Permalink
483d46d Sep 2, 2017
1375 lines (1322 sloc) 49.6 KB
#!/bin/bash
###----------------------------------------###
###
### BOA Meta Installer
###
### Copyright (C) 2010-2017 Omega8.cc
### noc@omega8.cc www.omega8.cc
###
### This program is free software. You can
### redistribute it and/or modify it under
### the terms of the GNU GPL as published by
### the Free Software Foundation, version 2
### or later.
###
### This program is distributed in the hope
### that it will be useful, but WITHOUT ANY
### WARRANTY; without even the implied
### warranty of MERCHANTABILITY or FITNESS
### FOR A PARTICULAR PURPOSE. See the GNU GPL
### for more details.
###
### You should have received a copy of the
### GNU GPL along with this program.
### If not, see http://www.gnu.org/licenses/
###
### Code: https://github.com/omega8cc/boa
###
###----------------------------------------###
###----------------------------------------###
### HOW-TO: run it with bash, not with sh ###
###----------------------------------------###
###
### bash BOA.sh.txt
###
###----------------------------------------###
### DON'T EDIT ANYTHING BELOW THIS LINE ###
###----------------------------------------###
export PATH=$PATH:/opt/local/bin
SHELL=/bin/bash
export DEBIAN_FRONTEND=noninteractive
_TODAY=$(date +%y%m%d 2>&1)
_TODAY=${_TODAY//[^0-9]/}
_X_VERSION="BOA-3.2.0"
#
saCoreN="SA-CORE-2014-005"
saCoreS="${saCoreN}-D7"
saIncDb="includes/database/database.inc"
saPatch="/var/xdrago/conf/${saCoreS}.patch"
#
barCnf="/root/.barracuda.cnf"
crlGet="-L --max-redirs 10 -k -s --retry 10 --retry-delay 5 -A iCab"
forCer="-fuy --force-yes --reinstall"
optBin="/opt/local/bin"
usrBin="/usr/local/bin"
pthLog="/var/xdrago/log"
tBn="tools/bin"
vBs="/var/backups"
#
eldirF="0001-Print-site_footer-if-defined.patch"
eldirP="/var/xdrago/conf/${eldirF}"
#
hLeF="provision_hosting_le.drush.inc"
hLeP="/var/xdrago/conf/${hLeF}"
#
hLeVtF="hosting_le_vhost.drush.inc"
hLeVtP="/var/xdrago/conf/${hLeVtF}"
#
hLeShF="letsencrypt.sh"
hLeShP="/var/xdrago/conf/${hLeShF}"
fix_dns_settings() {
dnsLi="/root/.local.dns.IP.list"
mkdir -p ${vBs}
rm -f ${vBs}/resolv.conf.tmp
if [ -e "/etc/resolv.conf" ]; then
if [ -L "/etc/resolv.conf" ]; then
rslvT=`readlink -n /etc/resolv.conf`
if [ ! -e "${rslvT}" ]; then
rm -f /etc/resolv.conf
fi
fi
if [ -e "/etc/resolv.conf" ]; then
cp -a /etc/resolv.conf ${vBs}/resolv.conf.tmp
fi
fi
if [ ! -e "${vBs}/resolv.conf.tmp" ]; then
echo "nameserver 8.8.8.8" >${vBs}/resolv.conf.tmp
echo "nameserver 8.8.4.4" >>${vBs}/resolv.conf.tmp
fi
if [ ! -e "${vBs}/resolv.conf.vanilla" ]; then
for Pre in `ls -la ${vBs}/resolv.conf.pre-*`; do
if [ -e "${Pre}" ] && [ -f "${Pre}" ] && [ ! -L "${Pre}" ]; then
cp -a ${Pre} ${vBs}/resolv.conf.vanilla
fi
done
fi
if [ ! -e "${vBs}/resolv.conf.vanilla" ] \
&& [ -e "${vBs}/resolv.conf.tmp" ]; then
if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then
rm -f /etc/resolv.conf
cp -a ${vBs}/resolv.conf.tmp /etc/resolv.conf
cp -a ${vBs}/resolv.conf.tmp ${vBs}/resolv.conf.vanilla
fi
fi
sed -i "/^$/d" ${vBs}/resolv.conf.vanilla &> /dev/null
if [ -e "${vBs}/resolv.conf.vanilla" ]; then
if [ "${_USE_DEFAULT_DNS}" != "YES" ]; then
rm -f /etc/resolv.conf
cp -a ${vBs}/resolv.conf.vanilla /etc/resolv.conf
fi
else
if [ -e "${vBs}/resolv.conf.tmp" ] \
&& [ "${_USE_DEFAULT_DNS}" != "YES" ]; then
rm -f /etc/resolv.conf
cp -a ${vBs}/resolv.conf.tmp /etc/resolv.conf
fi
fi
if [ -e "/etc/pdnsd.conf" ]; then
if [ -e "${dnsLi}" ]; then
sed -i "s/.*127.0.0.1.*//g; s/ *$//g; /^$/d" ${dnsLi}
wait
sed -i "s/.*Dynamic.*//g; s/ *$//g; /^$/d" ${dnsLi}
wait
_BROKEN_DNS_TEST_X=$(grep "\." ${dnsLi} 2>&1)
if [ -z "${_BROKEN_DNS_TEST_X}" ]; then
echo " label = \"google-servers\";" > ${dnsLi}
echo " ip=8.8.8.8;" >> ${dnsLi}
echo " ip=8.8.4.4;" >> ${dnsLi}
fi
fi
_CUSTOM_DNS_TEST=$(grep 8.8.8.8 /etc/pdnsd.conf 2>&1)
_BROKEN_DNS_CONF=$(grep "ip=Dynamic" /etc/pdnsd.conf 2>&1)
if [[ "${_CUSTOM_DNS_TEST}" =~ "8.8.8.8" ]] \
|| [ ! -e "${dnsLi}" ] \
|| [ -e "/root/.use.default.nameservers.cnf" ] \
|| [ -e "/root/.use.local.nameservers.cnf" ] \
|| [[ "${_BROKEN_DNS_CONF}" =~ "Dynamic" ]]; then
echo " label = \"google-servers\";" > ${dnsLi}
for _IP in `cat /etc/resolv.conf \
| sed 's/.*127.0.0.1.*//g; s/.*search.*//g; s/.*Dynamic.*//g' \
| cut -d ' ' -f2 \
| sort \
| uniq`;do echo " ip=${_IP};" >> ${dnsLi};done
wait
sed -i "s/ip=.*//g; s/ *$//g; /^$/d" /etc/pdnsd.conf
wait
sed -i "s/.*127.0.0.1.*//g; s/ *$//g; /^$/d" ${dnsLi}
wait
sed -i "s/.*Dynamic.*//g; s/ *$//g; /^$/d" ${dnsLi}
wait
_BROKEN_DNS_TEST_Y=$(grep "\." ${dnsLi} 2>&1)
if [ -z "${_BROKEN_DNS_TEST_Y}" ]; then
echo " ip=8.8.8.8;" >> ${dnsLi}
echo " ip=8.8.4.4;" >> ${dnsLi}
fi
### echo debug dns A
_DNS_TPL_TEST=$(grep "google-servers" /etc/pdnsd.conf 2>&1)
_DNS_RGX_TEST=$(grep "google-servers" /root/.local.dns.IP.list 2>&1)
if [[ "${_DNS_TPL_TEST}" =~ "google-servers" ]] \
&& [[ "${_DNS_RGX_TEST}" =~ "google-servers" ]]; then
sed -i '/ label = \"google-servers\";/ {r /root/.local.dns.IP.list
d;};' /etc/pdnsd.conf
wait
fi
resolvconf -u &> /dev/null
service pdnsd restart &> /dev/null
pdnsd-ctl empty-cache &> /dev/null
fi
fi
}
check_dns_settings() {
if [ -e "/root/.use.default.nameservers.cnf" ]; then
_USE_DEFAULT_DNS=YES
rm -f /root/.local.dns.IP.list
fi
if [ -e "/root/.use.local.nameservers.cnf" ]; then
_USE_PROVIDER_DNS=YES
else
_REMOTE_DNS_TEST=$(host -a files.aegir.cc 8.8.8.8 -w 10 2>&1)
fi
if [[ "${_REMOTE_DNS_TEST}" =~ "no servers could be reached" ]] \
|| [ "${_USE_DEFAULT_DNS}" = "YES" ] \
|| [ "${_USE_PROVIDER_DNS}" = "YES" ]; then
_CTRL_DNS_TEST=$(host -a files.aegir.cc 2>&1)
if [[ ! "${_CTRL_DNS_TEST}" =~ "104.245.208.226" ]] \
|| [ "${_USE_DEFAULT_DNS}" = "YES" ] \
|| [ "${_USE_PROVIDER_DNS}" = "YES" ] \
|| [ ! -e "${vBs}/resolv.conf.vanilla" ]; then
fix_dns_settings
if [ -e "/etc/init.d/postfix" ]; then
service postfix restart &> /dev/null
fi
fi
fi
}
extract_archive() {
if [ ! -z "$1" ]; then
case $1 in
*.tar.bz2) tar xjf $1 ;;
*.tar.gz) tar xzf $1 ;;
*.tar.xz) tar xvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip -q $1 ;;
*.tar) tar xf $1 ;;
*.tbz2) tar xjf $1 ;;
*.tgz) tar xzf $1 ;;
*.zip) unzip -qq $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*) echo "'$1' cannot be extracted via >extract<" ;;
esac
rm -f $1
fi
}
get_dev_src() {
if [ ! -z "$1" ]; then
curl ${crlGet} "${urlDev}/src/$1" -o "$1"
extract_archive "$1"
fi
}
update_agents() {
if [ "${_BENG_VS}" = "YES" ] \
&& [ -e "/var/xdrago" ]; then
PrTest=$(grep "POWER" /root/.*.octopus.cnf 2>&1)
InTest=$(ls /data/disk/ | wc -l 2>&1)
if [ "${InTest}" -gt "14" ] || [[ "${PrTest}" =~ "POWER" ]]; then
echo ${InTest} > /root/.tg.cnf
else
rm -f /root/.tg.cnf
fi
echo ${InTest} > /root/.high_traffic.cnf
echo ${InTest} > /root/.my.optimize.cnf
# if [[ "${_CHECK_HOST}" =~ ".va." ]]; then
# rm -f /root/.fast.cron.cnf
# else
# echo ${InTest} > /root/.fast.cron.cnf
# fi
if [ "${_RANDOMIZE}" = "YES" ]; then
echo ${InTest} > /root/.randomize_duplicity_full_backup_day.cnf
echo ${InTest} > /root/.skip_duplicity_monthly_cleanup.cnf
else
rm -f /root/.randomize_duplicity_full_backup_day.cnf
rm -f /root/.skip_duplicity_monthly_cleanup.cnf
fi
rm -f /root/.my.batch_innodb.cnf
rm -f /root/.fast.cron.cnf
rm -f /root/.batch_innodb.cnf
rm -f /root/.force.drupalgeddon.cnf
rm -f /root/.skip_cleanup.cnf
rm -f /root/.giant_traffic.cnf
rm -f /root/.default.cnf
rm -f /root/.debug.cnf
rm -f /root/.debug-boa-installer.cnf
# if [ ! -e "/data/conf/override.global.inc" ]; then
# echo "<?php" > /data/conf/override.global.inc.tmp
# echo "" >> /data/conf/override.global.inc.tmp
# echo "\$use_redis = TRUE;" >> /data/conf/override.global.inc.tmp
# chmod 644 /data/conf/override.global.inc.tmp
# mv -f /data/conf/override.global.inc.tmp /data/conf/override.global.inc
# fi
# if [ -e "/data/conf/override.global.inc" ]; then
# mv -f /data/conf/override.global.inc /data/conf/override.global.inc.off
# fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/mysql_backup.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/mysql_backup.sh /var/xdrago/mysql_backup.sh.old
curl ${crlGet} "${urlHmr}/tools/system/mysql_backup.sh" -o /var/xdrago/mysql_backup.sh
if [ -e "/var/xdrago/mysql_backup.sh" ]; then
chmod 700 /var/xdrago/mysql_backup.sh
chown root:root /var/xdrago/mysql_backup.sh
touch ${pthLog}/mysql_backup.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/mysql_backup.sh.old /var/xdrago/mysql_backup.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/mysql_hourly.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/mysql_hourly.sh /var/xdrago/mysql_hourly.sh.old
curl ${crlGet} "${urlHmr}/tools/system/mysql_hourly.sh" -o /var/xdrago/mysql_hourly.sh
if [ -e "/var/xdrago/mysql_hourly.sh" ]; then
chmod 700 /var/xdrago/mysql_hourly.sh
chown root:root /var/xdrago/mysql_hourly.sh
touch ${pthLog}/mysql_hourly.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/mysql_hourly.sh.old /var/xdrago/mysql_hourly.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/runner.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/runner.sh /var/xdrago/runner.sh.old
curl ${crlGet} "${urlHmr}/tools/system/runner.sh" -o /var/xdrago/runner.sh
if [ -e "/var/xdrago/runner.sh" ]; then
chmod 700 /var/xdrago/runner.sh
chown root:root /var/xdrago/runner.sh
touch ${pthLog}/runner.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/runner.sh.old /var/xdrago/runner.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/minute.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/minute.sh /var/xdrago/minute.sh.old
curl ${crlGet} "${urlHmr}/tools/system/minute.sh" -o /var/xdrago/minute.sh
if [ -e "/var/xdrago/minute.sh" ]; then
chmod 700 /var/xdrago/minute.sh
chown root:root /var/xdrago/minute.sh
touch ${pthLog}/minute.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/minute.sh.old /var/xdrago/minute.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/clear.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/clear.sh /var/xdrago/clear.sh.old
curl ${crlGet} "${urlHmr}/tools/system/clear.sh" -o /var/xdrago/clear.sh
if [ -e "/var/xdrago/clear.sh" ]; then
chmod 700 /var/xdrago/clear.sh
chown root:root /var/xdrago/clear.sh
touch ${pthLog}/clear.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/clear.sh.old /var/xdrago/clear.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/daily.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/daily.sh /var/xdrago/daily.sh.old
curl ${crlGet} "${urlHmr}/tools/system/daily.sh" -o /var/xdrago/daily.sh
if [ -e "/var/xdrago/daily.sh" ]; then
chmod 700 /var/xdrago/daily.sh
chown root:root /var/xdrago/daily.sh
touch ${pthLog}/daily.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/daily.sh.old /var/xdrago/daily.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/graceful.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/graceful.sh /var/xdrago/graceful.sh.old
curl ${crlGet} "${urlHmr}/tools/system/graceful.sh" -o /var/xdrago/graceful.sh
if [ -e "/var/xdrago/graceful.sh" ]; then
chmod 700 /var/xdrago/graceful.sh
chown root:root /var/xdrago/graceful.sh
touch ${pthLog}/graceful.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/graceful.sh.old /var/xdrago/graceful.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/weekly.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/weekly.sh /var/xdrago/weekly.sh.old
curl ${crlGet} "${urlHmr}/tools/system/weekly.sh" -o /var/xdrago/weekly.sh
if [ -e "/var/xdrago/weekly.sh" ]; then
chmod 700 /var/xdrago/weekly.sh
chown root:root /var/xdrago/weekly.sh
touch ${pthLog}/weekly.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/weekly.sh.old /var/xdrago/weekly.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/manage_ltd_users.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/manage_ltd_users.sh /var/xdrago/manage_ltd_users.sh.old
curl ${crlGet} "${urlHmr}/tools/system/manage_ltd_users.sh" \
-o /var/xdrago/manage_ltd_users.sh
if [ -e "/var/xdrago/manage_ltd_users.sh" ]; then
chmod 700 /var/xdrago/manage_ltd_users.sh
chown root:root /var/xdrago/manage_ltd_users.sh
touch ${pthLog}/manage_ltd_users.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/manage_ltd_users.sh.old /var/xdrago/manage_ltd_users.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/proc_num_ctrl.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/proc_num_ctrl.cgi /var/xdrago/proc_num_ctrl.cgi.old
curl ${crlGet} "${urlHmr}/tools/system/proc_num_ctrl.cgi" \
-o /var/xdrago/proc_num_ctrl.cgi
if [ -e "/var/xdrago/proc_num_ctrl.cgi" ]; then
chmod 700 /var/xdrago/proc_num_ctrl.cgi
chown root:root /var/xdrago/proc_num_ctrl.cgi
touch ${pthLog}/proc_num_ctrl.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/proc_num_ctrl.cgi.old /var/xdrago/proc_num_ctrl.cgi
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ -e "/usr/sbin/csf" ] \
&& [ -e "/etc/csf/csf.deny" ] \
&& [ ! -e "${pthLog}/guest-fire-sh2.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/guest-fire.sh /var/xdrago/guest-fire.sh.old
curl ${crlGet} "${urlHmr}/tools/system/guest-fire.sh" \
-o /var/xdrago/guest-fire.sh
if [ -e "/var/xdrago/guest-fire.sh" ]; then
chmod 700 /var/xdrago/guest-fire.sh
chown root:root /var/xdrago/guest-fire.sh
touch ${pthLog}/guest-fire-sh2.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/guest-fire.sh.old /var/xdrago/guest-fire.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ -e "/usr/sbin/csf" ] \
&& [ -e "/etc/csf/csf.deny" ] \
&& [ ! -e "${pthLog}/guest-water-sh2.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/guest-water.sh /var/xdrago/guest-water.sh.old
curl ${crlGet} "${urlHmr}/tools/system/guest-water.sh" \
-o /var/xdrago/guest-water.sh
if [ -e "/var/xdrago/guest-water.sh" ]; then
chmod 700 /var/xdrago/guest-water.sh
chown root:root /var/xdrago/guest-water.sh
touch ${pthLog}/guest-water-sh2.ctrl.320stableQ11.pid
sed -i "s/.*cloudflare.*//g" /etc/csf/csf.allow
sed -i "s/.*cloudflare.*//g" /etc/csf/csf.ignore
echo "tcp|in|d=80|s=103.21.244.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=103.22.200.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=103.31.4.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=104.16.0.0/12 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=108.162.192.0/18 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=131.0.72.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=141.101.64.0/18 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=162.158.0.0/15 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=172.64.0.0/13 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=173.245.48.0/20 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=188.114.96.0/20 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=190.93.240.0/20 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=197.234.240.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=198.41.128.0/17 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=199.27.128.0/21 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=103.21.244.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=103.22.200.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=103.31.4.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=104.16.0.0/12 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=108.162.192.0/18 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=131.0.72.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=141.101.64.0/18 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=162.158.0.0/15 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=172.64.0.0/13 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=173.245.48.0/20 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=188.114.96.0/20 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=190.93.240.0/20 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=197.234.240.0/22 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=198.41.128.0/17 # cloudflare ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=199.27.128.0/21 # cloudflare ips" >> /etc/csf/csf.allow
sed -i "s/.*sucuri.*//g" /etc/csf/csf.allow
sed -i "s/.*sucuri.*//g" /etc/csf/csf.ignore
echo "tcp|in|d=80|s=192.88.134.0/23 # sucuri ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=185.93.228.0/22 # sucuri ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=66.248.200.0/22 # sucuri ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=192.88.134.0/23 # sucuri ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=185.93.228.0/22 # sucuri ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=66.248.200.0/22 # sucuri ips" >> /etc/csf/csf.allow
sed -i "s/.*googlebot.*//g" /etc/csf/csf.allow
sed -i "s/.*googlebot.*//g" /etc/csf/csf.ignore
sed -i "s/66.249..*//g" /etc/csf/csf.deny
wait
echo "tcp|in|d=80|s=66.249.64.0/19 # googlebot ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=66.249.64.0/19 # googlebot ips" >> /etc/csf/csf.allow
sed -i "s/65.5.*//g" /etc/csf/csf.deny
wait
sed -i "s/199.30..*//g" /etc/csf/csf.deny
sed -i "s/.*microsoft.*//g" /etc/csf/csf.allow
sed -i "s/.*microsoft.*//g" /etc/csf/csf.ignore
echo "tcp|in|d=80|s=65.52.0.0/14 # microsoft ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=65.52.0.0/14 # microsoft ips" >> /etc/csf/csf.allow
echo "tcp|in|d=80|s=199.30.16.0/20 # microsoft ips" >> /etc/csf/csf.allow
echo "tcp|in|d=443|s=199.30.16.0/20 # microsoft ips" >> /etc/csf/csf.allow
sed -i "/^$/d" /etc/csf/csf.allow
sed -i "/^$/d" /etc/csf/csf.deny
csf -df
csf -tf
sed -i "s/.*do not delete.*//g" /etc/csf/csf.deny
sed -i "/^$/d" /etc/csf/csf.deny
csf -q
else
mv -f /var/xdrago/guest-water.sh.old /var/xdrago/guest-water.sh
fi
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/hackcheck.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/monitor/check/hackcheck /var/xdrago/monitor/check/hackcheck.old
curl ${crlGet} "${urlHmr}/tools/system/monitor/check/hackcheck" \
-o /var/xdrago/monitor/check/hackcheck
if [ -e "/var/xdrago/monitor/check/hackcheck" ]; then
chmod 700 /var/xdrago/monitor/check/hackcheck
chown root:root /var/xdrago/monitor/check/hackcheck
touch ${pthLog}/hackcheck.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/monitor/check/hackcheck.old /var/xdrago/monitor/check/hackcheck
fi
fi
if [ -e "/opt/tools/drush/8/drush/drush" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/lshell.ctrl.320stableQ11.pid" ]; then
if [ -z "${_CUSTOM_CONFIG_LSHELL}" ] \
|| [ "${_CUSTOM_CONFIG_LSHELL}" = "NO" ]; then
mv -f /var/xdrago/conf/lshell.conf /var/xdrago/conf/lshell.conf.old
curl ${crlGet} "${urlHmr}/tools/system/conf/lshell.conf" \
-o /var/xdrago/conf/lshell.conf
if [ -e "/var/xdrago/conf/lshell.conf" ]; then
chmod 644 /var/xdrago/conf/lshell.conf
chown root:root /var/xdrago/conf/lshell.conf
touch ${pthLog}/lshell.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/conf/lshell.conf.old /var/xdrago/conf/lshell.conf
fi
fi
fi
if [ -e "/opt/tools/drush/8/drush/drush" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/multi.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf /var/xdrago/conf/fpm-pool-foo-multi.conf.old
curl ${crlGet} "${urlHmr}/conf/fpm-pool-foo-multi.conf" \
-o /var/xdrago/conf/fpm-pool-foo-multi.conf
if [ -e "/var/xdrago/conf/fpm-pool-foo-multi.conf" ]; then
chmod 644 /var/xdrago/conf/fpm-pool-foo-multi.conf
chown root:root /var/xdrago/conf/fpm-pool-foo-multi.conf
touch ${pthLog}/multi.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/conf/fpm-pool-foo-multi.conf.old /var/xdrago/conf/fpm-pool-foo-multi.conf
fi
fi
if [ -e "/opt/tools/drush" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/single.ctrl.320stableQ11.pid" ]; then
mv -f /var/xdrago/conf/fpm-pool-foo.conf /var/xdrago/conf/fpm-pool-foo.conf.old
curl ${crlGet} "${urlHmr}/conf/fpm-pool-foo.conf" \
-o /var/xdrago/conf/fpm-pool-foo.conf
if [ -e "/var/xdrago/conf/fpm-pool-foo.conf" ]; then
chmod 644 /var/xdrago/conf/fpm-pool-foo.conf
chown root:root /var/xdrago/conf/fpm-pool-foo.conf
touch ${pthLog}/single.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/conf/fpm-pool-foo.conf.old /var/xdrago/conf/fpm-pool-foo.conf
fi
fi
if [ -e "/opt/tools/drush" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/dispatch.ctrl.320stableQ11.pid" ]; then
sed -i "s/.*cache.*//g; s/.*cc drush.*//g; s/ *$//g; /^$/d" /data/disk/*/aegir.sh
touch ${pthLog}/dispatch.ctrl.320stableQ11.pid
fi
if [ -e "/opt/tools/drush/8/drush/drush" ] \
&& [ -e "${hLeP}" ] \
&& [ -e "${hLeVtP}" ] \
&& [ -e "${hLeShP}" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/hosting_le_vt.ctrl.320stableQ11.pid" ]; then
leBasePath="profiles/hostmaster/modules/aegir/hosting_le"
lePath="${leBasePath}/drush/${hLeF}"
leVhPath="${leBasePath}/hosting_le_vhost/drush/${hLeVtF}"
for pthSysUsr in `find /data/disk/ -maxdepth 1 -mindepth 1 | sort`; do
if [ -e "${pthSysUsr}/config/server_master/nginx/vhost.d" ] \
&& [ ! -e "${pthSysUsr}/log/CANCELLED" ]; then
tUsr=
tUsr=$(echo ${pthSysUsr} | cut -d'/' -f4 | awk '{ print $1}' 2>&1)
dscUsr="/data/disk/${tUsr}"
hmPf=$(cat ${dscUsr}/.drush/hostmaster.alias.drushrc.php \
| grep "root'" \
| cut -d: -f2 \
| awk '{ print $3}' \
| sed "s/[\,']//g" 2>&1)
locFile="${hmPf}/${lePath}"
if [ -e "${locFile}" ] && [ -e "${hLeP}" ]; then
cp -af ${hLeP} ${locFile}
chown ${tUsr}:users ${locFile}
chmod 0644 ${locFile}
fi
locVhFile="${hmPf}/${leVhPath}"
if [ -e "${locVhFile}" ] && [ -e "${hLeVtP}" ]; then
cp -af ${hLeVtP} ${locVhFile}
chown ${tUsr}:users ${locVhFile}
chmod 0644 ${locVhFile}
fi
locLeShFile="${dscUsr}/tools/le/${hLeShF}"
if [ -e "${locLeShFile}" ] && [ -e "${hLeShP}" ]; then
cp -af ${hLeShP} ${locLeShFile}
chown ${tUsr}:users ${locLeShFile}
chmod 0700 ${locLeShFile}
fi
fi
done
touch ${pthLog}/hosting_le_vt.ctrl.320stableQ11.pid
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "${pthLog}/websh.ctrl.320stableQ11.pid" ]; then
mv -f /bin/websh /var/xdrago/websh.sh.old
curl ${crlGet} "${urlHmr}/helpers/websh.sh.txt" -o /bin/websh
if [ -e "/bin/websh" ]; then
chmod 755 /bin/websh
chown root:root /bin/websh
touch ${pthLog}/websh.ctrl.320stableQ11.pid
else
mv -f /var/xdrago/websh.sh.old /bin/websh
fi
fi
}
fix_core_dgd() {
# https://www.drupal.org/SA-CORE-2014-005
### sed -i "s/^_PERMISSIONS_FIX=.*/_PERMISSIONS_FIX=YES/g" /root/.barracuda.cnf
if [ -e "/var/xdrago" ] \
&& [ ! -e "${saPatch}" ]; then
mkdir -p /var/xdrago/conf
curl ${crlGet} "${urlHmr}/patches/7-core/${saCoreS}.patch" -o ${saPatch}
fi
if [ -e "/var/xdrago" ] \
&& [ -e "${saPatch}" ] \
&& [ ! -e "${pthLog}/${saCoreN}-fixed-d7.log" ]; then
if [ -d "/data/all/000/core" ]; then
for Core in `find /data/all/000/core/drupal-7* \
-maxdepth 0 -mindepth 0 | sort`; do
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
done
elif [ -d "/data/disk/all/000/core" ]; then
for Core in `find /data/disk/all/000/core/drupal-7* \
-maxdepth 0 -mindepth 0 | sort`; do
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
done
fi
touch ${pthLog}/${saCoreN}-fixed-d7.log
cd
fi
# https://www.drupal.org/SA-CORE-2014-005 for ancient platforms
if [ -e "/var/xdrago" ] \
&& [ -e "${saPatch}" ]; then
if [ -d "/data/all" ] \
&& [ ! -e "${pthLog}/legacy-${saCoreN}-fixed-d7.log" ]; then
for File in `find /data/all/*/*/${saIncDb} \
-maxdepth 0 -mindepth 0 | sort`; do
Core=$(echo $File \
| sed 's/\/includes.*//g' \
| awk '{print $1}' 2> /dev/null)
if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
fi
done
touch ${pthLog}/legacy-${saCoreN}-fixed-d7.log
elif [ -d "/data/disk/all" ] \
&& [ ! -e "${pthLog}/legacy-${saCoreN}-fixed-d7eee.log" ]; then
for File in `find /data/disk/all/*/*/${saIncDb} \
-maxdepth 0 -mindepth 0 | sort`; do
Core=$(echo $File \
| sed 's/\/includes.*//g' \
| awk '{print $1}' 2> /dev/null)
if [ -d "${Core}" ] && [ ! -e "${Core}/core" ]; then
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
fi
done
touch ${pthLog}/legacy-${saCoreN}-fixed-d7eee.log
fi
cd
fi
# https://www.drupal.org/SA-CORE-2014-005 for custom platforms
if [ -e "/var/xdrago" ] \
&& [ -e "${saPatch}" ]; then
if [ -d "/data/disk" ] \
&& [ ! -e "${pthLog}/batch-custom-${saCoreN}-fixed-d7.log" ]; then
for File in `find /data/disk/*/static/*/${saIncDb} \
-maxdepth 0 -mindepth 0 | sort`; do
Core=$(echo $File \
| sed 's/\/includes.*//g' \
| awk '{print $1}' 2> /dev/null)
if [ -d "${Core}" ] \
&& [ ! -e "${Core}/core" ] \
&& [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
echo fixed > ${Core}/profiles/${saCoreS}-fix.info
fi
done
for File in `find /data/disk/*/static/*/*/${saIncDb} \
-maxdepth 0 -mindepth 0 | sort`; do
Core=$(echo $File \
| sed 's/\/includes.*//g' \
| awk '{print $1}' 2> /dev/null)
if [ -d "${Core}" ] \
&& [ ! -e "${Core}/core" ] \
&& [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
echo fixed > ${Core}/profiles/${saCoreS}-fix.info
fi
done
for File in `find /data/disk/*/static/*/*/*/${saIncDb} \
-maxdepth 0 -mindepth 0 | sort`; do
Core=$(echo $File \
| sed 's/\/includes.*//g' \
| awk '{print $1}' 2> /dev/null)
if [ -d "${Core}" ] \
&& [ ! -e "${Core}/core" ] \
&& [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
echo fixed > ${Core}/profiles/${saCoreS}-fix.info
fi
done
for File in `find /data/disk/*/static/*/*/*/*/${saIncDb} \
-maxdepth 0 -mindepth 0 | sort`; do
Core=$(echo $File \
| sed 's/\/includes.*//g' \
| awk '{print $1}' 2> /dev/null)
if [ -d "${Core}" ] \
&& [ ! -e "${Core}/core" ] \
&& [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
echo fixed > ${Core}/profiles/${saCoreS}-fix.info
fi
done
for File in `find /data/disk/*/static/*/*/*/*/*/${saIncDb} \
-maxdepth 0 -mindepth 0 | sort`; do
Core=$(echo $File \
| sed 's/\/includes.*//g' \
| awk '{print $1}' 2> /dev/null)
if [ -d "${Core}" ] \
&& [ ! -e "${Core}/core" ] \
&& [ ! -e "${Core}/profiles/${saCoreS}-fix.info" ]; then
cd ${Core}
patch -p1 < ${saPatch} &> /dev/null
echo fixed > ${Core}/profiles/${saCoreS}-fix.info
fi
done
fi
cd
touch ${pthLog}/batch-custom-${saCoreN}-fixed-d7.log
fi
}
fix_lshell() {
_LSHELL_VRN=0.9.18.8
_PATH_LSHELL="${usrBin}/lshell"
if [ -e "${_PATH_LSHELL}" ] \
&& [ ! -e "${pthLog}/lshell-build-${_LSHELL_VRN}-hotfix4" ]; then
cp -af /etc/lshell.conf /etc/lshell.conf-bak-${_LSHELL_VRN}-hotfix4
cd /var/opt
rm -rf lshell*
get_dev_src "lshell-${_LSHELL_VRN}.tar.gz"
for Files in `find /var/opt/lshell-${_LSHELL_VRN} -type f`; do
sed -i "s/kicked/logged/g" $Files &> /dev/null
wait
sed -i "s/Kicked/Logged/g" $Files &> /dev/null
wait
done
cd /var/opt/lshell-${_LSHELL_VRN}
rm -rf /usr/local/lib/python2.6/dist-packages/lshell*
rm -rf /usr/local/lib/python2.7/dist-packages/lshell*
python setup.py install --no-compile 2> /dev/null
cp -af /etc/lshell.conf-bak-${_LSHELL_VRN}-hotfix4 /etc/lshell.conf
rm -f /etc/logrotate.d/lshell
addgroup --system lshellg &> /dev/null
mkdir -p /var/log/lsh
chown :lshellg /var/log/lsh
chmod 770 /var/log/lsh &> /dev/null
touch ${pthLog}/lshell-build-${_LSHELL_VRN}-hotfix4
who | awk '$1 !~ /root/{ cmd="pkill -KILL -u " $1; system(cmd) }'
fi
if [ -f "${usrBin}/lshell" ]; then
if [ ! -L "/usr/bin/lshell" ]; then
ln -sf ${usrBin}/lshell /usr/bin/lshell &> /dev/null
fi
fi
}
fix_tcp() {
_TCP_FIX=$(grep "tcp_challenge_ack_limit" /etc/sysctl.conf 2>&1)
if [ -z "${_TCP_FIX}" ]; then
sysctl net.ipv4.tcp_challenge_ack_limit=1073741823;
echo "net.ipv4.tcp_challenge_ack_limit = 1073741823" >> /etc/sysctl.conf
fi
}
fix_alt() {
if [ -x "/usr/lib/jvm/java-6-openjdk/jre/bin/java" ]; then
if [ ! -e "/usr/bin/java" ] || [ ! -e "/etc/alternatives/java" ]; then
ln -sf /usr/lib/jvm/java-6-openjdk/jre/bin/java /etc/alternatives/java
ln -sf /etc/alternatives/java /usr/bin/java
echo fixed java symlinks
fi
fi
}
fix_eldir() {
if [ -e "/var/xdrago" ] \
&& [ ! -e "${eldirP}" ]; then
mkdir -p /var/xdrago/conf
curl ${crlGet} "${urlHmr}/patches/${eldirF}" -o ${eldirP}
fi
}
fix_pure_ftpd() {
if [ -e "/usr/local/etc/pure-ftpd.conf" ]; then
_PAM_AUTH=$(grep "^PAMAuthentication" /usr/local/etc/pure-ftpd.conf 2>&1)
if [ ! -z "${_PAM_AUTH}" ]; then
sed -i "s/^PAMAuthentication/# PAMAuthentication/g" /usr/local/etc/pure-ftpd.conf
killall -9 pure-ftpd &> /dev/null
fi
fi
}
fix_hosting_le() {
if [ -d "/var/xdrago/conf" ]; then
if [ ! -e "${hLeVtP}.ctrl.320stableQ11.pid" ] \
|| [ -e "/var/xdrago/${hLeF}" ] \
|| [ -e "/var/xdrago/${hLeVtF}" ] \
|| [ -e "/var/xdrago/${hLeShF}" ] \
|| [ -e "/root/${hLeF}" ] \
|| [ -e "/root/hosting_le_vhost.drush.inc.ctrl.320stableQ11.pid" ] \
|| [ -e "/root/${hLeVtF}" ] \
|| [ ! -e "${hLeShP}" ] \
|| [ ! -e "${hLeP}.ctrl.320stableQ11.pid" ]; then
mkdir -p /var/xdrago/conf
rm -f /var/xdrago/*.drush.inc*
rm -f /root/*.drush.inc*
rm -f ${hLeShP}.ctrl.320stableQ11.pid
rm -f ${hLeVtP}.ctrl.320stableQ11.pid
rm -f ${hLeP}.ctrl.320stableQ11.pid
curl ${crlGet} "${urlHmr}/helpers/${hLeShF}" -o ${hLeShP}.ctrl.320stableQ11.pid
cp -af ${hLeShP}.ctrl.320stableQ11.pid ${hLeShP}
curl ${crlGet} "${urlHmr}/patches/${hLeVtF}" -o ${hLeVtP}.ctrl.320stableQ11.pid
cp -af ${hLeVtP}.ctrl.320stableQ11.pid ${hLeVtP}
curl ${crlGet} "${urlHmr}/patches/${hLeF}" -o ${hLeP}.ctrl.320stableQ11.pid
cp -af ${hLeP}.ctrl.320stableQ11.pid ${hLeP}
fi
fi
}
force_rebuild() {
if [ ! -e "${pthLog}/forced.rebuild.glibc.txt" ]; then
echo "_GIT_FORCE_REINSTALL=YES" >> ${barCnf}
echo "_NGX_FORCE_REINSTALL=YES" >> ${barCnf}
echo "_PHP_FORCE_REINSTALL=YES" >> ${barCnf}
echo "_SSH_FORCE_REINSTALL=YES" >> ${barCnf}
echo "_SSL_FORCE_REINSTALL=YES" >> ${barCnf}
rm -f ${pthLog}/pure-ftpd-build*
rm -f ${pthLog}/mss-build*
rm -f ${pthLog}/lshell-build*
rm -f ${pthLog}/redis-*
touch ${pthLog}/forced.rebuild.glibc.txt
fi
}
find_fast_mirror() {
isNetc=$(which netcat 2>&1)
if [ ! -x "${isNetc}" ] || [ -z "${isNetc}" ]; then
rm -f /etc/apt/sources.list.d/openssl.list
apt-get update -qq &> /dev/null
apt-get install netcat ${forCer} &> /dev/null
sleep 3
fi
ffMirr=$(which ffmirror 2>&1)
if [ -x "${ffMirr}" ]; then
ffList="${vBs}/boa-mirrors.txt"
mkdir -p ${vBs}
if [ ! -e "${ffList}" ]; then
echo "jp.files.aegir.cc" > ${ffList}
echo "nl.files.aegir.cc" >> ${ffList}
echo "uk.files.aegir.cc" >> ${ffList}
echo "us.files.aegir.cc" >> ${ffList}
fi
if [ -e "${ffList}" ]; then
_CHECK_MIRROR=$(bash ${ffMirr} < ${ffList} 2>&1)
_USE_MIR="${_CHECK_MIRROR}"
[[ "${_USE_MIR}" =~ "printf" ]] && _USE_MIR="files.aegir.cc"
else
_USE_MIR="files.aegir.cc"
fi
else
_USE_MIR="files.aegir.cc"
fi
if ! netcat -w 10 -z "${_USE_MIR}" 80; then
echo "INFO: The mirror ${_USE_MIR} doesn't respond, let's try default"
_USE_MIR="files.aegir.cc"
fi
urlDev="http://${_USE_MIR}/dev"
urlHmr="http://${_USE_MIR}/versions/master/aegir"
}
update_wrappers() {
sed -i "s/.*files.aegir.cc.*//g" /etc/hosts
wait
_GH_TEST=$(cat /etc/hosts | grep github 2>&1)
if [[ ! "${_GH_TEST}" =~ "github.com" ]]; then
echo "192.30.253.113 github.com" >> /etc/hosts
wait
echo "151.101.32.133 raw.githubusercontent.com" >> /etc/hosts
wait
echo >>/etc/hosts
wait
service pdnsd restart &> /dev/null
pdnsd-ctl empty-cache &> /dev/null
fi
echo >>/etc/hosts
sed -i "/^$/d" /etc/hosts
wait
if [ ! -e "/etc/resolv.conf" ]; then
rm -f /etc/resolv.conf
if [ -e "${vBs}/resolv.conf.vanilla" ]; then
cat ${vBs}/resolv.conf.vanilla >/etc/resolv.conf
fi
echo "nameserver 8.8.8.8" >>/etc/resolv.conf
echo "nameserver 8.8.4.4" >>/etc/resolv.conf
check_dns_settings
else
check_dns_settings
fi
if [ -d "/var/cache/pdnsd" ] \
&& [ -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then
pdnsd-ctl empty-cache &> /dev/null
fi
find_fast_mirror
isCurl=$(curl --version 2>&1)
if [[ ! "${isCurl}" =~ "OpenSSL" ]] || [ -z "${isCurl}" ]; then
rm -f /etc/apt/sources.list.d/openssl.list
echo "curl install" | dpkg --set-selections
apt-get clean -qq &> /dev/null
apt-get update -qq &> /dev/null
apt-get install curl ${forCer} &> /dev/null
touch /root/.use.curl.from.packages.cnf
fi
_CURL_TEST=$(curl -L -k -s \
--max-redirs 10 \
--retry 3 \
--retry-delay 10 \
-I "http://${_USE_MIR}" 2> /dev/null)
if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then
if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then
echo "curl install" | dpkg --set-selections
apt-get install curl ${forCer} &> /dev/null
touch /root/.use.curl.from.packages.cnf
fi
echo "ERROR: ${_USE_MIR} is not available, please try later"
exit 1
else
urlHmr="http://${_USE_MIR}/versions/master/aegir"
fi
_LSB_TEST=$(which lsb_release 2> /dev/null)
if [ ! -x "${_LSB_TEST}" ]; then
rm -f /etc/apt/sources.list.d/openssl.list
apt-get clean -qq &> /dev/null
apt-get update -qq &> /dev/null
apt-get install lsb-release ${forCer} &> /dev/null
fi
_IPSET_TEST=$(which ipset 2> /dev/null)
if [ ! -x "${_IPSET_TEST}" ]; then
apt-get clean -qq &> /dev/null
apt-get update -qq &> /dev/null
apt-get install ipset ${forCer} &> /dev/null
fi
if [ -x "/sbin/ipset" ] && [ ! -L "/usr/sbin/ipset" ]; then
rm -f /usr/sbin/ipset
ln -sf /sbin/ipset /usr/sbin/ipset
_CSF_TEST=$(which csf 2> /dev/null)
if [ -x "${_CSF_TEST}" ]; then
csf -uf
csf -q
fi
fi
mkdir -p ${usrBin}
if [ ! -e "${pthLog}/fixPSop.ctrl.320stableQ11.pid" ]; then
fxPp="fix-drupal-platform-permissions.sh"
fxSp="fix-drupal-site-permissions.sh"
fxPo="fix-drupal-platform-ownership.sh"
fxSo="fix-drupal-site-ownership.sh"
curl ${crlGet} "${urlHmr}/${tBn}/${fxPp}" -o ${usrBin}/${fxPp}
curl ${crlGet} "${urlHmr}/${tBn}/${fxSp}" -o ${usrBin}/${fxSp}
curl ${crlGet} "${urlHmr}/${tBn}/${fxPo}" -o ${usrBin}/${fxPo}
curl ${crlGet} "${urlHmr}/${tBn}/${fxSo}" -o ${usrBin}/${fxSo}
chmod 700 ${usrBin}/${fxPp}
chmod 700 ${usrBin}/${fxSp}
chmod 700 ${usrBin}/${fxPo}
chmod 700 ${usrBin}/${fxSo}
touch ${pthLog}/fixPSop.ctrl.320stableQ11.pid
fi
mkdir -p ${optBin}
rm -f ${usrBin}/{barracuda*,boa*,octopus*}
if [ ! -e "/data/disk" ]; then
ln -s ${optBin}/boa ${usrBin}/boa
ln -s ${optBin}/barracuda ${usrBin}/barracuda
ln -s ${optBin}/octopus ${usrBin}/octopus
fi
rm -f ${optBin}/{barracuda*,boa*,octopus*}
curl ${crlGet} "${urlHmr}/${tBn}/barracuda" -o ${optBin}/barracuda
curl ${crlGet} "${urlHmr}/${tBn}/boa" -o ${optBin}/boa
curl ${crlGet} "${urlHmr}/${tBn}/octopus" -o ${optBin}/octopus
echo "### ${_TODAY} ###" >> ${optBin}/boa
echo "### ${_TODAY} ###" >> ${optBin}/barracuda
echo "### ${_TODAY} ###" >> ${optBin}/octopus
chmod 700 ${optBin}/{barracuda*,boa*,octopus*}
}
setup() {
_BENG_VS=NO
_CHECK_HOST=$(uname -n 2>&1)
_VM_TEST=$(uname -a 2>&1)
if [[ "${_VM_TEST}" =~ "3.8.6-beng" ]] \
|| [[ "${_VM_TEST}" =~ "3.8.5.2-beng" ]] \
|| [[ "${_VM_TEST}" =~ "3.8.4-beng" ]] \
|| [[ "${_VM_TEST}" =~ "3.7.5-beng" ]] \
|| [[ "${_VM_TEST}" =~ "3.7.4-beng" ]] \
|| [[ "${_VM_TEST}" =~ "3.6.15-beng" ]] \
|| [[ "${_VM_TEST}" =~ "3.2.16-beng" ]]; then
_VMFAMILY="VS"
else
_VMFAMILY="XEN"
fi
if [[ "${_CHECK_HOST}" =~ ".host8." ]] \
|| [[ "${_CHECK_HOST}" =~ ".boa.io" ]] \
|| [ "${_VMFAMILY}" = "VS" ]; then
_BENG_VS=YES
fi
if [[ "${_CHECK_HOST}" =~ ".s8." ]] \
&& [ "${_BENG_VS}" = "YES" ]; then
_RANDOMIZE=YES
else
_RANDOMIZE=YES
fi
if [ "${_BENG_VS}" != "YES" ]; then
ntpdate pool.ntp.org &> /dev/null
fi
sed -i "s/.*files.aegir.cc.*//g" /etc/hosts
wait
_GH_TEST=$(cat /etc/hosts | grep github 2>&1)
if [[ ! "${_GH_TEST}" =~ "github.com" ]]; then
echo "192.30.253.113 github.com" >> /etc/hosts
wait
echo "151.101.32.133 raw.githubusercontent.com" >> /etc/hosts
wait
echo >>/etc/hosts
wait
service pdnsd restart &> /dev/null
pdnsd-ctl empty-cache &> /dev/null
fi
echo >>/etc/hosts
sed -i "/^$/d" /etc/hosts
wait
if [ ! -e "/etc/resolv.conf" ]; then
rm -f /etc/resolv.conf
if [ -e "${vBs}/resolv.conf.vanilla" ]; then
cat ${vBs}/resolv.conf.vanilla >/etc/resolv.conf
fi
echo "nameserver 8.8.8.8" >>/etc/resolv.conf
echo "nameserver 8.8.4.4" >>/etc/resolv.conf
check_dns_settings
else
check_dns_settings
fi
if [ -d "/var/cache/pdnsd" ] \
&& [ -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then
pdnsd-ctl empty-cache &> /dev/null
fi
find_fast_mirror
isCurl=$(curl --version 2>&1)
if [[ ! "${isCurl}" =~ "OpenSSL" ]] || [ -z "${isCurl}" ]; then
rm -f /etc/apt/sources.list.d/openssl.list
echo "curl install" | dpkg --set-selections
apt-get clean -qq &> /dev/null
apt-get update -qq &> /dev/null
apt-get install curl ${forCer} &> /dev/null
touch /root/.use.curl.from.packages.cnf
fi
_CURL_TEST=$(curl -L -k -s \
--max-redirs 10 \
--retry 3 \
--retry-delay 10 \
-I "http://${_USE_MIR}" 2> /dev/null)
if [[ ! "${_CURL_TEST}" =~ "200 OK" ]]; then
if [[ "${_CURL_TEST}" =~ "unknown option was passed in to libcurl" ]]; then
echo "curl install" | dpkg --set-selections
apt-get install curl ${forCer} &> /dev/null
touch /root/.use.curl.from.packages.cnf
fi
echo "ERROR: ${_USE_MIR} is not available, please try later"
exit 1
else
urlHmr="http://${_USE_MIR}/versions/master/aegir"
fi
_VIRT_TEST=$(which virt-what 2> /dev/null)
if [ ! -x "${_VIRT_TEST}" ]; then
apt-get clean -qq &> /dev/null
apt-get update -qq &> /dev/null
apt-get install virt-what ${forCer} &> /dev/null
fi
_LSB_TEST=$(which lsb_release 2> /dev/null)
if [ ! -x "${_LSB_TEST}" ]; then
rm -f /etc/apt/sources.list.d/openssl.list
apt-get clean -qq &> /dev/null
apt-get update -qq &> /dev/null
apt-get install lsb-release ${forCer} &> /dev/null
fi
mkdir -p ${usrBin}
if [ ! -e "${pthLog}/fixPSop.ctrl.320stableQ11.pid" ]; then
fxPp="fix-drupal-platform-permissions.sh"
fxSp="fix-drupal-site-permissions.sh"
fxPo="fix-drupal-platform-ownership.sh"
fxSo="fix-drupal-site-ownership.sh"
curl ${crlGet} "${urlHmr}/${tBn}/${fxPp}" -o ${usrBin}/${fxPp}
curl ${crlGet} "${urlHmr}/${tBn}/${fxSp}" -o ${usrBin}/${fxSp}
curl ${crlGet} "${urlHmr}/${tBn}/${fxPo}" -o ${usrBin}/${fxPo}
curl ${crlGet} "${urlHmr}/${tBn}/${fxSo}" -o ${usrBin}/${fxSo}
chmod 700 ${usrBin}/${fxPp}
chmod 700 ${usrBin}/${fxSp}
chmod 700 ${usrBin}/${fxPo}
chmod 700 ${usrBin}/${fxSo}
touch ${pthLog}/fixPSop.ctrl.320stableQ11.pid
fi
mkdir -p ${optBin}
rm -f ${optBin}/.{boa*,fix*}
rm -f ${usrBin}/{autoupboa*,barracuda*,boa*,ffmirror*}
rm -f ${usrBin}/{octopus*,randpass*,sqlmagic*,syncpass*,thinkdifferent*}
if [ ! -e "/data/disk" ]; then
ln -s ${optBin}/boa ${usrBin}/boa
ln -s ${optBin}/barracuda ${usrBin}/barracuda
ln -s ${optBin}/octopus ${usrBin}/octopus
fi
rm -f ${optBin}/{autoupboa*,barracuda*,boa*,ffmirror*,xboa*}
rm -f ${optBin}/{octopus*,randpass*,sqlmagic*,syncpass*,thinkdifferent*}
curl ${crlGet} "${urlHmr}/${tBn}/autoupboa" -o ${optBin}/autoupboa
curl ${crlGet} "${urlHmr}/${tBn}/barracuda" -o ${optBin}/barracuda
curl ${crlGet} "${urlHmr}/${tBn}/boa" -o ${optBin}/boa
curl ${crlGet} "${urlHmr}/${tBn}/ffmirror" -o ${optBin}/ffmirror
curl ${crlGet} "${urlHmr}/${tBn}/octopus" -o ${optBin}/octopus
curl ${crlGet} "${urlHmr}/${tBn}/randpass" -o ${optBin}/randpass
curl ${crlGet} "${urlHmr}/${tBn}/sqlmagic" -o ${optBin}/sqlmagic
curl ${crlGet} "${urlHmr}/${tBn}/syncpass" -o ${optBin}/syncpass
curl ${crlGet} "${urlHmr}/${tBn}/thinkdifferent" -o ${optBin}/thinkdifferent
curl ${crlGet} "${urlHmr}/${tBn}/xboa" -o ${optBin}/xboa
echo "### ${_TODAY} ###" >> ${optBin}/boa
echo "### ${_TODAY} ###" >> ${optBin}/barracuda
echo "### ${_TODAY} ###" >> ${optBin}/octopus
if [ `ps aux | grep -v "grep" | grep --count "duplicity"` -gt "0" ]; then
echo "The duplicity backup is running!"
else
rm -f ${optBin}/{backboa,duobackboa}
curl ${crlGet} "${urlHmr}/${tBn}/backboa" -o ${optBin}/backboa
curl ${crlGet} "${urlHmr}/${tBn}/duobackboa" -o ${optBin}/duobackboa
chmod 700 ${optBin}/{backboa,duobackboa}
if [ ! -e "${pthLog}/duplicity.ctrl.320stableQ11.pid" ] \
&& [ -x "/usr/local/bin/duplicity" ] \
&& [ -e "/var/xdrago" ]; then
backboa install
touch ${pthLog}/duplicity.ctrl.320stableQ11.pid
fi
fi
chmod 700 ${optBin}/{autoupboa,backboa,barracuda,boa,duobackboa}
chmod 700 ${optBin}/{ffmirror,octopus,syncpass,xboa}
chmod 755 ${optBin}/{randpass,sqlmagic,thinkdifferent}
echo
echo "BOA Meta Installer setup completed"
echo "Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs"
echo "Bye"
echo
}
count_cpu() {
_CPU_INFO=$(grep -c processor /proc/cpuinfo 2>&1)
_CPU_INFO=${_CPU_INFO//[^0-9]/}
_NPROC_TEST=$(which nproc 2>&1)
if [ -z "${_NPROC_TEST}" ]; then
_CPU_NR="${_CPU_INFO}"
else
_CPU_NR=$(nproc 2>&1)
fi
_CPU_NR=${_CPU_NR//[^0-9]/}
if [ ! -z "${_CPU_NR}" ] \
&& [ ! -z "${_CPU_INFO}" ] \
&& [ "${_CPU_NR}" -gt "${_CPU_INFO}" ] \
&& [ "${_CPU_INFO}" -gt "0" ]; then
_CPU_NR="${_CPU_INFO}"
fi
if [ -z "${_CPU_NR}" ] || [ "${_CPU_NR}" -lt "1" ]; then
_CPU_NR=1
fi
mkdir -p /data/all
chmod 755 /data/all
echo ${_CPU_NR} > /data/all/cpuinfo
chmod 644 /data/all/cpuinfo
}
###--------------------###
if [ `whoami` = "root" ]; then
### Linux kernel CVE-2017-2636 hotfix
if [ -e "/etc/modprobe.d" ] \
&& [ ! -e "/etc/modprobe.d/blacklist-n_hdlc.conf" ]; then
echo "install n_hdlc /bin/true" > /etc/modprobe.d/blacklist-n_hdlc.conf
rmmod n_hdlc &> /dev/null
fi
### Linux kernel CVE-2017-6074 hotfix
if [ -e "/etc/modprobe.d" ] \
&& [ ! -e "/etc/modprobe.d/blacklist-dccp-all.conf" ]; then
echo "install dccp /bin/true" > /etc/modprobe.d/blacklist-dccp-all.conf
echo "install dccp_diag /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf
echo "install dccp_ipv4 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf
echo "install dccp_ipv6 /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf
echo "install dccp_probe /bin/true" >> /etc/modprobe.d/blacklist-dccp-all.conf
rmmod dccp &> /dev/null
rmmod dccp_diag &> /dev/null
rmmod dccp_ipv4 &> /dev/null
rmmod dccp_ipv6 &> /dev/null
rmmod dccp_probe &> /dev/null
fi
if [ -e "/var/run/pdnsd.pid" ] \
&& [ -e "/var/xdrago" ] \
&& [ ! -e "/etc/resolvconf/run/interface/lo.pdnsd" ]; then
mkdir -p /etc/resolvconf/run/interface
echo "nameserver 127.0.0.1" > /etc/resolvconf/run/interface/lo.pdnsd
fi
if [ ! -e "/data/all/cpuinfo" ]; then
count_cpu
fi
if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] && [ -e "/var/xdrago" ]; then
if [ -e "${barCnf}" ]; then
source ${barCnf}
fi
if [ ! -z "${_SKYNET_MODE}" ] && [ "${_SKYNET_MODE}" = "OFF" ]; then
if [ -n "${SSH_TTY+x}" ]; then
echo "STATUS: Skynet Agent is Inactive!"
echo "STATUS: Please remove the _SKYNET_MODE=OFF line from"
echo "STATUS: ${barCnf} to enable me again."
echo "NOTE: Only barracuda, boa and octopus wrappers will be updated"
update_wrappers
exit 0
else
update_wrappers
exit 0
fi
else
if [ -n "${SSH_TTY+x}" ]; then
echo "STATUS: Skynet Agent is Active, OK!"
echo "STATUS: You can add the _SKYNET_MODE=OFF line in"
echo "STATUS: ${barCnf} to disable me, if needed."
fi
fi
else
_SCREEN_INIT=YES
fi
if [ -d "/.newrelic" ]; then
rm -rf /.newrelic
fi
chmod a+w /dev/null
if [ ! -e "/dev/fd" ]; then
if [ -e "/proc/self/fd" ]; then
rm -rf /dev/fd
ln -s /proc/self/fd /dev/fd
fi
fi
setup
fix_lshell
fix_tcp
fix_alt
fix_eldir
fix_pure_ftpd
fix_hosting_le
if [ -e "/var/log/barracuda_log.txt" ]; then
_VERSIONS_TEST=$(cat /var/log/barracuda_log.txt 2>&1)
if [[ "${_VERSIONS_TEST}" =~ "${_X_VERSION}" ]]; then
_VERSIONS_TEST_RESULT=OK
if [ -e "/root/.mstr.clstr.cnf" ] \
|| [ -e "/root/.wbhd.clstr.cnf" ] \
|| [ -e "/root/.dbhd.clstr.cnf" ] \
|| [ -e "/root/.host8.cnf" ] \
|| [ ! -e "/var/xdrago/conf/fpm-pool-foo-multi.conf" ] \
|| [ "${_BENG_VS}" = "YES" ]; then
update_agents
fi
else
update_agents
# force_rebuild
if [[ "${_VERSIONS_TEST}" =~ "BOA-3." ]] \
|| [[ "${_VERSIONS_TEST}" =~ "BOA-2.4." ]] \
|| [[ "${_VERSIONS_TEST}" =~ "BOA-2.3.8" ]]; then
_DO_NOTHING=YES
else
fix_core_dgd
fi
fi
fi
if [ ! -e "/etc/ssl/private/4096.dhp" ] && [ -d "/var/xdrago" ]; then
echo "Generating 4096.dhp -- it may take a very long time..."
openssl dhparam -out /etc/ssl/private/4096.dhp 4096 > /dev/null 2>&1 &
fi
if [ -e "/etc/ssl/private/4096.dhp" ]; then
chown -R root:ssl-cert /etc/ssl/private
chmod 640 /etc/ssl/private/*
chmod 710 /etc/ssl/private
fi
if [ ! -e "/root/.upstart.cnf" ]; then
service cron reload &> /dev/null
fi
if [ "${_SCREEN_INIT}" = "YES" ]; then
apt-get install screen ${forCer} &> /dev/null
sed -i "s/^#startup_message off/startup_message off/g" /etc/screenrc &> /dev/null
clear
echo
echo "The system is ready for BOA installation!"
echo
echo "We will start screen session for you in 15 seconds"
echo "to avoid problems with dropped SSH connections"
echo "during BOA stack installation, which may take up to"
echo "30-60 minutes, depending on your server speed."
echo
echo "If your connection will drop, simply log in again"
echo "and re-attach your session with 'screen -R' command."
echo
echo "Please wait a moment until this message disappears."
echo
echo "Enjoy!"
echo
sleep 15
screen
else
exit 0
fi
else
echo "ERROR: This script should be ran as a root user"
exit 1
fi