芝麻web文件管理V1.00
编辑当前文件:/home/temp/postinstall/functions.sh
#!/bin/bash # functions.sh # Logger functions for all toolkits postinstalls # # Globals ########################################################## RAM_SIZE=$(awk '/^DirectMap.*kB/ { sum+=$2} END {memMb=sum / 1024; printf "%.0f\n", memMb}' /proc/meminfo) RAM_FUDGE=200 KCARE_CONTACT='kernelcare-issues@liquidweb.com' # # functions ########################################################## function set_firewalld_backend() { sed -i 's/FirewallBackend=.*/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf systemctl restart firewalld.service } function firewalld_allow_http() { firewall-cmd --zone=public --add-service=http firewall-cmd --zone=public --add-service=https } function set_update_cron_debuntu() { logger "START" "Install daily apt-get update/upgrade cron" local MINUTE=$((( RANDOM % 60 ))) local HOUR=$((( RANDOM % 24 ))) cat << EOFUPDATES > /etc/cron.d/liquidweb_pkg_updates $MINUTE $HOUR * * * root export DEBIAN_FRONTEND='noninteractive'; apt-get update; apt-get -y upgrade EOFUPDATES chmod 755 /etc/cron.d/liquidweb_pkg_updates logger "END" "Install daily apt-get update/upgrade cron" } function set_update_cron_centos() { logger "START" "Install daily yum update/upgrade cron" local MINUTE=$((( RANDOM % 60 ))) local HOUR=$((( RANDOM % 24 ))) cat << EOFUPDATES > /etc/cron.d/liquidweb_pkg_updates $MINUTE $HOUR * * * root yum clean all > /dev/null 2>&1; yum update -y > /dev/null 2>&1 EOFUPDATES chmod 644 /etc/cron.d/liquidweb_pkg_updates logger "END" "Install daily yum update/upgrade cron" } function set_csf_update_cron_centos() { logger "START" "Install daily csf update/upgrade cron" local MINUTE=$((( RANDOM % 60 ))) local HOUR=$((( RANDOM % 24 ))) cat << EOFUPDATES > /etc/cron.d/csf_update $MINUTE $HOUR * * * root /usr/sbin/csf -u > /dev/null 2>&1 EOFUPDATES chmod 644 /etc/cron.d/csf_update logger "END" "Install daily csf update/upgrade cron" } function logger() { LOGDIR='/usr/local/lp/logs' LOGFILE="${LOGDIR}/postinstall.log" [[ ! -d ${LOGDIR} ]] && mkdir -p ${LOGDIR} [ -z "$1" ] || [ -z "$2" ] && { echo "FATAL: logger called with invalid arguments" >> ${LOGFILE} exit 1 } echo "[$1 STEP:] $2" >> ${LOGFILE} shopt -s nocasematch [[ $1 = "END" ]] && echo -e "...\n..." >> ${LOGFILE} shopt -u nocasematch } function run_and_log() { [ -z "$1" ] && { echo "run_and_log() missing an argument" exit 1 } logger "START" "[$1]" ((time $1 1>&3 >> ${LOGFILE} ) 2>&1 | awk '/^real[\t]+[0-9]+m[0-9]+\.[0-9]+s/ {print "[END STEP:] " $2}' 1>&2 >> ${LOGFILE} ) 3>&1 echo -e "...\n..." >> ${LOGFILE} } function fetch_domainname_from_fqdn() { # So this isn't ideal; but probably good enough for our use case # here. What im doing is just returning everything after the first # dot as the domain name. If this ends up not meeting our use case # someday, then I suggest we parse something like this: # # https://publicsuffix.org/list/effective_tld_names.dat # echo $(echo ${1} | sed 's/[^.]*.//') } function wait_for_mysql_pid() { local -i loop_pass_mysql_pid local -i timeout if [ -z "$1" ]; then timeout=600 # 10 minutes, default else timeout=$1 fi if which pgrep > /dev/null 2>&1 ; then loop_pass_mysql_pid=0 while ! pgrep mysqld > /dev/null 2>&1 ; do if [[ ${loop_pass_mysql_pid} -ge ${timeout} ]]; then logger "ERROR" "Timeout of [${timeout}] seconds; MySQL PID" # Met timeout, return indicating failure. return 1 fi sleep 1 loop_pass_mysql_pid=$((loop_pass_mysql_pid + 1)) done # If we got this far, MySQL is running. Indicate this. return 0 else logger "ERROR" "Unable to determine if mysql is running. Is pgrep installed?" return 1 fi } function fetch_mysql_pw() { mysql_pw_raw=$(awk '/^password=/ { print substr($0,10) }' /root/.my.cnf) mysql_pw=$(strip_string_ini ${mysql_pw_raw}) echo "${mysql_pw}" } function fetch_mysql_user() { mysql_user_raw=$(awk '/^user=/ { print substr($0,6) }' /root/.my.cnf) mysql_user=$(strip_string_ini ${mysql_user_raw}) echo "${mysql_user}" } function strip_string_ini() { str=$1 # *If* the string is between "s OR 's, remove them. [[ ${str:0:1}${str: -1} == '""' ]] || [[ ${str:0:1}${str: -1} == "''" ]] && { # Remove first char str=$(echo "${str/${str:0:1}/}") # Remove last char str=$(echo ${str%?}) } echo "${str}" } function verify_root_my_cnf() { [ -e '/root/.my.cnf' ] && { return 0 } || { logger "ERROR" "[/root/.my.cnf] does not exist" return 1 } } function wait_for_mysql() { local -i loop_pass_mysql_conn local -i timeout if [ -z "$1" ]; then timeout=600 # 10 minutes, default else timeout=$1 fi wait_for_mysql_pid ${timeout} if [ $? -eq 0 ]; then # mysql is running, verify its accepting connections. if which mysqladmin > /dev/null 2>&1 ; then mysqladmin=$(fetch_mysqladmin_prefix) [[ -z $mysqladmin ]] && return 1 while ! $mysqladmin proc > /dev/null 2>&1 ; do if [[ ${loop_pass_mysql_conn} -ge ${timeout} ]]; then logger "ERROR" "Timeout of [${timeout}] seconds; MySQL connection" # Met timeout, return indicating failure. return 1 fi sleep 1 loop_pass_mysql_conn=$((loop_pass_mysql_conn + 1)) done # If we made it here, mysql is running; and accepting connections. # Give the all clear. return 0 else logger "ERROR" "mysqladmin is not in the PATH" return 1 fi else return 1 fi } function fetch_mysqladmin_prefix() { # When postinstall is ran from ttyS0 (serial console) /root/.my.cnf i # not read by mysqladmin automatically like it is through a normal SSH # connection. Remedy this by parsing it manually and always invoking # mysqladmin with user/pw flags. [ verify_root_my_cnf ] || { return 1 } mysql_pass=$(fetch_mysql_pw) mysql_user=$(fetch_mysql_user) echo "mysqladmin --password=${mysql_pass} --user=${mysql_user}" } function randomize_mysql_root_pw() { local -i timeout local MYSQL_ROOT_PASS if [ -z "$1" ]; then timeout=600 # 10 minutes, default else timeout=$1 fi if [ -f '/root/TEMPLATE_DEF_CHANGE_ME' ]; then wait_for_mysql ${timeout} if [ $? -eq 0 ]; then logger "START" "Randomize template default MySQL root password" MYSQL_ROOT_PASS=`cat /dev/urandom| tr -dc 'a-zA-Z0-9' | head -c 13` mysqladmin=$(fetch_mysqladmin_prefix) [[ -z $mysqladmin ]] && return 1 $mysqladmin password ${MYSQL_ROOT_PASS} &>/dev/null # Place /root/.my.cnf for later postinstall modification. cat << EOF > /root/.my.cnf [client] password=${MYSQL_ROOT_PASS} user=root EOF chmod 600 /root/.my.cnf logger "END" "Randomize template default MySQL root password" else logger "ERROR" "MySQL not responding, unable to randomize MySQL root pw." fi # Remove it, so we only run on fresh create. rm -f /root/TEMPLATE_DEF_CHANGE_ME fi } # Installation instructions provided per rt#162949. # Per above, this needs to be installed here because # we need to have the assigned FQDN and IP(s) at time # of installation. function install_kcare_el() { logger "START" "Install kernelcare (EL)" [[ -e '/root/KCARE_TEMPLATE_IS_BUILDING' ]] && rm -f /root/KCARE_TEMPLATE_IS_BUILDING export KCARE_PATCH_SERVER=https://kernelcare.liquidweb.com/ export KCARE_REGISTRATION_URL=https://kernelcare.liquidweb.com/admin/api/kcare export KCARE_MAILTO=${KCARE_CONTACT} run_and_log "wget -O /root/kernelcare-latest.x86_64.rpm http://patches.kernelcare.com/kernelcare-latest.x86_64.rpm" run_and_log "yum -y localinstall /root/kernelcare-latest.x86_64.rpm --nogpgcheck" run_and_log "rm -f /root/kernelcare-latest.x86_64.rpm" run_and_log "yum -y update kernelcare" # Bypass logger so the key isnt logged. kcarectl --register Y6n1V956wKGTv46u --register-autoretry run_and_log "kcarectl -u" logger "END" "Install kernelcare (EL)" } function install_kcare_ubuntu() { logger "START" "Install kernelcare (Ubuntu)" export KCARE_PATCH_SERVER=https://kernelcare.liquidweb.com/ export KCARE_REGISTRATION_URL=https://kernelcare.liquidweb.com/admin/api/kcare export KCARE_MAILTO=${KCARE_CONTACT} run_and_log "wget -O /root/kernelcare-latest.deb http://patches.kernelcare.com/kernelcare-latest.deb" run_and_log "dpkg -i /root/kernelcare-latest.deb" run_and_log "rm -f /root/kernelcare-latest.deb" run_and_log "apt-get -y install --only-upgrade kernelcare" # Bypass logger so the key isnt logged. kcarectl --register Y6n1V956wKGTv46u --register-autoretry run_and_log "kcarectl -u" logger "END" "Install kernelcare (Ubuntu)" } # Replace the given string in the given file. function replace_string_in_file() { local file=$1 local match_string=$2 local string_to_insert=$3 [[ -e ${file} ]] && { logger "START" "Replace match of [${match_string}] with [${string_to_insert}] in [${file}]" local file_orig=$(<${file}) local file_new='' while read -r line; do [[ ${line} =~ ${match_string} ]] && { file_new+="${string_to_insert} " } || { file_new+="${line} " } done <<< "${file_orig}" echo "${file_new}" > ${file} logger "END" "Replace match of [${match_string}] with [${string_to_insert}] in [${file}]" } || { logger "WARNING" "Instructed to modify [${file}] but it doesn't exist" } } # This refreshes the softaculous license function refresh_softaculous_license { logger "START" "Refresh Softaculous license" run_and_log "timeout 180s /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php" logger "END" "Refresh Softaculous license" } # This disables all emails softaculous sends to an end user. function set_softaculous_enduser_emails_off() { replace_string_in_file '/usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php' 'off_email_link' "\$globals['off_email_link'] = 1;" } # Set softaculous from_email. Prevents emails from (unknown sender) when installing apps # via Softaculous. function set_softaculous_from_email() { replace_string_in_file '/usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php' 'from_email' "\$globals['from_email'] = 'root@${HOSTNAME}';" } function place_randomized_upcp_cron() { logger "START" "Place randomized upcp cron" [[ -z $(crontab -l|grep 'scripts/upcp --cron') ]] && { hour=$(awk -v seed=${RANDOM} 'BEGIN{srand(seed);print int(rand()*(23-0)) }') min=$(awk -v seed=${RANDOM} 'BEGIN{srand(seed);print int(rand()*(59-0)) }') { crontab -l -u root; echo "${min} ${hour} * * * /usr/local/cpanel/scripts/upcp --cron > /dev/null 2>&1"; } | crontab -u root - } || { logger "ERROR" "upcp --cron entry already exists!" } logger "END" "Place randomized upcp cron" } function install_cloudlinux { logger "START" "CloudLinux Registration" run_and_log "wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy -O /root/cldeploy" run_and_log "/bin/sh /root/cldeploy -i" run_and_log "/usr/local/lp/temp/lw-cloudlinux-build-request" logger "END" "CloudLinux Registration" } function fix_passive_ftp { logger "START" "Fix passive FTP" if [ -f '/etc/pure-ftpd.conf' ]; then sed -i '/ForcePassiveIP/ s/^/#/' /etc/pure-ftpd.conf sed -i '/ForcePassiveIP/d' /var/cpanel/conf/pureftpd/main run_and_log "/scripts/restartsrv_pureftpd" else logger "WARNING" "pure-ftpd.conf not present, this is likely not a cPanel template" fi logger "END" "Fix passive FTP" } function enable_submission_plesk() { logger "START" "Enable submission port for postfix" run_and_log "/usr/local/psa/bin/mailserver --set-message-submission true" logger "END" "Enable submission port for postfix" } function remove_fail2ban() { logger "START" "Remove fail2ban" run_and_log "yum -y remove fail2ban" logger "END" "Remove fail2ban" } function lwadmin_reconcile { logger "START" "Running lwadmin_reconcile script" if [ -f "/usr/local/lp/bin/lwadmin_reconcile" ]; then run_and_log "/usr/local/lp/bin/lwadmin_reconcile" else logger "WARNING" "/usr/local/lp/bin/lwadmin_reconcile not present. lwauth package is likely not installed" fi logger "END" "Running lwadmin_reconcile script" } function prom_exporters_setup_mysql_user { logger "START" "PromExporters: Setting up MySQL user" if [[ -x /usr/local/lp/opt/exporters/scripts/setup_mysql_user.sh ]]; then if [[ -z ${HOME} ]]; then export HOME=/root fi run_and_log "/usr/local/lp/opt/exporters/scripts/setup_mysql_user.sh --force" fi logger "END" "PromExporters: Setting up MySQL user" } function install_lw-ef-cpanel { logger "START" "Installing lw-ef-cpanel" yum clean all && yum -y install lw-ef-cpanel logger "END" "Installing lw-ef-cpanel" } function set_memcached_conf { local dist=${1} local redhat_memcached_conf='/etc/sysconfig/memcached' [[ -z ${RAM_SIZE} ]] && { logger "WARNING" "set_memcached_conf() unable to determine RAM size; unable to tweak memcached configs" return } [[ ${dist} == 'wpopt' ]] && { [[ -f ${redhat_memcached_conf} ]] || { logger "WARNING" "set_memcached_conf() [${redhat_memcached_conf}] doesn't exist, cannot tweak memcached configs" return } local ram_configs=('4000' '8000') for ram_config in "${ram_configs[@]}" do local ram_lowest=$(( ${RAM_SIZE} - ${RAM_FUDGE} )) local ram_highest=$(( ${RAM_SIZE} + ${RAM_FUDGE} )) if [[ ${ram_config} -eq '4000' ]] ; then if [[ ${ram_config} -le ${ram_highest} ]] && [[ ${ram_config} -ge ${ram_lowest} ]]; then logger "START" "Apply memcached configs for 4GB" sed -i 's/CACHESIZE=.*/CACHESIZE="512"/g' ${redhat_memcached_conf} logger "END" "Apply memcached configs for 4GB" break fi elif [[ ${ram_config} -eq '8000' ]] ; then if [[ ${ram_config} -le ${ram_highest} ]] && [[ ${ram_config} -ge ${ram_lowest} ]]; then logger "START" "Apply memcached configs for 8GB" sed -i 's/CACHESIZE=.*/CACHESIZE="1024"/g' ${redhat_memcached_conf} logger "END" "Apply memcached configs for 8GB" break fi fi done } } function enable_exim_rbls { local changes=0 [[ -n $(grep 'acl_spamhaus_rbl=0' /etc/exim.conf.localopts) ]] && { logger "START" "enable spamhaus exim RBL" run_and_log "sed -i 's/acl_spamhaus_rbl=0/acl_spamhaus_rbl=1/g' /etc/exim.conf.localopts" logger "END" "enable spamhaus exim RBL" local changes=1 } [[ -n $(grep 'acl_spamcop_rbl=0' /etc/exim.conf.localopts) ]] && { logger "START" "enable spamcop exim RBL" run_and_log "sed -i 's/acl_spamcop_rbl=0/acl_spamcop_rbl=1/g' /etc/exim.conf.localopts" logger "END" "enable spamcop exim RBL" local changes=1 } [[ ${changes} == 1 ]] && run_and_log "/scripts/buildeximconf" } function iw_set_php_upload_max() { sed -e 's|upload_max_filesize = 2M|upload_max_filesize = 40M|g' -i /etc/php.ini sed -e 's|upload_max_filesize = 2M|upload_max_filesize = 40M|g' -i /etc/opt/remi/php*/php.ini } function iw_set_php_post_max() { sed -e 's|post_max_size = 8M|post_max_size = 40M|g' -i /etc/php.ini sed -e 's|post_max_size = 8M|post_max_size = 40M|g' -i /etc/opt/remi/php*/php.ini } function cpanel_set_email() { sed -e "s/CONTACTEMAIL.*/CONTACTEMAIL ${EMAIL}/g" -i /etc/wwwacct.conf } function cpanel_set_nameservers() { sed -e '/^NS/d' -i /etc/wwwacct.conf echo "NS ns1.${DOMAIN_NAME}" >> /etc/wwwacct.conf echo "NS2 ns2.${DOMAIN_NAME}" >> /etc/wwwacct.conf echo "NSTTL 86400" >> /etc/wwwacct.conf } function cpanel_set_addr() { INST_IP=$(ifconfig eth0| awk '/^\s+inet\s+/ {print $2}') sed -e '/^ADDR/d' -i /etc/wwwacct.conf echo "ADDR ${INST_IP}" >> /etc/wwwacct.conf } function cpanel_set_ethdev() { sed -e 's/ETHDEV.*/ETHDEV eth0/g' -i /etc/wwwacct.conf } function PSSI-365_tweaks() { whmapi1 --output=jsonpretty set_tweaksetting key='autodiscover_proxy_subdomains' value=1 whmapi1 --output=jsonpretty set_tweaksetting key='conserve_memory' value=1 } function set_fcgi_conf { PHP_INI=/usr/local/lib/php.ini PRE_VHOST2_CONF=/usr/local/apache/conf/includes/pre_virtualhost_2.conf logger "START" "Checking for ${PHP_INI} and ${PRE_VHOST2_CONF}" if [ -f "${PHP_INI}" ] && [ -f "${PRE_VHOST2_CONF}" ]; then logger "Notice" "${PHP_INI} & ${PRE_VHOST2_CONF} exist" else logger "ERROR" "${PHP_INI} & ${PRE_VHOST2_CONF} Not Found No Fcgid config to apply" return 1 fi logger "END" "Checking for ${PHP_INI} and ${PRE_VHOST2_CONF}" [[ -z ${RAM_SIZE} ]] && { logger "WARNING" "set_fcgi_conf() unable to determine RAM size; unable to tweak fcgid configs" return } KNOWN_RAM_CONFIGS=('2000' '4000' '8000' '16000') for RAM_CONFIG in "${KNOWN_RAM_CONFIGS[@]}" do : RAM_LOWEST=$(( ${RAM_SIZE} - ${RAM_FUDGE} )) RAM_HIGHEST=$(( ${RAM_SIZE} + ${RAM_FUDGE} )) if [[ ${RAM_CONFIG} -eq '2000' ]] ; then if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then logger "START" "Apply Fcgid configs for 2GB" run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 40/g' ${PRE_VHOST2_CONF}" run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 20/g' ${PRE_VHOST2_CONF}" logger "END" "Apply Fcgid configs for 2GB" logger "START" "Apply Zend OPcache configs for 2GB" run_and_log "sed -i 's/opcache.memory_consumption=.*/opcache.memory_consumption=64/g' ${PHP_INI}" logger "END" "Apply Zend OPcache configs for 2GB" break fi elif [[ ${RAM_CONFIG} -eq '4000' ]] ; then if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then logger "START" "Apply Fcgid configs for 4GB" run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 80/g' ${PRE_VHOST2_CONF}" run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 40/g' ${PRE_VHOST2_CONF}" logger "END" "Apply Fcgid configs for 4GB" logger "START" "Apply Zend OPcache configs for 4GB" run_and_log "sed -i 's/opcache.memory_consumption=.*/opcache.memory_consumption=64/g' ${PHP_INI}" logger "END" "Apply Zend OPcache configs for 4GB" break fi elif [[ ${RAM_CONFIG} -eq '8000' ]] ; then if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then logger "START" "Apply Fcgid configs for 8GB" run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 160/g' ${PRE_VHOST2_CONF}" run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 80/g' ${PRE_VHOST2_CONF}" logger "END" "Apply Fcgid configs for 8GB" logger "START" "Apply Zend OPcache configs for 8GB" run_and_log "sed -i 's/opcache.memory_consumption=.*/opcache.memory_consumption=64/g' ${PHP_INI}" logger "END" "Apply Zend OPcache configs for 8GB" break fi elif [[ ${RAM_CONFIG} -eq '16000' ]] ; then if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then logger "START" "Apply Fcgid configs for 16GB" run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 320/g' ${PRE_VHOST2_CONF}" run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 160/g' ${PRE_VHOST2_CONF}" logger "END" "Apply Fcgid configs for 16GB" logger "START" "Apply Zend OPcache configs for 16GB" run_and_log "sed -i 's/opcache.memory_consumption=*./opcache.memory_consumption=64/g' ${PHP_INI}" logger "END" "Apply Zend OPcache configs for 16GB" break fi else logger "NOTICE" "No specific memcached/Fcgid config to apply for this RAM size [${RAM_SIZE}]mib. Known RAM sizes: [${KNOWN_RAM_CONFIGS[*]}]mib" break fi done } function install_lw-telegraf() { if [[ -f /etc/redhat-release ]]; then yum -y install lw-telegraf elif [[ -f /etc/debian_version ]]; then apt -y install lw-telegraf fi } function cpanel_apache_ssl_ciphers() { sed -e 's/"sslciphersuite" : ".*/"sslciphersuite" : "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",/g' -i /etc/cpanel/ea4/ea4.conf } function disable_clamav() { FREEMEM=$(free |grep Mem:|awk '{print $2}') if [[ ${FREEMEM} -le 4000000 ]]; then whmapi1 configureservice service=clamd enabled=0 monitored=0 && systemctl disable clamd --now else echo "Greater than 4GB of RAM. Not disabling clamd." fi } function install_insight_el() { if [[ -f /etc/redhat-release ]]; then logger "START" "Install lw-insight (EL)" run_and_log "yum -y install lw-insight" logger "END" "Install lw-insight (EL)" fi }