#!/bin/bash ###----------------------------------------### ### ### BOA Meta Installer ### ### Copyright (C) 2010-2024 Omega8.cc ### noc@omega8.cc www.omega8.cc ### ### This program is free software. You can ### redistribute it and/or modify it under ### the terms of the GNU GPL as published by ### the Free Software Foundation, version 2 ### or later. ### ### This program is distributed in the hope ### that it will be useful, but WITHOUT ANY ### WARRANTY; without even the implied ### warranty of MERCHANTABILITY or FITNESS ### FOR A PARTICULAR PURPOSE. See the GNU GPL ### for more details. ### ### You should have received a copy of the ### GNU GPL along with this program. ### If not, see http://www.gnu.org/licenses/ ### ### Code: https://github.com/omega8cc/boa ### ###----------------------------------------### ###----------------------------------------### ### HOW-TO: run it with bash, not with sh ### ###----------------------------------------### ### ### bash BOA.sh.txt ### ###----------------------------------------### ### DON'T EDIT ANYTHING BELOW THIS LINE ### ###----------------------------------------### HOME=/root SHELL=/bin/bash PATH=/usr/local/bin:/usr/local/sbin:/opt/local/bin:/usr/bin:/usr/sbin:/bin:/sbin export PATH=${PATH} export SHELL=${SHELL} export HOME=${HOME} tRee=lite export tRee="${tRee}" ### ### Avoid too many questions ### export DEBIAN_FRONTEND=noninteractive export APT_LISTCHANGES_FRONTEND=none if [ -z "${TERM+x}" ]; then export TERM=vt100 fi _TODAY=$(date +%y%m%d 2>&1) _TODAY=${_TODAY//[^0-9]/} _X_SE="520liteT01" # barCnf="/root/.barracuda.cnf" crlGet="-L --max-redirs 10 -k -s --retry 10 --retry-delay 5 -A iCab" aptYesUnth="-y --allow-unauthenticated" optBin="/opt/local/bin" usrBin="/usr/local/bin" pthLog="/var/xdrago/log" tBn="tools/bin" vBs="/var/backups" # eldirF="0001-Print-site_footer-if-defined.patch" eldirP="/var/xdrago/conf/${eldirF}" # dctpF="drupal-ten-aegir-01.patch" dctpP="/data/conf/patches/${dctpF}" # dctrF="drupal-ten-aegir-02.patch" dctrP="/data/conf/patches/${dctrF}" # provLeInc="provision_hosting_le.drush.inc" provLeIncFull="/var/xdrago/conf/${provLeInc}" # hoLeInc="hosting_le_vhost.drush.inc" hoLeIncFull="/var/xdrago/conf/${hoLeInc}" # dehydName="dehydrated" dehydSrcPath="/var/xdrago/conf/${dehydName}" legacyLeSh="/var/xdrago/conf/letsencrypt.sh" os_detection_minimal() { _APT_UPDATE="apt-get update" _THIS_RV=$(lsb_release -sc 2>&1) _OS_LIST="daedalus chimaera beowulf buster bullseye bookworm" for e in ${_OS_LIST}; do if [ "${e}" = "${_THIS_RV}" ]; then _APT_UPDATE="apt-get update --allow-releaseinfo-change" fi done } apt_clean_update() { apt-get clean -qq 2> /dev/null rm -rf /var/lib/apt/lists/* &> /dev/null ${_APT_UPDATE} -qq 2> /dev/null } # # Find correct IP. find_correct_ip() { if [ -e "/root/.found_correct_ipv4.cnf" ]; then _LOC_IP=$(cat /root/.found_correct_ipv4.cnf 2>&1) _LOC_IP=$(echo -n ${_LOC_IP} | tr -d "\n" 2>&1) else _LOC_IP=$(curl ${crlGet} https://api.ipify.org \ | sed 's/[^0-9\.]//g' 2>&1) if [ -z "${_LOC_IP}" ]; then _LOC_IP=$(curl ${crlGet} http://ipv4.icanhazip.com \ | sed 's/[^0-9\.]//g' 2>&1) fi if [ ! -z "${_LOC_IP}" ]; then echo ${_LOC_IP} > /root/.found_correct_ipv4.cnf fi fi } fix_dns_settings() { dnsLi="/root/.local.dns.IP.list" mkdir -p ${vBs} rm -f ${vBs}/resolv.conf.tmp if [ -e "/etc/resolv.conf" ]; then if [ -L "/etc/resolv.conf" ]; then rslvT=`readlink -n /etc/resolv.conf` if [ ! -e "${rslvT}" ]; then rm -f /etc/resolv.conf fi fi if [ -e "/etc/resolv.conf" ]; then cp -a /etc/resolv.conf ${vBs}/resolv.conf.tmp fi fi if [ ! -e "${vBs}/resolv.conf.tmp" ]; then echo "nameserver 1.1.1.1" >${vBs}/resolv.conf.tmp echo "nameserver 1.0.0.1" >>${vBs}/resolv.conf.tmp fi if [ ! -e "${vBs}/resolv.conf.vanilla" ] \ && [ -e "${vBs}/resolv.conf.tmp" ]; then if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${vBs}/resolv.conf.tmp /etc/resolv.conf cp -a ${vBs}/resolv.conf.tmp ${vBs}/resolv.conf.vanilla fi fi sed -i "/^$/d" ${vBs}/resolv.conf.vanilla &> /dev/null if [ -e "${vBs}/resolv.conf.vanilla" ]; then if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${vBs}/resolv.conf.vanilla /etc/resolv.conf fi else if [ -e "${vBs}/resolv.conf.tmp" ] \ && [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${vBs}/resolv.conf.tmp /etc/resolv.conf fi fi if [ -e "/etc/pdnsd.conf" ]; then if [ -e "${dnsLi}" ]; then sed -i "s/.*127.0.0.1.*//g; s/ *$//g; /^$/d" ${dnsLi} wait sed -i "s/.*Dynamic.*//g; s/ *$//g; /^$/d" ${dnsLi} wait _BROKEN_DNS_TEST_X=$(grep "\." ${dnsLi} 2>&1) if [ -z "${_BROKEN_DNS_TEST_X}" ]; then echo " label = \"cloudflare-servers\";" > ${dnsLi} echo " ip=1.1.1.1;" >> ${dnsLi} echo " ip=1.0.0.1;" >> ${dnsLi} fi fi _CUSTOM_DNS_TEST=$(grep 1.1.1.1 /etc/pdnsd.conf 2>&1) _BROKEN_DNS_CONF=$(grep "ip=Dynamic" /etc/pdnsd.conf 2>&1) _MISSING_DNS_TEST=$(grep "ip=" /etc/pdnsd.conf 2>&1) if [[ "${_CUSTOM_DNS_TEST}" =~ "1.1.1.1" ]] \ || [ ! -e "${dnsLi}" ] \ || [ -e "/root/.use.default.nameservers.cnf" ] \ || [ -e "/root/.use.local.nameservers.cnf" ] \ || [[ "${_BROKEN_DNS_CONF}" =~ "Dynamic" ]] \ || [[ -z "${_MISSING_DNS_TEST}" ]]; then echo " label = \"cloudflare-servers\";" > ${dnsLi} for _IP in `cat /etc/resolv.conf \ | sed 's/.*127.0.0.1.*//g; s/.*search.*//g; s/.*Dynamic.*//g' \ | cut -d ' ' -f2 \ | sort \ | uniq`;do echo " ip=${_IP};" >> ${dnsLi};done wait sed -i "s/ip=.*//g; s/ *$//g; /^$/d" /etc/pdnsd.conf wait sed -i "s/.*127.0.0.1.*//g; s/ *$//g; /^$/d" ${dnsLi} wait sed -i "s/.*Dynamic.*//g; s/ *$//g; /^$/d" ${dnsLi} wait _BROKEN_DNS_TEST_Y=$(grep "\." ${dnsLi} 2>&1) if [ -z "${_BROKEN_DNS_TEST_Y}" ]; then echo " ip=1.1.1.1;" >> ${dnsLi} echo " ip=1.0.0.1;" >> ${dnsLi} fi ### echo debug dns A _DNS_TPL_TEST_GE=$(grep "google-servers" /etc/pdnsd.conf 2>&1) _DNS_TPL_TEST_CF=$(grep "cloudflare-servers" /etc/pdnsd.conf 2>&1) _DNS_RGX_TEST=$(grep "cloudflare-servers" /root/.local.dns.IP.list 2>&1) if [[ "${_DNS_TPL_TEST_CF}" =~ "cloudflare-servers" ]] \ && [[ "${_DNS_RGX_TEST}" =~ "cloudflare-servers" ]]; then sed -i '/ label = \"cloudflare-servers\";/ {r /root/.local.dns.IP.list d;};' /etc/pdnsd.conf wait fi if [[ "${_DNS_TPL_TEST_GE}" =~ "google-servers" ]] \ && [[ "${_DNS_RGX_TEST}" =~ "cloudflare-servers" ]]; then sed -i '/ label = \"google-servers\";/ {r /root/.local.dns.IP.list d;};' /etc/pdnsd.conf wait fi resolvconf -u &> /dev/null service pdnsd restart &> /dev/null pdnsd-ctl empty-cache &> /dev/null fi fi } check_dns_settings() { if [ -e "/root/.use.default.nameservers.cnf" ]; then _USE_DEFAULT_DNS=YES [ -e "/root/.local.dns.IP.list" ] && rm -f /root/.local.dns.IP.list fi if [ -e "/root/.use.local.nameservers.cnf" ]; then _USE_PROVIDER_DNS=YES else _REMOTE_DNS_TEST=$(host files.aegir.cc 1.1.1.1 -w 10 2>&1) fi if [[ "${_REMOTE_DNS_TEST}" =~ "no servers could be reached" ]] \ || [[ "${_REMOTE_DNS_TEST}" =~ "Host files.aegir.cc not found" ]] \ || [ "${_USE_DEFAULT_DNS}" = "YES" ] \ || [ "${_USE_PROVIDER_DNS}" = "YES" ]; then if [ "${_USE_DEFAULT_DNS}" = "YES" ] \ || [ "${_USE_PROVIDER_DNS}" = "YES" ] \ || [ ! -e "${vBs}/resolv.conf.vanilla" ]; then fix_dns_settings if [ -e "/etc/init.d/postfix" ]; then service postfix restart &> /dev/null fi fi fi } extract_archive() { if [ ! -z "$1" ]; then case $1 in *.tar.bz2) tar xjf $1 ;; *.tar.gz) tar xzf $1 ;; *.tar.xz) tar xvf $1 ;; *.bz2) bunzip2 $1 ;; *.rar) unrar x $1 ;; *.gz) gunzip -q $1 ;; *.tar) tar xf $1 ;; *.tbz2) tar xjf $1 ;; *.tgz) tar xzf $1 ;; *.zip) unzip -qq $1 ;; *.Z) uncompress $1 ;; *.7z) 7z x $1 ;; *) echo "'$1' cannot be extracted via >extract<" ;; esac rm -f $1 fi } # # Download and extract archive from dev/src mirror. get_dev_src() { if [ ! -z "$1" ]; then curl ${crlGet} "${urlDev}/src/$1" -o "$1" if [ -e "$1" ]; then extract_archive "$1" else echo "OOPS: $1 failed download from ${urlDev}/src/$1" fi fi } # # Download and extract from dev/contrib mirror. get_dev_contrib() { if [ ! -z "$1" ]; then curl ${crlGet} "${urlDev}/DEV/contrib/$1" -o "$1" if [ -e "$1" ]; then extract_archive "$1" else msg "OOPS: $1 failed download from ${urlDev}/DEV/contrib/$1" fi fi } update_agents() { if [ -e "/root/.host8.cnf" ] && [ ! -e "/root/.extended.firewall.exceptions.cnf" ]; then echo host8 > /root/.extended.firewall.exceptions.cnf fi if [ "${_VMFAMILY}" = "HOSTED" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "/var/xdrago" ]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ON > /root/.fast.cron.cnf PrTestPower=$(grep "POWER" /root/.*.octopus.cnf 2>&1) PrTestPhantom=$(grep "PHANTOM" /root/.*.octopus.cnf 2>&1) PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) InTest=$(ls /data/disk/*/static/control/cli.info | wc -l 2>&1) _SQL_PSWD=$(cat /root/.my.pass.txt 2>&1) _SQL_PSWD=$(echo -n ${_SQL_PSWD} | tr -d "\n" 2>&1) if [ "${InTest}" -lt "9" ] \ && [[ ! "${PrTestPower}" =~ "POWER" ]] \ && [[ ! "${PrTestPhantom}" =~ "PHANTOM" ]] \ && [[ ! "${PrTestCluster}" =~ "CLUSTER" ]]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf [ -e "/root/.tg.cnf" ] && rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 100;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -ge "9" ] && [ "${InTest}" -le "50" ]; then [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf [ -e "/root/.tg.cnf" ] && rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -gt "50" ]; then [ -e "/root/.fast.cron.cnf" ] && rm -f /root/.fast.cron.cnf [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.hr.monitor.cnf" ] && echo ${InTest} > /root/.hr.monitor.cnf [ ! -e "/root/.slow.cron.cnf" ] && echo ${InTest} > /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${PrTestPower}" =~ "POWER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${PrTestPhantom}" =~ "PHANTOM" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${PrTestCluster}" =~ "CLUSTER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.fast.cron.cnf" ] && echo ${InTest} > /root/.fast.cron.cnf [ -e "/root/.hr.monitor.cnf" ] && rm -f /root/.hr.monitor.cnf [ -e "/root/.slow.cron.cnf" ] && rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi mysql -u root -e "SET GLOBAL optimizer_switch='derived_merge=off';" mysql -u root -e "SET GLOBAL sort_buffer_size = 262144;" if [ -e "/root/.tg.cnf" ]; then if [ ! -e "/root/.fixed_fpm_workers.pid" ]; then sed -i "s/^_PHP_FPM_WORKERS=.*/_PHP_FPM_WORKERS=100/g" ${barCnf} touch /root/.fixed_fpm_workers.pid fi fi if [ ! -e "/root/.high_traffic.cnf" ]; then echo ${InTest} > /root/.high_traffic.cnf echo ${InTest} > /root/.my.optimize.cnf echo ${InTest} > /root/.no.swap.clear.cnf fi if [ "${_RANDOMIZE}" = "YES" ]; then if [ ! -e "/root/.randomize_duplicity_full_backup_day.cnf" ]; then echo ${InTest} > /root/.randomize_duplicity_full_backup_day.cnf fi if [ ! -e "/root/.skip_duplicity_monthly_cleanup.cnf" ]; then echo ${InTest} > /root/.skip_duplicity_monthly_cleanup.cnf fi else [ -e "/root/.randomize_duplicity_full_backup_day.cnf" ] && rm -f /root/.randomize_duplicity_full_backup_day.cnf [ -e "/root/.skip_duplicity_monthly_cleanup.cnf" ] && rm -f /root/.skip_duplicity_monthly_cleanup.cnf fi [ -e "/root/.my.batch_innodb.cnf" ] && rm -f /root/.my.batch_innodb.cnf [ -e "/root/.batch_innodb.cnf" ] && rm -f /root/.batch_innodb.cnf [ -e "/root/.force.drupalgeddon.cnf" ] && rm -f /root/.force.drupalgeddon.cnf [ -e "/root/.skip_cleanup.cnf" ] && rm -f /root/.skip_cleanup.cnf [ -e "/root/.giant_traffic.cnf" ] && rm -f /root/.giant_traffic.cnf [ -e "/root/.default.cnf" ] && rm -f /root/.default.cnf [ -e "/root/.debug.cnf" ] && rm -f /root/.debug.cnf if [ ! -e "/root/.fixed_scout.pid" ]; then sed -i "s/_SCOUT_KEY=.*/_SCOUT_KEY=/g" ${barCnf} sed -i "s/.*scout.*//g" /etc/crontab touch /root/.fixed_scout.pid fi if [ -e "/data/conf/override.global.inc" ] \ && [ ! -e "/data/conf/.prev6.override.global.inc.off" ]; then mv -f /data/conf/override.global.inc /data/conf/.prev6.override.global.inc.off fi # if [ ! -e "/data/conf/override.global.inc" ]; then # echo " /data/conf/override.global.inc.tmp # echo "" >> /data/conf/override.global.inc.tmp # echo "\$use_redis = TRUE;" >> /data/conf/override.global.inc.tmp # chmod 644 /data/conf/override.global.inc.tmp # mv -f /data/conf/override.global.inc.tmp /data/conf/override.global.inc # fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ ! -e "${pthLog}/drush8-symlink.ctrl.${_X_SE}.pid" ]; then if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -L "/usr/bin/drush8" ]; then _DRUSH_SYMLINK=$(readlink -n /usr/bin/drush8 2>&1) _DRUSH_SYMLINK=$(echo -n ${_DRUSH_SYMLINK} | tr -d "\n" 2>&1) if [ "${_DRUSH_SYMLINK}" != "/opt/tools/drush/8/drush/drush.php" ]; then rm -f /usr/bin/drush8 rm -f /usr/bin/drush ln -s /opt/tools/drush/8/drush/drush.php /usr/bin/drush8 ln -s /opt/tools/drush/8/drush/drush.php /usr/bin/drush touch ${pthLog}/drush8-symlink.ctrl.${_X_SE}.pid fi fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/clean-boa-env.ctrl.${_X_SE}.pid" ]; then mv -f /etc/init.d/clean-boa-env /var/xdrago/clean-boa-env.old curl ${crlGet} "${urlHmr}/conf/clean-boa-env" -o /etc/init.d/clean-boa-env if [ -e "/etc/init.d/clean-boa-env" ]; then chmod 700 /etc/init.d/clean-boa-env chown root:root /etc/init.d/clean-boa-env touch ${pthLog}/clean-boa-env.ctrl.${_X_SE}.pid else mv -f /var/xdrago/clean-boa-env.old /etc/init.d/clean-boa-env fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/mysql_backup.ctrl.hf01.${_X_SE}.pid" ]; then mv -f /var/xdrago/mysql_backup.sh /var/xdrago/mysql_backup.sh.old curl ${crlGet} "${urlHmr}/tools/system/mysql_backup.sh" -o /var/xdrago/mysql_backup.sh if [ -e "/var/xdrago/mysql_backup.sh" ]; then chmod 700 /var/xdrago/mysql_backup.sh chown root:root /var/xdrago/mysql_backup.sh touch ${pthLog}/mysql_backup.ctrl.hf01.${_X_SE}.pid else mv -f /var/xdrago/mysql_backup.sh.old /var/xdrago/mysql_backup.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/mysql_cluster_backup.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/mysql_cluster_backup.sh /var/xdrago/mysql_cluster_backup.sh.old curl ${crlGet} "${urlHmr}/tools/system/mysql_cluster_backup.sh" -o /var/xdrago/mysql_cluster_backup.sh if [ -e "/var/xdrago/mysql_cluster_backup.sh" ]; then chmod 700 /var/xdrago/mysql_cluster_backup.sh chown root:root /var/xdrago/mysql_cluster_backup.sh touch ${pthLog}/mysql_cluster_backup.ctrl.${_X_SE}.pid else mv -f /var/xdrago/mysql_cluster_backup.sh.old /var/xdrago/mysql_cluster_backup.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/mysql_hourly.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/mysql_hourly.sh /var/xdrago/mysql_hourly.sh.old curl ${crlGet} "${urlHmr}/tools/system/mysql_hourly.sh" -o /var/xdrago/mysql_hourly.sh if [ -e "/var/xdrago/mysql_hourly.sh" ]; then chmod 700 /var/xdrago/mysql_hourly.sh chown root:root /var/xdrago/mysql_hourly.sh touch ${pthLog}/mysql_hourly.ctrl.${_X_SE}.pid else mv -f /var/xdrago/mysql_hourly.sh.old /var/xdrago/mysql_hourly.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/runner.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/runner.sh /var/xdrago/runner.sh.old curl ${crlGet} "${urlHmr}/tools/system/runner.sh" -o /var/xdrago/runner.sh if [ -e "/var/xdrago/runner.sh" ]; then chmod 700 /var/xdrago/runner.sh chown root:root /var/xdrago/runner.sh touch ${pthLog}/runner.ctrl.${_X_SE}.pid else mv -f /var/xdrago/runner.sh.old /var/xdrago/runner.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/minute.ctrl.hfix01.${_X_SE}.pid" ]; then mv -f /var/xdrago/minute.sh /var/xdrago/minute.sh.old curl ${crlGet} "${urlHmr}/tools/system/minute.sh" -o /var/xdrago/minute.sh if [ -e "/var/xdrago/minute.sh" ]; then if [ -e "/root/.debug.cnf" ] && [ ! -e "/root/.default.cnf" ]; then _DO_NOTHING=YES else if [ -e "/root/.high_load.cnf" ] \ && [ ! -e "/root/.big_db.cnf" ] \ && [ ! -e "/root/.tg.cnf" ]; then sed -i "s/3600/300/g" /var/xdrago/minute.sh elif [ -e "/root/.big_db.cnf" ] || [ -e "/root/.tg.cnf" ]; then _DO_NOTHING=YES else sed -i "s/3600/1800/g" /var/xdrago/minute.sh fi fi chmod 700 /var/xdrago/minute.sh chown root:root /var/xdrago/minute.sh touch ${pthLog}/minute.ctrl.hfix01.${_X_SE}.pid else mv -f /var/xdrago/minute.sh.old /var/xdrago/minute.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/clear.ctrl.a2.${_X_SE}.pid" ]; then mv -f /var/xdrago/clear.sh /var/xdrago/clear.sh.old curl ${crlGet} "${urlHmr}/tools/system/clear.sh" -o /var/xdrago/clear.sh if [ -e "/var/xdrago/clear.sh" ]; then chmod 700 /var/xdrago/clear.sh chown root:root /var/xdrago/clear.sh touch ${pthLog}/clear.ctrl.a2.${_X_SE}.pid else mv -f /var/xdrago/clear.sh.old /var/xdrago/clear.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/daily.ctrl.hfx03.${_X_SE}.pid" ]; then mv -f /var/xdrago/daily.sh /var/xdrago/daily.sh.old curl ${crlGet} "${urlHmr}/tools/system/daily.sh" -o /var/xdrago/daily.sh if [ -e "/var/xdrago/daily.sh" ]; then chmod 700 /var/xdrago/daily.sh chown root:root /var/xdrago/daily.sh touch ${pthLog}/daily.ctrl.hfx03.${_X_SE}.pid else mv -f /var/xdrago/daily.sh.old /var/xdrago/daily.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/graceful.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/graceful.sh /var/xdrago/graceful.sh.old curl ${crlGet} "${urlHmr}/tools/system/graceful.sh" -o /var/xdrago/graceful.sh if [ -e "/var/xdrago/graceful.sh" ]; then chmod 700 /var/xdrago/graceful.sh chown root:root /var/xdrago/graceful.sh touch ${pthLog}/graceful.ctrl.${_X_SE}.pid else mv -f /var/xdrago/graceful.sh.old /var/xdrago/graceful.sh fi fi if [[ "${_CHECK_HOST}" =~ ".host8." ]] \ || [[ "${_CHECK_HOST}" =~ ".aegir.cc"($) ]] \ || [[ "${_CHECK_HOST}" =~ ".o8.io"($) ]] \ || [[ "${_CHECK_HOST}" =~ ".boa.io"($) ]]; then _MY_USAGE=YES else _MY_USAGE=NO if [ -e "/var/xdrago/usage.sh" ]; then rm -f /var/xdrago/usage.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ "${_MY_USAGE}" = "YES" ] \ && [ ! -e "${pthLog}/usage.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/usage.sh /var/xdrago/usage.sh.old curl ${crlGet} "${urlHmr}/tools/system/usage.sh" -o /var/xdrago/usage.sh if [ -e "/var/xdrago/usage.sh" ]; then chmod 700 /var/xdrago/usage.sh chown root:root /var/xdrago/usage.sh touch ${pthLog}/usage.ctrl.${_X_SE}.pid else mv -f /var/xdrago/usage.sh.old /var/xdrago/usage.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/manage_ltd_users.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/manage_ltd_users.sh /var/xdrago/manage_ltd_users.sh.old curl ${crlGet} "${urlHmr}/tools/system/manage_ltd_users.sh" \ -o /var/xdrago/manage_ltd_users.sh if [ -e "/var/xdrago/manage_ltd_users.sh" ]; then chmod 700 /var/xdrago/manage_ltd_users.sh chown root:root /var/xdrago/manage_ltd_users.sh touch ${pthLog}/manage_ltd_users.ctrl.${_X_SE}.pid [ -e "/var/run/manage_ltd_users.pid" ] && rm -f /var/run/manage_ltd_users.pid else mv -f /var/xdrago/manage_ltd_users.sh.old /var/xdrago/manage_ltd_users.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/manage_solr_config.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/manage_solr_config.sh /var/xdrago/manage_solr_config.sh.old curl ${crlGet} "${urlHmr}/tools/system/manage_solr_config.sh" \ -o /var/xdrago/manage_solr_config.sh if [ -e "/var/xdrago/manage_solr_config.sh" ]; then chmod 700 /var/xdrago/manage_solr_config.sh chown root:root /var/xdrago/manage_solr_config.sh touch ${pthLog}/manage_solr_config.ctrl.${_X_SE}.pid rm -f /var/run/manage_solr_config.pid else mv -f /var/xdrago/manage_solr_config.sh.old /var/xdrago/manage_solr_config.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/proc_num_ctrl.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/proc_num_ctrl.cgi /var/xdrago/proc_num_ctrl.cgi.old curl ${crlGet} "${urlHmr}/tools/system/proc_num_ctrl.cgi" \ -o /var/xdrago/proc_num_ctrl.cgi if [ -e "/var/xdrago/proc_num_ctrl.cgi" ]; then chmod 700 /var/xdrago/proc_num_ctrl.cgi chown root:root /var/xdrago/proc_num_ctrl.cgi touch ${pthLog}/proc_num_ctrl.ctrl.${_X_SE}.pid else mv -f /var/xdrago/proc_num_ctrl.cgi.old /var/xdrago/proc_num_ctrl.cgi fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/fast_shutdown.ctrl.${_X_SE}.pid" ]; then sed -i "s/.*opcache.fast_shutdown.*//g" /opt/etc/fpm/fpm-pool-common.conf _PHP_V="82 81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ] && [ -e "/opt/php${e}/bin/php" ]; then service php${e}-fpm reload &> /dev/null fi done _PHP_V="55 54 53" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ] && [ -e "/opt/php${e}/bin/php" ]; then service php${e}-fpm force-quit &> /dev/null fi done touch ${pthLog}/fast_shutdown.ctrl.${_X_SE}.pid fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${pthLog}/guest-fire-sh2.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/guest-fire.sh /var/xdrago/guest-fire.sh.old curl ${crlGet} "${urlHmr}/tools/system/guest-fire.sh" \ -o /var/xdrago/guest-fire.sh if [ -e "/var/xdrago/guest-fire.sh" ]; then chmod 700 /var/xdrago/guest-fire.sh chown root:root /var/xdrago/guest-fire.sh touch ${pthLog}/guest-fire-sh2.ctrl.${_X_SE}.pid else mv -f /var/xdrago/guest-fire.sh.old /var/xdrago/guest-fire.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${pthLog}/guest-water-sh2.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/guest-water.sh /var/xdrago/guest-water.sh.old curl ${crlGet} "${urlHmr}/tools/system/guest-water.sh" \ -o /var/xdrago/guest-water.sh if [ -e "/var/xdrago/guest-water.sh" ]; then chmod 700 /var/xdrago/guest-water.sh chown root:root /var/xdrago/guest-water.sh touch ${pthLog}/guest-water-sh2.ctrl.${_X_SE}.pid else mv -f /var/xdrago/guest-water.sh.old /var/xdrago/guest-water.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/hackcheck.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/monitor/check/hackcheck /var/xdrago/monitor/check/hackcheck.old curl ${crlGet} "${urlHmr}/tools/system/monitor/check/hackcheck" \ -o /var/xdrago/monitor/check/hackcheck if [ -e "/var/xdrago/monitor/check/hackcheck" ]; then chmod 700 /var/xdrago/monitor/check/hackcheck chown root:root /var/xdrago/monitor/check/hackcheck touch ${pthLog}/hackcheck.ctrl.${_X_SE}.pid else mv -f /var/xdrago/monitor/check/hackcheck.old /var/xdrago/monitor/check/hackcheck fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/scan_nginx.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/monitor/check/scan_nginx /var/xdrago/monitor/check/scan_nginx.old curl ${crlGet} "${urlHmr}/tools/system/monitor/check/scan_nginx" \ -o /var/xdrago/monitor/check/scan_nginx if [ -e "/var/xdrago/monitor/check/scan_nginx" ]; then sed -i "s/default_critnumber =.*/default_critnumber = 399;/g" /var/xdrago/monitor/check/scan_nginx wait sed -i "s/default_lines =.*/default_lines = 599;/g" /var/xdrago/monitor/check/scan_nginx wait if [ -e "/root/.host8.cnf" ] && [ -z "${_NGINX_DONTCOUNT_KEYWORDS}" ]; then _NGINX_DONTCOUNT_KEYWORDS="doccomment" fi if [ ! -z "${_NGINX_DONTCOUNT_KEYWORDS}" ]; then _NGINX_DONTCOUNT_KEYWORDS=${_NGINX_DONTCOUNT_KEYWORDS//[^a-zA-Z0-9|-]/} sed -i "s/dontcount/${_NGINX_DONTCOUNT_KEYWORDS}/g" /var/xdrago/monitor/check/scan_nginx wait fi if [ ! -z "${_NGINX_DOS_KEYWORDS}" ]; then _NGINX_DOS_KEYWORDS=${_NGINX_DOS_KEYWORDS//[^a-zA-Z0-9|-]/} if [ ! -z "${_NGINX_DOS_KEYWORDS}" ]; then sed -i "s/foobar/${_NGINX_DOS_KEYWORDS}/g" /var/xdrago/monitor/check/scan_nginx wait fi fi chmod 700 /var/xdrago/monitor/check/scan_nginx chown root:root /var/xdrago/monitor/check/scan_nginx touch ${pthLog}/scan_nginx.ctrl.${_X_SE}.pid if [ ! -e "/var/xdrago/monitor/.scan_nginx_arch.${_X_SE}.pid" ]; then if [ -e "/var/xdrago/monitor/scan_nginx.archive.log" ]; then mv -f /var/xdrago/monitor/scan_nginx.archive.log /var/xdrago/monitor/scan_nginx.archive.${_X_SE}.log fi touch /var/xdrago/monitor/.scan_nginx_arch.${_X_SE}.pid csf -df wait fi else mv -f /var/xdrago/monitor/check/scan_nginx.old /var/xdrago/monitor/check/scan_nginx fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/lshell.ctrl.${_X_SE}.pid" ]; then if [ -z "${_CUSTOM_CONFIG_LSHELL}" ] \ || [ "${_CUSTOM_CONFIG_LSHELL}" = "NO" ]; then mv -f /var/xdrago/conf/lshell.conf /var/xdrago/conf/lshell.conf.old curl ${crlGet} "${urlHmr}/tools/system/conf/lshell.conf" \ -o /var/xdrago/conf/lshell.conf if [ -e "/var/xdrago/conf/lshell.conf" ]; then chmod 644 /var/xdrago/conf/lshell.conf chown root:root /var/xdrago/conf/lshell.conf touch ${pthLog}/lshell.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/lshell.conf.old /var/xdrago/conf/lshell.conf fi fi fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/multi.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf /var/xdrago/conf/fpm-pool-foo-multi.conf.old curl ${crlGet} "${urlHmr}/conf/fpm-pool-foo-multi.conf" \ -o /var/xdrago/conf/fpm-pool-foo-multi.conf if [ -e "/var/xdrago/conf/fpm-pool-foo-multi.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo-multi.conf chown root:root /var/xdrago/conf/fpm-pool-foo-multi.conf touch ${pthLog}/multi.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf.old /var/xdrago/conf/fpm-pool-foo-multi.conf fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/single.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo.conf /var/xdrago/conf/fpm-pool-foo.conf.old curl ${crlGet} "${urlHmr}/conf/fpm-pool-foo.conf" \ -o /var/xdrago/conf/fpm-pool-foo.conf if [ -e "/var/xdrago/conf/fpm-pool-foo.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo.conf chown root:root /var/xdrago/conf/fpm-pool-foo.conf touch ${pthLog}/single.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/fpm-pool-foo.conf.old /var/xdrago/conf/fpm-pool-foo.conf fi fi if [ -e "/etc/ImageMagick-6/policy.xml" ] \ && [ -e "/var/xdrago" ] \ && [ ! -e "${pthLog}/policymap-hf-06.ctrl.${_X_SE}.pid" ]; then IsCurlBin=$(which curl 2>&1) chmod 755 ${IsCurlBin} &> /dev/null chgrp root ${IsCurlBin} &> /dev/null cp -af /etc/ImageMagick-6/policy.xml /var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old rm -f /var/xdrago/conf/etc-ImageMagick-6-policy.xml curl ${crlGet} "${urlHmr}/conf/etc-ImageMagick-6-policy.xml" \ -o /var/xdrago/conf/etc-ImageMagick-6-policy.xml if [ -e "/var/xdrago/conf/etc-ImageMagick-6-policy.xml" ]; then cp -af /var/xdrago/conf/etc-ImageMagick-6-policy.xml /etc/ImageMagick-6/policy.xml chmod 644 /etc/ImageMagick-6/policy.xml chown root:root /etc/ImageMagick-6/policy.xml touch ${pthLog}/policymap-hf-06.ctrl.${_X_SE}.pid _PHP_V="82 81 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ]; then service php${e}-fpm reload &> /dev/null fi done else if [ -e "/var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old" ]; then cp -af /var/xdrago/conf/etc-ImageMagick-6-policy.xml.hf-06.old /etc/ImageMagick-6/policy.xml fi fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/dispatch.ctrl.${_X_SE}.pid" ]; then sed -i "s/.*cache.*//g; s/.*cc drush.*//g; s/ *$//g; /^$/d" /data/disk/*/aegir.sh touch ${pthLog}/dispatch.ctrl.${_X_SE}.pid fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/var/xdrago/conf/control-readme.txt" ] \ && [ ! -e "${pthLog}/control-readme.txt.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/conf/control-readme.txt /var/xdrago/conf/control-readme.txt.old curl ${crlGet} "${urlHmr}/tools/system/conf/control-readme.txt" -o /var/xdrago/conf/control-readme.txt if [ -e "/var/xdrago/conf/control-readme.txt" ]; then chmod 644 /var/xdrago/conf/control-readme.txt chown root:root /var/xdrago/conf/control-readme.txt touch ${pthLog}/control-readme.txt.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/control-readme.txt.old /var/xdrago/conf/control-readme.txt fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ ! -e "${pthLog}/fpm-cli.ctrl.${_X_SE}.pid" ]; then usrGroup=users cp -a /var/backups/off-run/run* /var/xdrago/ for pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do tUsr= tUsr=$(echo ${pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ ! -e "${pthSysUsr}/static/control/MyQuick.info" ] \ && [ ! -e "${pthSysUsr}/static/control/MyClassic.info" ]; then echo ON > ${pthSysUsr}/static/control/MyQuick.info fi if [ ! -e "${pthSysUsr}/static/control/.disFastTrack.pid" ]; then rm -f ${pthSysUsr}/static/control/FastTrack.info touch ${pthSysUsr}/static/control/.disFastTrack.pid fi if [ ! -e "${pthSysUsr}/static/control/FastTrack.info" ] \ && [ ! -e "${pthSysUsr}/static/control/ClassicTrack.info" ]; then echo ON > ${pthSysUsr}/static/control/ClassicTrack.info fi if [ -e "${pthSysUsr}/static/control/fpm.info" ] \ && [ ! -e "${pthSysUsr}/static/control/cli.info" ]; then cp ${pthSysUsr}/static/control/fpm.info ${pthSysUsr}/static/control/cli.info fi if [ -e "${pthSysUsr}/log/CANCELLED" ] \ || [ -e "${pthSysUsr}/log/proxied.pid" ] \ || [ ! -e "${pthSysUsr}/static/control/cli.info" ]; then if [ -e "/var/xdrago/run-${tUsr}" ] \ && [ -e "/data/disk/arch/sql" ]; then if [ ! -e "/var/backups/off-run" ]; then mkdir -p /var/backups/off-run/ fi mv -f /var/xdrago/run-${tUsr} /var/backups/off-run/ fi else dscUsr="/data/disk/${tUsr}" ngxCnf="${dscUsr}/config/includes/nginx_vhost_common.conf" _NGINX_CNF_TEST=$(grep "foobaroff" ${ngxCnf} 2>&1) if [[ "${_NGINX_CNF_TEST}" =~ "foobaroff" ]]; then _DO_NOTHING=YES else sed -i "s/args.*q=/args ~* \"foobaroff=/g" ${ngxCnf} fi if [ ! -e "${dscUsr}/static/control/fpm.info" ] \ && [ -e "/data/disk/arch/sql" ]; then echo 5.6 > ${dscUsr}/static/control/fpm.info chown ${tUsr}.ftp:${usrGroup} ${dscUsr}/static/control/fpm.info chmod 0644 ${dscUsr}/static/control/fpm.info fi if [ ! -e "${dscUsr}/static/control/cli.info" ] \ && [ -e "/data/disk/arch/sql" ]; then if [ -e "${dscUsr}/static/control/fpm.info" ]; then cp -af ${dscUsr}/static/control/fpm.info ${dscUsr}/static/control/cli.info else echo 5.6 > ${dscUsr}/static/control/cli.info chown ${tUsr}.ftp:${usrGroup} ${dscUsr}/static/control/cli.info chmod 0644 ${dscUsr}/static/control/cli.info fi fi if [ ! -e "${dscUsr}/static/control/.ctrl.${_X_SE}.pid" ] \ && [ -e "/home/${tUsr}.ftp/clients" ]; then mkdir -p ${dscUsr}/static/control chmod 755 ${dscUsr}/static/control if [ -e "/var/xdrago/conf/control-readme.txt" ]; then cp -af /var/xdrago/conf/control-readme.txt \ ${dscUsr}/static/control/README.txt &> /dev/null chmod 0644 ${dscUsr}/static/control/README.txt fi chown -R ${tUsr}.ftp:${usrGroup} ${dscUsr}/static/control rm -f ${dscUsr}/static/control/.ctrl.* echo OK > ${dscUsr}/static/control/.ctrl.${_X_SE}.pid fi fi done touch ${pthLog}/fpm-cli.ctrl.${_X_SE}.pid service nginx reload fi if [ -x "/opt/tools/drush/8/drush/drush.php" ] \ && [ -e "${provLeIncFull}" ] \ && [ -e "${hoLeIncFull}" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/hosting_le_vt.ctrl.${_X_SE}.pid" ]; then leBasePath="profiles/hostmaster/modules/aegir/hosting_le" lePath="${leBasePath}/drush/${provLeInc}" leVhPath="${leBasePath}/hosting_le_vhost/drush/${hoLeInc}" for pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do if [ -e "${pthSysUsr}/config/server_master/nginx/vhost.d" ] \ && [ -e "${pthSysUsr}/static/control/cli.info" ] \ && [ ! -e "${pthSysUsr}/log/proxied.pid" ] \ && [ ! -e "${pthSysUsr}/log/CANCELLED" ]; then tUsr= validReg= validIPr= tUsr=$(echo ${pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) dscUsr="/data/disk/${tUsr}" hmPf=$(cat ${dscUsr}/.drush/hostmaster.alias.drushrc.php \ | grep "root'" \ | cut -d: -f2 \ | awk '{ print $3}' \ | sed "s/[\,']//g" 2>&1) locFile="${hmPf}/${lePath}" if [ -e "${locFile}" ] && [ -e "${provLeIncFull}" ]; then cp -af ${provLeIncFull} ${locFile} chown ${tUsr}:users ${locFile} chmod 0644 ${locFile} fi locVhFile="${hmPf}/${leVhPath}" if [ -e "${locVhFile}" ] && [ -e "${hoLeIncFull}" ]; then cp -af ${hoLeIncFull} ${locVhFile} chown ${tUsr}:users ${locVhFile} chmod 0644 ${locVhFile} fi leRoot="${dscUsr}/tools/le" exeLe="${leRoot}/dehydrated" dehydFull="${leRoot}/${dehydName}" legacyLeShFile="${leRoot}/letsencrypt.sh" lockLeFile="${leRoot}/lock" configIni="${leRoot}/config" acctsDir="${leRoot}/accounts" acctsDemoDir="${leRoot}/accounts-demo" demoPid="${leRoot}/.ctrl/ssl-demo-mode.pid" normalRegPid="${leRoot}/.ctrl/normal-re6-register.pid" forcedRegPid="${leRoot}/.ctrl/forced-re6-register.pid" onDemandRegPid="${leRoot}/.ctrl/onDemand-register.pid" validIdn=$(grep "letsencrypt" ${acctsDir}/*/account_id.json 2>&1) validReg=$(grep "valid" ${acctsDir}/*/registration_info.json 2>&1) validIPr=$(grep "${_LOC_IP}" ${acctsDir}/*/registration_info.json 2>&1) _HOUR=$(date +%H 2>&1) _HOUR=${_HOUR//[^0-9-]/} if [ -e "${dehydSrcPath}" ]; then cp -af ${dehydSrcPath} ${dehydFull} chown ${tUsr}:users ${dehydFull} chmod 0700 ${dehydFull} fi if [ -e "${dehydFull}" ] \ && [ ! -e "${normalRegPid}" ]; then if [ "${_HOUR}" = "5" ] \ || [ "${_HOUR}" = "17" ] \ || [ -e "${onDemandRegPid}" ]; then su -s /bin/bash - ${tUsr} -c "bash ${exeLe} --register --accept-terms" wait touch ${normalRegPid} fi fi if [ -e "${lockLeFile}" ]; then rm -f ${lockLeFile} sleep 1 fi if [ -e "${demoPid}" ]; then rm -f ${demoPid} fi if [ "${_HOUR}" = "11" ] \ || [ "${_HOUR}" = "23" ] \ || [ -e "${onDemandRegPid}" ]; then if [ -e "${legacyLeShFile}" ] \ || [ -e "${acctsDemoDir}" ] \ || [[ ! "${validIdn}" =~ "letsencrypt" ]] \ || [[ ! "${validReg}" =~ "valid" ]] \ || [[ ! "${validIPr}" =~ "${_LOC_IP}" ]] \ || [ ! -e "${forcedRegPid}" ]; then rm -f ${legacyLeShFile} rm -rf ${acctsDemoDir} rm -rf ${acctsDir} rm -f ${leRoot}/.ctrl/.forced* rm -f ${leRoot}/.ctrl/.normal* rm -f ${leRoot}/.ctrl/forced* rm -f ${leRoot}/.ctrl/normal* if [ -e "${exeLe}" ]; then su -s /bin/bash - ${tUsr} -c "bash ${exeLe} --register --accept-terms" wait touch ${forcedRegPid} touch ${normalRegPid} fi fi fi fi done touch ${pthLog}/hosting_le_vt.ctrl.${_X_SE}.pid fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/websh.fix-regr-04.ctrl.${_X_SE}.pid" ]; then mv -f /bin/websh /var/xdrago/websh.sh.old curl ${crlGet} "${urlHmr}/helpers/websh.sh.txt" -o /bin/websh if [ -e "/bin/websh" ]; then chmod 755 /bin/websh chown root:root /bin/websh touch ${pthLog}/websh.fix-regr-04.ctrl.${_X_SE}.pid else mv -f /var/xdrago/websh.sh.old /bin/websh fi fi _Dir="/data/all/000/modules" _REDIS_T_VERSION=8.x-1.6.1 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_nine_ten get_dev_contrib "redis_nine_ten-${_REDIS_T_VERSION}.tar.gz" echo update > ${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_nine_ten.ctrl.${_X_SE}.log fi fi _Dir="/data/all/000/modules" _REDIS_C_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_compr get_dev_contrib "redis_compr-${_REDIS_C_VERSION}.tar.gz" echo update > ${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_compr.ctrl.${_X_SE}.log fi fi _Dir="/data/all/000/modules" _REDIS_L_VERSION=7.x-3.19.1 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_edge get_dev_contrib "redis_edge-${_REDIS_L_VERSION}.tar.gz" echo update > ${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_edge.ctrl.${_X_SE}.log fi fi _Dir="/data/all/000/modules" _REDIS_N_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_eight get_dev_contrib "redis_eight-${_REDIS_N_VERSION}.tar.gz" echo update > ${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_eight.ctrl.${_X_SE}.log fi fi } fix_core_dgd() { # sed -i "s/^_PERMISSIONS_FIX=.*/_PERMISSIONS_FIX=YES/g" ${barCnf} saCoreS="${saCoreN}-D7" saIncDb="includes/database/database.inc" saPatch="/var/xdrago/conf/${saCoreS}.patch" saQCoreN="${saCoreN}" saQCoreS="${saQCoreN}-D8" saQIncDb="core/includes/database.inc" saQPatch="/var/xdrago/conf/${saQCoreS}.patch" saXCoreN="${saCoreN}" saXCoreS="${saXCoreN}-D6" saXIncDb="includes/database.inc" saXPatch="/var/xdrago/conf/${saXCoreS}.patch" saBCoreP="${saCoreN}-provision" saBPatch="/var/xdrago/conf/${saBCoreP}.patch" # SA-CORE D8 patch if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${saQPatch}" ]; then mkdir -p /var/xdrago/conf curl ${crlGet} "${urlHmr}/patches/8-core/${saQCoreS}.patch" -o ${saQPatch} fi # SA-CORE D7 patch if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${saPatch}" ]; then mkdir -p /var/xdrago/conf curl ${crlGet} "${urlHmr}/patches/7-core/${saCoreS}.patch" -o ${saPatch} fi # SA-CORE D6 patch # if [ -e "/var/xdrago" ] \ # && [ -e "/data/disk/arch/sql" ] \ # && [ ! -e "${saXPatch}" ]; then # mkdir -p /var/xdrago/conf # curl ${crlGet} "${urlHmr}/patches/6-core/${saXCoreS}.patch" -o ${saXPatch} # fi # SA-CORE for Octopus hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/hostmaster-octopus-${saCoreN}-fixed-d7.log" ]; then for File in `find /data/disk/*/aegir/distro/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/hostmaster-octopus-${saCoreN}-fixed-d7.log fi cd fi # SA-CORE for Barracuda hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/hostmaster-barracuda-${saCoreN}-fixed-d7.log" ]; then for File in `find /var/aegir/host_master/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done for File in `find /var/aegir/hostmaster*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/hostmaster-barracuda-${saCoreN}-fixed-d7.log fi cd fi # SA-CORE for built-in D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ] \ && [ ! -e "${pthLog}/${saCoreN}-fixed-d7.log" ]; then if [ -d "/data/all/000/core" ]; then for Core in `find /data/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for Core in `find /data/disk/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saPatch} &> /dev/null done fi touch ${pthLog}/${saCoreN}-fixed-d7.log cd fi # SA-CORE for ancient D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/legacy-${saCoreN}-fixed-d7.log" ]; then for File in `find /data/all/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saCoreN}-fixed-d7.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${pthLog}/legacy-${saCoreN}-fixed-d7eee.log" ]; then for File in `find /data/disk/all/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saCoreN}-fixed-d7eee.log fi cd fi # SA-CORE for custom D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/disk" ] \ && [ ! -e "${pthLog}/batch-custom-${saCoreN}-fixed-d7.log" ]; then for File in `find /data/disk/*/static/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done fi cd touch ${pthLog}/batch-custom-${saCoreN}-fixed-d7.log fi # SA-CORE for D8 platforms in ~/static if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saQPatch}" ]; then if [ -d "/data/disk" ] \ && [ ! -e "${pthLog}/batch-custom-${saQCoreN}-fixed-d8.log" ]; then for File in `find /data/disk/*/static/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done fi cd touch ${pthLog}/batch-custom-${saQCoreN}-fixed-d8.log fi # SA-CORE for built-in D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saXPatch}" ] \ && [ ! -e "${pthLog}/${saXCoreN}-finally-fixed-d6.log" ]; then if [ -d "/data/all/000/core" ]; then for Core in `find /data/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saXPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for Core in `find /data/disk/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saXPatch} &> /dev/null done fi touch ${pthLog}/${saXCoreN}-finally-fixed-d6.log cd fi # SA-CORE for ancient D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saXPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/legacy-${saXCoreN}-finally-fixed-d6.log" ]; then for File in `find /data/all/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saXCoreN}-finally-fixed-d6.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${pthLog}/legacy-${saXCoreN}-finally-fixed-d6eee.log" ]; then for File in `find /data/disk/all/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saXCoreN}-finally-fixed-d6eee.log fi cd fi # SA-CORE for custom D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saXPatch}" ]; then if [ -d "/data/disk" ] \ && [ ! -e "${pthLog}/batch-custom-${saXCoreN}-finally-fixed-d6.log" ]; then for File in `find /data/disk/*/static/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/*/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done fi cd touch ${pthLog}/batch-custom-${saXCoreN}-finally-fixed-d6.log fi } fix_ping_perms() { if [ -e "/bin/ping" ]; then _PING_TEST=$(ls -la /bin/ping | grep rwsr-xr-x 2>&1) if [ -z "${_PING_TEST}" ]; then chown root:root /bin/ping chmod 4755 /bin/ping fi fi } fix_fpm_process_max() { if [ ! -e "${pthLog}/process.max.ctrl.${_X_SE}.pid" ]; then sed -i "s/process.max =.*/process.max = 0/g" /opt/php*/etc/php*-fpm.conf touch ${pthLog}/process.max.ctrl.${_X_SE}.pid fi } fix_node_in_lshell_access() { if [ ! -e "${pthLog}/node.lshell.ctrl.${_X_SE}.pid" ] \ && [ -e "/etc/lshell.conf" ]; then PrTestPower=$(grep "POWER" /root/.*.octopus.cnf 2>&1) PrTestPhantom=$(grep "PHANTOM" /root/.*.octopus.cnf 2>&1) PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) if [[ "${PrTestPower}" =~ "POWER" ]] \ || [[ "${PrTestPhantom}" =~ "PHANTOM" ]] \ || [[ "${PrTestCluster}" =~ "CLUSTER" ]] \ || [ -e "/root/.allow.node.lshell.cnf" ]; then _ALLOW_NODE=YES else _ALLOW_NODE=NO sed -i "s/, 'node',/,/g" /etc/lshell.conf sed -i "s/, 'node',/,/g" /var/xdrago/conf/lshell.conf fi touch ${pthLog}/node.lshell.ctrl.${_X_SE}.pid fi } fix_lshell() { _LSHELL_VRN=0.9.18.9 _PATH_LSHELL="${usrBin}/lshell" _LSHELL_LIB="/usr/local/lib/python2.7/dist-packages/lshell/checkconfig.py" if [ -e "${_PATH_LSHELL}" ] \ && [ ! -e "${_LSHELL_LIB}" ]; then cp -af /etc/lshell.conf /etc/lshell.conf-bak-${_LSHELL_VRN}-hotfix5 cd /var/opt rm -rf lshell* get_dev_src "lshell-${_LSHELL_VRN}.tar.gz" for Files in `find /var/opt/lshell-${_LSHELL_VRN} -type f`; do sed -i "s/kicked/logged/g" $Files &> /dev/null wait sed -i "s/Kicked/Logged/g" $Files &> /dev/null wait done cd /var/opt/lshell-${_LSHELL_VRN} rm -rf /usr/local/lib/python2.6/dist-packages/lshell* rm -rf /usr/local/lib/python2.7/dist-packages/lshell* python setup.py install --no-compile 2> /dev/null cp -af /etc/lshell.conf-bak-${_LSHELL_VRN}-hotfix5 /etc/lshell.conf rm -f /etc/logrotate.d/lshell addgroup --system lshellg &> /dev/null mkdir -p /var/log/lsh chown :lshellg /var/log/lsh chmod 770 /var/log/lsh &> /dev/null touch ${pthLog}/lshell-build-${_LSHELL_VRN}.log-hotfix5 who | awk '$1 !~ /root/{ cmd="pkill -KILL -u " $1; system(cmd) }' fi if [ -f "${usrBin}/lshell" ]; then if [ ! -L "/usr/bin/lshell" ]; then ln -sfn ${usrBin}/lshell /usr/bin/lshell &> /dev/null fi fi } fix_log4j() { _LOG4J_VRN=2.17.1 _DO_SOLR_RESTART= if [ -x "/etc/init.d/solr7" ] && [ -e "/etc/default/solr7.in.sh" ]; then if [ -e "/opt/solr-7.7.3" ] \ && [ ! -e "/opt/solr-7.7.3/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.7.3/ mv -f /opt/solr-7.7.3/server/lib/ext/log4j* /var/backups/log4j/solr-7.7.3/ rm -f /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.7.3/server/lib/ext/log4j* chown root:root /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi if [ -e "/opt/solr-7.6.0" ] \ && [ ! -e "/opt/solr-7.6.0/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.6.0/ mv -f /opt/solr-7.6.0/server/lib/ext/log4j* /var/backups/log4j/solr-7.6.0/ rm -f /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.6.0/server/lib/ext/log4j* chown root:root /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi _RESULT_LOG4J=$(grep "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" /etc/default/solr7.in.sh 2>&1) if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]]; then echo "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" >> /etc/default/solr7.in.sh fi if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]] || [ ! -z "${_DO_SOLR_RESTART}" ]; then service solr7 restart fi fi } fix_authorized_keys() { if [ ! -e "${pthLog}/fix_authorized_keys.ctrl.${_X_SE}.pid" ]; then chmod 0600 /home/*/.ssh/authorized_keys chmod 0700 /home/*/.ssh touch ${pthLog}/fix_authorized_keys.ctrl.${_X_SE}.pid fi } fix_tcp() { _TCP_FIX=$(grep "tcp_challenge_ack_limit" /etc/sysctl.conf 2>&1) if [ -z "${_TCP_FIX}" ]; then echo "net.ipv4.tcp_challenge_ack_limit = 1073741823" >> /etc/sysctl.conf fi } fix_aio() { _AIO_FIX=$(grep "fs.aio-max-nr" /etc/sysctl.conf 2>&1) if [ -z "${_AIO_FIX}" ]; then echo "fs.aio-max-nr = 2097152" >> /etc/sysctl.conf fi } fix_java_symlinks() { if [ "${_THIS_RV}" = "jessie" ] && [ -x "/usr/lib/jvm/java-7-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-7-openjdk/jre/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_THIS_RV} fi fi if [ "${_THIS_RV}" = "stretch" ] && [ -x "/usr/lib/jvm/java-8-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-8-openjdk/jre/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_THIS_RV} fi fi if [ "${_THIS_RV}" = "daedalus" ] || [ "${_THIS_RV}" = "bookworm" ]; then if [ -x "/usr/lib/jvm/java-17-openjdk/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-17-openjdk/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_THIS_RV} fi fi else if [ -x "/usr/lib/jvm/java-11-openjdk/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sfn /usr/lib/jvm/java-11-openjdk/bin/java /etc/alternatives/java ln -sfn /etc/alternatives/java /usr/bin/java echo fixed java symlinks for ${_THIS_RV} fi fi fi } fix_wkhtml_perms() { _WKHTML_ARRAY="/usr/local/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf-0.12.4 \ /usr/local/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage-0.12.4" for _WKHTML_ITEM in ${_WKHTML_ARRAY}; do if [ -x "${_WKHTML_ITEM}" ]; then _PERM_TEST=$(ls -la ${_WKHTML_ITEM} | grep rwxr-xr-x 2>&1) if [ -z "${_PERM_TEST}" ]; then chgrp root ${_WKHTML_ITEM} &> /dev/null chmod 755 ${_WKHTML_ITEM} &> /dev/null fi fi done } fix_wkhtml() { if [ -x "/usr/local/bin/wkhtmltopdf" ] \ && [ -L "/usr/bin/wkhtmltopdf" ]; then rm -f /usr/bin/wkhtmltopdf cp -af /usr/local/bin/wkhtmltopdf /usr/bin/wkhtmltopdf chgrp root /usr/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/bin/wkhtmltopdf &> /dev/null fi if [ -x "/usr/local/bin/wkhtmltoimage" ] \ && [ -L "/usr/bin/wkhtmltoimage" ]; then rm -f /usr/bin/wkhtmltoimage cp -af /usr/local/bin/wkhtmltoimage /usr/bin/wkhtmltoimage chgrp root /usr/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/bin/wkhtmltoimage &> /dev/null fi if [ ! -x "/usr/local/bin/wkhtmltopdf" ] \ && [ -x "/usr/bin/wkhtmltopdf" ]; then rm -f /usr/local/bin/wkhtmltopdf cp -af /usr/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf chgrp root /usr/local/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/local/bin/wkhtmltopdf &> /dev/null fi if [ ! -x "/usr/local/bin/wkhtmltoimage" ] \ && [ -x "/usr/bin/wkhtmltoimage" ]; then rm -f /usr/local/bin/wkhtmltoimage cp -af /usr/bin/wkhtmltoimage /usr/local/bin/wkhtmltoimage chgrp root /usr/local/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/local/bin/wkhtmltoimage &> /dev/null fi } fix_eldir() { if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${eldirP}" ]; then mkdir -p /var/xdrago/conf curl ${crlGet} "${urlHmr}/patches/${eldirF}" -o ${eldirP} fi } fix_drupal_core_ten() { if [ -e "/var/xdrago" ]; then if [ ! -e "${dctpP}" ] || [ ! -e "${dctrP}" ]; then mkdir -p /data/conf/patches curl ${crlGet} "${urlHmr}/patches/${dctrF}" -o ${dctrP} cp -af ${dctrP} ${dctpP} fi fi } fix_pure_ftpd() { if [ -e "/usr/local/etc/pure-ftpd.conf" ]; then _PAM_AUTH=$(grep "^PAMAuthentication" /usr/local/etc/pure-ftpd.conf 2>&1) if [ ! -z "${_PAM_AUTH}" ]; then sed -i "s/^PAMAuthentication/# PAMAuthentication/g" /usr/local/etc/pure-ftpd.conf killall -9 pure-ftpd &> /dev/null fi fi } fix_hosting_le() { if [ -d "/var/xdrago/conf" ]; then if [ ! -e "${hoLeIncFull}.ctrl.${_X_SE}.pid" ] \ || [ -e "/var/xdrago/${provLeInc}" ] \ || [ -e "/var/xdrago/${hoLeInc}" ] \ || [ -e "/var/xdrago/${dehydName}" ] \ || [ -e "/root/${provLeInc}" ] \ || [ -e "/root/hosting_le_vhost.drush.inc.ctrl.${_X_SE}.pid" ] \ || [ -e "/root/${hoLeInc}" ] \ || [ -e "${legacyLeSh}" ] \ || [ ! -e "${dehydSrcPath}" ] \ || [ ! -e "${provLeIncFull}.ctrl.${_X_SE}.pid" ]; then mkdir -p /var/xdrago/conf rm -f /var/xdrago/*.drush.inc* rm -f /root/*.drush.inc* rm -f ${legacyLeSh} rm -f ${dehydSrcPath}.ctrl.${_X_SE}.pid rm -f ${hoLeIncFull}.ctrl.${_X_SE}.pid rm -f ${provLeIncFull}.ctrl.${_X_SE}.pid curl ${crlGet} "${urlHmr}/helpers/${dehydName}" -o ${dehydSrcPath}.ctrl.${_X_SE}.pid cp -af ${dehydSrcPath}.ctrl.${_X_SE}.pid ${dehydSrcPath} curl ${crlGet} "${urlHmr}/patches/${hoLeInc}" -o ${hoLeIncFull}.ctrl.${_X_SE}.pid cp -af ${hoLeIncFull}.ctrl.${_X_SE}.pid ${hoLeIncFull} curl ${crlGet} "${urlHmr}/patches/${provLeInc}" -o ${provLeIncFull}.ctrl.${_X_SE}.pid cp -af ${provLeIncFull}.ctrl.${_X_SE}.pid ${provLeIncFull} fi fi } fix_newrelic() { _PHP_EXT_DIR_74="/opt/php74/lib/php/extensions/no-debug-non-zts-20190902" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20190902.so" if [ -e "${_PHP_EXT_DIR_74}" ] \ && [ -e "${_NR_SO}" ] \ && [ ! -e "${_PHP_EXT_DIR_74}/newrelic.so" ]; then ln -s ${_NR_SO} ${_PHP_EXT_DIR_74}/newrelic.so service php74-fpm reload fi } fix_leftovers() { if [ -e "/data/disk/arch/static/control" ]; then rm -rf /data/disk/arch/static fi } force_rebuild() { if [ ! -e "${pthLog}/forced.rebuild.glibc.txt" ]; then echo "_GIT_FORCE_REINSTALL=YES" >> ${barCnf} echo "_NGX_FORCE_REINSTALL=YES" >> ${barCnf} echo "_PHP_FORCE_REINSTALL=YES" >> ${barCnf} echo "_SSH_FORCE_REINSTALL=YES" >> ${barCnf} echo "_SSL_FORCE_REINSTALL=YES" >> ${barCnf} rm -f ${pthLog}/pure-ftpd-build* rm -f ${pthLog}/mss-build* rm -f ${pthLog}/lshell-build* rm -f ${pthLog}/redis-* touch ${pthLog}/forced.rebuild.glibc.txt fi } update_wrappers() { sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait if [ ! -e "/etc/resolv.conf" ]; then rm -f /etc/resolv.conf if [ -e "${vBs}/resolv.conf.vanilla" ]; then cat ${vBs}/resolv.conf.vanilla >/etc/resolv.conf fi echo "nameserver 1.1.1.1" >>/etc/resolv.conf echo "nameserver 1.0.0.1" >>/etc/resolv.conf check_dns_settings else check_dns_settings fi if [ -d "/var/cache/pdnsd" ] \ && [ -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then pdnsd-ctl empty-cache &> /dev/null fi isCurl=$(curl --version 2>&1) if [[ ! "${isCurl}" =~ "OpenSSL" ]] || [ -z "${isCurl}" ]; then echo "ERROR: cURL is broken! Re-installing.." rm -f /etc/apt/sources.list.d/openssl.list if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections &> /dev/null apt_clean_update apt-get install curl ${aptYesUnth} -fu --reinstall &> /dev/null if [ -f "/usr/bin/curl" ] && [ -e "/usr/local/bin/curl" ]; then rm -f /usr/local/bin/curl--broken mv -f /usr/local/bin/curl /usr/local/bin/curl--broken fi fi _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "ERROR: cURL libs are out of sync! Re-installing.." rm -f /etc/apt/sources.list.d/openssl.list if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections &> /dev/null apt_clean_update apt-get install curl ${aptYesUnth} -fu --reinstall &> /dev/null if [ -f "/usr/bin/curl" ] && [ -e "/usr/local/bin/curl" ]; then rm -f /usr/local/bin/curl--broken mv -f /usr/local/bin/curl /usr/local/bin/curl--broken fi fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else urlHmr="http://${_USE_MIR}/versions/${tRee}/boa/aegir" fi _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt_clean_update apt-get install lsb-release ${aptYesUnth} &> /dev/null fi _IPSET_TEST=$(which ipset 2> /dev/null) if [ ! -x "${_IPSET_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt_clean_update if [ -L "/sbin/ipset" ]; then rm -f /sbin/ipset fi if [ -L "/usr/sbin/ipset" ]; then rm -f /usr/sbin/ipset fi apt-get install ipset ${aptYesUnth} &> /dev/null fi if [ -x "/sbin/ipset" ] && [ ! -e "/usr/sbin/ipset" ]; then ln -s /sbin/ipset /usr/sbin/ipset fi if [ -x "/usr/sbin/ipset" ] && [ ! -e "/sbin/ipset" ]; then ln -s /usr/sbin/ipset /sbin/ipset fi if [ -x "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -x "/etc/csf/csfpost.sh" ]; then echo "" > /etc/csf/csfpost.sh echo "iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh echo "iptables -t raw -A OUTPUT -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh chmod 700 /etc/csf/csfpost.sh _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then service clean-boa-env start &> /dev/null wait csf -uf wait _NFTABLES_TEST=$(iptables -V 2>&1) if [[ "${_NFTABLES_TEST}" =~ "nf_tables" ]]; then if [ -e "/usr/sbin/iptables-legacy" ]; then update-alternatives --set iptables /usr/sbin/iptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ip6tables-legacy" ]; then update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy &> /dev/null fi if [ -e "/usr/sbin/arptables-legacy" ]; then update-alternatives --set arptables /usr/sbin/arptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ebtables-legacy" ]; then update-alternatives --set ebtables /usr/sbin/ebtables-legacy &> /dev/null fi fi sed -i "s/.*DHCP.*//g" /etc/csf/csf.allow wait sed -i "/^$/d" /etc/csf/csf.allow _DHCP_TEST=$(grep DHCPREQUEST /var/log/syslog | cut -d ' ' -f13 | sort | uniq 2>&1) if [[ "${_DHCP_TEST}" =~ "port" ]]; then for _IP in `grep DHCPREQUEST /var/log/syslog | cut -d ' ' -f12 | sort | uniq`;do echo "udp|out|d=67|d=${_IP} # Local DHCP out" >> /etc/csf/csf.allow;done else for _IP in `grep DHCPREQUEST /var/log/syslog | cut -d ' ' -f13 | sort | uniq`;do echo "udp|out|d=67|d=${_IP} # Local DHCP out" >> /etc/csf/csf.allow;done fi csf -q ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss 2>&1) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null fi fi fi fi if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.conf" ]; then _CC_SRC_TEST=$(grep CC_SRC /etc/csf/csf.conf 2>&1) echo _CC_SRC_TEST 1 is ${_CC_SRC_TEST} if [[ ! "${_CC_SRC_TEST}" =~ "CC_SRC =.*2" ]]; then echo _CC_SRC_TEST 2 is ${_CC_SRC_TEST} service clean-boa-env start &> /dev/null wait csf -uf wait _NFTABLES_TEST=$(iptables -V 2>&1) if [[ "${_NFTABLES_TEST}" =~ "nf_tables" ]]; then if [ -e "/usr/sbin/iptables-legacy" ]; then update-alternatives --set iptables /usr/sbin/iptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ip6tables-legacy" ]; then update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy &> /dev/null fi if [ -e "/usr/sbin/arptables-legacy" ]; then update-alternatives --set arptables /usr/sbin/arptables-legacy &> /dev/null fi if [ -e "/usr/sbin/ebtables-legacy" ]; then update-alternatives --set ebtables /usr/sbin/ebtables-legacy &> /dev/null fi fi sed -i "s/^CC_SRC .*/CC_SRC = \"2\"/g" /etc/csf/csf.conf wait sed -i "s/^AUTO_UPDATES .*/AUTO_UPDATES = \"0\"/g" /etc/csf/csf.conf csf -q fi fi mkdir -p ${usrBin} if [ -e "${pthLog}" ] && [ ! -e "${pthLog}/updateFx07.ctrl.${_X_SE}.pid" ]; then fxPp="fix-drupal-platform-permissions.sh" fxSp="fix-drupal-site-permissions.sh" fxPo="fix-drupal-platform-ownership.sh" fxSo="fix-drupal-site-ownership.sh" fxLo="lock-local-drush-permissions.sh" curl ${crlGet} "${urlHmr}/${tBn}/${fxPp}" -o ${usrBin}/${fxPp} curl ${crlGet} "${urlHmr}/${tBn}/${fxSp}" -o ${usrBin}/${fxSp} curl ${crlGet} "${urlHmr}/${tBn}/${fxPo}" -o ${usrBin}/${fxPo} curl ${crlGet} "${urlHmr}/${tBn}/${fxSo}" -o ${usrBin}/${fxSo} curl ${crlGet} "${urlHmr}/${tBn}/${fxLo}" -o ${usrBin}/${fxLo} chmod 700 ${usrBin}/${fxPp} chmod 700 ${usrBin}/${fxSp} chmod 700 ${usrBin}/${fxPo} chmod 700 ${usrBin}/${fxSo} chmod 700 ${usrBin}/${fxLo} touch ${pthLog}/updateFx07.ctrl.${_X_SE}.pid fi mkdir -p ${optBin} rm -f ${usrBin}/{barracuda*,boa*,octopus*} if [ ! -e "/data/disk" ]; then ln -s ${optBin}/boa ${usrBin}/boa ln -s ${optBin}/barracuda ${usrBin}/barracuda ln -s ${optBin}/octopus ${usrBin}/octopus fi rm -f ${optBin}/{barracuda*,boa*,octopus*} curl ${crlGet} "${urlHmr}/${tBn}/barracuda" -o ${optBin}/barracuda curl ${crlGet} "${urlHmr}/${tBn}/boa" -o ${optBin}/boa curl ${crlGet} "${urlHmr}/${tBn}/octopus" -o ${optBin}/octopus echo "### ${_TODAY} ###" >> ${optBin}/boa echo "### ${_TODAY} ###" >> ${optBin}/barracuda echo "### ${_TODAY} ###" >> ${optBin}/octopus chmod 700 ${optBin}/{barracuda*,boa*,octopus*} } setup() { _BENG_VS=NO _VMFAMILY=NO _CHECK_HOST=$(uname -n 2>&1) _VM_TEST=$(uname -a 2>&1) if [[ "${_VM_TEST}" =~ "-beng" ]]; then _BENG_VS=YES fi if [ "${_BENG_VS}" = "YES" ]; then _RANDOMIZE=YES else _RANDOMIZE=NO fi if [[ "${_CHECK_HOST}" =~ ".host8." ]] \ || [[ "${_CHECK_HOST}" =~ ".boa.io"($) ]] \ || [[ "${_CHECK_HOST}" =~ ".o8.io"($) ]] \ || [[ "${_CHECK_HOST}" =~ ".aegir.cc"($) ]]; then _VMFAMILY=HOSTED fi sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait if [ ! -e "/etc/resolv.conf" ]; then rm -f /etc/resolv.conf if [ -e "${vBs}/resolv.conf.vanilla" ]; then cat ${vBs}/resolv.conf.vanilla >/etc/resolv.conf fi echo "nameserver 1.1.1.1" >>/etc/resolv.conf echo "nameserver 1.0.0.1" >>/etc/resolv.conf check_dns_settings else check_dns_settings fi if [ -d "/var/cache/pdnsd" ] \ && [ -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then pdnsd-ctl empty-cache &> /dev/null fi isScreen=$(screen --version 2>&1) if [[ ! "${isScreen}" =~ "GNU" ]] || [ -z "${isScreen}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi if [ ! -e "/etc/apt/apt.conf.d/99ignorestrict" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Get::AllowInsecureRepositories \"true\";" > /etc/apt/apt.conf.d/99ignorestrict echo "APT::Get::AllowUnauthenticated \"true\";" >> /etc/apt/apt.conf.d/99ignorestrict echo "Aptitude::CmdLine::Fix-Broken \"true\";" >> /etc/apt/apt.conf.d/99ignorestrict fi apt_clean_update apt-get install screen -y &> /dev/null apt-get install net-tools -y &> /dev/null apt-get install hostname -y &> /dev/null apt-get remove --purge unscd -y &> /dev/null apt-get remove --purge dbus -y &> /dev/null if [ -e "/usr/share/dbus-1" ]; then rm -f /usr/share/dbus-1/*/*freedesktop* fi userdel -r debian &> /dev/null sed -i "s/^#startup_message off/startup_message off/g" /etc/screenrc &> /dev/null fi isCurl=$(curl --version 2>&1) if [[ ! "${isCurl}" =~ "OpenSSL" ]] || [ -z "${isCurl}" ]; then echo "ERROR: cURL is broken! Re-installing.." rm -f /etc/apt/sources.list.d/openssl.list if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections &> /dev/null apt_clean_update apt-get install curl ${aptYesUnth} -fu --reinstall &> /dev/null if [ -f "/usr/bin/curl" ] && [ -e "/usr/local/bin/curl" ]; then rm -f /usr/local/bin/curl--broken mv -f /usr/local/bin/curl /usr/local/bin/curl--broken fi fi _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "ERROR: cURL libs are out of sync! Re-installing.." rm -f /etc/apt/sources.list.d/openssl.list if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections &> /dev/null apt_clean_update apt-get install curl ${aptYesUnth} -fu --reinstall &> /dev/null if [ -f "/usr/bin/curl" ] && [ -e "/usr/local/bin/curl" ]; then rm -f /usr/local/bin/curl--broken mv -f /usr/local/bin/curl /usr/local/bin/curl--broken fi fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else urlHmr="http://${_USE_MIR}/versions/${tRee}/boa/aegir" fi _VIRT_TEST=$(which virt-what 2> /dev/null) if [ ! -x "${_VIRT_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt_clean_update apt-get install virt-what ${aptYesUnth} &> /dev/null fi _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt_clean_update apt-get install lsb-release ${aptYesUnth} &> /dev/null fi mkdir -p ${usrBin} if [ -e "${pthLog}" ] && [ ! -e "${pthLog}/updateFx07.ctrl.${_X_SE}.pid" ]; then fxPp="fix-drupal-platform-permissions.sh" fxSp="fix-drupal-site-permissions.sh" fxPo="fix-drupal-platform-ownership.sh" fxSo="fix-drupal-site-ownership.sh" curl ${crlGet} "${urlHmr}/${tBn}/${fxPp}" -o ${usrBin}/${fxPp} curl ${crlGet} "${urlHmr}/${tBn}/${fxSp}" -o ${usrBin}/${fxSp} curl ${crlGet} "${urlHmr}/${tBn}/${fxPo}" -o ${usrBin}/${fxPo} curl ${crlGet} "${urlHmr}/${tBn}/${fxSo}" -o ${usrBin}/${fxSo} chmod 700 ${usrBin}/${fxPp} chmod 700 ${usrBin}/${fxSp} chmod 700 ${usrBin}/${fxPo} chmod 700 ${usrBin}/${fxSo} touch ${pthLog}/updateFx07.ctrl.${_X_SE}.pid fi mkdir -p ${optBin} rm -f ${optBin}/.{boa*,fix*} rm -f ${usrBin}/{autoupboa*,barracuda*,boa*,ffmirror*,mycnfup*,weblogx*} rm -f ${usrBin}/{octopus*,randpass*,sqlmagic*,syncpass*,thinkdifferent*} if [ ! -e "/data/disk" ]; then ln -s ${optBin}/boa ${usrBin}/boa ln -s ${optBin}/barracuda ${usrBin}/barracuda ln -s ${optBin}/octopus ${usrBin}/octopus fi boaBins="autobeowulf \ autochimaera \ autodaedalus \ autoupboa \ barracuda \ boa \ ffmirror \ mycnfup \ octopus \ randpass \ sqlmagic \ syncpass \ thinkdifferent \ weblogx \ xboa" for cbn in ${boaBins}; do if [ -e "${optBin}/${cbn}" ]; then if [ `ps aux | grep -v "grep" | grep --count "/${cbn}"` -gt "0" ]; then echo "The ${cbn} is running!" else if [ "${cbn}" = "weblogx" ] \ && [ `ps aux | grep -v "grep" | grep --count "/daily.sh"` -gt "0" ]; then echo "The ${cbn} and daily.sh is running!" else rm -f ${optBin}/${cbn}.new curl ${crlGet} "${urlHmr}/${tBn}/${cbn}" -o ${optBin}/${cbn}.new mv -f ${optBin}/${cbn} ${optBin}/${cbn}.prev mv -f ${optBin}/${cbn}.new ${optBin}/${cbn} if [ -e "${optBin}/${cbn}" ]; then chmod 755 ${optBin}/${cbn} rm -f ${optBin}/${cbn}.prev else mv -f ${optBin}/${cbn}.prev ${optBin}/${cbn} fi fi fi else curl ${crlGet} "${urlHmr}/${tBn}/${cbn}" -o ${optBin}/${cbn} fi done echo "### ${_TODAY} ###" >> ${optBin}/boa echo "### ${_TODAY} ###" >> ${optBin}/barracuda echo "### ${_TODAY} ###" >> ${optBin}/octopus [ -e "/root/.backboa.autoupdate" ] && rm -f /root/.backboa.autoupdate if [ `ps aux | grep -v "grep" | grep --count "duplicity"` -gt "0" ]; then echo "The duplicity backup is running!" else rm -f ${optBin}/{backboa,duobackboa} curl ${crlGet} "${urlHmr}/${tBn}/backboa" -o ${optBin}/backboa curl ${crlGet} "${urlHmr}/${tBn}/duobackboa" -o ${optBin}/duobackboa chmod 700 ${optBin}/{backboa,duobackboa} if [ ! -e "${pthLog}/duplicity.ctrl.${_X_SE}.pid" ] \ && [ -x "/usr/local/bin/duplicity" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "/var/xdrago" ]; then backboa install touch ${pthLog}/duplicity.ctrl.${_X_SE}.pid touch /root/.backboa.autoupdate fi fi chmod 700 ${optBin}/{autodaedalus,autochimaera,autobeowulf,autoupboa,backboa,duobackboa} chmod 700 ${optBin}/{barracuda,boa,ffmirror,octopus,syncpass,xboa,mycnfup,weblogx} chmod 755 ${optBin}/{randpass,sqlmagic,thinkdifferent} echo echo "BOA Meta Installers setup completed" echo "Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs" echo "Bye" echo } count_cpu() { _CPU_INFO=$(grep -c processor /proc/cpuinfo 2>&1) _CPU_INFO=${_CPU_INFO//[^0-9]/} _NPROC_TEST=$(which nproc 2>&1) if [ -z "${_NPROC_TEST}" ]; then _CPU_NR="${_CPU_INFO}" else _CPU_NR=$(nproc 2>&1) fi _CPU_NR=${_CPU_NR//[^0-9]/} if [ ! -z "${_CPU_NR}" ] \ && [ ! -z "${_CPU_INFO}" ] \ && [ "${_CPU_NR}" -gt "${_CPU_INFO}" ] \ && [ "${_CPU_INFO}" -gt "0" ]; then _CPU_NR="${_CPU_INFO}" fi if [ -z "${_CPU_NR}" ] || [ "${_CPU_NR}" -lt "1" ]; then _CPU_NR=1 fi mkdir -p /data/all chmod 755 /data/all echo ${_CPU_NR} > /data/all/cpuinfo chmod 644 /data/all/cpuinfo } find_fast_mirror_early() { isNetc=$(which netcat 2>&1) if [ ! -x "${isNetc}" ] || [ -z "${isNetc}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt_clean_update apt-get install netcat ${aptYesUnth} &> /dev/null wait fi ffMirr=$(which ffmirror 2>&1) if [ -x "${ffMirr}" ]; then ffList="/var/backups/boa-mirrors-2024-01.txt" mkdir -p /var/backups if [ ! -e "${ffList}" ]; then echo "de.files.aegir.cc" > ${ffList} echo "ny.files.aegir.cc" >> ${ffList} echo "sg.files.aegir.cc" >> ${ffList} fi if [ -e "${ffList}" ]; then _BROKEN_FFMIRR_TEST=$(grep "stuff" ${ffMirr} 2>&1) if [[ "${_BROKEN_FFMIRR_TEST}" =~ "stuff" ]]; then _CHECK_MIRROR=$(bash ${ffMirr} < ${ffList} 2>&1) _USE_MIR="${_CHECK_MIRROR}" [[ "${_USE_MIR}" =~ "printf" ]] && _USE_MIR="files.aegir.cc" else _USE_MIR="files.aegir.cc" fi else _USE_MIR="files.aegir.cc" fi else _USE_MIR="files.aegir.cc" fi urlDev="http://${_USE_MIR}/dev" urlHmr="http://${_USE_MIR}/versions/${tRee}/boa/aegir" } sysctl_update() { if [ ! -e "/root/.no.sysctl.update.cnf" ] \ && [ ! -e "/var/backups/sysctl.conf.up-${_X_SE}.log" ]; then mkdir -p /var/backups cd /var/backups rm -f /var/backups/sysctl.conf curl ${crlGet} "${urlHmr}/conf/sysctl.conf" -o sysctl.conf if [ -e "/var/backups/sysctl.conf" ]; then cp -af /var/backups/sysctl.conf /etc/sysctl.conf fi if [ -e "/etc/security/limits.conf" ]; then _IF_NF=$(grep '524288' /etc/security/limits.conf 2>&1) if [ -z "${_IF_NF}" ]; then echo "* hard nofile 524288" >> /etc/security/limits.conf echo "* soft nofile 524288" >> /etc/security/limits.conf echo "root hard nofile 1048576" >> /etc/security/limits.conf echo "root soft nofile 1048576" >> /etc/security/limits.conf fi _IF_NF=$(grep '65556' /etc/security/limits.conf 2>&1) if [ -z "${_IF_NF}" ]; then echo "* hard nproc 65556" >> /etc/security/limits.conf echo "* soft nproc 65556" >> /etc/security/limits.conf fi fi if [ -e "/boot/grub/grub.cfg" ] || [ -e "/boot/grub/menu.lst" ]; then #echo never > /sys/kernel/mm/transparent_hugepage/enabled if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi else if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi fi if [ -e "/etc/default/nginx" ]; then _IF_ULNX=$(grep '18000' /etc/default/nginx 2>&1) if [ -z "${_IF_ULNX}" ]; then echo ULIMIT=\"-n 18000\" >> /etc/default/nginx service nginx restart &> /dev/null fi fi touch /var/backups/sysctl.conf.up-${_X_SE}.log fi } ###--------------------### if [ `whoami` = "root" ]; then os_detection_minimal find_fast_mirror_early ### CVE-2021-44228 Log4j 2 Vulnerability ### CVE-2021-45046 Log4j 2 Vulnerability ### CVE-2021-45105 Log4j 2 Vulnerability fix_log4j ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -x "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss 2>&1) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null fi fi ### More aggressive mitigation affecting network performance # if [ -e "/proc/sys/net/ipv4/tcp_sack" ]; then # _SACK_TEST=$(cat /proc/sys/net/ipv4/tcp_sack 2>&1) # _SACK_TEST=$(echo -n ${_SACK_TEST} | tr -d "\n" 2>&1) # if [[ "${_SACK_TEST}" =~ "1" ]]; then # echo "0" > /proc/sys/net/ipv4/tcp_sack # fi # fi ### Block known attackers IPs _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then csf -d 185.206.225.30 Flooding user/password csf -d 185.253.97.238 Flooding user/password fi ### Linux kernel CVE-2017-2636 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-n_hdlc.conf" ]; then echo "install n_hdlc /bin/true" > /etc/modprobe.d/blacklist-n_hdlc.conf rmmod n_hdlc &> /dev/null fi ### Linux kernel CVE-2017-6074 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-dccp-all.conf" ]; then echo "install dccp /bin/true" > /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_diag /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv4 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv6 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_probe /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf rmmod dccp &> /dev/null rmmod dccp_diag &> /dev/null rmmod dccp_ipv4 &> /dev/null rmmod dccp_ipv6 &> /dev/null rmmod dccp_probe &> /dev/null fi if [ -x "/usr/sbin/pdnsd" ] \ && [ ! -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then mkdir -p /etc/resolvconf/run/interface echo "nameserver 127.0.0.1" > /etc/resolvconf/run/interface/lo.pdnsd resolvconf -u &> /dev/null service pdnsd restart &> /dev/null pdnsd-ctl empty-cache &> /dev/null fi if [ ! -e "/data/all/cpuinfo" ]; then count_cpu fi if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \ && [ -e "/var/xdrago" ]; then if [ -e "${barCnf}" ]; then source ${barCnf} fi if [ ! -z "${_SKYNET_MODE}" ] && [ "${_SKYNET_MODE}" = "OFF" ]; then if [ -n "${SSH_TTY+x}" ]; then echo "STATUS: Skynet Agent is Inactive!" echo "STATUS: Please remove the _SKYNET_MODE=OFF line from" echo "STATUS: ${barCnf} to enable me again." echo "NOTE: Only barracuda, boa and octopus wrappers will be updated" update_wrappers exit 0 else update_wrappers exit 0 fi else if [ -n "${SSH_TTY+x}" ]; then echo "STATUS: Skynet Agent is Active, OK!" echo "STATUS: You can add the _SKYNET_MODE=OFF line in" echo "STATUS: ${barCnf} to disable me, if needed." fi fi else if [ -e "/root/.step.init.systemd.two.cnf" ] \ && [ -e "/root/.step.init.systemd.one.cnf" ]; then _SCREEN_INIT=YES fi fi if [ -d "/.newrelic" ]; then rm -rf /.newrelic fi chmod a+w /dev/null if [ ! -e "/dev/fd" ]; then if [ -e "/proc/self/fd" ]; then rm -rf /dev/fd ln -s /proc/self/fd /dev/fd fi fi setup if [ -e "/var/log/barracuda_log.txt" ]; then fix_ping_perms fix_fpm_process_max fix_lshell fix_node_in_lshell_access fix_authorized_keys fix_tcp fix_aio fix_java_symlinks fix_wkhtml fix_wkhtml_perms fix_eldir fix_drupal_core_ten fix_pure_ftpd fix_hosting_le fix_newrelic fix_leftovers update_agents sysctl_update # saCoreN="SA-CORE-2018-002" # fix_core_dgd # sleep 3 # saCoreN="SA-CORE-2018-004" # fix_core_dgd # sleep 3 # saCoreN="SA-CORE-2018-006" # fix_core_dgd # sleep 3 # saCoreN="SA-CORE-2019-004" # fix_core_dgd # sleep 3 # saCoreN="3143016-83" # fix_core_dgd fi if [ ! -e "/etc/ssl/private/4096.dhp" ] && [ -d "/var/xdrago" ]; then echo "Generating 4096.dhp -- it may take a very long time..." openssl dhparam -out /etc/ssl/private/4096.dhp 4096 > /dev/null 2>&1 & fi if [ -e "/etc/ssl/private/4096.dhp" ]; then chown -R root:ssl-cert /etc/ssl/private chmod 640 /etc/ssl/private/* chmod 710 /etc/ssl/private fi if [ ! -e "/root/.upstart.cnf" ]; then service cron reload &> /dev/null fi if [ "${_SCREEN_INIT}" = "YES" ]; then clear echo echo "The system is ready for BOA installation!" echo echo "We will start screen session for you in 15 seconds" echo "to avoid problems with dropped SSH connections" echo "during BOA stack installation, which may take up to" echo "30-60 minutes, depending on your server speed." echo echo "If your connection will drop, simply log in again" echo "and re-attach your session with 'screen -R' command." echo echo "Please wait a moment until this message disappears." echo echo "Enjoy!" echo sleep 15 screen else exit 0 fi else echo "ERROR: This script should be ran as a root user" exit 1 fi