leRoot}/.ctrl/forced-re6-register.pid" _onDemandRegPid="${_leRoot}/.ctrl/onDemand-register.pid" _validIdn=$(grep "letsencrypt" ${_acctsDir}/*/account_id.json 2>&1) _validReg=$(grep "valid" ${_acctsDir}/*/registration_info.json 2>&1) _validIPr=$(grep "${_LOC_IP}" ${_acctsDir}/*/registration_info.json 2>&1) _HOUR=$(date +%H 2>&1) _HOUR=${_HOUR//[^0-9-]/} if [ -e "${_dehydSrcPath}" ]; then cp -af ${_dehydSrcPath} ${_dehydFull} chown ${_tUsr}:users ${_dehydFull} chmod 0700 ${_dehydFull} fi if [ -e "${_dehydFull}" ] \ && [ ! -e "${_normalRegPid}" ]; then if [ "${_HOUR}" = "5" ] \ || [ "${_HOUR}" = "17" ] \ || [ -e "${_onDemandRegPid}" ]; then su -s /bin/bash - ${_tUsr} -c "bash ${_exeLe} --register --accept-terms" wait touch ${_normalRegPid} fi fi if [ -e "${_lockLeFile}" ]; then rm -f ${_lockLeFile} sleep 1 fi if [ -e "${_demoPid}" ]; then rm -f ${_demoPid} fi if [ "${_HOUR}" = "11" ] \ || [ "${_HOUR}" = "23" ] \ || [ -e "${_onDemandRegPid}" ]; then if [ -e "${_legacyLeShFile}" ] \ || [ -e "${_acctsDemoDir}" ] \ || [[ ! "${_validIdn}" =~ "letsencrypt" ]] \ || [[ ! "${_validReg}" =~ "valid" ]] \ || [[ ! "${_validIPr}" =~ "${_LOC_IP}" ]] \ || [ ! -e "${_forcedRegPid}" ]; then rm -f ${_legacyLeShFile} rm -rf ${_acctsDemoDir} rm -rf ${_acctsDir} rm -f ${_leRoot}/.ctrl/.forced* rm -f ${_leRoot}/.ctrl/.normal* rm -f ${_leRoot}/.ctrl/forced* rm -f ${_leRoot}/.ctrl/normal* if [ -e "${_exeLe}" ]; then su -s /bin/bash - ${_tUsr} -c "bash ${_exeLe} --register --accept-terms" wait touch ${_forcedRegPid} touch ${_normalRegPid} fi fi fi fi done touch ${_pthLog}/hosting_le_vt.ctrl.${_tRee}.${_xSrl}.pid fi if [ -e "/var/xdrago/monitor/check" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_pthLog}/websh.ctrl.f94.${_tRee}.${_xSrl}.pid" ]; then mv -f /bin/websh /var/xdrago/websh.sh.old curl ${_crlGet} "${_urlHmr}/helpers/websh.sh.txt" -o /bin/websh if [ -e "/bin/websh" ]; then chmod 755 /bin/websh chown root:root /bin/websh touch ${_pthLog}/websh.ctrl.f94.${_tRee}.${_xSrl}.pid else mv -f /var/xdrago/websh.sh.old /bin/websh fi fi _Dir="/data/all/000/modules" _REDIS_T_VERSION=8.x-1.8.2 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_nine_ten _get_dev_contrib "redis_nine_ten-${_REDIS_T_VERSION}.tar.gz" echo update > ${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_nine_ten.ctrl.${_xSrl}.log fi fi _Dir="/data/all/000/modules" _REDIS_C_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_compr _get_dev_contrib "redis_compr-${_REDIS_C_VERSION}.tar.gz" echo update > ${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_compr.ctrl.${_xSrl}.log fi fi _Dir="/data/all/000/modules" _REDIS_L_VERSION=7.x-3.19.1 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_edge _get_dev_contrib "redis_edge-${_REDIS_L_VERSION}.tar.gz" echo update > ${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_edge.ctrl.${_xSrl}.log fi fi _Dir="/data/all/000/modules" _REDIS_N_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_xSrl}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_eight _get_dev_contrib "redis_eight-${_REDIS_N_VERSION}.tar.gz" echo update > ${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_xSrl}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${_pthLog}/redis_eight.ctrl.${_xSrl}.log fi fi } _fix_core_dgd() { # sed -i "s/^_PERMISSIONS_FIX=.*/_PERMISSIONS_FIX=YES/g" ${_barCnf} _saCoreS="${_saCoreN}-D7" _saIncDb="includes/database/database.inc" _saPatch="/var/xdrago/conf/${_saCoreS}.patch" _saQCoreN="${_saCoreN}" _saQCoreS="${_saQCoreN}-D8" _saQIncDb="core/includes/database.inc" _saQPatch="/var/xdrago/conf/${_saQCoreS}.patch" _saXCoreN="${_saCoreN}" _saXCoreS="${_saXCoreN}-D6" _saXIncDb="includes/database.inc" _saXPatch="/var/xdrago/conf/${_saXCoreS}.patch" _saBCoreP="${_saCoreN}-provision" _saBPatch="/var/xdrago/conf/${_saBCoreP}.patch" # SA-CORE D8 patch if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_saQPatch}" ]; then mkdir -p /var/xdrago/conf curl ${_crlGet} "${_urlHmr}/patches/8-core/${_saQCoreS}.patch" -o ${_saQPatch} fi # SA-CORE D7 patch if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_saPatch}" ]; then mkdir -p /var/xdrago/conf curl ${_crlGet} "${_urlHmr}/patches/7-core/${_saCoreS}.patch" -o ${_saPatch} fi # SA-CORE D6 patch # if [ -e "/var/xdrago" ] \ # && [ -e "/var/aegir/drush" ] \ # && [ ! -e "${_saXPatch}" ]; then # mkdir -p /var/xdrago/conf # curl ${_crlGet} "${_urlHmr}/patches/6-core/${_saXCoreS}.patch" -o ${_saXPatch} # fi # SA-CORE for Octopus hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -d "/data/u" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/hostmaster-octopus-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /data/disk/*/aegir/distro/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/hostmaster-octopus-${_saCoreN}-fixed-d7.log fi cd fi # SA-CORE for Barracuda hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/hostmaster-barracuda-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /var/aegir/host_master/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done for _File in `find /var/aegir/hostmaster*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/hostmaster-barracuda-${_saCoreN}-fixed-d7.log fi cd fi # SA-CORE for built-in D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saPatch}" ] \ && [ ! -e "${_pthLog}/${_saCoreN}-fixed-d7.log" ]; then if [ -d "/data/all/000/core" ]; then for _Core in `find /data/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for _Core in `find /data/disk/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null done fi touch ${_pthLog}/${_saCoreN}-fixed-d7.log cd fi # SA-CORE for ancient D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /data/all/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saCoreN}-fixed-d7.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saCoreN}-fixed-d7eee.log" ]; then for _File in `find /data/disk/all/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saCoreN}-fixed-d7eee.log fi cd fi # SA-CORE for custom D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saPatch}" ]; then if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/batch-custom-${_saCoreN}-fixed-d7.log" ]; then for _File in `find /data/disk/*/static/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/*/${_saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saCoreS}-fix.info fi done fi cd touch ${_pthLog}/batch-custom-${_saCoreN}-fixed-d7.log fi # SA-CORE for D8 platforms in ~/static if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saQPatch}" ]; then if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/batch-custom-${_saQCoreN}-fixed-d8.log" ]; then for _File in `find /data/disk/*/static/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done for _File in `find /data/disk/*/static/*/*/*/*/*/${_saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saQCoreS}-fix.info" ]; then cd ${_Core} patch -p1 < ${_saQPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saQCoreS}-fix.info fi done fi cd touch ${_pthLog}/batch-custom-${_saQCoreN}-fixed-d8.log fi # SA-CORE for built-in D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saXPatch}" ] \ && [ ! -e "${_pthLog}/${_saXCoreN}-finally-fixed-d6.log" ]; then if [ -d "/data/all/000/core" ]; then for _Core in `find /data/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for _Core in `find /data/disk/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null done fi touch ${_pthLog}/${_saXCoreN}-finally-fixed-d6.log cd fi # SA-CORE for ancient D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saXPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6.log" ]; then for _File in `find /data/all/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6eee.log" ]; then for _File in `find /data/disk/all/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] && [ ! -e "${_Core}/core" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null fi done touch ${_pthLog}/legacy-${_saXCoreN}-finally-fixed-d6eee.log fi cd fi # SA-CORE for custom D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "${_saXPatch}" ]; then if [ -d "/data/u" ] \ && [ ! -e "${_pthLog}/batch-custom-${_saXCoreN}-finally-fixed-d6.log" ]; then for _File in `find /data/disk/*/static/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done for _File in `find /data/disk/*/static/*/*/*/*/*/${_saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do _Core=$(echo ${_File} \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${_Core}" ] \ && [ ! -e "${_Core}/core" ] \ && [ ! -e "${_Core}/profiles/${_saXCoreS}-fix-finally.info" ]; then cd ${_Core} patch -p1 < ${_saXPatch} &> /dev/null echo fixed > ${_Core}/profiles/${_saXCoreS}-fix-finally.info fi done fi cd touch ${_pthLog}/batch-custom-${_saXCoreN}-finally-fixed-d6.log fi } _fix_ping_perms() { if [ -e "/bin/ping" ]; then _PING_TEST=$(ls -la /bin/ping | grep rwsr-xr-x 2>&1) if [ -z "${_PING_TEST}" ]; then chown root:root /bin/ping chmod 4755 /bin/ping fi fi } _fix_fpm_process_max() { if [ ! -e "${_pthLog}/process.max.ctrl.${_tRee}.${_xSrl}.pid" ]; then sed -i "s/process.max =.*/process.max = 0/g" /opt/php*/etc/php*-fpm.conf touch ${_pthLog}/process.max.ctrl.${_tRee}.${_xSrl}.pid fi } _fix_node_in_lshell_access() { if [ ! -e "${_pthLog}/node.lshell-fix-scp.ctrl.${_tRee}.${_xSrl}.pid" ] \ && [ -e "/etc/lshell.conf" ]; then _PrTestPhantom=$(grep "PHANTOM" /root/.*.octopus.cnf 2>&1) _PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) if [[ "${_PrTestPhantom}" =~ "PHANTOM" ]] \ || [[ "${_PrTestCluster}" =~ "CLUSTER" ]] \ || [ -e "/root/.allow.node.lshell.cnf" ]; then _ALLOW_NODE=YES else _ALLOW_NODE=NO sed -i "s/, 'node',/,/g" /etc/lshell.conf wait sed -i "s/, 'node',/,/g" /var/xdrago/conf/lshell.conf wait sed -i "s/, 'npm',/,/g" /etc/lshell.conf wait sed -i "s/, 'npm',/,/g" /var/xdrago/conf/lshell.conf wait sed -i "s/, 'npx',/,/g" /etc/lshell.conf wait sed -i "s/, 'npx',/,/g" /var/xdrago/conf/lshell.conf wait sed -i "s/, 'find',/,/g" /etc/lshell.conf wait sed -i "s/, 'find',/,/g" /var/xdrago/conf/lshell.conf wait sed -i "s/, 'scp',/,/g" /etc/lshell.conf wait sed -i "s/, 'scp',/,/g" /var/xdrago/conf/lshell.conf wait fi touch ${_pthLog}/node.lshell-fix-scp.ctrl.${_tRee}.${_xSrl}.pid fi } _fix_python_src() { _PYTHON_VRN=3.12.5 _DCY_PTN="/usr/local/bin/python3" if [ -x "${_DCY_PTN}" ]; then _PYTHON_TEST=$(${_DCY_PTN} --version 2>&1) fi if [[ ! "${_PYTHON_TEST}" =~ "Python ${_PYTHON_VRN}" ]] \ || [ ! -x "${_DCY_PTN}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install ${_aptYesUnth} \ intltool \ libffi-dev \ par2 \ python3-pip \ python3-venv \ python3 \ rclone \ rdiff \ tzdata cd /var/opt rm -rf Python* _get_dev_src "Python-${_PYTHON_VRN}.tgz" tar -xzf Python-${_PYTHON_VRN}.tgz cd Python-${_PYTHON_VRN} if [ -d "/usr/local/ssl3" ]; then bash ./configure --with-openssl=/usr/local/ssl3 else bash ./configure --with-openssl=/usr/local/ssl fi make -j $(nproc) --quiet make install --quiet cd _apt_clean_update apt-get install python3-pip ${_aptYesUnth} if [ -x "/usr/local/bin/pip3" ]; then _usePip=/usr/local/bin/pip3 elif [ -x "/usr/bin/pip3" ]; then _usePip=/usr/bin/pip3 fi _PIP_TEST=$(${_usePip} --version 2>&1) if [[ "${_PIP_TEST}" =~ "python 3.11" ]] \ || [[ "${_PIP_TEST}" =~ "python 3.12" ]]; then ${_usePip} install --upgrade pip --root-user-action ignore else ${_usePip} install --upgrade pip fi fi } _if_fix_python_src_for_duplicity() { _PYTHON_FIX=NO _PYTHON_VRN=3.12.5 _DCY_PTN="/usr/local/bin/python3" if [ -x "${_DCY_PTN}" ]; then _PYTHON_TEST=$(${_DCY_PTN} --version 2>&1) fi if [[ ! "${_PYTHON_TEST}" =~ "Python ${_PYTHON_VRN}" ]] \ || [ ! -x "${_DCY_PTN}" ]; then _PYTHON_FIX=YES fi _DUPLICITY_CHK_VRN=3.0.2 _isDuplicity=$(which duplicity 2>&1) if [ -x "${_isDuplicity}" ]; then _DUPLICITY_ITD=$(${_isDuplicity} --version 2>&1 \ | tr -d "\n" \ | cut -d" " -f2 \ | awk '{ print $1}' 2>&1) if [ "${_DUPLICITY_ITD}" != "${_DUPLICITY_CHK_VRN}" ]; then _PYTHON_FIX=YES fi fi if [ "${_PYTHON_FIX}" = "YES" ]; then _fix_python_src fi } _if_fix_lshell() { if [ ! -e "/usr/local/etc/lshell.conf" ] \ && [ ! -L "/usr/local/etc/lshell.conf" ] \ && [ -e "/etc/lshell.conf" ]; then [ ! -d "/usr/local/etc" ] && mkdir -p /usr/local/etc ln -sfn /etc/lshell.conf /usr/local/etc/lshell.conf fi _LSHELL_VRN=0.10 _PATH_LSHELL="${_usrBin}/lshell" _LSHELL_CHK_VRN=0.10 _LSHELL_FORCE_REINSTALL=NO _isLshell=$(which lshell 2>&1) _LSHELL_ITD=$(${_isLshell} --version 2>&1 \ | tr -d "\n" \ | cut -d"-" -f2 \ | awk '{ print $1}' 2>&1) if [ -z "${_isLshell}" ] \ || [ -z "${_PATH_LSHELL}" ] \ || [ "${_LSHELL_ITD}" != "${_LSHELL_CHK_VRN}" ] \ || [[ "${_LSHELL_ITD}" =~ "Traceback" ]] \ || [[ "${_LSHELL_ITD}" =~ "bad interpreter" ]] \ || [[ "${_LSHELL_ITD}" =~ "ImportError" ]]; then _LSHELL_FORCE_REINSTALL=YES fi if [ "${_LSHELL_FORCE_REINSTALL}" = "YES" ]; then [ -f "/etc/lshell.conf" ] && cp -af /etc/lshell.conf /etc/lshell.conf-bak-${_LSHELL_VRN} _apt_clean_update apt-get install python3-pip ${_aptYesUnth} if [ -x "/usr/bin/pip3" ]; then _usePip=/usr/bin/pip3 elif [ -x "/usr/local/bin/pip3" ]; then _usePip=/usr/local/bin/pip3 fi _PIP_TEST=$(${_usePip} --version 2>&1) if [[ "${_PIP_TEST}" =~ "python 3.11" ]] \ || [[ "${_PIP_TEST}" =~ "python 3.12" ]]; then ${_usePip} install --upgrade pip --root-user-action ignore else ${_usePip} install --upgrade pip fi cd /var/opt rm -rf lshell* _get_dev_src "lshell-${_LSHELL_VRN}.tar.gz" for _Files in `find /var/opt/lshell-${_LSHELL_VRN} -type f`; do sed -i "s/kicked/logged/g" ${_Files} &> /dev/null wait sed -i "s/Kicked/Logged/g" ${_Files} &> /dev/null wait done rm -rf /usr/local/lib/python*/site-packages/lshell* rm -rf /usr/local/lib/python*/dist-packages/lshell* cd /var/opt/lshell-${_LSHELL_VRN} _PIP_TEST=$(${_usePip} --version 2>&1) if [[ "${_PIP_TEST}" =~ "python 3.11" ]] \ || [[ "${_PIP_TEST}" =~ "python 3.12" ]]; then ${_usePip} install . --break-system-packages --root-user-action ignore else ${_usePip} install . fi [ -f "/etc/lshell.conf-bak-${_LSHELL_VRN}" ] && cp -af /etc/lshell.conf-bak-${_LSHELL_VRN} /etc/lshell.conf rm -f /etc/logrotate.d/lshell addgroup --system lshellg &> /dev/null mkdir -p /var/log/lsh chown :lshellg /var/log/lsh chmod 770 /var/log/lsh &> /dev/null who | awk '$1 !~ /root/{ cmd="pkill -KILL -u " $1; system(cmd) }' touch ${_pthLog}/lshell-fix-build-${_LSHELL_VRN}.log fi if [ -e "${_usrBin}/lshell" ]; then chown root:users ${_usrBin}/lshell chmod 750 ${_usrBin}/lshell if [ ! -L "/usr/bin/lshell" ]; then ln -sfn ${_usrBin}/lshell /usr/bin/lshell &> /dev/null fi fi } _fix_log4j() { _LOG4J_VRN=2.17.1 _DO_SOLR_RESTART= if [ -x "/etc/init.d/solr7" ] && [ -e "/etc/default/solr7.in.sh" ]; then if [ -e "/opt/solr-7.7.3" ] \ && [ ! -e "/opt/solr-7.7.3/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* _get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.7.3/ mv -f /opt/solr-7.7.3/server/lib/ext/log4j* /var/backups/log4j/solr-7.7.3/ rm -f /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.7.3/server/lib/ext/log4j* chown root:root /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi if [ -e "/opt/solr-7.6.0" ] \ && [ ! -e "/opt/solr-7.6.0/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* _get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.6.0/ mv -f /opt/solr-7.6.0/server/lib/ext/log4j* /var/backups/log4j/solr-7.6.0/ rm -f /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.6.0/server/lib/ext/log4j* chown root:root /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi _RESULT_LOG4J=$(grep "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" /etc/default/solr7.in.sh 2>&1) if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]]; then echo "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" >> /etc/default/solr7.in.sh fi if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]] || [ ! -z "${_DO_SOLR_RESTART}" ]; then #kill -9 $(ps aux | grep '[s]olr' | awk '{print $2}') &> /dev/null service solr7 restart &> /dev/null fi fi } _fix_authorized_keys() { if [ ! -e "${_pthLog}/_fix_authorized_keys.ctrl.${_tRee}.${_xSrl}.pid" ]; then chmod 0600 /home/*/.ssh/authorized_keys &> /dev/null chmod 0700 /home/*/.ssh &> /dev/null touch ${_pthLog}/_fix_authorized_keys.ctrl.${_tRee}.${_xSrl}.pid fi } _fix_tcp() { _TCP_FIX=$(grep "tcp_challenge_ack_limit" /etc/sysctl.conf 2>&1) if [ -z "${_TCP_FIX}" ]; then echo "net.ipv4.tcp_challenge_ack_limit = 1073741823" >> /etc/sysctl.conf fi } _fix_aio() { _AIO_FIX=$(grep "fs.aio-max-nr" /etc/sysctl.conf 2>&1) if [ -z "${_AIO_FIX}" ]; then echo "fs.aio-max-nr = 2097152" >> /etc/sysctl.conf fi } _fix_console_print() { _PRK_FIX=$(grep "kernel.printk" /etc/sysctl.conf 2>&1) if [ -z "${_PRK_FIX}" ]; then echo "kernel.printk = 4 1 1 7" >> /etc/sysctl.conf fi } _fix_java_symlinks() { if [ "${_OS_CODE}" = "jessie" ] && [ -x "/usr/lib/jvm/java-7-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-7-openjdk/jre/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_OS_CODE} fi fi if [ "${_OS_CODE}" = "stretch" ] && [ -x "/usr/lib/jvm/java-8-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-8-openjdk/jre/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_OS_CODE} fi fi if [ "${_OS_CODE}" = "daedalus" ] || [ "${_OS_CODE}" = "bookworm" ]; then if [ -x "/usr/lib/jvm/java-11-openjdk/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-11-openjdk/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_OS_CODE} fi fi else if [ -x "/usr/lib/jvm/java-11-openjdk/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-11-openjdk/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_OS_CODE} fi fi fi } _fix_composer_version() { _COMPOSER_VRN=2.8.2 if [ -x "/usr/local/bin/composer" ]; then _COMPOSER_IS=$(composer --no-interaction --version 2>&1 \ | tr -d "\n" \ | cut -d" " -f35 \ | awk '{ print $1}' 2>&1) if [ "${_COMPOSER_IS}" != "${_COMPOSER_VRN}" ]; then composer self-update ${_COMPOSER_VRN} &> /dev/null fi fi } _fix_wkhtml_perms() { _WKHTML_ARRAY="/usr/local/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf-0.12.4 \ /usr/local/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage-0.12.4" for _WKHTML_ITEM in ${_WKHTML_ARRAY}; do if [ -x "${_WKHTML_ITEM}" ]; then _PERM_TEST=$(ls -la ${_WKHTML_ITEM} | grep rwxr-xr-x 2>&1) if [ -z "${_PERM_TEST}" ]; then chgrp root ${_WKHTML_ITEM} &> /dev/null chmod 755 ${_WKHTML_ITEM} &> /dev/null fi fi done } _fix_wkhtml() { if [ -x "/usr/local/bin/wkhtmltopdf" ] \ && [ -L "/usr/bin/wkhtmltopdf" ]; then rm -f /usr/bin/wkhtmltopdf cp -af /usr/local/bin/wkhtmltopdf /usr/bin/wkhtmltopdf chgrp root /usr/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/bin/wkhtmltopdf &> /dev/null fi if [ -x "/usr/local/bin/wkhtmltoimage" ] \ && [ -L "/usr/bin/wkhtmltoimage" ]; then rm -f /usr/bin/wkhtmltoimage cp -af /usr/local/bin/wkhtmltoimage /usr/bin/wkhtmltoimage chgrp root /usr/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/bin/wkhtmltoimage &> /dev/null fi if [ ! -x "/usr/local/bin/wkhtmltopdf" ] \ && [ -x "/usr/bin/wkhtmltopdf" ]; then rm -f /usr/local/bin/wkhtmltopdf cp -af /usr/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf chgrp root /usr/local/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/local/bin/wkhtmltopdf &> /dev/null fi if [ ! -x "/usr/local/bin/wkhtmltoimage" ] \ && [ -x "/usr/bin/wkhtmltoimage" ]; then rm -f /usr/local/bin/wkhtmltoimage cp -af /usr/bin/wkhtmltoimage /usr/local/bin/wkhtmltoimage chgrp root /usr/local/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/local/bin/wkhtmltoimage &> /dev/null fi } _fix_eldir() { if [ -e "/var/xdrago" ] \ && [ -e "/var/aegir/drush" ] \ && [ ! -e "${_eldirP}" ]; then mkdir -p /var/xdrago/conf curl ${_crlGet} "${_urlHmr}/patches/${_eldirF}" -o ${_eldirP} fi } _fix_drupal_core_ten() { if [ -e "/var/xdrago" ]; then if [ ! -e "${_dctpP}" ] || [ ! -e "${_dctrP}" ]; then mkdir -p /data/conf/patches curl ${_crlGet} "${_urlHmr}/patches/${_dctrF}" -o ${_dctrP} cp -af ${_dctrP} ${_dctpP} fi fi } _fix_pure_ftpd() { if [ -e "/usr/local/etc/pure-ftpd.conf" ]; then _PAM_AUTH=$(grep "^PAMAuthentication" /usr/local/etc/pure-ftpd.conf 2>&1) if [ ! -z "${_PAM_AUTH}" ]; then sed -i "s/^PAMAuthentication/# PAMAuthentication/g" /usr/local/etc/pure-ftpd.conf killall -9 pure-ftpd &> /dev/null fi fi } _fix_hosting_le() { if [ -d "/var/xdrago/conf" ]; then if [ ! -e "${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid" ] \ || [ -e "/var/xdrago/${_provLeInc}" ] \ || [ -e "/var/xdrago/${_hoLeInc}" ] \ || [ -e "/var/xdrago/${_dehydName}" ] \ || [ -e "/root/${_provLeInc}" ] \ || [ -e "/root/hosting_le_vhost.drush.inc.ctrl.${_tRee}.${_xSrl}.pid" ] \ || [ -e "/root/${_hoLeInc}" ] \ || [ -e "${_legacyLeSh}" ] \ || [ ! -e "${_dehydSrcPath}" ] \ || [ ! -e "${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid" ]; then mkdir -p /var/xdrago/conf rm -f /var/xdrago/*.drush.inc* rm -f /root/*.drush.inc* rm -f ${_legacyLeSh} rm -f ${_dehydSrcPath}.ctrl.${_tRee}.${_xSrl}.pid rm -f ${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid rm -f ${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid curl ${_crlGet} "${_urlHmr}/helpers/${_dehydName}" -o ${_dehydSrcPath}.ctrl.${_tRee}.${_xSrl}.pid cp -af ${_dehydSrcPath}.ctrl.${_tRee}.${_xSrl}.pid ${_dehydSrcPath} curl ${_crlGet} "${_urlHmr}/patches/${_hoLeInc}" -o ${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid cp -af ${_hoLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid ${_hoLeIncFull} curl ${_crlGet} "${_urlHmr}/patches/${_provLeInc}" -o ${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid cp -af ${_provLeIncFull}.ctrl.${_tRee}.${_xSrl}.pid ${_provLeIncFull} fi fi } _fix_newrelic() { _PHP_EXT_DIR_74="/opt/php74/lib/php/extensions/no-debug-non-zts-20190902" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20190902.so" if [ -e "${_PHP_EXT_DIR_74}" ] \ && [ -e "${_NR_SO}" ] \ && [ ! -e "${_PHP_EXT_DIR_74}/newrelic.so" ]; then ln -s ${_NR_SO} ${_PHP_EXT_DIR_74}/newrelic.so service php74-fpm reload fi _PHP_EXT_DIR_71="/opt/php71/lib/php/extensions/no-debug-non-zts-20160303" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20160303.so" if [ -e "${_PHP_EXT_DIR_71}" ] \ && [ ! -e "${_NR_SO}" ] \ && [ -L "${_PHP_EXT_DIR_71}/newrelic.so" ]; then rm -f ${_PHP_EXT_DIR_71}/newrelic.so service php71-fpm reload fi _PHP_EXT_DIR_70="/opt/php70/lib/php/extensions/no-debug-non-zts-20151012" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20151012.so" if [ -e "${_PHP_EXT_DIR_70}" ] \ && [ ! -e "${_NR_SO}" ] \ && [ -L "${_PHP_EXT_DIR_70}/newrelic.so" ]; then rm -f ${_PHP_EXT_DIR_70}/newrelic.so service php70-fpm reload fi _PHP_EXT_DIR_56="/opt/php56/lib/php/extensions/no-debug-non-zts-20131226" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20131226.so" if [ -e "${_PHP_EXT_DIR_56}" ] \ && [ ! -e "${_NR_SO}" ] \ && [ -L "${_PHP_EXT_DIR_56}/newrelic.so" ]; then rm -f ${_PHP_EXT_DIR_56}/newrelic.so service php56-fpm reload fi } _fix_leftovers() { if [ -e "/data/disk/arch/static/control" ]; then rm -rf /data/disk/arch/static fi } _force_rebuild() { if [ ! -e "${_pthLog}/forced.rebuild.glibc.txt" ]; then echo "_GIT_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_NGX_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_PHP_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_SSH_FORCE_REINSTALL=YES" >> ${_barCnf} echo "_SSL_FORCE_REINSTALL=YES" >> ${_barCnf} rm -f ${_pthLog}/pure-ftpd-build* rm -f ${_pthLog}/mss-build* rm -f ${_pthLog}/lshell-build* rm -f ${_pthLog}/redis-* touch ${_pthLog}/forced.rebuild.glibc.txt fi } # # Detect, remove, and report broken symlinks _check_and_remove_broken_symlinks() { local _dir=$1 # Find broken symlinks in the directory _broken_symlinks=$(find "${_dir}" -maxdepth 1 -type l ! -exec test -e {} \; -print) if [ -n "${_broken_symlinks}" ]; then if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Removing the following broken symlinks from ${_dir}:" echo "CLNP: ${_broken_symlinks}" fi for _symlink in ${_broken_symlinks}; do rm "${_symlink}" if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Removed broken symlink: ${_symlink}" fi done # Set the _ifAnySymlinksCleaned variable to true since we removed broken symlinks _ifAnySymlinksCleaned=YES else if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: No broken symlinks found in ${_dir}" fi fi } # # Check and move disallowed versions _check_and_move() { local _dir=$1 # Determine the name of the backup subdirectory based on the source directory local _backup_dir="${_backLegBase}$(echo "${_dir}" | tr '/' '_')" # Find any libcurl.so files in the directory, excluding the allowed version and those without a complete version number _found_versions=$(find "${_dir}" -maxdepth 1 -type f -name "libcurl.so.*" ! -name "${_allowedFile}" | grep -E "libcurl\.so\.[0-9]+\.[0-9]+\.[0-9]+$") if [ -n "${_found_versions}" ]; then if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Moving the following disallowed versions from ${_dir} to ${_backup_dir}:" echo "CLNP: ${_found_versions}" fi # Create the backup directory if it doesn't exist mkdir -p "${_backup_dir}" # Move each found version to the backup directory for _file in ${_found_versions}; do mv -f "${_file}" "${_backup_dir}/" if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Moved ${_file} to ${_backup_dir}/" fi done # Set the _ifAnyFilesCleaned variable to true since we moved files _ifAnyFilesCleaned=YES else if [ "${_DEBUG_MODE}" = "YES" ]; then echo "CLNP: Only the allowed version (${_allowedFile}) is present in ${_dir}" fi fi } _if_reinstall_curl() { _CURL_VRN=8.12.1 _CURL_INSTALL_REQUIRED=NO if ! command -v lsb_release &> /dev/null; then apt-get update -qq &> /dev/null apt-get install lsb-release ${_aptYesUnth} -qq &> /dev/null fi _OS_CODE=$(lsb_release -ar 2>/dev/null | grep -i codename | cut -s -f2 2>&1) [ "${_OS_CODE}" = "wheezy" ] && _CURL_VRN=7.50.1 [ "${_OS_CODE}" = "jessie" ] && _CURL_VRN=7.71.1 [ "${_OS_CODE}" = "stretch" ] && _CURL_VRN=8.2.1 if [ -e "/var/aegir/drush" ] \ && [ "${_OS_CODE}" != "jessie" ] \ && [ "${_OS_CODE}" != "stretch" ]; then # Target version _allowedFile="libcurl.so.4.8.0" # Directories to check _dirsToClean=("/usr/lib" "/usr/local/lib" "/usr/lib/x86_64-linux-gnu") # Backup base directory _backLegBase="/var/backups/legacy-libcurl-boa-${_NOW}" # Variable to track if any files were moved _ifAnyFilesCleaned=NO # Variable to track if any broken symlinks were found and removed _ifAnySymlinksCleaned=NO # Iterate over the directories and apply the _check_and_move function for _dir in "${_dirsToClean[@]}"; do _check_and_move "${_dir}" done # Iterate over the directories and apply the _check_and_remove_broken_symlinks function for _dir in "${_dirsToClean[@]}"; do _check_and_remove_broken_symlinks "${_dir}" done # Export the _ifAnyFilesCleaned variable for later use export _ifAnyFilesCleaned # Export the _ifAnySymlinksCleaned variable for later use export _ifAnySymlinksCleaned fi if [ "${_ifAnySymlinksCleaned}" = "YES" ] \ || [ "${_ifAnyFilesCleaned}" = "YES" ]; then ldconfig 2> /dev/null _CURL_INSTALL_REQUIRED=YES _bkLibcurlPre="/var/backups/legacy-libcurl-pre-${_CURL_VRN}-${_NOW}" mkdir -p ${_bkLibcurlPre} mv -f /usr/lib/x86_64-linux-gnu/libcurl.so* ${_bkLibcurlPre}/ &> /dev/null mv -f /usr/lib/x86_64-linux-gnu/libcurl.la ${_bkLibcurlPre}/ &> /dev/null mv -f /usr/lib/x86_64-linux-gnu/libcurl.a ${_bkLibcurlPre}/ &> /dev/null fi _isCurl=$(curl --version 2>&1) if [[ ! "${_isCurl}" =~ "OpenSSL" ]] \ || [[ "${_isCurl}" =~ "libcurl.so.4" ]] \ || [ -z "${_isCurl}" ] \ || [ "${_ifAnySymlinksCleaned}" = "YES" ] \ || [ "${_ifAnyFilesCleaned}" = "YES" ] \ || [ "${_CURL_INSTALL_REQUIRED}" = "YES" ]; then if [ -e "/var/aegir/drush" ]; then echo "OOPS: cURL is broken! Re-installing.." fi if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections 2> /dev/null _apt_clean_update apt-get remove libssl1.0-dev -y --purge --auto-remove -qq 2> /dev/null apt-get autoremove -y 2> /dev/null apt-get install libssl-dev ${_aptYesUnth} -qq 2> /dev/null apt-get install libc-client2007e libc-client2007e-dev ${_aptYesUnth}-qq 2> /dev/null apt-get build-dep curl ${_aptYesUnth} 2> /dev/null if [ ! -e "/var/aegir/drush" ]; then apt-get install curl --reinstall ${_aptYesUnth} -qq 2> /dev/null fi if [ -e "/var/aegir/drush" ]; then echo "INFO: Installing curl from sources..." mkdir -p /var/opt rm -rf /var/opt/curl* cd /var/opt wget ${_wgetGet} http://files.aegir.cc/dev/src/curl-${_CURL_VRN}.tar.gz &> /dev/null tar -xzf curl-${_CURL_VRN}.tar.gz &> /dev/null if [ -e "/root/.install.modern.openssl.cnf" ] \ && [ -x "/usr/local/ssl3/bin/openssl" ]; then _SSL_BINARY=/usr/local/ssl3/bin/openssl else _SSL_BINARY=/usr/local/ssl/bin/openssl fi if [ -e "/usr/local/ssl3/lib64/libssl.so.3" ]; then _SSL_PATH="/usr/local/ssl3" _SSL_LIB_PATH="${_SSL_PATH}/lib64" else _SSL_PATH="/usr/local/ssl" _SSL_LIB_PATH="${_SSL_PATH}/lib" fi _PKG_CONFIG_PATH="${_SSL_LIB_PATH}/pkgconfig" if [ -e "${_PKG_CONFIG_PATH}" ] \ && [ -e "/var/opt/curl-${_CURL_VRN}" ]; then cd /var/opt/curl-${_CURL_VRN} LIBS="-ldl -lpthread" PKG_CONFIG_PATH="${_PKG_CONFIG_PATH}" ./configure \ --with-openssl \ --with-zlib=/usr \ --prefix=/usr/local &> /dev/null make -j $(nproc) --quiet &> /dev/null make --quiet install &> /dev/null ldconfig 2> /dev/null fi fi if [ -x "/usr/local/bin/curl" ] && [ -e "/var/aegir/drush" ]; then _CURL_ITD=$(/usr/local/bin/curl --version 2>&1 \ | tr -d "\n" \ | cut -d" " -f2 \ | awk '{ print $1}' 2>&1) if [[ ! "${_CURL_ITD}" =~ OpenSSL ]]; then echo "ERRR: /usr/local/bin/curl is broken" echo "ERRR: Please install cURL and debug manually" else echo "GOOD: /usr/local/bin/curl works" echo "curl hold" | dpkg --set-selections &> /dev/null if [ -x "/usr/local/bin/curl" ]; then if [ -x "/usr/bin/curl" ] && [ ! -L "/usr/bin/curl" ]; then mv -f /usr/bin/curl /usr/bin/old-curl-$(date +%y%m%d-%H%M%S 2>&1) fi ln -sfn /usr/local/bin/curl /usr/bin/curl fi if [ ! -e "${_SSL_PATH}/certs/ca-certificates.crt" ]; then cp -af /etc/ssl/certs/* ${_SSL_PATH}/certs/ &> /dev/null fi if [ -e "/usr/local/lib/libcurl.so.4.8.0" ]; then ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/libcurl.so ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/libcurl.so.4 ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/libcurl.so.4.8.0 ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/x86_64-linux-gnu/libcurl.so ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/x86_64-linux-gnu/libcurl.so.4 ln -sfn /usr/local/lib/libcurl.so.4.8.0 /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0 fi if [ -e "/usr/local/lib/libcurl.a" ]; then ln -sfn /usr/local/lib/libcurl.a /usr/lib/x86_64-linux-gnu/libcurl.a ln -sfn /usr/local/lib/libcurl.a /usr/lib/libcurl.a fi if [ -e "/usr/local/lib/libcurl.la" ]; then ln -sfn /usr/local/lib/libcurl.la /usr/lib/x86_64-linux-gnu/libcurl.la ln -sfn /usr/local/lib/libcurl.la /usr/lib/libcurl.la fi ldconfig 2> /dev/null if [ -e "/usr/local/include/curl/curl.h" ] \ && [ -e "/usr/local/include/curl/easy.h" ] \ && [ -d "/usr/include/x86_64-linux-gnu/curl" ] \ && [ ! -L "/usr/include/x86_64-linux-gnu/curl" ]; then _apt_clean_update apt-get remove libcurl4-openssl-dev -y --purge --auto-remove -qq 2> /dev/null ln -sfn /usr/local/include/curl /usr/include/x86_64-linux-gnu/curl ldconfig 2> /dev/null fi fi fi fi } _if_boa_key_tools_update_allowed() { if [ -e "/root/.run-to-daedalus.cnf" ] \ || [ -e "/root/.run-to-chimaera.cnf" ] \ || [ -e "/root/.run-to-beowulf.cnf" ]; then _BOA_KEY_TOOLS_UPDATE_ALLOWED=NO else _BOA_KEY_TOOLS_UPDATE_ALLOWED=YES fi } _update_boa_tools() { mkdir -p ${_usrBin} if [ -e "${_pthLog}" ] && [ ! -e "${_pthLog}/updateFx07.ctrl.${_tRee}.${_xSrl}.pid" ]; then _fxPp="fix-drupal-platform-permissions.sh" _fxSp="fix-drupal-site-permissions.sh" _fxPo="fix-drupal-platform-ownership.sh" _fxSo="fix-drupal-site-ownership.sh" _fxLo="lock-local-drush-permissions.sh" curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxPp}" -o ${_usrBin}/${_fxPp} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxSp}" -o ${_usrBin}/${_fxSp} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxPo}" -o ${_usrBin}/${_fxPo} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxSo}" -o ${_usrBin}/${_fxSo} curl ${_crlGet} "${_urlHmr}/${_tBn}/${_fxLo}" -o ${_usrBin}/${_fxLo} chmod 700 ${_usrBin}/${_fxPp} chmod 700 ${_usrBin}/${_fxSp} chmod 700 ${_usrBin}/${_fxPo} chmod 700 ${_usrBin}/${_fxSo} chmod 700 ${_usrBin}/${_fxLo} touch ${_pthLog}/updateFx07.ctrl.${_tRee}.${_xSrl}.pid fi mkdir -p ${_optBin} rm -f ${_usrBin}/{autoinit*,barracuda*,boa*,fancynow*,killer*,octopus*} if [ ! -d "/data/u" ]; then ln -s ${_optBin}/autoinit ${_usrBin}/autoinit ln -s ${_optBin}/barracuda ${_usrBin}/barracuda ln -s ${_optBin}/boa ${_usrBin}/boa ln -s ${_optBin}/fancynow ${_usrBin}/fancynow ln -s ${_optBin}/killer ${_usrBin}/killer ln -s ${_optBin}/octopus ${_usrBin}/octopus fi _boaBins="autobeowulf \ autochimaera \ autodaedalus \ autoinit \ autoupboa \ barracuda \ boa \ codebasecheck \ fancynow \ ffmirror \ killer \ memorytuner \ mergecsf \ mycnfup \ mysqltuner5 \ mysqltuner8 \ octopus \ perftest \ randpass \ sqlclean \ sqlmagic \ syncpass \ thinkdifferent \ vhostcheck \ weblogx \ xboa" for _cbn in ${_boaBins}; do if [ -e "${_optBin}/${_cbn}" ]; then if [ `ps aux | grep -v "grep" | grep --count "/${_cbn}"` -gt "0" ]; then echo "The ${_cbn} is running!" else if [ "${_cbn}" = "weblogx" ] \ && [ `ps aux | grep -v "grep" | grep --count "/daily.sh"` -gt "0" ]; then echo "The ${_cbn} and daily.sh is running!" else rm -f ${_optBin}/${_cbn}.new if [ "${_cbn}" = "mysqltuner5" ] || [ "${_cbn}" = "mysqltuner8" ]; then curl ${_crlGet} "${_urlHmr}/helpers/${_cbn}" -o ${_optBin}/${_cbn}.new else curl ${_crlGet} "${_urlHmr}/${_tBn}/${_cbn}" -o ${_optBin}/${_cbn}.new fi mv -f ${_optBin}/${_cbn} ${_optBin}/${_cbn}.prev mv -f ${_optBin}/${_cbn}.new ${_optBin}/${_cbn} if [ -e "${_optBin}/${_cbn}" ]; then chmod 755 ${_optBin}/${_cbn} rm -f ${_optBin}/${_cbn}.prev else mv -f ${_optBin}/${_cbn}.prev ${_optBin}/${_cbn} fi fi fi else if [ "${_cbn}" = "mysqltuner5" ] || [ "${_cbn}" = "mysqltuner8" ]; then curl ${_crlGet} "${_urlHmr}/helpers/${_cbn}" -o ${_optBin}/${_cbn} else curl ${_crlGet} "${_urlHmr}/${_tBn}/${_cbn}" -o ${_optBin}/${_cbn} fi fi done echo "### ${_TODAY} ###" >> ${_optBin}/autoinit echo "### ${_TODAY} ###" >> ${_optBin}/barracuda echo "### ${_TODAY} ###" >> ${_optBin}/boa echo "### ${_TODAY} ###" >> ${_optBin}/codebasecheck echo "### ${_TODAY} ###" >> ${_optBin}/fancynow echo "### ${_TODAY} ###" >> ${_optBin}/killer echo "### ${_TODAY} ###" >> ${_optBin}/memorytuner echo "### ${_TODAY} ###" >> ${_optBin}/mergecsf echo "### ${_TODAY} ###" >> ${_optBin}/octopus echo "### ${_TODAY} ###" >> ${_optBin}/perftest echo "### ${_TODAY} ###" >> ${_optBin}/sqlclean echo "### ${_TODAY} ###" >> ${_optBin}/vhostcheck [ -e "/root/.backboa.autoupdate" ] && rm -f /root/.backboa.autoupdate if [ `ps aux | grep -v "grep" | grep --count "duplicity"` -gt "0" ]; then echo "The duplicity backup is running!" else rm -f ${_optBin}/{backboa,duobackboa} curl ${_crlGet} "${_urlHmr}/${_tBn}/backboa" -o ${_optBin}/backboa curl ${_crlGet} "${_urlHmr}/${_tBn}/duobackboa" -o ${_optBin}/duobackboa chmod 700 ${_optBin}/{backboa,duobackboa} if [ ! -e "${_pthLog}/duplicity.ctrl.${_tRee}.${_xSrl}.pid" ] \ && [ -x "/usr/local/bin/duplicity" ] \ && [ -e "/root/.cache/duplicity" ] \ && [ -e "/var/aegir/drush" ] \ && [ -e "/var/xdrago" ]; then # backboa install touch ${_pthLog}/duplicity.ctrl.${_tRee}.${_xSrl}.pid touch /root/.backboa.autoupdate fi fi chmod 700 ${_optBin}/{autoinit,autodaedalus,autochimaera,autobeowulf,autoupboa,backboa,duobackboa,mergecsf} chmod 700 ${_optBin}/{barracuda,boa,ffmirror,killer,mycnfup,octopus,syncpass,xboa,weblogx,sqlclean,perftest} chmod 700 ${_optBin}/{fancynow,codebasecheck,vhostcheck,memorytuner,mysqltuner5,mysqltuner8} chmod 755 ${_optBin}/{randpass,sqlmagic,thinkdifferent} } _if_update_boa_key_tools_only() { sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait if [ ! -f "/etc/resolv.conf" ]; then rm -f /etc/resolv.conf echo "nameserver 127.0.0.1" > /etc/resolv.conf if [ -e "${_vBs}/resolv.conf.vanilla" ]; then cat ${_vBs}/resolv.conf.vanilla >> /etc/resolv.conf fi echo "nameserver 1.1.1.1" >> /etc/resolv.conf echo "nameserver 1.0.0.1" >> /etc/resolv.conf echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf _check_dns_settings else _check_dns_settings fi if [ -x "/usr/sbin/unbound-control" ] \ && [ -e "/etc/resolvconf/run/interface/lo.unbound" ]; then unbound-control reload &> /dev/null fi _if_reinstall_curl _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "ERROR: cURL libs are out of sync! Re-installing.." _if_reinstall_curl fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else _urlHmr="http://${_USE_MIR}/versions/${_tRee}/boa/aegir" fi _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install lsb-release ${_aptYesUnth} &> /dev/null fi _IPSET_TEST=$(which ipset 2> /dev/null) if [ ! -x "${_IPSET_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update if [ -L "/sbin/ipset" ]; then rm -f /sbin/ipset fi if [ -L "/usr/sbin/ipset" ]; then rm -f /usr/sbin/ipset fi apt-get install ipset ${_aptYesUnth} &> /dev/null fi if [ -x "/sbin/ipset" ] && [ ! -e "/usr/sbin/ipset" ]; then ln -s /sbin/ipset /usr/sbin/ipset fi if [ -x "/usr/sbin/ipset" ] && [ ! -e "/sbin/ipset" ]; then ln -s /usr/sbin/ipset /sbin/ipset fi if [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -x "/etc/csf/csfpost.sh" ]; then echo "" > /etc/csf/csfpost.sh echo "iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh echo "iptables -t raw -A OUTPUT -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh chmod 700 /etc/csf/csfpost.sh _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then service clean-boa-env start &> /dev/null wait _if_fix_iptables_symlinks csf -uf wait _NFTABLES_TEST=$(iptables -V 2>&1) if [[ "${_NFTABLES_TEST}" =~ "nf_tables" ]]; then if [ -e "/usr/sbin/iptables-legacy" ]; then update-alternatives --set iptables /usr/sbin/iptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ip6tables-legacy" ]; then update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy &> /dev/null fi if [ -e "/usr/sbin/arptables-legacy" ]; then update-alternatives --set arptables /usr/sbin/arptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ebtables-legacy" ]; then update-alternatives --set ebtables /usr/sbin/ebtables-legacy &> /dev/null fi fi sed -i "s/.*DHCP.*//g" /etc/csf/csf.allow wait sed -i "/^$/d" /etc/csf/csf.allow if [ -e "/var/log/daemon.log" ]; then _DHCP_LOG="/var/log/daemon.log" else _DHCP_LOG="/var/log/syslog" fi grep DHCPREQUEST "${_DHCP_LOG}" | awk '{print $12}' | sort -u | while read -r _IP; do if [[ ${_IP} =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then IFS='.' read -r oct1 oct2 oct3 oct4 <<< "${_IP}" if (( oct1 <= 255 && oct2 <= 255 && oct3 <= 255 && oct4 <= 255 )); then echo "udp|out|d=67|d=${_IP} # Local DHCP out" >> /etc/csf/csf.allow fi fi done csf -q ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss 2>&1) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null fi fi fi fi if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.conf" ]; then _CC_SRC_TEST=$(grep 'CC_SRC\ =' /etc/csf/csf.conf 2>&1) echo _CC_SRC_TEST 1 is "${_CC_SRC_TEST}" if [[ ! ${_CC_SRC_TEST} =~ CC_SRC\ =\ \"2\" ]]; then echo _CC_SRC_TEST 2 is "${_CC_SRC_TEST}" service clean-boa-env start &> /dev/null wait _if_fix_iptables_symlinks csf -uf wait _NFTABLES_TEST=$(iptables -V 2>&1) if [[ "${_NFTABLES_TEST}" =~ "nf_tables" ]]; then if [ -e "/usr/sbin/iptables-legacy" ]; then update-alternatives --set iptables /usr/sbin/iptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ip6tables-legacy" ]; then update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy &> /dev/null fi if [ -e "/usr/sbin/arptables-legacy" ]; then update-alternatives --set arptables /usr/sbin/arptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ebtables-legacy" ]; then update-alternatives --set ebtables /usr/sbin/ebtables-legacy &> /dev/null fi fi sed -i "s/^CC_SRC .*/CC_SRC = \"2\"/g" /etc/csf/csf.conf wait sed -i "s/^AUTO_UPDATES .*/AUTO_UPDATES = \"0\"/g" /etc/csf/csf.conf csf -q fi fi _BOA_TOOLS_UPDATE=NO if [ -e "${_pthLog}" ] && [ ! -e "${_pthLog}/updateBOAtoolsCA.ctrl.${_tRee}.${_xSrl}.pid" ]; then _BOA_TOOLS_UPDATE=YES fi [ ! -e "/var/aegir/drush" ] && _BOA_TOOLS_UPDATE=YES if [ "${_BOA_TOOLS_UPDATE}" = "YES" ]; then _update_boa_tools [ -e "${_pthLog}" ] && rm -f ${_pthLog}/updateBOAtools*.pid [ -e "${_pthLog}" ] && touch ${_pthLog}/updateBOAtoolsCA.ctrl.${_tRee}.${_xSrl}.pid if [ "${1}" = "verbose" ] || [ -z "${1}" ]; then echo echo "BOA Meta Installers setup completed" echo "Please check INSTALL.md and UPGRADE.md at https://github.com/omega8cc/boa" echo "Bye" echo fi fi } _boa_setup() { _BENG_VS=NO _VMFAMILY=NO _CHECK_HOST=$(uname -n 2>&1) _VM_TEST=$(uname -a 2>&1) if [[ "${_VM_TEST}" =~ "-beng" ]]; then _BENG_VS=YES fi if [ "${_BENG_VS}" = "YES" ]; then _RANDOMIZE=YES else _RANDOMIZE=NO fi _if_hosted_sys if [ "${_hostedSys}" = "YES" ]; then _VMFAMILY=HOSTED fi sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait if [ ! -f "/etc/resolv.conf" ]; then rm -f /etc/resolv.conf echo "nameserver 127.0.0.1" > /etc/resolv.conf if [ -e "${_vBs}/resolv.conf.vanilla" ]; then cat ${_vBs}/resolv.conf.vanilla >> /etc/resolv.conf fi echo "nameserver 1.1.1.1" >> /etc/resolv.conf echo "nameserver 1.0.0.1" >> /etc/resolv.conf echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf _check_dns_settings else _check_dns_settings fi if [ -e "/var/aegir/drush" ]; then [ ! -e "/run/unbound" ] && mkdir -p /run/unbound [ -e "/run/unbound" ] && chown -R unbound:unbound /run/unbound if [ -x "/usr/sbin/unbound-control" ] \ && [ -e "/etc/resolvconf/run/interface/lo.unbound" ]; then unbound-control reload &> /dev/null fi fi if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _APT_CONFIG_FILE="/etc/apt/apt.conf.d/99ignorestrict" # Desired configuration content _DESIRED_APT_CONFIG='Acquire::AllowInsecureRepositories "true"; APT::Get::AllowUnauthenticated "true"; Aptitude::CmdLine::Fix-Broken "true";' # Remove leading whitespace from each line _CLEANED_DESIRED_APT_CONFIG=$(echo "${_DESIRED_APT_CONFIG}" | sed 's/^[[:space:]]\+//') # Normalize the existing file content if [[ -f "${_APT_CONFIG_FILE}" ]]; then _CURRENT_APT_CONFIG=$(tr -d '[:space:]' < "${_APT_CONFIG_FILE}") else _CURRENT_APT_CONFIG="" fi # Normalize the cleaned desired configuration content _NORMALIZED_DESIRED_APT_CONFIG=$(echo "${_CLEANED_DESIRED_APT_CONFIG}" | tr -d '[:space:]') # Compare normalized contents and update if necessary if [[ "${_CURRENT_APT_CONFIG}" != "${_NORMALIZED_DESIRED_APT_CONFIG}" ]]; then echo "${_CLEANED_DESIRED_APT_CONFIG}" | sudo tee "${_APT_CONFIG_FILE}" > /dev/null fi _apt_clean_update if [ ! -e "/var/aegir/drush" ] && [ ! -e "/var/xdrago/manage_solr_config.sh" ]; then # apt-get remove unscd -y --purge --auto-remove -qq &> /dev/null # apt-get remove dbus -y --purge --auto-remove -qq &> /dev/null # if [ -e "/usr/share/dbus-1" ]; then # rm -f /usr/share/dbus-1/*/*freedesktop* # fi userdel -r debian &> /dev/null sed -i "s/^#startup_message off/startup_message off/g" /etc/screenrc &> /dev/null fi _isScreen=$(screen --version 2>&1) if [[ ! "${_isScreen}" =~ "GNU" ]] || [ -z "${_isScreen}" ]; then apt-get install screen -y &> /dev/null apt-get install net-tools -y &> /dev/null apt-get install hostname -y &> /dev/null apt-get install ntpdate -y &> /dev/null fi _if_reinstall_curl _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "ERROR: cURL libs are out of sync! Re-installing.." _if_reinstall_curl fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else _urlHmr="http://${_USE_MIR}/versions/${_tRee}/boa/aegir" fi _if_clean_boa_env _VIRT_TEST=$(which virt-what 2> /dev/null) if [ ! -x "${_VIRT_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install virt-what ${_aptYesUnth} fi _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi _apt_clean_update apt-get install lsb-release ${_aptYesUnth} fi _BOA_TOOLS_UPDATE=NO if [ -e "${_pthLog}" ] && [ ! -e "${_pthLog}/updateBOAtoolsCA.ctrl.${_tRee}.${_xSrl}.pid" ]; then _BOA_TOOLS_UPDATE=YES fi [ ! -e "/var/aegir/drush" ] && _BOA_TOOLS_UPDATE=YES if [ "${_BOA_TOOLS_UPDATE}" = "YES" ]; then _update_boa_tools [ -e "${_pthLog}" ] && rm -f ${_pthLog}/updateBOAtools*.pid [ -e "${_pthLog}" ] && touch ${_pthLog}/updateBOAtoolsCA.ctrl.${_tRee}.${_xSrl}.pid echo echo "BOA Meta Installers setup completed" echo "Please check INSTALL.md and UPGRADE.md at https://github.com/omega8cc/boa" echo "Bye" echo fi } _count_cpu() { _CPU_INFO=$(grep -c processor /proc/cpuinfo 2>&1) _CPU_INFO=${_CPU_INFO//[^0-9]/} _NPROC_TEST=$(which nproc 2>&1) if [ -z "${_NPROC_TEST}" ]; then _CPU_NR="${_CPU_INFO}" else _CPU_NR=$(nproc 2>&1) fi _CPU_NR=${_CPU_NR//[^0-9]/} if [ ! -z "${_CPU_NR}" ] \ && [ ! -z "${_CPU_INFO}" ] \ && [ "${_CPU_NR}" -gt "${_CPU_INFO}" ] \ && [ "${_CPU_INFO}" -gt "0" ]; then _CPU_NR="${_CPU_INFO}" fi if [ -z "${_CPU_NR}" ] || [ "${_CPU_NR}" -lt "1" ]; then _CPU_NR=1 fi mkdir -p /data/all chmod 755 /data/all echo ${_CPU_NR} > /data/all/cpuinfo chmod 644 /data/all/cpuinfo } _sysctl_update() { if [ ! -e "/root/.no.sysctl.update.cnf" ] \ && [ ! -e "/var/backups/sysctl.conf.up-hf01-${_xSrl}.log" ]; then mkdir -p /var/backups cd /var/backups rm -f /var/backups/sysctl.conf curl ${_crlGet} "${_urlHmr}/conf/var/sysctl.conf" -o sysctl.conf if [ -e "/var/backups/sysctl.conf" ]; then cp -af /var/backups/sysctl.conf /etc/sysctl.conf fi if [ -e "/etc/security/limits.conf" ]; then _IF_NF=$(grep '2097152' /etc/security/limits.conf 2>&1) if [ ! -z "${_IF_NF}" ]; then sed -i "s/.*2097152.*//g" /etc/security/limits.conf wait fi _IF_NF=$(grep '524288' /etc/security/limits.conf 2>&1) if [ -z "${_IF_NF}" ]; then echo "* hard nofile 524288" >> /etc/security/limits.conf echo "* soft nofile 524288" >> /etc/security/limits.conf echo "root hard nofile 1048576" >> /etc/security/limits.conf echo "root soft nofile 1048576" >> /etc/security/limits.conf fi _IF_NF=$(grep '65556' /etc/security/limits.conf 2>&1) if [ -z "${_IF_NF}" ]; then echo "* hard nproc 65556" >> /etc/security/limits.conf echo "* soft nproc 65556" >> /etc/security/limits.conf fi fi if [ -e "/boot/grub/grub.cfg" ] || [ -e "/boot/grub/menu.lst" ]; then #echo never > /sys/kernel/mm/transparent_hugepage/enabled if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi else if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi fi if [ -e "/etc/default/nginx" ]; then _IF_ULNX=$(grep '524288' /etc/default/nginx 2>&1) if [ -z "${_IF_ULNX}" ]; then sed -i "s/^ULIMIT=.*//gi" /etc/default/nginx wait echo ULIMIT=\"-n 524288\" >> /etc/default/nginx ulimit -n 524288 &> /dev/null service nginx restart &> /dev/null fi fi if [ -e "/etc/security/limits.d" ] \ && [ ! -e "/etc/security/limits.d/sshd.conf" ]; then echo "sshd soft nofile 524288" > /etc/security/limits.d/sshd.conf echo "sshd hard nofile 999999" >> /etc/security/limits.d/sshd.conf echo "redis soft nofile 65535" > /etc/security/limits.d/redis.conf echo "redis hard nofile 524288" >> /etc/security/limits.d/redis.conf echo "nginx soft nofile 524288" > /etc/security/limits.d/nginx.conf echo "nginx hard nofile 999999" >> /etc/security/limits.d/nginx.conf echo "jetty9 soft nofile 65535" > /etc/security/limits.d/jetty9.conf echo "jetty9 hard nofile 524288" >> /etc/security/limits.d/jetty9.conf echo "solr7 soft nofile 65535" > /etc/security/limits.d/solr7.conf echo "solr7 hard nofile 524288" >> /etc/security/limits.d/solr7.conf echo "@www-data soft nofile 65535" > /etc/security/limits.d/www.conf echo "@www-data hard nofile 524288" >> /etc/security/limits.d/www.conf service redis-server restart &> /dev/null service nginx restart &> /dev/null service sshd restart &> /dev/null _PHP_V="83 82 81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ]; then service php${e}-fpm reload &> /dev/null fi done fi touch /var/backups/sysctl.conf.up-hf01-${_xSrl}.log fi } ###--------------------### if [ `whoami` = "root" ]; then [ ! -e "/var/aegir/drush" ] && _locales_check_fix_early _os_detection_minimal _find_fast_mirror_early ### CVE-2021-44228 Log4j 2 Vulnerability ### CVE-2021-45046 Log4j 2 Vulnerability ### CVE-2021-45105 Log4j 2 Vulnerability _fix_log4j ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss 2>&1) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null fi fi ### More aggressive mitigation affecting network performance # if [ -e "/proc/sys/net/ipv4/tcp_sack" ]; then # _SACK_TEST=$(cat /proc/sys/net/ipv4/tcp_sack 2>&1) # _SACK_TEST=$(echo -n ${_SACK_TEST} | tr -d "\n" 2>&1) # if [[ "${_SACK_TEST}" =~ "1" ]]; then # echo "0" > /proc/sys/net/ipv4/tcp_sack # fi # fi ### Block known attackers IPs _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then _IP_BLOCK="185.206.225.30 185.253.97.238" for _IP in ${_IP_BLOCK}; do _FW_TEST=$(csf -g ${_IP} 2>&1) if [[ "${_FW_TEST}" =~ "DENY Match:${_IP} Setting" ]] \ && [[ "${_FW_TEST}" =~ "csf.deny: ${_IP}" ]]; then echo "${_IP} already denied for Flooding user/password" else csf -d ${_IP} Flooding user/password fi done fi ### Linux kernel CVE-2017-2636 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-n_hdlc.conf" ]; then echo "install n_hdlc /bin/true" > /etc/modprobe.d/blacklist-n_hdlc.conf rmmod n_hdlc &> /dev/null fi ### Linux kernel CVE-2017-6074 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-dccp-all.conf" ]; then echo "install dccp /bin/true" > /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_diag /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv4 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv6 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_probe /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf rmmod dccp &> /dev/null rmmod dccp_diag &> /dev/null rmmod dccp_ipv4 &> /dev/null rmmod dccp_ipv6 &> /dev/null rmmod dccp_probe &> /dev/null fi if [ -x "/usr/sbin/unbound" ] \ && [ ! -e "/etc/resolvconf/run/interface/lo.unbound" ]; then mkdir -p /etc/resolvconf/run/interface echo "nameserver 127.0.0.1" > /etc/resolvconf/run/interface/lo.unbound resolvconf -u &> /dev/null [ -e "/etc/resolvconf/update.d/unbound" ] && chmod -x /etc/resolvconf/update.d/unbound [ ! -e "/run/unbound" ] && mkdir -p /run/unbound [ -e "/run/unbound" ] && chown -R unbound:unbound /run/unbound killall -9 unbound &> /dev/null service unbound restart &> /dev/null wait unbound-control reload &> /dev/null fi if [ ! -e "/data/all/cpuinfo" ]; then _count_cpu fi _if_boa_key_tools_update_allowed if [ "${_BOA_KEY_TOOLS_UPDATE_ALLOWED}" = "YES" ] \ && [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \ && [ -e "/var/xdrago" ]; then if [ -e "${_barCnf}" ]; then source ${_barCnf} fi if [ ! -z "${_SKYNET_MODE}" ] && [ "${_SKYNET_MODE}" = "OFF" ]; then if [ -n "${SSH_TTY+x}" ]; then echo "STATUS: Skynet Agent is Inactive!" echo "STATUS: Please remove the _SKYNET_MODE=OFF line from" echo "STATUS: ${_barCnf} to enable me again." echo "NOTE: Critically important BOA tools will be still updated" _if_update_boa_key_tools_only verbose exit 0 else _if_update_boa_key_tools_only silent exit 0 fi else if [ -n "${SSH_TTY+x}" ]; then echo "STATUS: Skynet Agent is Active, OK!" echo "STATUS: You can add the _SKYNET_MODE=OFF line in" echo "STATUS: ${_barCnf} to disable me, if needed." fi fi else if [ -z "$STY" ]; then _SCREEN_INIT=YES fi fi if [ -d "/.newrelic" ]; then rm -rf /.newrelic fi chmod a+w /dev/null if [ ! -e "/dev/fd" ]; then if [ -e "/proc/self/fd" ]; then rm -rf /dev/fd ln -s /proc/self/fd /dev/fd fi fi if [ "${_BOA_KEY_TOOLS_UPDATE_ALLOWED}" = "YES" ]; then _boa_setup fi if [ "${_BOA_KEY_TOOLS_UPDATE_ALLOWED}" = "YES" ] \ && [ -e "/var/log/barracuda_log.txt" ]; then _fix_ping_perms _fix_fpm_process_max _if_fix_python_src_for_duplicity _if_fix_lshell _fix_node_in_lshell_access _fix_authorized_keys _fix_tcp _fix_aio _fix_console_print _fix_java_symlinks _fix_composer_version _fix_wkhtml _fix_wkhtml_perms _fix_eldir _fix_drupal_core_ten _fix_pure_ftpd _fix_hosting_le _fix_newrelic _fix_leftovers _update_agents _sysctl_update # _saCoreN="SA-CORE-2018-002" # _fix_core_dgd # sleep 3 # _saCoreN="SA-CORE-2018-004" # _fix_core_dgd # sleep 3 # _saCoreN="SA-CORE-2018-006" # _fix_core_dgd # sleep 3 # _saCoreN="SA-CORE-2019-004" # _fix_core_dgd # sleep 3 # _saCoreN="3143016-83" # _fix_core_dgd fi if [ ! -e "/etc/ssl/private/4096.dhp" ] && [ -d "/var/xdrago" ]; then echo "Generating 4096.dhp -- it may take a very long time..." openssl dhparam -out /etc/ssl/private/4096.dhp 4096 > /dev/null 2>&1 & fi if [ -e "/etc/ssl/private/4096.dhp" ]; then chown -R root:ssl-cert /etc/ssl/private chmod 640 /etc/ssl/private/* chmod 710 /etc/ssl/private fi if [ ! -e "/root/.upstart.cnf" ]; then service cron reload &> /dev/null fi if [ "${_SCREEN_INIT}" = "YES" ]; then clear echo echo "The system is ready for BOA installation!" echo echo "We will start screen session for you automatically" echo "to avoid problems with dropped SSH connections" echo "during BOA stack installation, which may take up to" echo "45-60 minutes, depending on your server speed." echo echo "If your connection will drop, simply log in again" echo "and re-attach your session with 'screen -R' command." echo echo "Enjoy!" echo if [ -x "/usr/sbin/aa-teardown" ]; then aa-teardown &> /dev/null fi sleep 8 else exit 0 fi else echo "ERROR: This script should be run as a root user" exit 1 fi