#!/bin/bash ###----------------------------------------### ### ### BOA Meta Installer ### ### Copyright (C) 2010-2022 Omega8.cc ### noc@omega8.cc www.omega8.cc ### ### This program is free software. You can ### redistribute it and/or modify it under ### the terms of the GNU GPL as published by ### the Free Software Foundation, version 2 ### or later. ### ### This program is distributed in the hope ### that it will be useful, but WITHOUT ANY ### WARRANTY; without even the implied ### warranty of MERCHANTABILITY or FITNESS ### FOR A PARTICULAR PURPOSE. See the GNU GPL ### for more details. ### ### You should have received a copy of the ### GNU GPL along with this program. ### If not, see http://www.gnu.org/licenses/ ### ### Code: https://github.com/omega8cc/boa ### ###----------------------------------------### ###----------------------------------------### ### HOW-TO: run it with bash, not with sh ### ###----------------------------------------### ### ### bash BOA.sh.txt ### ###----------------------------------------### ### DON'T EDIT ANYTHING BELOW THIS LINE ### ###----------------------------------------### export PATH=$PATH:/opt/local/bin SHELL=/bin/bash ### ### Avoid too many questions ### export DEBIAN_FRONTEND=noninteractive if [ -z "${TERM+x}" ]; then export TERM=vt100 fi _TODAY=$(date +%y%m%d 2>&1) _TODAY=${_TODAY//[^0-9]/} _X_SE="414prodT46" # barCnf="/root/.barracuda.cnf" crlGet="-L --max-redirs 10 -k -s --retry 10 --retry-delay 5 -A iCab" forCer="-fuy --allow-unauthenticated --reinstall" optBin="/opt/local/bin" usrBin="/usr/local/bin" pthLog="/var/xdrago/log" tBn="tools/bin" vBs="/var/backups" # eldirF="0001-Print-site_footer-if-defined.patch" eldirP="/var/xdrago/conf/${eldirF}" # provLeInc="provision_hosting_le.drush.inc" provLeIncFull="/var/xdrago/conf/${provLeInc}" # hoLeInc="hosting_le_vhost.drush.inc" hoLeIncFull="/var/xdrago/conf/${hoLeInc}" # dehydName="dehydrated" dehydSrcPath="/var/xdrago/conf/${dehydName}" legacyLeSh="/var/xdrago/conf/letsencrypt.sh" # # Find correct IP. find_correct_ip() { _LOC_IP=$(curl ${crlGet} https://api64.ipify.org \ | sed 's/[^0-9\.]//g' 2>&1) if [ -z "${_LOC_IP}" ]; then _LOC_IP=$(curl ${crlGet} http://ip4.icanhazip.com \ | sed 's/[^0-9\.]//g' 2>&1) fi } fix_dns_settings() { dnsLi="/root/.local.dns.IP.list" mkdir -p ${vBs} rm -f ${vBs}/resolv.conf.tmp if [ -e "/etc/resolv.conf" ]; then if [ -L "/etc/resolv.conf" ]; then rslvT=`readlink -n /etc/resolv.conf` if [ ! -e "${rslvT}" ]; then rm -f /etc/resolv.conf fi fi if [ -e "/etc/resolv.conf" ]; then cp -a /etc/resolv.conf ${vBs}/resolv.conf.tmp fi fi if [ ! -e "${vBs}/resolv.conf.tmp" ]; then echo "nameserver 1.1.1.1" >${vBs}/resolv.conf.tmp echo "nameserver 1.0.0.1" >>${vBs}/resolv.conf.tmp fi if [ ! -e "${vBs}/resolv.conf.vanilla" ] \ && [ -e "${vBs}/resolv.conf.tmp" ]; then if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${vBs}/resolv.conf.tmp /etc/resolv.conf cp -a ${vBs}/resolv.conf.tmp ${vBs}/resolv.conf.vanilla fi fi sed -i "/^$/d" ${vBs}/resolv.conf.vanilla &> /dev/null if [ -e "${vBs}/resolv.conf.vanilla" ]; then if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${vBs}/resolv.conf.vanilla /etc/resolv.conf fi else if [ -e "${vBs}/resolv.conf.tmp" ] \ && [ "${_USE_DEFAULT_DNS}" != "YES" ]; then rm -f /etc/resolv.conf cp -a ${vBs}/resolv.conf.tmp /etc/resolv.conf fi fi if [ -e "/etc/pdnsd.conf" ]; then if [ -e "${dnsLi}" ]; then sed -i "s/.*127.0.0.1.*//g; s/ *$//g; /^$/d" ${dnsLi} wait sed -i "s/.*Dynamic.*//g; s/ *$//g; /^$/d" ${dnsLi} wait _BROKEN_DNS_TEST_X=$(grep "\." ${dnsLi} 2>&1) if [ -z "${_BROKEN_DNS_TEST_X}" ]; then echo " label = \"cloudflare-servers\";" > ${dnsLi} echo " ip=1.1.1.1;" >> ${dnsLi} echo " ip=1.0.0.1;" >> ${dnsLi} fi fi _CUSTOM_DNS_TEST=$(grep 1.1.1.1 /etc/pdnsd.conf 2>&1) _BROKEN_DNS_CONF=$(grep "ip=Dynamic" /etc/pdnsd.conf 2>&1) _MISSING_DNS_TEST=$(grep "ip=" /etc/pdnsd.conf 2>&1) if [[ "${_CUSTOM_DNS_TEST}" =~ "1.1.1.1" ]] \ || [ ! -e "${dnsLi}" ] \ || [ -e "/root/.use.default.nameservers.cnf" ] \ || [ -e "/root/.use.local.nameservers.cnf" ] \ || [[ "${_BROKEN_DNS_CONF}" =~ "Dynamic" ]] \ || [[ -z "${_MISSING_DNS_TEST}" ]]; then echo " label = \"cloudflare-servers\";" > ${dnsLi} for _IP in `cat /etc/resolv.conf \ | sed 's/.*127.0.0.1.*//g; s/.*search.*//g; s/.*Dynamic.*//g' \ | cut -d ' ' -f2 \ | sort \ | uniq`;do echo " ip=${_IP};" >> ${dnsLi};done wait sed -i "s/ip=.*//g; s/ *$//g; /^$/d" /etc/pdnsd.conf wait sed -i "s/.*127.0.0.1.*//g; s/ *$//g; /^$/d" ${dnsLi} wait sed -i "s/.*Dynamic.*//g; s/ *$//g; /^$/d" ${dnsLi} wait _BROKEN_DNS_TEST_Y=$(grep "\." ${dnsLi} 2>&1) if [ -z "${_BROKEN_DNS_TEST_Y}" ]; then echo " ip=1.1.1.1;" >> ${dnsLi} echo " ip=1.0.0.1;" >> ${dnsLi} fi ### echo debug dns A _DNS_TPL_TEST_GE=$(grep "google-servers" /etc/pdnsd.conf 2>&1) _DNS_TPL_TEST_CF=$(grep "cloudflare-servers" /etc/pdnsd.conf 2>&1) _DNS_RGX_TEST=$(grep "cloudflare-servers" /root/.local.dns.IP.list 2>&1) if [[ "${_DNS_TPL_TEST_CF}" =~ "cloudflare-servers" ]] \ && [[ "${_DNS_RGX_TEST}" =~ "cloudflare-servers" ]]; then sed -i '/ label = \"cloudflare-servers\";/ {r /root/.local.dns.IP.list d;};' /etc/pdnsd.conf wait fi if [[ "${_DNS_TPL_TEST_GE}" =~ "google-servers" ]] \ && [[ "${_DNS_RGX_TEST}" =~ "cloudflare-servers" ]]; then sed -i '/ label = \"google-servers\";/ {r /root/.local.dns.IP.list d;};' /etc/pdnsd.conf wait fi resolvconf -u &> /dev/null service pdnsd restart &> /dev/null pdnsd-ctl empty-cache &> /dev/null fi fi } check_dns_settings() { if [ -e "/root/.use.default.nameservers.cnf" ]; then _USE_DEFAULT_DNS=YES rm -f /root/.local.dns.IP.list fi if [ -e "/root/.use.local.nameservers.cnf" ]; then _USE_PROVIDER_DNS=YES else _REMOTE_DNS_TEST=$(host files.aegir.cc 1.1.1.1 -w 10 2>&1) fi if [[ "${_REMOTE_DNS_TEST}" =~ "no servers could be reached" ]] \ || [[ "${_REMOTE_DNS_TEST}" =~ "Host files.aegir.cc not found" ]] \ || [ "${_USE_DEFAULT_DNS}" = "YES" ] \ || [ "${_USE_PROVIDER_DNS}" = "YES" ]; then if [ "${_USE_DEFAULT_DNS}" = "YES" ] \ || [ "${_USE_PROVIDER_DNS}" = "YES" ] \ || [ ! -e "${vBs}/resolv.conf.vanilla" ]; then fix_dns_settings if [ -e "/etc/init.d/postfix" ]; then service postfix restart &> /dev/null fi fi fi } extract_archive() { if [ ! -z "$1" ]; then case $1 in *.tar.bz2) tar xjf $1 ;; *.tar.gz) tar xzf $1 ;; *.tar.xz) tar xvf $1 ;; *.bz2) bunzip2 $1 ;; *.rar) unrar x $1 ;; *.gz) gunzip -q $1 ;; *.tar) tar xf $1 ;; *.tbz2) tar xjf $1 ;; *.tgz) tar xzf $1 ;; *.zip) unzip -qq $1 ;; *.Z) uncompress $1 ;; *.7z) 7z x $1 ;; *) echo "'$1' cannot be extracted via >extract<" ;; esac rm -f $1 fi } # # Download and extract archive from dev/src mirror. get_dev_src() { if [ ! -z "$1" ]; then curl ${crlGet} "${urlDev}/src/$1" -o "$1" if [ -e "$1" ]; then extract_archive "$1" else echo "OOPS: $1 failed download from ${urlDev}/src/$1" fi fi } # # Download and extract from dev/contrib mirror. get_dev_contrib() { if [ ! -z "$1" ]; then curl ${crlGet} "${urlDev}/HEAD/contrib/$1" -o "$1" if [ -e "$1" ]; then extract_archive "$1" else msg "OOPS: $1 failed download from ${urlDev}/HEAD/contrib/$1" fi fi } update_agents() { if [ -e "/root/.host8.cnf" ] && [ ! -e "/root/.extended.firewall.exceptions.cnf" ]; then echo host8 > /root/.extended.firewall.exceptions.cnf fi if [ "${_VMFAMILY}" = "HOSTED" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "/var/xdrago" ]; then PrTestPower=$(grep "POWER" /root/.*.octopus.cnf 2>&1) PrTestCluster=$(grep "CLUSTER" /root/.*.octopus.cnf 2>&1) InTest=$(ls /data/disk/*/static/control/cli.info | wc -l 2>&1) if [ "${InTest}" -lt "9" ] \ && [[ ! "${PrTestPower}" =~ "POWER" ]] \ && [[ ! "${PrTestCluster}" =~ "CLUSTER" ]]; then rm -f /root/.fast.cron.cnf rm -f /root/.hr.monitor.cnf rm -f /root/.slow.cron.cnf rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 100;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -ge "9" ] && [ "${InTest}" -le "50" ]; then rm -f /root/.fast.cron.cnf rm -f /root/.hr.monitor.cnf rm -f /root/.slow.cron.cnf rm -f /root/.tg.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [ "${InTest}" -gt "50" ]; then rm -f /root/.fast.cron.cnf [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf [ ! -e "/root/.hr.monitor.cnf" ] && echo ${InTest} > /root/.hr.monitor.cnf [ ! -e "/root/.slow.cron.cnf" ] && echo ${InTest} > /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 80;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 80;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${PrTestPower}" =~ "POWER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf rm -f /root/.fast.cron.cnf rm -f /root/.hr.monitor.cnf rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi if [[ "${PrTestCluster}" =~ "CLUSTER" ]]; then [ ! -e "/root/.tg.cnf" ] && echo ${InTest} > /root/.tg.cnf rm -f /root/.fast.cron.cnf rm -f /root/.hr.monitor.cnf rm -f /root/.slow.cron.cnf mysql -u root -e "SET GLOBAL max_connect_errors = 150;" mysql -u root -e "SET GLOBAL max_connections = 200;" mysql -u root -e "SET GLOBAL max_user_connections = 150;" mysql -u root -e "SET GLOBAL group_concat_max_len = 10000;" fi mysql -u root -e "SET GLOBAL optimizer_switch='derived_merge=off';" if [ -e "/root/.tg.cnf" ]; then if [ ! -e "/root/.fixed_fpm_workers.pid" ]; then sed -i "s/^_PHP_FPM_WORKERS=.*/_PHP_FPM_WORKERS=100/g" ${barCnf} touch /root/.fixed_fpm_workers.pid fi fi if [ ! -e "/root/.high_traffic.cnf" ]; then echo ${InTest} > /root/.high_traffic.cnf echo ${InTest} > /root/.my.optimize.cnf echo ${InTest} > /root/.no.swap.clear.cnf fi if [ "${_RANDOMIZE}" = "YES" ]; then if [ ! -e "/root/.randomize_duplicity_full_backup_day.cnf" ]; then echo ${InTest} > /root/.randomize_duplicity_full_backup_day.cnf fi if [ ! -e "/root/.skip_duplicity_monthly_cleanup.cnf" ]; then echo ${InTest} > /root/.skip_duplicity_monthly_cleanup.cnf fi else rm -f /root/.randomize_duplicity_full_backup_day.cnf rm -f /root/.skip_duplicity_monthly_cleanup.cnf fi rm -f /root/.my.batch_innodb.cnf rm -f /root/.batch_innodb.cnf rm -f /root/.force.drupalgeddon.cnf rm -f /root/.skip_cleanup.cnf rm -f /root/.giant_traffic.cnf rm -f /root/.default.cnf rm -f /root/.debug.cnf if [ ! -e "/root/.fixed_scout.pid" ]; then sed -i "s/_SCOUT_KEY=.*/_SCOUT_KEY=/g" ${barCnf} sed -i "s/.*scout.*//g" /etc/crontab touch /root/.fixed_scout.pid fi if [ -e "/data/conf/override.global.inc" ] \ && [ ! -e "/data/conf/.prev6.override.global.inc.off" ]; then mv -f /data/conf/override.global.inc /data/conf/.prev6.override.global.inc.off fi # if [ ! -e "/data/conf/override.global.inc" ]; then # echo " /data/conf/override.global.inc.tmp # echo "" >> /data/conf/override.global.inc.tmp # echo "\$use_redis = TRUE;" >> /data/conf/override.global.inc.tmp # chmod 644 /data/conf/override.global.inc.tmp # mv -f /data/conf/override.global.inc.tmp /data/conf/override.global.inc # fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/mysql_backup.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/mysql_backup.sh /var/xdrago/mysql_backup.sh.old curl ${crlGet} "${urlHmr}/tools/system/mysql_backup.sh" -o /var/xdrago/mysql_backup.sh if [ -e "/var/xdrago/mysql_backup.sh" ]; then chmod 700 /var/xdrago/mysql_backup.sh chown root:root /var/xdrago/mysql_backup.sh touch ${pthLog}/mysql_backup.ctrl.${_X_SE}.pid else mv -f /var/xdrago/mysql_backup.sh.old /var/xdrago/mysql_backup.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/mysql_cluster_backup.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/mysql_cluster_backup.sh /var/xdrago/mysql_cluster_backup.sh.old curl ${crlGet} "${urlHmr}/tools/system/mysql_cluster_backup.sh" -o /var/xdrago/mysql_cluster_backup.sh if [ -e "/var/xdrago/mysql_cluster_backup.sh" ]; then chmod 700 /var/xdrago/mysql_cluster_backup.sh chown root:root /var/xdrago/mysql_cluster_backup.sh touch ${pthLog}/mysql_cluster_backup.ctrl.${_X_SE}.pid else mv -f /var/xdrago/mysql_cluster_backup.sh.old /var/xdrago/mysql_cluster_backup.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/mysql_hourly.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/mysql_hourly.sh /var/xdrago/mysql_hourly.sh.old curl ${crlGet} "${urlHmr}/tools/system/mysql_hourly.sh" -o /var/xdrago/mysql_hourly.sh if [ -e "/var/xdrago/mysql_hourly.sh" ]; then chmod 700 /var/xdrago/mysql_hourly.sh chown root:root /var/xdrago/mysql_hourly.sh touch ${pthLog}/mysql_hourly.ctrl.${_X_SE}.pid else mv -f /var/xdrago/mysql_hourly.sh.old /var/xdrago/mysql_hourly.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/runner.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/runner.sh /var/xdrago/runner.sh.old curl ${crlGet} "${urlHmr}/tools/system/runner.sh" -o /var/xdrago/runner.sh if [ -e "/var/xdrago/runner.sh" ]; then chmod 700 /var/xdrago/runner.sh chown root:root /var/xdrago/runner.sh touch ${pthLog}/runner.ctrl.${_X_SE}.pid else mv -f /var/xdrago/runner.sh.old /var/xdrago/runner.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/minute.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/minute.sh /var/xdrago/minute.sh.old curl ${crlGet} "${urlHmr}/tools/system/minute.sh" -o /var/xdrago/minute.sh if [ -e "/var/xdrago/minute.sh" ]; then chmod 700 /var/xdrago/minute.sh chown root:root /var/xdrago/minute.sh touch ${pthLog}/minute.ctrl.${_X_SE}.pid else mv -f /var/xdrago/minute.sh.old /var/xdrago/minute.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/clear.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/clear.sh /var/xdrago/clear.sh.old curl ${crlGet} "${urlHmr}/tools/system/clear.sh" -o /var/xdrago/clear.sh if [ -e "/var/xdrago/clear.sh" ]; then chmod 700 /var/xdrago/clear.sh chown root:root /var/xdrago/clear.sh touch ${pthLog}/clear.ctrl.${_X_SE}.pid else mv -f /var/xdrago/clear.sh.old /var/xdrago/clear.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/daily.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/daily.sh /var/xdrago/daily.sh.old curl ${crlGet} "${urlHmr}/tools/system/daily.sh" -o /var/xdrago/daily.sh if [ -e "/var/xdrago/daily.sh" ]; then chmod 700 /var/xdrago/daily.sh chown root:root /var/xdrago/daily.sh touch ${pthLog}/daily.ctrl.${_X_SE}.pid else mv -f /var/xdrago/daily.sh.old /var/xdrago/daily.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/graceful.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/graceful.sh /var/xdrago/graceful.sh.old curl ${crlGet} "${urlHmr}/tools/system/graceful.sh" -o /var/xdrago/graceful.sh if [ -e "/var/xdrago/graceful.sh" ]; then chmod 700 /var/xdrago/graceful.sh chown root:root /var/xdrago/graceful.sh touch ${pthLog}/graceful.ctrl.${_X_SE}.pid else mv -f /var/xdrago/graceful.sh.old /var/xdrago/graceful.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/usage.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/usage.sh /var/xdrago/usage.sh.old curl ${crlGet} "${urlHmr}/tools/system/usage.sh" -o /var/xdrago/usage.sh if [ -e "/var/xdrago/usage.sh" ]; then chmod 700 /var/xdrago/usage.sh chown root:root /var/xdrago/usage.sh touch ${pthLog}/usage.ctrl.${_X_SE}.pid else mv -f /var/xdrago/usage.sh.old /var/xdrago/usage.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/manage_ltd_users.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/manage_ltd_users.sh /var/xdrago/manage_ltd_users.sh.old curl ${crlGet} "${urlHmr}/tools/system/manage_ltd_users.sh" \ -o /var/xdrago/manage_ltd_users.sh if [ -e "/var/xdrago/manage_ltd_users.sh" ]; then chmod 700 /var/xdrago/manage_ltd_users.sh chown root:root /var/xdrago/manage_ltd_users.sh touch ${pthLog}/manage_ltd_users.ctrl.${_X_SE}.pid rm -f /var/run/manage_ltd_users.pid else mv -f /var/xdrago/manage_ltd_users.sh.old /var/xdrago/manage_ltd_users.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/manage_solr_config.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/manage_solr_config.sh /var/xdrago/manage_solr_config.sh.old curl ${crlGet} "${urlHmr}/tools/system/manage_solr_config.sh" \ -o /var/xdrago/manage_solr_config.sh if [ -e "/var/xdrago/manage_solr_config.sh" ]; then chmod 700 /var/xdrago/manage_solr_config.sh chown root:root /var/xdrago/manage_solr_config.sh touch ${pthLog}/manage_solr_config.ctrl.${_X_SE}.pid rm -f /var/run/manage_solr_config.pid else mv -f /var/xdrago/manage_solr_config.sh.old /var/xdrago/manage_solr_config.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/proc_num_ctrl.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/proc_num_ctrl.cgi /var/xdrago/proc_num_ctrl.cgi.old curl ${crlGet} "${urlHmr}/tools/system/proc_num_ctrl.cgi" \ -o /var/xdrago/proc_num_ctrl.cgi if [ -e "/var/xdrago/proc_num_ctrl.cgi" ]; then chmod 700 /var/xdrago/proc_num_ctrl.cgi chown root:root /var/xdrago/proc_num_ctrl.cgi touch ${pthLog}/proc_num_ctrl.ctrl.${_X_SE}.pid else mv -f /var/xdrago/proc_num_ctrl.cgi.old /var/xdrago/proc_num_ctrl.cgi fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/fast_shutdown.ctrl.${_X_SE}.pid" ]; then sed -i "s/.*opcache.fast_shutdown.*//g" /opt/etc/fpm/fpm-pool-common.conf _PHP_V="81 80 74 73 72 71 70 56" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ]; then service php${e}-fpm reload &> /dev/null fi done _PHP_V="55 54 53" for e in ${_PHP_V}; do if [ -e "/etc/init.d/php${e}-fpm" ]; then service php${e}-fpm stop &> /dev/null fi done touch ${pthLog}/fast_shutdown.ctrl.${_X_SE}.pid fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${pthLog}/guest-fire-sh2.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/guest-fire.sh /var/xdrago/guest-fire.sh.old curl ${crlGet} "${urlHmr}/tools/system/guest-fire.sh" \ -o /var/xdrago/guest-fire.sh if [ -e "/var/xdrago/guest-fire.sh" ]; then chmod 700 /var/xdrago/guest-fire.sh chown root:root /var/xdrago/guest-fire.sh touch ${pthLog}/guest-fire-sh2.ctrl.${_X_SE}.pid else mv -f /var/xdrago/guest-fire.sh.old /var/xdrago/guest-fire.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "/usr/sbin/csf" ] \ && [ -e "/etc/csf/csf.deny" ] \ && [ ! -e "${pthLog}/guest-water-sh2.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/guest-water.sh /var/xdrago/guest-water.sh.old curl ${crlGet} "${urlHmr}/tools/system/guest-water.sh" \ -o /var/xdrago/guest-water.sh if [ -e "/var/xdrago/guest-water.sh" ]; then chmod 700 /var/xdrago/guest-water.sh chown root:root /var/xdrago/guest-water.sh touch ${pthLog}/guest-water-sh2.ctrl.${_X_SE}.pid else mv -f /var/xdrago/guest-water.sh.old /var/xdrago/guest-water.sh fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/hackcheck.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/monitor/check/hackcheck /var/xdrago/monitor/check/hackcheck.old curl ${crlGet} "${urlHmr}/tools/system/monitor/check/hackcheck" \ -o /var/xdrago/monitor/check/hackcheck if [ -e "/var/xdrago/monitor/check/hackcheck" ]; then chmod 700 /var/xdrago/monitor/check/hackcheck chown root:root /var/xdrago/monitor/check/hackcheck touch ${pthLog}/hackcheck.ctrl.${_X_SE}.pid else mv -f /var/xdrago/monitor/check/hackcheck.old /var/xdrago/monitor/check/hackcheck fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/scan_nginx.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/monitor/check/scan_nginx /var/xdrago/monitor/check/scan_nginx.old curl ${crlGet} "${urlHmr}/tools/system/monitor/check/scan_nginx" \ -o /var/xdrago/monitor/check/scan_nginx if [ -e "/var/xdrago/monitor/check/scan_nginx" ]; then sed -i "s/default_critnumber =.*/default_critnumber = 399;/g" /var/xdrago/monitor/check/scan_nginx sed -i "s/default_lines =.*/default_lines = 599;/g" /var/xdrago/monitor/check/scan_nginx chmod 700 /var/xdrago/monitor/check/scan_nginx chown root:root /var/xdrago/monitor/check/scan_nginx touch ${pthLog}/scan_nginx.ctrl.${_X_SE}.pid if [ ! -e "/var/xdrago/monitor/.scan_nginx_arch.${_X_SE}.pid" ]; then if [ -e "/var/xdrago/monitor/scan_nginx.archive.log" ]; then mv -f /var/xdrago/monitor/scan_nginx.archive.log /var/xdrago/monitor/scan_nginx.archive.${_X_SE}.log fi touch /var/xdrago/monitor/.scan_nginx_arch.${_X_SE}.pid csf -df fi else mv -f /var/xdrago/monitor/check/scan_nginx.old /var/xdrago/monitor/check/scan_nginx fi fi if [ -e "/opt/tools/drush/8/drush/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/lshell.ctrl.${_X_SE}.pid" ]; then if [ -z "${_CUSTOM_CONFIG_LSHELL}" ] \ || [ "${_CUSTOM_CONFIG_LSHELL}" = "NO" ]; then mv -f /var/xdrago/conf/lshell.conf /var/xdrago/conf/lshell.conf.old curl ${crlGet} "${urlHmr}/tools/system/conf/lshell.conf" \ -o /var/xdrago/conf/lshell.conf if [ -e "/var/xdrago/conf/lshell.conf" ]; then chmod 644 /var/xdrago/conf/lshell.conf chown root:root /var/xdrago/conf/lshell.conf touch ${pthLog}/lshell.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/lshell.conf.old /var/xdrago/conf/lshell.conf fi fi fi if [ -e "/opt/tools/drush/8/drush/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/multi.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf /var/xdrago/conf/fpm-pool-foo-multi.conf.old curl ${crlGet} "${urlHmr}/conf/fpm-pool-foo-multi.conf" \ -o /var/xdrago/conf/fpm-pool-foo-multi.conf if [ -e "/var/xdrago/conf/fpm-pool-foo-multi.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo-multi.conf chown root:root /var/xdrago/conf/fpm-pool-foo-multi.conf touch ${pthLog}/multi.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf.old /var/xdrago/conf/fpm-pool-foo-multi.conf fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/single.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/conf/fpm-pool-foo.conf /var/xdrago/conf/fpm-pool-foo.conf.old curl ${crlGet} "${urlHmr}/conf/fpm-pool-foo.conf" \ -o /var/xdrago/conf/fpm-pool-foo.conf if [ -e "/var/xdrago/conf/fpm-pool-foo.conf" ]; then chmod 644 /var/xdrago/conf/fpm-pool-foo.conf chown root:root /var/xdrago/conf/fpm-pool-foo.conf touch ${pthLog}/single.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/fpm-pool-foo.conf.old /var/xdrago/conf/fpm-pool-foo.conf fi fi if [ -e "/opt/tools/drush" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/dispatch.ctrl.${_X_SE}.pid" ]; then sed -i "s/.*cache.*//g; s/.*cc drush.*//g; s/ *$//g; /^$/d" /data/disk/*/aegir.sh touch ${pthLog}/dispatch.ctrl.${_X_SE}.pid fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/var/xdrago/conf/control-readme.txt" ] \ && [ ! -e "${pthLog}/control-readme.txt.ctrl.${_X_SE}.pid" ]; then mv -f /var/xdrago/conf/control-readme.txt /var/xdrago/conf/control-readme.txt.old curl ${crlGet} "${urlHmr}/tools/system/conf/control-readme.txt" -o /var/xdrago/conf/control-readme.txt if [ -e "/var/xdrago/conf/control-readme.txt" ]; then chmod 644 /var/xdrago/conf/control-readme.txt chown root:root /var/xdrago/conf/control-readme.txt touch ${pthLog}/control-readme.txt.ctrl.${_X_SE}.pid else mv -f /var/xdrago/conf/control-readme.txt.old /var/xdrago/conf/control-readme.txt fi fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ ! -e "${pthLog}/fpm-cli.ctrl.${_X_SE}.pid" ]; then usrGroup=users cp -a /var/backups/off-run/run* /var/xdrago/ for pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do tUsr= tUsr=$(echo ${pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) if [ ! -e "${pthSysUsr}/static/control/MyQuick.info" ] \ && [ ! -e "${pthSysUsr}/static/control/MyClassic.info" ]; then echo ON > ${pthSysUsr}/static/control/MyQuick.info fi if [ -e "${pthSysUsr}/static/control/fpm.info" ] \ && [ ! -e "${pthSysUsr}/static/control/cli.info" ]; then cp ${pthSysUsr}/static/control/fpm.info ${pthSysUsr}/static/control/cli.info fi if [ -e "${pthSysUsr}/log/CANCELLED" ] \ || [ -e "${pthSysUsr}/log/proxied.pid" ] \ || [ ! -e "${pthSysUsr}/static/control/cli.info" ]; then if [ -e "/var/xdrago/run-${tUsr}" ] \ && [ -e "/data/disk/arch/sql" ]; then if [ ! -e "/var/backups/off-run" ]; then mkdir -p /var/backups/off-run/ fi mv -f /var/xdrago/run-${tUsr} /var/backups/off-run/ fi else dscUsr="/data/disk/${tUsr}" ngxCnf="${dscUsr}/config/includes/nginx_vhost_common.conf" _NGINX_CNF_TEST=$(grep "foobaroff" ${ngxCnf} 2>&1) if [[ "${_NGINX_CNF_TEST}" =~ "foobaroff" ]]; then _DO_NOTHING=YES else sed -i "s/args.*q=/args ~* \"foobaroff=/g" ${ngxCnf} fi if [ ! -e "${dscUsr}/static/control/fpm.info" ] \ && [ -e "/data/disk/arch/sql" ]; then echo 5.6 > ${dscUsr}/static/control/fpm.info chown ${tUsr}.ftp:${usrGroup} ${dscUsr}/static/control/fpm.info chmod 0644 ${dscUsr}/static/control/fpm.info fi if [ ! -e "${dscUsr}/static/control/cli.info" ] \ && [ -e "/data/disk/arch/sql" ]; then if [ -e "${dscUsr}/static/control/fpm.info" ]; then cp -af ${dscUsr}/static/control/fpm.info ${dscUsr}/static/control/cli.info else echo 5.6 > ${dscUsr}/static/control/cli.info chown ${tUsr}.ftp:${usrGroup} ${dscUsr}/static/control/cli.info chmod 0644 ${dscUsr}/static/control/cli.info fi fi if [ ! -e "${dscUsr}/static/control/.ctrl.${_X_SE}.pid" ] \ && [ -e "/home/${tUsr}.ftp/clients" ]; then mkdir -p ${dscUsr}/static/control chmod 755 ${dscUsr}/static/control if [ -e "/var/xdrago/conf/control-readme.txt" ]; then cp -af /var/xdrago/conf/control-readme.txt \ ${dscUsr}/static/control/README.txt &> /dev/null chmod 0644 ${dscUsr}/static/control/README.txt fi chown -R ${tUsr}.ftp:${usrGroup} ${dscUsr}/static/control rm -f ${dscUsr}/static/control/.ctrl.* echo OK > ${dscUsr}/static/control/.ctrl.${_X_SE}.pid fi fi done touch ${pthLog}/fpm-cli.ctrl.${_X_SE}.pid service nginx reload fi if [ -e "/opt/tools/drush/8/drush/drush" ] \ && [ -e "${provLeIncFull}" ] \ && [ -e "${hoLeIncFull}" ] \ && [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/hosting_le_vt.ctrl.${_X_SE}.pid" ]; then leBasePath="profiles/hostmaster/modules/aegir/hosting_le" lePath="${leBasePath}/drush/${provLeInc}" leVhPath="${leBasePath}/hosting_le_vhost/drush/${hoLeInc}" for pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do if [ -e "${pthSysUsr}/config/server_master/nginx/vhost.d" ] \ && [ -e "${pthSysUsr}/static/control/cli.info" ] \ && [ ! -e "${pthSysUsr}/log/proxied.pid" ] \ && [ ! -e "${pthSysUsr}/log/CANCELLED" ]; then tUsr= validReg= validIPr= tUsr=$(echo ${pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1) dscUsr="/data/disk/${tUsr}" hmPf=$(cat ${dscUsr}/.drush/hostmaster.alias.drushrc.php \ | grep "root'" \ | cut -d: -f2 \ | awk '{ print $3}' \ | sed "s/[\,']//g" 2>&1) locFile="${hmPf}/${lePath}" if [ -e "${locFile}" ] && [ -e "${provLeIncFull}" ]; then cp -af ${provLeIncFull} ${locFile} chown ${tUsr}:users ${locFile} chmod 0644 ${locFile} fi locVhFile="${hmPf}/${leVhPath}" if [ -e "${locVhFile}" ] && [ -e "${hoLeIncFull}" ]; then cp -af ${hoLeIncFull} ${locVhFile} chown ${tUsr}:users ${locVhFile} chmod 0644 ${locVhFile} fi leRoot="${dscUsr}/tools/le" exeLe="${leRoot}/dehydrated" dehydFull="${leRoot}/${dehydName}" legacyLeShFile="${leRoot}/letsencrypt.sh" lockLeFile="${leRoot}/lock" configIni="${leRoot}/config" acctsDir="${leRoot}/accounts" acctsDemoDir="${leRoot}/accounts-demo" demoPid="${leRoot}/.ctrl/ssl-demo-mode.pid" normalRegPid="${leRoot}/.ctrl/normal-re6-register.pid" forcedRegPid="${leRoot}/.ctrl/forced-re6-register.pid" onDemandRegPid="${leRoot}/.ctrl/onDemand-register.pid" validIdn=$(grep "letsencrypt" ${acctsDir}/*/account_id.json 2>&1) validReg=$(grep "valid" ${acctsDir}/*/registration_info.json 2>&1) validIPr=$(grep "${_LOC_IP}" ${acctsDir}/*/registration_info.json 2>&1) _HOUR=$(date +%H 2>&1) _HOUR=${_HOUR//[^0-9-]/} if [ -e "${dehydSrcPath}" ]; then cp -af ${dehydSrcPath} ${dehydFull} chown ${tUsr}:users ${dehydFull} chmod 0700 ${dehydFull} fi if [ -e "${dehydFull}" ] \ && [ ! -e "${normalRegPid}" ]; then if [ "${_HOUR}" = "5" ] \ || [ "${_HOUR}" = "17" ] \ || [ -e "${onDemandRegPid}" ]; then su -s /bin/bash - ${tUsr} -c "bash ${exeLe} --register --accept-terms" touch ${normalRegPid} fi fi if [ -e "${lockLeFile}" ]; then rm -f ${lockLeFile} sleep 1 fi if [ -e "${demoPid}" ]; then rm -f ${demoPid} fi if [ "${_HOUR}" = "11" ] \ || [ "${_HOUR}" = "23" ] \ || [ -e "${onDemandRegPid}" ]; then if [ -e "${legacyLeShFile}" ] \ || [ -e "${acctsDemoDir}" ] \ || [[ ! "${validIdn}" =~ "letsencrypt" ]] \ || [[ ! "${validReg}" =~ "valid" ]] \ || [[ ! "${validIPr}" =~ "${_LOC_IP}" ]] \ || [ ! -e "${forcedRegPid}" ]; then rm -f ${legacyLeShFile} rm -rf ${acctsDemoDir} rm -rf ${acctsDir} rm -f ${leRoot}/.ctrl/.forced* rm -f ${leRoot}/.ctrl/.normal* rm -f ${leRoot}/.ctrl/forced* rm -f ${leRoot}/.ctrl/normal* if [ -e "${exeLe}" ]; then su -s /bin/bash - ${tUsr} -c "bash ${exeLe} --register --accept-terms" touch ${forcedRegPid} touch ${normalRegPid} fi fi fi fi done touch ${pthLog}/hosting_le_vt.ctrl.${_X_SE}.pid fi if [ -e "/var/xdrago/manage_solr_config.sh" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${pthLog}/websh.ctrl.${_X_SE}.pid" ]; then mv -f /bin/websh /var/xdrago/websh.sh.old curl ${crlGet} "${urlHmr}/helpers/websh.sh.txt" -o /bin/websh if [ -e "/bin/websh" ]; then chmod 755 /bin/websh chown root:root /bin/websh touch ${pthLog}/websh.ctrl.${_X_SE}.pid else mv -f /var/xdrago/websh.sh.old /bin/websh fi fi _Dir="/data/all/000/modules" _REDIS_T_VERSION=8.x-1.6.1 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_nine_ten get_dev_contrib "redis_nine_ten-${_REDIS_T_VERSION}.tar.gz" echo update > ${_Dir}/redis_nine_ten/ver-${_REDIS_T_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_nine_ten.ctrl.${_X_SE}.pid fi fi _Dir="/data/all/000/modules" _REDIS_C_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_compr get_dev_contrib "redis_compr-${_REDIS_C_VERSION}.tar.gz" echo update > ${_Dir}/redis_compr/ver-${_REDIS_C_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_compr.ctrl.${_X_SE}.pid fi fi _Dir="/data/all/000/modules" _REDIS_L_VERSION=7.x-3.19.1 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_edge get_dev_contrib "redis_edge-${_REDIS_L_VERSION}.tar.gz" echo update > ${_Dir}/redis_edge/ver-${_REDIS_L_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_edge.ctrl.${_X_SE}.pid fi fi _Dir="/data/all/000/modules" _REDIS_N_VERSION=com-19-04-2021 if [ -e "/var/xdrago/manage_solr_config.sh" ]; then if [ ! -e "${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_X_SE}.info" ]; then mkdir -p ${_Dir} cd ${_Dir} rm -rf ${_Dir}/redis_eight get_dev_contrib "redis_eight-${_REDIS_N_VERSION}.tar.gz" echo update > ${_Dir}/redis_eight/ver-${_REDIS_N_VERSION}.${_X_SE}.info find ${_Dir} -type d -exec chmod 0755 {} \; &> /dev/null find ${_Dir} -type f -exec chmod 0644 {} \; &> /dev/null touch ${pthLog}/redis_eight.ctrl.${_X_SE}.pid fi fi } fix_core_dgd() { # sed -i "s/^_PERMISSIONS_FIX=.*/_PERMISSIONS_FIX=YES/g" ${barCnf} saCoreS="${saCoreN}-D7" saIncDb="includes/database/database.inc" saPatch="/var/xdrago/conf/${saCoreS}.patch" saQCoreN="${saCoreN}" saQCoreS="${saQCoreN}-D8" saQIncDb="core/includes/database.inc" saQPatch="/var/xdrago/conf/${saQCoreS}.patch" saXCoreN="${saCoreN}" saXCoreS="${saXCoreN}-D6" saXIncDb="includes/database.inc" saXPatch="/var/xdrago/conf/${saXCoreS}.patch" saBCoreP="${saCoreN}-provision" saBPatch="/var/xdrago/conf/${saBCoreP}.patch" # SA-CORE D8 patch if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${saQPatch}" ]; then mkdir -p /var/xdrago/conf curl ${crlGet} "${urlHmr}/patches/8-core/${saQCoreS}.patch" -o ${saQPatch} fi # SA-CORE D7 patch if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${saPatch}" ]; then mkdir -p /var/xdrago/conf curl ${crlGet} "${urlHmr}/patches/7-core/${saCoreS}.patch" -o ${saPatch} fi # SA-CORE D6 patch # if [ -e "/var/xdrago" ] \ # && [ -e "/data/disk/arch/sql" ] \ # && [ ! -e "${saXPatch}" ]; then # mkdir -p /var/xdrago/conf # curl ${crlGet} "${urlHmr}/patches/6-core/${saXCoreS}.patch" -o ${saXPatch} # fi # SA-CORE for Octopus hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/hostmaster-octopus-${saCoreN}-fixed-d7.log" ]; then for File in `find /data/disk/*/aegir/distro/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/hostmaster-octopus-${saCoreN}-fixed-d7.log fi cd fi # SA-CORE for Barracuda hostmaster platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/hostmaster-barracuda-${saCoreN}-fixed-d7.log" ]; then for File in `find /var/aegir/host_master/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done for File in `find /var/aegir/hostmaster*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/hostmaster-barracuda-${saCoreN}-fixed-d7.log fi cd fi # SA-CORE for built-in D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ] \ && [ ! -e "${pthLog}/${saCoreN}-fixed-d7.log" ]; then if [ -d "/data/all/000/core" ]; then for Core in `find /data/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for Core in `find /data/disk/all/000/core/drupal-7* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saPatch} &> /dev/null done fi touch ${pthLog}/${saCoreN}-fixed-d7.log cd fi # SA-CORE for ancient D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/legacy-${saCoreN}-fixed-d7.log" ]; then for File in `find /data/all/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saCoreN}-fixed-d7.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${pthLog}/legacy-${saCoreN}-fixed-d7eee.log" ]; then for File in `find /data/disk/all/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saCoreN}-fixed-d7eee.log fi cd fi # SA-CORE for custom D7 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saPatch}" ]; then if [ -d "/data/disk" ] \ && [ ! -e "${pthLog}/batch-custom-${saCoreN}-fixed-d7.log" ]; then for File in `find /data/disk/*/static/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/*/${saIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saPatch} &> /dev/null echo fixed > ${Core}/profiles/${saCoreS}-fix.info fi done fi cd touch ${pthLog}/batch-custom-${saCoreN}-fixed-d7.log fi # SA-CORE for D8 platforms in ~/static if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saQPatch}" ]; then if [ -d "/data/disk" ] \ && [ ! -e "${pthLog}/batch-custom-${saQCoreN}-fixed-d8.log" ]; then for File in `find /data/disk/*/static/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done for File in `find /data/disk/*/static/*/*/*/*/*/${saQIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/core.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saQCoreS}-fix.info" ]; then cd ${Core} patch -p1 < ${saQPatch} &> /dev/null echo fixed > ${Core}/profiles/${saQCoreS}-fix.info fi done fi cd touch ${pthLog}/batch-custom-${saQCoreN}-fixed-d8.log fi # SA-CORE for built-in D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saXPatch}" ] \ && [ ! -e "${pthLog}/${saXCoreN}-finally-fixed-d6.log" ]; then if [ -d "/data/all/000/core" ]; then for Core in `find /data/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saXPatch} &> /dev/null done elif [ -d "/data/disk/all/000/core" ]; then for Core in `find /data/disk/all/000/core/pressflow-6* \ -maxdepth 0 -mindepth 0 | sort`; do cd ${Core} patch -p1 < ${saXPatch} &> /dev/null done fi touch ${pthLog}/${saXCoreN}-finally-fixed-d6.log cd fi # SA-CORE for ancient D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saXPatch}" ]; then if [ -d "/data/all" ] \ && [ ! -e "${pthLog}/legacy-${saXCoreN}-finally-fixed-d6.log" ]; then for File in `find /data/all/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saXCoreN}-finally-fixed-d6.log elif [ -d "/data/disk/all" ] \ && [ ! -e "${pthLog}/legacy-${saXCoreN}-finally-fixed-d6eee.log" ]; then for File in `find /data/disk/all/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null fi done touch ${pthLog}/legacy-${saXCoreN}-finally-fixed-d6eee.log fi cd fi # SA-CORE for custom D6 platforms if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "${saXPatch}" ]; then if [ -d "/data/disk" ] \ && [ ! -e "${pthLog}/batch-custom-${saXCoreN}-finally-fixed-d6.log" ]; then for File in `find /data/disk/*/static/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done for File in `find /data/disk/*/static/*/*/*/*/*/${saXIncDb} \ -maxdepth 0 -mindepth 0 | sort`; do Core=$(echo $File \ | sed 's/\/includes.*//g' \ | awk '{print $1}' 2> /dev/null) if [ -d "${Core}" ] \ && [ ! -e "${Core}/core" ] \ && [ ! -e "${Core}/profiles/${saXCoreS}-fix-finally.info" ]; then cd ${Core} patch -p1 < ${saXPatch} &> /dev/null echo fixed > ${Core}/profiles/${saXCoreS}-fix-finally.info fi done fi cd touch ${pthLog}/batch-custom-${saXCoreN}-finally-fixed-d6.log fi } fix_ping_perms() { if [ -e "/bin/ping" ]; then _PING_TEST=$(ls -la /bin/ping | grep rwsr-xr-x 2>&1) if [ -z "${_PING_TEST}" ]; then chown root:root /bin/ping chmod 4755 /bin/ping fi fi } fix_fpm_process_max() { if [ ! -e "${pthLog}/process.max.ctrl.${_X_SE}.pid" ]; then sed -i "s/process.max =.*/process.max = 0/g" /opt/php*/etc/php*-fpm.conf touch ${pthLog}/process.max.ctrl.${_X_SE}.pid fi } fix_lshell() { _LSHELL_VRN=0.9.18.9 _PATH_LSHELL="${usrBin}/lshell" if [ -e "${_PATH_LSHELL}" ] \ && [ ! -e "${pthLog}/lshell-build-${_LSHELL_VRN}-hotfix5" ]; then cp -af /etc/lshell.conf /etc/lshell.conf-bak-${_LSHELL_VRN}-hotfix5 cd /var/opt rm -rf lshell* get_dev_src "lshell-${_LSHELL_VRN}.tar.gz" for Files in `find /var/opt/lshell-${_LSHELL_VRN} -type f`; do sed -i "s/kicked/logged/g" $Files &> /dev/null wait sed -i "s/Kicked/Logged/g" $Files &> /dev/null wait done cd /var/opt/lshell-${_LSHELL_VRN} rm -rf /usr/local/lib/python2.6/dist-packages/lshell* rm -rf /usr/local/lib/python2.7/dist-packages/lshell* python setup.py install --no-compile 2> /dev/null cp -af /etc/lshell.conf-bak-${_LSHELL_VRN}-hotfix5 /etc/lshell.conf rm -f /etc/logrotate.d/lshell addgroup --system lshellg &> /dev/null mkdir -p /var/log/lsh chown :lshellg /var/log/lsh chmod 770 /var/log/lsh &> /dev/null touch ${pthLog}/lshell-build-${_LSHELL_VRN}-hotfix5 who | awk '$1 !~ /root/{ cmd="pkill -KILL -u " $1; system(cmd) }' fi if [ -f "${usrBin}/lshell" ]; then if [ ! -L "/usr/bin/lshell" ]; then ln -sf ${usrBin}/lshell /usr/bin/lshell &> /dev/null fi fi } fix_log4j() { _LOG4J_VRN=2.17.1 _DO_SOLR_RESTART= if [ -x "/etc/init.d/solr7" ] && [ -e "/etc/default/solr7.in.sh" ]; then if [ -e "/opt/solr-7.7.3" ] \ && [ ! -e "/opt/solr-7.7.3/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.7.3/ mv -f /opt/solr-7.7.3/server/lib/ext/log4j* /var/backups/log4j/solr-7.7.3/ rm -f /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.7.3/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.7.3/server/lib/ext/log4j* chown root:root /opt/solr-7.7.3/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi if [ -e "/opt/solr-7.6.0" ] \ && [ ! -e "/opt/solr-7.6.0/server/lib/ext/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt rm -rf apache-log4j* get_dev_src "apache-log4j-${_LOG4J_VRN}-bin.tar.gz" if [ -e "/var/opt/apache-log4j-${_LOG4J_VRN}-bin/log4j-core-${_LOG4J_VRN}.jar" ]; then cd /var/opt/apache-log4j-${_LOG4J_VRN}-bin mkdir -p /var/backups/log4j/solr-7.6.0/ mv -f /opt/solr-7.6.0/server/lib/ext/log4j* /var/backups/log4j/solr-7.6.0/ rm -f /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* cp -af log4j-1.2-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-core-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-slf4j-impl-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/server/lib/ext/ cp -af log4j-api-${_LOG4J_VRN}.jar /opt/solr-7.6.0/contrib/prometheus-exporter/lib/ chown root:root /opt/solr-7.6.0/server/lib/ext/log4j* chown root:root /opt/solr-7.6.0/contrib/prometheus-exporter/lib/log4j* _DO_SOLR_RESTART=YES fi fi _RESULT_LOG4J=$(grep "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" /etc/default/solr7.in.sh 2>&1) if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]]; then echo "LOG4J_FORMAT_MSG_NO_LOOKUPS=true" >> /etc/default/solr7.in.sh fi if [[ ! "${_RESULT_LOG4J}" =~ "LOG4J" ]] || [ ! -z "${_DO_SOLR_RESTART}" ]; then service solr7 restart fi fi } fix_authorized_keys() { if [ ! -e "${pthLog}/fix_authorized_keys.ctrl.${_X_SE}.pid" ]; then chmod 0600 /home/*/.ssh/authorized_keys chmod 0700 /home/*/.ssh touch ${pthLog}/fix_authorized_keys.ctrl.${_X_SE}.pid fi } fix_tcp() { _TCP_FIX=$(grep "tcp_challenge_ack_limit" /etc/sysctl.conf 2>&1) if [ -z "${_TCP_FIX}" ]; then echo "net.ipv4.tcp_challenge_ack_limit = 1073741823" >> /etc/sysctl.conf fi } fix_aio() { _AIO_FIX=$(grep "fs.aio-max-nr" /etc/sysctl.conf 2>&1) if [ -z "${_AIO_FIX}" ]; then echo "fs.aio-max-nr = 2097152" >> /etc/sysctl.conf fi } fix_alt() { if [ -x "/usr/lib/jvm/java-7-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sf /usr/lib/jvm/java-7-openjdk/jre/bin/java /etc/alternatives/java ln -sf /etc/alternatives/java /usr/bin/java echo fixed java symlinks fi fi if [ -x "/usr/lib/jvm/java-8-openjdk/jre/bin/java" ]; then if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then ln -sf /usr/lib/jvm/java-8-openjdk/jre/bin/java /etc/alternatives/java ln -sf /etc/alternatives/java /usr/bin/java echo fixed java symlinks fi fi } fix_wkhtml_perms() { _WKHTML_ARRAY="/usr/local/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf \ /usr/bin/wkhtmltopdf-0.12.4 \ /usr/local/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage \ /usr/bin/wkhtmltoimage-0.12.4" for _WKHTML_ITEM in ${_WKHTML_ARRAY}; do if [ -x "${_WKHTML_ITEM}" ]; then _PERM_TEST=$(ls -la ${_WKHTML_ITEM} | grep rwxr-xr-x 2>&1) if [ -z "${_PERM_TEST}" ]; then chgrp root ${_WKHTML_ITEM} &> /dev/null chmod 755 ${_WKHTML_ITEM} &> /dev/null fi fi done } fix_wkhtml() { if [ -x "/usr/local/bin/wkhtmltopdf" ] \ && [ -L "/usr/bin/wkhtmltopdf" ]; then rm -f /usr/bin/wkhtmltopdf cp -af /usr/local/bin/wkhtmltopdf /usr/bin/wkhtmltopdf chgrp root /usr/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/bin/wkhtmltopdf &> /dev/null fi if [ -x "/usr/local/bin/wkhtmltoimage" ] \ && [ -L "/usr/bin/wkhtmltoimage" ]; then rm -f /usr/bin/wkhtmltoimage cp -af /usr/local/bin/wkhtmltoimage /usr/bin/wkhtmltoimage chgrp root /usr/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/bin/wkhtmltoimage &> /dev/null fi } fix_eldir() { if [ -e "/var/xdrago" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ ! -e "${eldirP}" ]; then mkdir -p /var/xdrago/conf curl ${crlGet} "${urlHmr}/patches/${eldirF}" -o ${eldirP} fi } fix_pure_ftpd() { if [ -e "/usr/local/etc/pure-ftpd.conf" ]; then _PAM_AUTH=$(grep "^PAMAuthentication" /usr/local/etc/pure-ftpd.conf 2>&1) if [ ! -z "${_PAM_AUTH}" ]; then sed -i "s/^PAMAuthentication/# PAMAuthentication/g" /usr/local/etc/pure-ftpd.conf killall -9 pure-ftpd &> /dev/null fi fi } fix_hosting_le() { if [ -d "/var/xdrago/conf" ]; then if [ ! -e "${hoLeIncFull}.ctrl.${_X_SE}.pid" ] \ || [ -e "/var/xdrago/${provLeInc}" ] \ || [ -e "/var/xdrago/${hoLeInc}" ] \ || [ -e "/var/xdrago/${dehydName}" ] \ || [ -e "/root/${provLeInc}" ] \ || [ -e "/root/hosting_le_vhost.drush.inc.ctrl.${_X_SE}.pid" ] \ || [ -e "/root/${hoLeInc}" ] \ || [ -e "${legacyLeSh}" ] \ || [ ! -e "${dehydSrcPath}" ] \ || [ ! -e "${provLeIncFull}.ctrl.${_X_SE}.pid" ]; then mkdir -p /var/xdrago/conf rm -f /var/xdrago/*.drush.inc* rm -f /root/*.drush.inc* rm -f ${legacyLeSh} rm -f ${dehydSrcPath}.ctrl.${_X_SE}.pid rm -f ${hoLeIncFull}.ctrl.${_X_SE}.pid rm -f ${provLeIncFull}.ctrl.${_X_SE}.pid curl ${crlGet} "${urlHmr}/helpers/${dehydName}" -o ${dehydSrcPath}.ctrl.${_X_SE}.pid cp -af ${dehydSrcPath}.ctrl.${_X_SE}.pid ${dehydSrcPath} curl ${crlGet} "${urlHmr}/patches/${hoLeInc}" -o ${hoLeIncFull}.ctrl.${_X_SE}.pid cp -af ${hoLeIncFull}.ctrl.${_X_SE}.pid ${hoLeIncFull} curl ${crlGet} "${urlHmr}/patches/${provLeInc}" -o ${provLeIncFull}.ctrl.${_X_SE}.pid cp -af ${provLeIncFull}.ctrl.${_X_SE}.pid ${provLeIncFull} fi fi } fix_newrelic() { _PHP_EXT_DIR_74="/opt/php74/lib/php/extensions/no-debug-non-zts-20190902" _NR_SO="/usr/lib/newrelic-php5/agent/x64/newrelic-20190902.so" if [ -e "${_PHP_EXT_DIR_74}" ] \ && [ -e "${_NR_SO}" ] \ && [ ! -e "${_PHP_EXT_DIR_74}/newrelic.so" ]; then ln -s ${_NR_SO} ${_PHP_EXT_DIR_74}/newrelic.so service php74-fpm reload fi } fix_leftovers() { if [ -e "/data/disk/arch/static/control" ]; then rm -rf /data/disk/arch/static fi } force_rebuild() { if [ ! -e "${pthLog}/forced.rebuild.glibc.txt" ]; then echo "_GIT_FORCE_REINSTALL=YES" >> ${barCnf} echo "_NGX_FORCE_REINSTALL=YES" >> ${barCnf} echo "_PHP_FORCE_REINSTALL=YES" >> ${barCnf} echo "_SSH_FORCE_REINSTALL=YES" >> ${barCnf} echo "_SSL_FORCE_REINSTALL=YES" >> ${barCnf} rm -f ${pthLog}/pure-ftpd-build* rm -f ${pthLog}/mss-build* rm -f ${pthLog}/lshell-build* rm -f ${pthLog}/redis-* touch ${pthLog}/forced.rebuild.glibc.txt fi } update_wrappers() { sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait if [ ! -e "/etc/resolv.conf" ]; then rm -f /etc/resolv.conf if [ -e "${vBs}/resolv.conf.vanilla" ]; then cat ${vBs}/resolv.conf.vanilla >/etc/resolv.conf fi echo "nameserver 1.1.1.1" >>/etc/resolv.conf echo "nameserver 1.0.0.1" >>/etc/resolv.conf check_dns_settings else check_dns_settings fi if [ -d "/var/cache/pdnsd" ] \ && [ -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then pdnsd-ctl empty-cache &> /dev/null fi isCurl=$(curl --version 2>&1) if [[ ! "${isCurl}" =~ "OpenSSL" ]] || [ -z "${isCurl}" ]; then rm -f /etc/apt/sources.list.d/openssl.list if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections &> /dev/null apt-get clean -qq &> /dev/null rm -rf /var/lib/apt/lists/* apt-get update -qq &> /dev/null apt-get install curl ${forCer} &> /dev/null mkdir -p /var/backups/libcurl mv -f /usr/local/lib/libcurl* /var/backups/libcurl/ &> /dev/null mv -f /usr/local/lib/pkgconfig/libcurl* /var/backups/libcurl/ &> /dev/null touch /root/.use.curl.from.packages.cnf fi _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "curl install" | dpkg --set-selections &> /dev/null apt-get install curl ${forCer} &> /dev/null mkdir -p /var/backups/libcurl mv -f /usr/local/lib/libcurl* /var/backups/libcurl/ &> /dev/null mv -f /usr/local/lib/pkgconfig/libcurl* /var/backups/libcurl/ &> /dev/null touch /root/.use.curl.from.packages.cnf fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else urlHmr="http://${_USE_MIR}/versions/master/aegir" fi _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt-get clean -qq &> /dev/null rm -rf /var/lib/apt/lists/* apt-get update -qq &> /dev/null apt-get install lsb-release ${forCer} &> /dev/null fi _IPSET_TEST=$(which ipset 2> /dev/null) if [ ! -x "${_IPSET_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt-get clean -qq &> /dev/null rm -rf /var/lib/apt/lists/* apt-get update -qq &> /dev/null apt-get install ipset ${forCer} &> /dev/null fi if [ -x "/sbin/ipset" ] && [ ! -L "/usr/sbin/ipset" ]; then if [ ! -x "/etc/csf/csfpost.sh" ]; then echo "" > /etc/csf/csfpost.sh echo "iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh echo "iptables -t raw -A OUTPUT -p tcp --dport 21 -j CT --helper ftp" >> /etc/csf/csfpost.sh chmod 700 /etc/csf/csfpost.sh fi rm -f /usr/sbin/ipset ln -sf /sbin/ipset /usr/sbin/ipset _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then csf -uf csf -q sleep 8 ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss 2>&1) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null fi fi fi fi if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.conf" ]; then _CC_SRC_TEST=$(grep CC_SRC /etc/csf/csf.conf 2>&1) echo _CC_SRC_TEST 1 is ${_CC_SRC_TEST} if [[ ! "${_CC_SRC_TEST}" =~ "CC_SRC =.*2" ]]; then echo _CC_SRC_TEST 2 is ${_CC_SRC_TEST} csf -uf sleep 8 sed -i "s/^CC_SRC .*/CC_SRC = \"2\"/g" /etc/csf/csf.conf wait sed -i "s/^AUTO_UPDATES .*/AUTO_UPDATES = \"1\"/g" /etc/csf/csf.conf wait csf -q fi fi mkdir -p ${usrBin} if [ -e "${pthLog}" ] && [ ! -e "${pthLog}/fixPSop.ctrl.${_X_SE}.pid" ]; then fxPp="fix-drupal-platform-permissions.sh" fxSp="fix-drupal-site-permissions.sh" fxPo="fix-drupal-platform-ownership.sh" fxSo="fix-drupal-site-ownership.sh" curl ${crlGet} "${urlHmr}/${tBn}/${fxPp}" -o ${usrBin}/${fxPp} curl ${crlGet} "${urlHmr}/${tBn}/${fxSp}" -o ${usrBin}/${fxSp} curl ${crlGet} "${urlHmr}/${tBn}/${fxPo}" -o ${usrBin}/${fxPo} curl ${crlGet} "${urlHmr}/${tBn}/${fxSo}" -o ${usrBin}/${fxSo} chmod 700 ${usrBin}/${fxPp} chmod 700 ${usrBin}/${fxSp} chmod 700 ${usrBin}/${fxPo} chmod 700 ${usrBin}/${fxSo} touch ${pthLog}/fixPSop.ctrl.${_X_SE}.pid fi mkdir -p ${optBin} rm -f ${usrBin}/{barracuda*,boa*,octopus*} if [ ! -e "/data/disk" ]; then ln -s ${optBin}/boa ${usrBin}/boa ln -s ${optBin}/barracuda ${usrBin}/barracuda ln -s ${optBin}/octopus ${usrBin}/octopus fi rm -f ${optBin}/{barracuda*,boa*,octopus*} curl ${crlGet} "${urlHmr}/${tBn}/barracuda" -o ${optBin}/barracuda curl ${crlGet} "${urlHmr}/${tBn}/boa" -o ${optBin}/boa curl ${crlGet} "${urlHmr}/${tBn}/octopus" -o ${optBin}/octopus echo "### ${_TODAY} ###" >> ${optBin}/boa echo "### ${_TODAY} ###" >> ${optBin}/barracuda echo "### ${_TODAY} ###" >> ${optBin}/octopus chmod 700 ${optBin}/{barracuda*,boa*,octopus*} } setup() { _BENG_VS=NO _VMFAMILY=NO _CHECK_HOST=$(uname -n 2>&1) _VM_TEST=$(uname -a 2>&1) if [[ "${_VM_TEST}" =~ "-beng" ]]; then _BENG_VS=YES fi if [ "${_BENG_VS}" = "YES" ]; then _RANDOMIZE=YES else _RANDOMIZE=NO fi if [[ "${_CHECK_HOST}" =~ ".host8." ]] \ || [[ "${_CHECK_HOST}" =~ ".boa.io" ]] \ || [[ "${_CHECK_HOST}" =~ ".o8.io" ]] \ || [[ "${_CHECK_HOST}" =~ ".aegir.cc" ]]; then _VMFAMILY=HOSTED fi if [ "${_BENG_VS}" != "YES" ]; then ntpdate pool.ntp.org &> /dev/null fi sed -i "s/.*files.aegir.cc.*//g" /etc/hosts wait sed -i "s/.*github.*//g" /etc/hosts wait echo >>/etc/hosts sed -i "/^$/d" /etc/hosts wait if [ ! -e "/etc/resolv.conf" ]; then rm -f /etc/resolv.conf if [ -e "${vBs}/resolv.conf.vanilla" ]; then cat ${vBs}/resolv.conf.vanilla >/etc/resolv.conf fi echo "nameserver 1.1.1.1" >>/etc/resolv.conf echo "nameserver 1.0.0.1" >>/etc/resolv.conf check_dns_settings else check_dns_settings fi if [ -d "/var/cache/pdnsd" ] \ && [ -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then pdnsd-ctl empty-cache &> /dev/null fi isCurl=$(curl --version 2>&1) if [[ ! "${isCurl}" =~ "OpenSSL" ]] || [ -z "${isCurl}" ]; then rm -f /etc/apt/sources.list.d/openssl.list if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi echo "curl install" | dpkg --set-selections &> /dev/null apt-get clean -qq &> /dev/null rm -rf /var/lib/apt/lists/* apt-get update -qq &> /dev/null apt-get install curl ${forCer} &> /dev/null mkdir -p /var/backups/libcurl mv -f /usr/local/lib/libcurl* /var/backups/libcurl/ &> /dev/null mv -f /usr/local/lib/pkgconfig/libcurl* /var/backups/libcurl/ &> /dev/null touch /root/.use.curl.from.packages.cnf fi _CURL_TEST=$(curl -L -k -s \ --max-redirs 10 \ --retry 3 \ --retry-delay 10 \ -I "http://${_USE_MIR}" 2> /dev/null) if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then echo "curl install" | dpkg --set-selections &> /dev/null apt-get install curl ${forCer} &> /dev/null mkdir -p /var/backups/libcurl mv -f /usr/local/lib/libcurl* /var/backups/libcurl/ &> /dev/null mv -f /usr/local/lib/pkgconfig/libcurl* /var/backups/libcurl/ &> /dev/null touch /root/.use.curl.from.packages.cnf fi echo "ERROR: ${_USE_MIR} is not available, please try later" exit 1 else urlHmr="http://${_USE_MIR}/versions/master/aegir" fi _VIRT_TEST=$(which virt-what 2> /dev/null) if [ ! -x "${_VIRT_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt-get clean -qq &> /dev/null rm -rf /var/lib/apt/lists/* apt-get update -qq &> /dev/null apt-get install virt-what ${forCer} &> /dev/null fi _LSB_TEST=$(which lsb_release 2> /dev/null) if [ ! -x "${_LSB_TEST}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt-get clean -qq &> /dev/null rm -rf /var/lib/apt/lists/* apt-get update -qq &> /dev/null apt-get install lsb-release ${forCer} &> /dev/null fi mkdir -p ${usrBin} if [ -e "${pthLog}" ] && [ ! -e "${pthLog}/fixPSop.ctrl.${_X_SE}.pid" ]; then fxPp="fix-drupal-platform-permissions.sh" fxSp="fix-drupal-site-permissions.sh" fxPo="fix-drupal-platform-ownership.sh" fxSo="fix-drupal-site-ownership.sh" curl ${crlGet} "${urlHmr}/${tBn}/${fxPp}" -o ${usrBin}/${fxPp} curl ${crlGet} "${urlHmr}/${tBn}/${fxSp}" -o ${usrBin}/${fxSp} curl ${crlGet} "${urlHmr}/${tBn}/${fxPo}" -o ${usrBin}/${fxPo} curl ${crlGet} "${urlHmr}/${tBn}/${fxSo}" -o ${usrBin}/${fxSo} chmod 700 ${usrBin}/${fxPp} chmod 700 ${usrBin}/${fxSp} chmod 700 ${usrBin}/${fxPo} chmod 700 ${usrBin}/${fxSo} touch ${pthLog}/fixPSop.ctrl.${_X_SE}.pid fi mkdir -p ${optBin} rm -f ${optBin}/.{boa*,fix*} rm -f ${usrBin}/{autoupboa*,barracuda*,boa*,ffmirror*,mycnfup*,weblogx*} rm -f ${usrBin}/{octopus*,randpass*,sqlmagic*,syncpass*,thinkdifferent*} if [ ! -e "/data/disk" ]; then ln -s ${optBin}/boa ${usrBin}/boa ln -s ${optBin}/barracuda ${usrBin}/barracuda ln -s ${optBin}/octopus ${usrBin}/octopus fi boaBins="autoupboa \ barracuda \ boa \ ffmirror \ mycnfup \ octopus \ randpass \ sqlmagic \ syncpass \ thinkdifferent \ weblogx \ xboa" for cbn in ${boaBins}; do if [ -e "${optBin}/${cbn}" ]; then if [ `ps aux | grep -v "grep" | grep --count "/${cbn}"` -gt "0" ]; then echo "The ${cbn} is running!" else if [ "${cbn}" = "weblogx" ] \ && [ `ps aux | grep -v "grep" | grep --count "/daily.sh"` -gt "0" ]; then echo "The ${cbn} and daily.sh is running!" else rm -f ${optBin}/${cbn}.new curl ${crlGet} "${urlHmr}/${tBn}/${cbn}" -o ${optBin}/${cbn}.new mv -f ${optBin}/${cbn} ${optBin}/${cbn}.prev mv -f ${optBin}/${cbn}.new ${optBin}/${cbn} if [ -e "${optBin}/${cbn}" ]; then chmod 755 ${optBin}/${cbn} rm -f ${optBin}/${cbn}.prev else mv -f ${optBin}/${cbn}.prev ${optBin}/${cbn} fi fi fi else curl ${crlGet} "${urlHmr}/${tBn}/${cbn}" -o ${optBin}/${cbn} fi done echo "### ${_TODAY} ###" >> ${optBin}/boa echo "### ${_TODAY} ###" >> ${optBin}/barracuda echo "### ${_TODAY} ###" >> ${optBin}/octopus rm -f /root/.backboa.autoupdate if [ `ps aux | grep -v "grep" | grep --count "duplicity"` -gt "0" ]; then echo "The duplicity backup is running!" else rm -f ${optBin}/{backboa,duobackboa} curl ${crlGet} "${urlHmr}/${tBn}/backboa" -o ${optBin}/backboa curl ${crlGet} "${urlHmr}/${tBn}/duobackboa" -o ${optBin}/duobackboa chmod 700 ${optBin}/{backboa,duobackboa} if [ ! -e "${pthLog}/duplicity.ctrl.${_X_SE}.pid" ] \ && [ -x "/usr/local/bin/duplicity" ] \ && [ -e "/data/disk/arch/sql" ] \ && [ -e "/var/xdrago" ]; then backboa install touch ${pthLog}/duplicity.ctrl.${_X_SE}.pid touch /root/.backboa.autoupdate fi fi chmod 700 ${optBin}/{autoupboa,backboa,barracuda,boa,duobackboa} chmod 700 ${optBin}/{ffmirror,octopus,syncpass,xboa,mycnfup,weblogx} chmod 755 ${optBin}/{randpass,sqlmagic,thinkdifferent} echo echo "BOA Meta Installer setup completed" echo "Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs" echo "Bye" echo } count_cpu() { _CPU_INFO=$(grep -c processor /proc/cpuinfo 2>&1) _CPU_INFO=${_CPU_INFO//[^0-9]/} _NPROC_TEST=$(which nproc 2>&1) if [ -z "${_NPROC_TEST}" ]; then _CPU_NR="${_CPU_INFO}" else _CPU_NR=$(nproc 2>&1) fi _CPU_NR=${_CPU_NR//[^0-9]/} if [ ! -z "${_CPU_NR}" ] \ && [ ! -z "${_CPU_INFO}" ] \ && [ "${_CPU_NR}" -gt "${_CPU_INFO}" ] \ && [ "${_CPU_INFO}" -gt "0" ]; then _CPU_NR="${_CPU_INFO}" fi if [ -z "${_CPU_NR}" ] || [ "${_CPU_NR}" -lt "1" ]; then _CPU_NR=1 fi mkdir -p /data/all chmod 755 /data/all echo ${_CPU_NR} > /data/all/cpuinfo chmod 644 /data/all/cpuinfo } find_fast_mirror() { isNetc=$(which netcat 2>&1) if [ ! -x "${isNetc}" ] || [ -z "${isNetc}" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi apt-get update -qq &> /dev/null apt-get install netcat ${forCer} &> /dev/null sleep 3 fi ffMirr=$(which ffmirror 2>&1) if [ -x "${ffMirr}" ]; then ffList="/var/backups/boa-mirrors-2022-11.txt" mkdir -p /var/backups if [ ! -e "${ffList}" ]; then echo "de.files.aegir.cc" > ${ffList} echo "ny.files.aegir.cc" >> ${ffList} echo "sg.files.aegir.cc" >> ${ffList} fi if [ -e "${ffList}" ]; then _CHECK_MIRROR=$(bash ${ffMirr} < ${ffList} 2>&1) _USE_MIR="${_CHECK_MIRROR}" [[ "${_USE_MIR}" =~ "printf" ]] && _USE_MIR="files.aegir.cc" else _USE_MIR="files.aegir.cc" fi else _USE_MIR="files.aegir.cc" fi urlDev="http://${_USE_MIR}/dev" urlHmr="http://${_USE_MIR}/versions/master/aegir" } update_sysctl() { if [ ! -e "/root/.no.sysctl.update.cnf" ] \ && [ ! -e "/var/backups/sysctl.conf-${_X_SE}.log" ]; then mkdir -p /var/backups cd /var/backups rm -f /var/backups/sysctl.conf curl ${crlGet} "${urlHmr}/conf/sysctl.conf" -o sysctl.conf if [ -e "/var/backups/sysctl.conf" ]; then cp -af /var/backups/sysctl.conf /etc/sysctl.conf fi if [ -e "/etc/security/limits.conf" ]; then _IF_NF=$(grep '524288' /etc/security/limits.conf 2>&1) if [ -z "${_IF_NF}" ]; then echo "* hard nofile 524288" >> /etc/security/limits.conf echo "* soft nofile 524288" >> /etc/security/limits.conf echo "root hard nofile 1048576" >> /etc/security/limits.conf echo "root soft nofile 1048576" >> /etc/security/limits.conf fi fi if [ -e "/boot/grub/grub.cfg" ] || [ -e "/boot/grub/menu.lst" ]; then #echo never > /sys/kernel/mm/transparent_hugepage/enabled if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi else if [ -e "/etc/sysctl.conf" ]; then sysctl -p /etc/sysctl.conf &> /dev/null fi fi touch /var/backups/sysctl.conf-${_X_SE}.log fi } ###--------------------### if [ `whoami` = "root" ]; then find_fast_mirror ### CVE-2021-44228 Log4j 2 Vulnerability ### CVE-2021-45046 Log4j 2 Vulnerability ### CVE-2021-45105 Log4j 2 Vulnerability fix_log4j ### Linux kernel TCP SACK CVEs mitigation ### CVE-2019-11477 SACK Panic ### CVE-2019-11478 SACK Slowness ### CVE-2019-11479 Excess Resource Consumption Due to Low MSS Values if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ]; then _SACK_TEST=$(ip6tables --list | grep tcpmss 2>&1) if [[ ! "${_SACK_TEST}" =~ "tcpmss" ]]; then sysctl net.ipv4.tcp_mtu_probing=0 &> /dev/null iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP &> /dev/null fi fi ### More aggressive mitigation affecting network performance # if [ -e "/proc/sys/net/ipv4/tcp_sack" ]; then # _SACK_TEST=$(cat /proc/sys/net/ipv4/tcp_sack 2>&1) # _SACK_TEST=$(echo -n ${_SACK_TEST} | tr -d "\n" 2>&1) # if [[ "${_SACK_TEST}" =~ "1" ]]; then # echo "0" > /proc/sys/net/ipv4/tcp_sack # fi # fi ### Block known attackers IPs _CSF_TEST=$(which csf 2> /dev/null) if [ -x "${_CSF_TEST}" ]; then csf -d 185.206.225.30 Flooding user/password csf -d 185.253.97.238 Flooding user/password fi ### Linux kernel CVE-2017-2636 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-n_hdlc.conf" ]; then echo "install n_hdlc /bin/true" > /etc/modprobe.d/blacklist-n_hdlc.conf rmmod n_hdlc &> /dev/null fi ### Linux kernel CVE-2017-6074 hotfix if [ -e "/etc/modprobe.d" ] \ && [ ! -e "/etc/modprobe.d/blacklist-dccp-all.conf" ]; then echo "install dccp /bin/true" > /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_diag /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv4 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_ipv6 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf echo "install dccp_probe /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf rmmod dccp &> /dev/null rmmod dccp_diag &> /dev/null rmmod dccp_ipv4 &> /dev/null rmmod dccp_ipv6 &> /dev/null rmmod dccp_probe &> /dev/null fi if [ -x "/usr/sbin/pdnsd" ] \ && [ ! -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then mkdir -p /etc/resolvconf/run/interface echo "nameserver 127.0.0.1" > /etc/resolvconf/run/interface/lo.pdnsd resolvconf -u &> /dev/null service pdnsd restart &> /dev/null pdnsd-ctl empty-cache &> /dev/null fi if [ ! -e "/data/all/cpuinfo" ]; then count_cpu fi if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \ && [ -e "/var/xdrago" ]; then if [ -e "${barCnf}" ]; then source ${barCnf} fi if [ ! -z "${_SKYNET_MODE}" ] && [ "${_SKYNET_MODE}" = "OFF" ]; then if [ -n "${SSH_TTY+x}" ]; then echo "STATUS: Skynet Agent is Inactive!" echo "STATUS: Please remove the _SKYNET_MODE=OFF line from" echo "STATUS: ${barCnf} to enable me again." echo "NOTE: Only barracuda, boa and octopus wrappers will be updated" update_wrappers exit 0 else update_wrappers exit 0 fi else if [ -n "${SSH_TTY+x}" ]; then echo "STATUS: Skynet Agent is Active, OK!" echo "STATUS: You can add the _SKYNET_MODE=OFF line in" echo "STATUS: ${barCnf} to disable me, if needed." fi fi else _SCREEN_INIT=YES fi if [ -d "/.newrelic" ]; then rm -rf /.newrelic fi chmod a+w /dev/null if [ ! -e "/dev/fd" ]; then if [ -e "/proc/self/fd" ]; then rm -rf /dev/fd ln -s /proc/self/fd /dev/fd fi fi setup if [ -e "/var/log/barracuda_log.txt" ]; then fix_ping_perms fix_fpm_process_max fix_lshell fix_authorized_keys fix_tcp fix_aio fix_alt fix_wkhtml fix_wkhtml_perms fix_eldir fix_pure_ftpd fix_hosting_le fix_newrelic fix_leftovers update_agents update_sysctl # saCoreN="SA-CORE-2018-002" # fix_core_dgd # sleep 3 # saCoreN="SA-CORE-2018-004" # fix_core_dgd # sleep 3 # saCoreN="SA-CORE-2018-006" # fix_core_dgd # sleep 3 # saCoreN="SA-CORE-2019-004" # fix_core_dgd # sleep 3 # saCoreN="3143016-83" # fix_core_dgd fi if [ ! -e "/etc/ssl/private/4096.dhp" ] && [ -d "/var/xdrago" ]; then echo "Generating 4096.dhp -- it may take a very long time..." openssl dhparam -out /etc/ssl/private/4096.dhp 4096 > /dev/null 2>&1 & fi if [ -e "/etc/ssl/private/4096.dhp" ]; then chown -R root:ssl-cert /etc/ssl/private chmod 640 /etc/ssl/private/* chmod 710 /etc/ssl/private fi if [ ! -e "/root/.upstart.cnf" ]; then service cron reload &> /dev/null fi if [ "${_SCREEN_INIT}" = "YES" ]; then if [ ! -e "/etc/apt/apt.conf.d/00sandboxoff" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Sandbox::User \"root\";" > /etc/apt/apt.conf.d/00sandboxoff fi if [ ! -e "/etc/apt/apt.conf.d/99ignorestrict" ] \ && [ -e "/etc/apt/apt.conf.d" ]; then echo "APT::Get::AllowInsecureRepositories \"true\";" > /etc/apt/apt.conf.d/99ignorestrict echo "APT::Get::AllowUnauthenticated \"true\";" >> /etc/apt/apt.conf.d/99ignorestrict echo "Aptitude::CmdLine::Fix-Broken \"true\";" >> /etc/apt/apt.conf.d/99ignorestrict fi apt-get clean -qq &> /dev/null rm -rf /var/lib/apt/lists/* apt-get update -qq &> /dev/null apt-get install screen -y &> /dev/null apt-get install net-tools -y &> /dev/null apt-get install hostname -y &> /dev/null apt-get remove --purge unscd -y &> /dev/null userdel -r debian &> /dev/null sed -i "s/^#startup_message off/startup_message off/g" /etc/screenrc &> /dev/null clear echo echo "The system is ready for BOA installation!" echo echo "We will start screen session for you in 15 seconds" echo "to avoid problems with dropped SSH connections" echo "during BOA stack installation, which may take up to" echo "30-60 minutes, depending on your server speed." echo echo "If your connection will drop, simply log in again" echo "and re-attach your session with 'screen -R' command." echo echo "Please wait a moment until this message disappears." echo echo "Enjoy!" echo sleep 15 screen else exit 0 fi else echo "ERROR: This script should be ran as a root user" exit 1 fi