Merge branch '123.09beta01'

addons/maldet.sh

@@ -83,18 +83,40 @@ else
 	cecho "CentOS / RHEL system detected" $boldyellow
 fi
 
+CENTOSVER=$(awk '{ print $3 }' /etc/redhat-release)
+
+if [ "$CENTOSVER" == 'release' ]; then
+    CENTOSVER=$(awk '{ print $4 }' /etc/redhat-release | cut -d . -f1,2)
+    if [[ "$(cat /etc/redhat-release | awk '{ print $4 }' | cut -d . -f1)" = '7' ]]; then
+        CENTOS_SEVEN='7'
+    fi
+fi
+
+if [[ "$(cat /etc/redhat-release | awk '{ print $3 }' | cut -d . -f1)" = '6' ]]; then
+    CENTOS_SIX='6'
+fi
+
+if [ "$CENTOSVER" == 'Enterprise' ]; then
+    CENTOSVER=$(cat /etc/redhat-release | awk '{ print $7 }')
+    OLS='y'
+fi
+
+if [[ -f /etc/system-release && "$(awk '{print $1,$2,$3}' /etc/system-release)" = 'Amazon Linux AMI' ]]; then
+    CENTOS_SIX='6'
+fi
+
 if [ -f "/etc/centminmod/custom_config.inc" ]; then
   # default is at /etc/centminmod/custom_config.inc
   . "/etc/centminmod/custom_config.inc"
 fi
 
-if [[ ! "$(grep -w 'enabled = 1' /etc/yum.repos.d/rpmforge.repo)" ]]; then
-  echo "rpmforge repo is disabled"
-  echo "aborting maldet.sh install due to clamav rpmforge requirements"
-  echo "check forums for any updates to this issue at"
-  echo "https://community.centminmod.com/forums/add-ons.10/"
-  exit
-fi
+# if [[ ! "$(grep -w 'enabled = 1' /etc/yum.repos.d/rpmforge.repo)" ]]; then
+#   echo "rpmforge repo is disabled"
+#   echo "aborting maldet.sh install due to clamav rpmforge requirements"
+#   echo "check forums for any updates to this issue at"
+#   echo "https://community.centminmod.com/forums/add-ons.10/"
+#   exit
+# fi
 
 if [[ ! -f /usr/bin/wget ]] ; then
 	yum -y -q install wget
@@ -128,6 +150,7 @@ setemailalert() {
 }
 
 maldetinstall() {
+if [ ! -f /usr/local/sbin/maldet ]; then
 	# install maldet
 	cecho "Installing maldet..."  $boldyellow
 	cd $TMP_DIR
@@ -180,55 +203,78 @@ echo ""
 	echo "/usr/local/maldetect/maldet -b -r /boot 2 >> /dev/null 2>&1" >> /etc/cron.daily/maldet
 	echo "/usr/local/maldetect/maldet -b -r /etc 2 >> /dev/null 2>&1" >> /etc/cron.daily/maldet
 	echo "/usr/local/maldetect/maldet -b -r /usr 2 >> /dev/null 2>&1" >> /etc/cron.daily/maldet
+fi
+}
 
+clamav_removeold() {
+  # remove old rpmforge version of clamav
+  if [[ -f /usr/bin/clamscan && "$(/usr/bin/clamscan -V | grep '0.98')" ]]; then
+    yum remove clamav clamav-db clamd --disablerepo=epel --enablerepo=rpmforge --disableexclude=rpmforge --disableplugin=priorities
+    OLDCLAM=y
+  elif [[ -f /usr/bin/clamscan && "$(/usr/bin/clamscan -V | grep '0.99')" ]]; then
+    OLDCLAM=n
+  else
+    OLDCLAM=none
+  fi
 }
 
 clamavinstall() {
-	# install clamav and clamd
-	echo
-	cecho "Installing clamav..."  $boldyellow
-	yum clean all -q
-	yum makecache fast -q
-	yum -y install clamav clamd --disablerepo=epel
-	if [[ -z "$(grep clam /etc/yum.repos.d/epel.repo)" ]]; then
-		sed -i 's/exclude=varnish/exclude=varnish clamd clamav clamav-db/' /etc/yum.repos.d/epel.repo
-	fi
-	# fix for CentOS 7 on system reboot missing /var/run/clamav directory
-	if [[ -z "$(grep '/var/run/clamav' /etc/init.d/clamd)" ]]; then
-		sed -i 's|# config: \/etc\/clamav.conf|# config: \/etc\/clamav.conf\n\nif [ ! -d /var/run/clamav ]; then\n\tmkdir -p \/var\/run\/clamav\n\tchown -R clamav:clamav \/var\/run\/clamav\n\tchmod -R 700 \/var\/run\/clamav\nfi|' /etc/init.d/clamd
-	fi
-
-	# tweak threads to reduce cpu load - default is 50 threads !
-	# it it to half the number of cpu threads detected
-    sed -i "s|^MaxThreads 50|MaxThreads $MAXTHREADS|" /etc/clamd.conf
-    cat /etc/clamd.conf | grep MaxThreads
-
+  if [[ "$OLDCLAM" = 'none' || "$OLDCLAM" = 'y' ]]; then
+	 # install clamav and clamd
+	 echo
+	 cecho "Installing clamav..."  $boldyellow
+	 yum clean all -q
+	 yum makecache fast -q
+	 yum -y install clamav clamav-update clamav-server --disablerepo=rpmforge --disableexclude=epel --disableplugin=priorities
+    # if [[ "$CENTOS_SEVEN" -eq '7' ]]; then
+    #   yum -y install clamav-server-systemd --disablerepo=rpmforge --disableexclude=epel --disableplugin=priorities
+    #   systemctl daemon-reload
+    # else
+    #   yum -y install clamav-server-sysvinit --disablerepo=rpmforge --disableexclude=epel --disableplugin=priorities
+    # fi
+	 if [[ -z "$(grep clam /etc/yum.repos.d/rpmforge.repo)" ]]; then
+		  sed -i 's/exclude=.*/exclude=pure-ftpd optipng clamav* clamd/' /etc/yum.repos.d/rpmforge.repo
+	 fi
+    if [[ "$(grep clam /etc/yum.repos.d/epel.repo)" ]]; then
+      sed -i 's/exclude=.*/exclude=varnish varnish-libs galera nodejs nginx mongodb*/' /etc/yum.repos.d/epel.repo
+    fi
+	 # fix for CentOS 7 on system reboot missing /var/run/clamav directory
+	 if [[ -f /etc/rc.d/init.d/clamd && -z "$(grep '/var/run/clamav' /etc/rc.d/init.d/clamd)" ]]; then
+		  sed -i 's|# config: \/etc\/clamav.conf|# config: \/etc\/clamav.conf\n\nif [ ! -d /var/run/clamav ]; then\n\tmkdir -p \/var\/run\/clamav\n\tchown -R clamav:clamav \/var\/run\/clamav\n\tchmod -R 700 \/var\/run\/clamav\nfi|' /etc/rc.d/init.d/clamd
+	 fi
+
+    if [ -f /etc/clamd.conf ]; then
+	 # tweak threads to reduce cpu load - default is 50 threads !
+	 # it it to half the number of cpu threads detected
+      sed -i "s|^MaxThreads 50|MaxThreads $MAXTHREADS|" /etc/clamd.conf
+      cat /etc/clamd.conf | grep MaxThreads
+    fi
+
     if [ ! -d /var/run/clamav/ ]; then
-    	mkdir -p /var/run/clamav/
-    	chown clamav:clamav /var/run/clamav/
+  	 mkdir -p /var/run/clamav/
+   	  chown clamav:clamav /var/run/clamav/
     fi
-
-if [ -f /proc/user_beancounters ]; then
+  
+  if [[ -f /etc/rc.d/init.d/clamd && -f /proc/user_beancounters ]]; then
     echo ""
     echo "*************************************************"
     cecho "* Correct service's stack size for OpenVZ systems. Please wait...." $boldgreen
     echo "*************************************************"
-
-sed -i 's/#!\/bin\/sh/#!\/bin\/sh\nif [ -f \/proc\/user_beancounters ]; then\nulimit -s 512\nfi\n/g' /etc/init.d/clamd
-
-echo "checking stack size ulimit -s set properly: "
-head -n 5  /etc/init.d/clamd
-fi    
-
-	/etc/init.d/clamd stop
-	/etc/init.d/clamd start
-	chkconfig clamd on
-	time freshclam
+    sed -i 's/#!\/bin\/sh/#!\/bin\/sh\nif [ -f \/proc\/user_beancounters ]; then\nulimit -s 512\nfi\n/g' /etc/rc.d/init.d/clamd
+    echo "checking stack size ulimit -s set properly: "
+    head -n 5  /etc/rc.d/init.d/clamd  
+	 /etc/rc.d/init.d/clamd stop
+	 /etc/rc.d/init.d/clamd start
+	 chkconfig clamd on
+  fi
+	 time freshclam
+fi
 }
 #########################################################
 starttime=$(TZ=UTC date +%s.%N)
 {
 maldetinstall
+clamav_removeold
 clamavinstall
 
 echo

centmin.sh

@@ -526,10 +526,10 @@ NGINXBACKUPDIR='/usr/local/nginxbackup'
 ## Nginx SSL options
 # OpenSSL
 NOSOURCEOPENSSL='y'        # set to 'y' to disable OpenSSL source compile for system default YUM package setup
-OPENSSL_VERSION='1.0.2l'   # Use this version of OpenSSL http://openssl.org/
+OPENSSL_VERSION='1.1.0f'   # Use this version of OpenSSL http://openssl.org/
 OPENSSL_VERSIONFALLBACK='1.0.2l'   # fallback if OPENSSL_VERSION uses openssl 1.1.x branch
 OPENSSL_CUSTOMPATH='/opt/openssl'  # custom directory path for OpenSSL 1.0.2+
-CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
+CLOUDFLARE_PATCHSSL='n'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
 NGINX_DYNAMICTLS='n'       # set 'y' and recompile nginx https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/
 
 # LibreSSL

example/custom_config.inc

@@ -209,10 +209,10 @@ SHORTCUTS='y'                # shortcuts
 ## Nginx SSL options
 # OpenSSL
 NOSOURCEOPENSSL='y'        # set to 'y' to disable OpenSSL source compile for system default YUM package setup
-OPENSSL_VERSION='1.0.2l'   # Use this version of OpenSSL http://openssl.org/
+OPENSSL_VERSION='1.1.0f'   # Use this version of OpenSSL http://openssl.org/
 OPENSSL_VERSIONFALLBACK='1.0.2l'   # fallback if OPENSSL_VERSION uses openssl 1.1.x branch
 OPENSSL_CUSTOMPATH='/opt/openssl'  # custom directory path for OpenSSL 1.0.2+
-CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
+CLOUDFLARE_PATCHSSL='n'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
 NGINX_DYNAMICTLS='n'       # set 'y' and recompile nginx https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/
 
 # LibreSSL

inc/centminfinish.inc

@@ -61,12 +61,53 @@ echo ""
   fi
 
 letswait
+  if [[ "$PHP_INSTALL" = [yY] ]]; then
 echo ""
 	cecho "--------------------------------------------------------" $boldyellow
 	cecho "Check PHP-FPM Version:" $boldyellow
 	cecho "--------------------------------------------------------" $boldyellow
 	$(which php) -v
 letswait
+  else
+echo ""
+	cecho "--------------------------------------------------------" $boldyellow
+	cecho "Check PHP-FPM Version:" $boldyellow
+	cecho "--------------------------------------------------------" $boldyellow
+	echo "PHP_INSTALL='n' set"
+  fi
+
+  if [ -f /usr/bin/php72 ]; then
+echo ""
+	cecho "--------------------------------------------------------" $boldyellow
+	cecho "Check PHP-FPM 7.2 Version:" $boldyellow
+	cecho "--------------------------------------------------------" $boldyellow
+	/usr/bin/php72 -v
+letswait
+  fi
+  if [ -f /usr/bin/php71 ]; then
+echo ""
+	cecho "--------------------------------------------------------" $boldyellow
+	cecho "Check PHP-FPM 7.1 Version:" $boldyellow
+	cecho "--------------------------------------------------------" $boldyellow
+	/usr/bin/php71 -v
+letswait
+  fi
+  if [ -f /usr/bin/php70 ]; then
+echo ""
+	cecho "--------------------------------------------------------" $boldyellow
+	cecho "Check PHP-FPM 7.0 Version:" $boldyellow
+	cecho "--------------------------------------------------------" $boldyellow
+	/usr/bin/php70 -v
+letswait
+  fi
+  if [ -f /usr/bin/php56 ]; then
+echo ""
+	cecho "--------------------------------------------------------" $boldyellow
+	cecho "Check PHP-FPM 5.6 Version:" $boldyellow
+	cecho "--------------------------------------------------------" $boldyellow
+	/usr/bin/php56 -v
+letswait
+  fi
 
 echo ""
 	cecho "--------------------------------------------------------" $boldyellow

inc/cpcheck.inc

@@ -1712,7 +1712,7 @@ if [[ "$INITIALINSTALL" != [yY] ]]; then
   fixlibmysqlclient_symlink
   fixnodejs_epel
   fixnginx_epel
-  fixclamav_epel
+  #fixclamav_epel
   nano_highlight
   checkwoff
   checkipvsix

inc/gcc.inc

@@ -96,13 +96,13 @@ disable_devtoolset() {
 set_intelflags() {
 	if [[ "$INTELOPT" = [yY] ]]; then
     	if [[ "$(uname -m)" == 'x86_64' && $(grep Intel /proc/cpuinfo) ]]; then
-        	CFLAGS='-O2 -m64 -march=native -pipe -g -mmmx -msse3'
-        	CXXFLAGS='-O2 -m64 -march=native -pipe -g -mmmx -msse3' 
+        	CFLAGS='-O2 -m64 -march=native -pipe -g'
+        	CXXFLAGS='-O2 -m64 -march=native -pipe -g' 
         	export CFLAGS
         	export CXXFLAGS
     	elif [[ "$(uname -m)" != 'x86_64' && $(grep Intel /proc/cpuinfo) ]]; then
-        	CFLAGS='-O2 -m32 -march=native -pipe -g -mmmx -msse3'
-        	CXXFLAGS='-O2 -m32 -march=native -pipe -g -mmmx -msse3' 
+        	CFLAGS='-O2 -m32 -march=native -pipe -g'
+        	CXXFLAGS='-O2 -m32 -march=native -pipe -g' 
         	export CFLAGS
         	export CXXFLAGS
     	fi

inc/nginx_addvhost.inc

@@ -146,6 +146,19 @@ echo "if after vhost site setup you encounter 403 permission denied errors,"
 echo "check https://community.centminmod.com/threads/7308/ to see if your"
 echo "site needs tools/autoprotect.sh tweaking/whitelisting"
 cecho "---------------------------------------------------------------" $boldyellow
+if [[ "$LETSENCRYPT_DETECT" != [yY] ]]; then
+echo "[ LETSENCRYPT_DETECT is not enabled ]"
+echo "Ignore this message if you do not want HTTPS based web site otherwise"
+echo "read below carefully."
+echo
+echo "Free letsencrypt SSL certificates integration is in beta testing if"
+echo "you want to obtain free letsencrypt SSL certificate for HTTPS site,"
+echo "you will need to manually enable LETSENCRYPT_DETECT='y' outlined"
+echo "at https://centminmod.com/acmetool so exit this vhost routine first"
+echo "set LETSENCRYPT_DETECT='y' and update domain DNS A record first"
+echo "then re-run vhost site creation menu option"
+cecho "---------------------------------------------------------------" $boldyellow
+fi
 echo
 read -ep "Do you want to continue with Nginx vhost site creation ? [y/n] " dovhost_continue
 echo
@@ -617,7 +630,12 @@ else
   SPDY_HEADER='add_header Alternate-Protocol  443:npn-spdy/3;'
 fi
 
-if [[ -f /usr/bin/php71 && -f /usr/bin/php70 && -f /usr/bin/php56 ]]; then
+if [[ -f /usr/bin/php72 && -f /usr/bin/php71 && -f /usr/bin/php70 && -f /usr/bin/php56 ]]; then
+  MULTIPHP_INCLUDES='#include /usr/local/nginx/conf/php72-remi.conf;
+  #include /usr/local/nginx/conf/php71-remi.conf;
+  #include /usr/local/nginx/conf/php70-remi.conf;
+  #include /usr/local/nginx/conf/php56-remi.conf;'
+elif [[ -f /usr/bin/php71 && -f /usr/bin/php70 && -f /usr/bin/php56 ]]; then
   MULTIPHP_INCLUDES='#include /usr/local/nginx/conf/php71-remi.conf;
   #include /usr/local/nginx/conf/php70-remi.conf;
   #include /usr/local/nginx/conf/php56-remi.conf;'

inc/nginx_patch.inc

@@ -189,7 +189,7 @@ patchnginx() {
           cecho "$CUR_DIR/patches/nginx/openssl-110ticket.patch not found" $boldyellow
         fi
       elif [[ "$DETECT_NGXVER" -lt '1011000' ]]; then
-        # OPENSSL_VERSION='1.0.2l'
+        # OPENSSL_VERSION='1.1.0f'
         cecho "skipping patching due to Nginx version less than 1.11.0" $boldyellow
       fi
     fi

inc/phpsededit.inc

@@ -44,14 +44,14 @@ phpsededit() {
         PHP_REALPATHTTL='28800'
     elif [[ "$TOTALMEM" -gt '1049576' && "$TOTALMEM" -le '2097152' ]]; then
         ZOLIMIT='240'
-        PHP_MEMORYLIMIT='256M'
-        PHP_UPLOADLIMIT='256M'
+        PHP_MEMORYLIMIT='320M'
+        PHP_UPLOADLIMIT='320M'
         PHP_REALPATHLIMIT='384k'
         PHP_REALPATHTTL='28800'
     elif [[ "$TOTALMEM" -gt '2097152' && "$TOTALMEM" -le '3145728' ]]; then
         ZOLIMIT='304'
-        PHP_MEMORYLIMIT='320M'
-        PHP_UPLOADLIMIT='320M'
+        PHP_MEMORYLIMIT='384M'
+        PHP_UPLOADLIMIT='384M'
         PHP_REALPATHLIMIT='512k'
         PHP_REALPATHTTL='43200'
     elif [[ "$TOTALMEM" -gt '3145728' && "$TOTALMEM" -le '4194304' ]]; then

inc/wpsetup.inc

@@ -82,6 +82,19 @@ echo "if after vhost site setup you encounter 403 permission denied errors,"
 echo "check https://community.centminmod.com/threads/11215/ to see if your"
 echo "site needs tools/autoprotect.sh tweaking & whitelisting"
 cecho "---------------------------------------------------------------" $boldyellow
+if [[ "$LETSENCRYPT_DETECT" != [yY] ]]; then
+echo "[ LETSENCRYPT_DETECT is not enabled ]"
+echo "Ignore this message if you do not want HTTPS based web site otherwise"
+echo "read below carefully."
+echo
+echo "Free letsencrypt SSL certificates integration is in beta testing if"
+echo "you want to obtain free letsencrypt SSL certificate for HTTPS site,"
+echo "you will need to manually enable LETSENCRYPT_DETECT='y' outlined"
+echo "at https://centminmod.com/acmetool so exit this vhost routine first"
+echo "set LETSENCRYPT_DETECT='y' and update domain DNS A record first"
+echo "then re-run vhost site creation menu option"
+cecho "---------------------------------------------------------------" $boldyellow
+fi
 echo
 read -ep "Do you want to continue with Nginx vhost site creation ? [y/n] " dovhost_continue
 echo

inc/yumpriorities.inc

@@ -296,7 +296,7 @@ PRIOREXISTS=1
 :/\[epel\]/ , /gpgkey/
 :a
 priority=3
-exclude=varnish varnish-libs clamd clamav clamav-devel clamav-db galera nodejs nginx mongodb*
+exclude=varnish varnish-libs galera nodejs nginx mongodb*
 .
 :w
 :q
@@ -329,7 +329,7 @@ PRIOREXISTS=1
 :/\[rpmforge\]/ , /gpgcheck/
 :a
 priority=5
-exclude=pure-ftpd optipng
+exclude=pure-ftpd optipng clamav* clamd
 .
 :w
 :q

installer-dnf-gitlab.sh

@@ -1062,8 +1062,12 @@ echo "--------------------------------------------------------------------------
   DTIME_SEC=$(echo "$DTIME" |awk '{print $7}')
   NTIME=$(tail -1 /root/centminlogs/centminmod_ngxinstalltime_*.log)
   NTIME_SEC=$(echo "$NTIME" |awk '{print $7}')
-  PTIME=$(tail -1 /root/centminlogs/centminmod_phpinstalltime_*.log)
-  PTIME_SEC=$(echo "$PTIME" |awk '{print $7}')
+  if [ -f /root/centminlogs/centminmod_phpinstalltime_*.log ]; then
+    PTIME=$(tail -1 /root/centminlogs/centminmod_phpinstalltime_*.log)
+    PTIME_SEC=$(echo "$PTIME" |awk '{print $7}')
+  else
+    PTIME_SEC='0'
+  fi
   CMTIME=$(tail -1 /root/centminlogs/*_install.log)
   CMTIME_SEC=$(echo "$CMTIME" |awk '{print $6}')
   CMTIME_SEC=$(printf "%0.4f\n" $CMTIME_SEC)