#!/usr/bin/env bash
# The above line is not needed, just added for syntax highlighting in Notepad++ and others.
# Random Useful One-Liners
####################### *** !! IMPORTANT !! *** ###############################
# As with all scripts, make sure you understand them before you run them. Not
# all of these one-liners have been created with safety or data loss prevention
# in mind and some have not be validated to do what they're documented to
# actually do. So, do your backups and follow your escalation paths if you're
# not sure.
###############################################################################
# This file has been created over the years and while much of it is in the new
# WhatDo system, it's best to understand that there are scripts in this file that
# may be deemed old or the use of which a violation of company policy (such as
# the use of `--allow-root` on WP-CLI scripts). They're still in this file for
# archival purposes, but also because they simply haven't been rewritten yet.
# Originally created by Jason Sm.
# Updated and organized by Jeff Sh.
# **Credit given where credit is known.**
# New stuff is added all the time.
# Per ACK -- Upon login to VPS+ systems, you must run this, or a close version of:
su -l -c "export PATH PATH=$PATH:/usr/local/jdk/bin:/home/tier1adv/perl5/bin:/usr/local/bin:/usr/bin:/opt/cpanel/composer/bin:/usr/local/bin:/usr/X11R6/bin:/opt/tier1adv/bin:/opt/tier1adv/global:/home/tier1adv/bin:/opt/dedrads; /bin/bash"
echo '##### <PP_USERNAME> LOGIN #####'; w; last | grep "still logged in"
# Power Panel keeps logging you out? Using Firefox? Here's your solution (credit: Noah A.):
about:config
network.cookie.maxPerHost: 180 -> 600
network.cookie.maxNumber: 3000 -> 60000
# Sorry, no solution on Chrome and anything else that calls itself a "browser".
#===============================================================================
# Email (Not Exim)
#===============================================================================
# Alex Kr. Mail Review - Updated from Nick P's and added colors!
(
EXIM_LOG='/var/log/exim_mainlog';
MAIL_LOG='/var/log/maillog';
START_DATE=$(sudo head -1 $EXIM_LOG | awk '{print $1}');
END_DATE=$(sudo tail -1 $EXIM_LOG | awk '{print $1}');
MAIL_IN_Q=$(exim -bpc);
INFO=$(echo -en '\033[01;94m')
ALERT=$(echo -en '\033[01;31m')
NC=$(echo -en '\033[0m')
echo_yellow () { echo -en "\033[01;33m$1\033[0m"; echo; }
echo_green () { echo -en "\033[0;32m$1\033[0m"; echo; }
sort_count_trim () { sort | uniq -c | sort -nr | head -8; };
echo_yellow "\n**** Mail Review ****\n";
echo -e "${INFO}Start Date:${NC} $START_DATE";
echo -e "${INFO}End Date:${NC} $END_DATE";
echo_green "\nTop Mail Sent by Scripts:"
sudo cat $EXIM_LOG | awk '/cwd/ {print $4}' | cut -d '=' -f2 | sort_count_trim;
echo_green "\nTop Mail Senders:"
sudo cat $EXIM_LOG | awk '/<= [^<>]/ {print $6}' | sort_count_trim;
echo_green "\nTop Mail Subjects:"
sudo grep -Eo 'dovecot_login.*T=".*"' $EXIM_LOG | cut -d '"' -f2 | sort_count_trim;
echo_green "\nTop Account Logins:"
sudo grep 'login' $MAIL_LOG | grep -Ev 'no auth|rip=127.0.0.1|rip=::1|fail' | grep -Po 'user=<\K[^>]\S+' | tr -d '<>,' | sort_count_trim;
echo_green "\nTop Failed Logins by IP:"
sudo grep 'auth failed' $MAIL_LOG | grep -Po 'rip=\K(\d+\.){3}\d+' | sort_count_trim;
echo_green "\nTop Email Logins by IP:"
sudo grep 'login' $MAIL_LOG | grep -Ev 'no auth|rip=127.0.0.1|rip=::1|fail' | grep -Po 'rip=\K(\d+\.){3}\d+' | sort_count_trim;
if [[ 0 != $MAIL_IN_Q ]]; then
echo -e "\nThere are currently ${ALERT}${MAIL_IN_Q}${NC} emails in queue on ${INFO}$(hostname)${NC}.";
echo -e "\n${ALERT}Current emails in queue, by sender:${NC}"
exim -bp | awk '/</ {print $4}' | tr -d '<>' | sort_count_trim;
else
echo -e "\n${INFO}There is no mail in queue.${NC}"
fi;
echo;
)
# Nick P. updated server Mail Review
(
echo -e "\n****Mail Review****\n\nBeginning Date: $(cat /var/log/exim_mainlog | grep '<=' | head -1 | awk '{print $1}')\n\nLocation and volume of mailing scripts:\n";
sudo cat /var/log/exim_mainlog| LC_ALL=C grep -i .|grep cwd|awk -F'=' '{print $2}'|cut -d' ' -f1|sort|uniq -c|sort -nr|head -20;
echo -e "\n\nTop Email senders:\n";
grep -i 'remote_smtp' /var/log/exim_mainlog | grep -E '=>|->|>>|\*>|\*\*|==' | sort -u -k4,4 | grep -Po '^.*?\F=<\K(\w+\W?\w+@\w+\.\w+(\.\w+)?)' | sort | uniq -c | sort -nr | head -20
echo -e "\n\nTop Mail subjects:\n";
cat /var/log/exim_mainlog | grep dovecot_login |awk 'match($0,/T="([^"]*)"/,a){print a[1]}'| sort | uniq -c | sort -nr|head -15;
echo -e "\n\nEmail logins by acct:\n";
cat /var/log/maillog | grep -i 'login' | grep -Ev 'no auth|rip=127.0.0.1|rip=::1|fail' | grep -Po 'user=<\K(\w+\W?\w+@\w+\.\w+(\.\w+)?)' |sort | uniq -c | sort -nrk1 | head
echo -e "\n\nFailed Logins by IP address:\n";
cat /var/log/maillog | grep 'auth failed' | grep -Po 'rip=\K(\d{1,3}\.){3}\d{1,3}' | sort | uniq -c | sort -nr | head
echo -e "\n\nEmail logins by IP\n";
cat /var/log/maillog | grep imap-login | grep -Ev 'no auth|rip=127.0.0.1|rip=::1' | grep -Po 'rip=\K(\d{1,3}\.){3}\d{1,3}' | sort | uniq -c | sort -nk1|sort -nr|head -10;
echo -e "\n\nThere are currently $(exim -bpc) email messages in queue on $(hostname).";
echo -e "\n\nCurrent emails in queue, by sender:\n";
exim -bp|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -nr
echo;
)
# Nick P. updated server Mail Review -- INCLUDING the Mailscan for all users.
(
echo -e "\n****Mail Review****\n\nBeginning Date: $(cat /var/log/exim_mainlog | grep '<=' | head -1 | awk '{print $1}')\n\nLocation and volume of mailing scripts:\n";
sudo cat /var/log/exim_mainlog| LC_ALL=C grep -i .|grep cwd|awk -F'=' '{print $2}'|cut -d' ' -f1|sort|uniq -c|sort -nr|head -20;
echo -e "\n\nTop Email senders:\n";
cat /var/log/exim_mainlog| awk 'match ($0,/<= ([^@<>]+(@|\+)[^ ]+)/,a) {print a[1]}' |sort|uniq -c|sort -nr|head -20;
echo -e "\n\nTop Mail subjects:\n";
cat /var/log/exim_mainlog | grep dovecot_login |awk 'match($0,/T="([^"]*)"/,a){print a[1]}'| sort | uniq -c | sort -nr|head -15;
echo -e "\n\nEmail logins by acct:\n";
cat /var/log/maillog | grep -i 'login' | grep -Ev 'no auth|rip=127.0.0.1|rip=::1|fail' | grep -Po 'user=<\K(\w+\W?\w+@\w+\.\w+(\.\w+)?)' |sort | uniq -c | sort -nrk1 | head
echo -e "\n\nFailed Logins by IP address:\n";
cat /var/log/maillog | grep 'auth failed' | grep -Po 'rip=\K(\d{1,3}\.){3}\d{1,3}' | sort | uniq -c | sort -nr | head
echo -e "\n\nEmail logins by IP\n";
cat /var/log/maillog | grep imap-login | grep -Ev 'no auth|rip=127.0.0.1|rip=::1' | grep -Po 'rip=\K(\d{1,3}\.){3}\d{1,3}' | sort | uniq -c | sort -nk1|sort -nr|head -10;
echo -e "\n\nThere are currently $(exim -bpc) email messages in queue on $(hostname).";
echo -e "\n\nCurrent emails in queue, by sender:\n";
exim -bp|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -nr
echo;
echo -e "MailScan for all users:\n";
for i in $(\ls -A /var/cpanel/users | grep -v system); do
/opt/dedrads/mailscan "$(basename $i)"
done
echo;
)
# Mathew L's Mail Queue Summary
mail_summary(){
local input="$(exiqgrep -i)"
count=0
while read email_id; do
local header="$(exim -Mvh "$email_id")"
echo "$header" | grep -Po "(To: .*|Subject: .*|host_auth.*|auth_id .*|X-PHP-Script.*|X-PHP-Originating-Script.*|From:.*)"
done <<< "$input" | sort | uniq -c | sort -n
}; mail_summary
# Jason Sm's count how many mails sent by a domain via PHP scripts on each day
sudo grep "cwd=" /var/log/exim_mainlog | grep -v /var/spool | awk {'print $4 , $1 , $7'} | cut -d= -f2- | sort | uniq -c | sort -n | awk {'print $1, "email(s) sent by" , $4 , "from filepath" , $2 , "on date" , $3'}
# Jason Sm's count how many mails sent by a domain via SMTP authentication on each day
sudo grep "A=dovecot_login" /var/log/exim_mainlog | awk {'print $11 , $1'} | cut -d: -f2- |grep @ | sort | uniq -c | sort -n | awk {'print $1, "email(s) sent by" , $2, "on" , $3'}
# Jason Sm's counts emails sent by smtp auth
sudo cat /var/log/exim_mainlog | grep "A=dovecot_login" | awk -F"A=dovecot_login:" {'print $2'} | cut -f1 -d' ' | sort | uniq -c | sort -n | awk {'print $1, " unique emails sent by " , $2'}
# Riley L's determine location of scripts sending emails:
sudo grep "cwd=" /var/log/exim_mainlog | grep -v /var/spool | awk 'match($0,/cwd=([^ ]+)/,a) {print "e-mails being sent from",a[1]}' | sort | uniq -c | sort -n
# Nick We's mail sources checker - NOT RELIABLE
(
echo "exim_mainlog creation timestamp:"
head -1 /var/log/exim_mainlog | awk {'print $1, $2'}
exim -bpc
cat /etc/mailips
cat /var/log/exim_mainlog | grep cwd | grep -v /var/spool | awk -F"cwd=" '{ print $2 }' | awk {'print $1'} | sort | uniq -c | sort -n | awk {'print $1, "emails sent from", $2'}
cat /var/log/exim_mainlog | grep "A\=dovecot_login" | awk -F"A=dovecot_login:" {'print $2'} | cut -f1 -d' ' | sort | uniq -c | sort -n | awk {'print $1, " unique emails sent by ", $2'}
)
# Jamie P's Unsuspend all incoming mail for all email addresses under a user -- substitute unsuspend_outgoing/unsuspend_login or the suspend variants of the same for other functionality
(
read -ep "cPanel Username: " cPuser
for i in $(/opt/dedrads/lil-cpanel ${cPuser} mail list accounts | sed 's/@/%40/'); do
uapi --user=${cPuser} Email unsuspend_incoming email=${i}
done
)
# Jeff Sh's rate limit outbound emails to 1 per second using iptables. To get this to stick after restart in CSF, add to /etc/csf/csfpost.sh -- For APF, use /etc/apf/postroute.rules
iptables -A OUTPUT -p tcp --dport 25 -m limit --limit 60/sec -j ACCEPT
# SpamAssassin rule for when return path does not match sender (Bitcoin)
# Add to ~/.spamassassin/user_prefs
header CUSTOM_RETURN_PATH Return-Path =~ /-[\w.]{1,99}=[\w.-]{1,99}\.[a-z]{2,8}\@/i
score CUSTOM_RETURN_PATH 2.5
# To test if SpamAssassin is working, send an email to an email account with SpamAssassin enabled and this in the body, it'll score a 1000 on the SpamScore
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
# Determine the frequency of various username errors with SpamAssassin
for DOMAINS in $(for IDS in $(grep "spam acl" /var/log/exim_paniclog | cut -d ' ' -f 3); do grep $IDS /var/log/exim_mainlog; done | grep '=>' | grep -v remote_smtp | cut -d '@' -f 2 | cut -d '>' -f 1); do grep $DOMAINS /etc/userdomains; done | sort | uniq -c
# Train the SpamAssassin Bayesian filter
/usr/local/cpanel/3rdparty/bin/sa-learn --showdots --spam /path/to/spam_folder
/usr/local/cpanel/3rdparty/bin/sa-learn --showdots --ham /path/to/good_folder
# Force old tokens to expire in the Bayesian database it's deemed poisoned
/usr/local/cpanel/3rdparty/bin/sa-learn --force-expire --dbpath /home/usern5/.spamassassin
# Reinstall SpamAssassin - Should be done as a last resort!!!
# 1. Find the name of the RPM for the version(s) installed:
rpm -qa | grep SpamAssassin
# 2. Remove with the following, correcting the RPM to match the one found in step 1.
rpm -e --nodeps cpanel-perl-514-Mail-SpamAssassin
# 3. Move aside files:
/etc/mail/spamassassin
/usr/local/cpanel/3rdparty/bin/sa-learn, spamd, spamc, spamassassin
/var/lib/spamassassin
/usr/local/bin/sa-learn, spamd, spamc, spamassassin
/usr/bin/sa-learn, spamd, spamc, spamassassin
# 4. Reinstall SpamAssassin
/scripts/check_cpanel_rpms
# Delete spam older than x days, replace x with integer value
find -P /home/<username>/mail/<domain>/*/.spam/cur /home/<username>/mail/<domain>/*/.spam/new -type f -mtime '+x' -exec rm {} \;
# Remove mail older than 3 years
find -P /home/*/mail/* -type f -mtime '+1096' -exec rm {} \;
# Jason Sm's add SPF records with -all to all cPanel user accounts (this nukes existing records, so a backup is done first)
(
for i in $(awk '{print $2}' /etc/trueuserdomains); do
/usr/local/cpanel/bin/spf_installer $i 0 1 0 0
done
)
# Jason Sm's convert SPF records using ~all to use -all
grep -rli '~all' /var/named | xargs -i@ sed -i 's/~all/-all/g' @
# Jason Sm's add DMARC record to all domains (makes a back up of /var/named first)
(
domain=$(basename $domain .db)
whmapi1 addzonerecord domain="${domain}" name="_dmarc.${domain}." class=IN ttl=86400 type=TXT txtdata='v=DMARC1; p=quarantine; sp=quarantine; adkim=r; aspf=r; pct=100; fo=0; rf=afrf; ri=86400'
done
)
# Zeb W query the records requested from the zone file for all domains, then provide results.
dig_all () (
for domain in $( printf '%s\n' /var/named/*.db | sed 's|/var/named/||g' | sed 's|.db||g' ); do
echo $domain $(dig $* $domain +short)
done | column -t
); dig_all
# Jon A's Apply a DMARC to all domains.
(
for i in $(awk -F '[:]' '{print $1}' /etc/userdomains); do
cpapi2 --user=$(whoowns $i) ZoneEdit add_zone_record domain=$i name=_dmarc type=TXT txtdata='v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400' ttl=14400 class=IN
done
)
# Jeff Sh's enable DMARC when a new cPanel account is created in the DNS Zone Template
(
tar -czf /backup/ZoneTemplates_Backup_$(date +%Y.%m.%d_%k:%M:%S).tgz /var/cpanel/zonetemplates > /dev/null 2>&1
DMARC="%domain%. IN TXT \"v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400\""
echo $DMARC >> /var/cpanel/zonetemplates/root_simple
echo $DMARC >> /var/cpanel/zonetemplates/root_standard
echo $DMARC >> /var/cpanel/zonetemplates/root_standardvirtualftp
)
# Jason Sm's whitelist a domain in outbound SpamAssassin filter
(
read -ep "What domain should be whitelisted in SpamAssassin's outbound filter? " domain
echo "whitelist_from *@$domain $domain" >> /etc/mail/spamassassin/local.cf
service dovecot restart
service exim restart
)
# Riley L's randomize passwords for ALL email accounts --replace "(tr -dc A-Za-z0-9_ < /dev/urandom | head -c 12 | xargs)" to set specific password
(
for i in $(cat /home*/*/etc/*/passwd|sed 's/ //g'); do
u=$(echo -n "$i"|cut -d: -f1)
d=$(echo -n "$i"|cut -d/ -f5)
p=$(tr -dc A-Za-z0-9_ < /dev/urandom | head -c 12 | xargs)
$(echo '/opt/dedrads/lil-cpanel '$(/scripts/whoowns $d)' mail password '$u" "$d" "$p)
echo 'Reset pass for '$u'@'$d' to '$p
done
)
# Change the password for an email account.
(
read -p "cPanel Username: " CPUSER
read -p "Email user (left of '@' symbol): " USER
read -p "Domain (right of '@' symbol): " DOMAIN
PASS=$(pwmake 80)
/opt/dedrads/lil-cpanel $CPUSER mail password $USER $DOMAIN $PASS
echo "Reset password for $USER@$DOMAIN to $PASS"
)
# Jerald J's ensure all mail accounts both have mail and exist in passwd file (run from /home/userna5)
(
for i in $(ls -d mail/*.* | grep -v "dovecot.*index*" | grep -vP "(dovecot.mailbox.log|dovecot-uidvalidity.58109286)"); do
DOMAIN=$(echo $i | awk -F'/' '{print $2}')
echo $DOMAIN
for u in $(ls -ld $i/* | awk '{print $9}' | awk -F'/' '{print $4}'); do
printf "\t"
if grep -q $u ~/etc/$DOMAIN/passwd; then
echo "$(tput setaf 2)${u}@${DOMAIN} has mail and exists in passwd$(tput sgr0)"
else echo "$(tput setaf 1)${u}@${DOMAIN} has mail but not in passwd$(tput sgr0)"
fi
done
done
)
# Charles S's where does the mail go script
(
read -ep "User (use vps for a VPS): " usr
if [ "$usr" == "vps" ]; then
list=$(ls /var/named | grep db | rev | cut -c4- | rev)
else
list=$(sudo grep $usr /etc/userdomains | cut -d ':' -f1)
fi
for i in $list; do
usr=$(/scripts/whoowns $i)
if [ -a /home/$usr/mail/$i ]; then
echo -e "\e[92m $i Has Mail \e[39m"
dig $i txt +short
dig default._domainkey.$i txt +short
dig _dmarc.$i txt +short
else
echo -e "\e[91m $i Has No mail \e[39m"
echo
fi
done
)
# Test if an IP is on a blacklist for email.
echo "test" | mail -vv -s 'test - please ignore' test@majorisp.tld
# Mathew L. and Noah A's fix for webmail shadow files.
for i in /home/*/etc/*/shadow; do sed -i.bak 's#\r##g' "$file"; done
# Jeff Sh's fix for users folders existing in ~/mail, but not in the ~/etc/*/shadow file.
(
read -p "What's the domain name?" DOMAIN
for USER in $(\ls ~/mail/$DOMAIN/); do
EMAIL=${USER}@${DOMAIN}
RANDPASS=$(pwmake 80)
echo "$RANDPASS - $EMAIL" >> ~/NewEmailPasswords.txt
cpapi2 Email addpop domain=${DOMAIN} email=${EMAIL} password="$RANDPASS"
done
)
# Noah A's locate hacked shadow files from roottn that Shell Scan misses
find -not -path "./mail/*" -name '*.php' -exec grep -q 'roottn' {} \; -print
# Refresh cPanel maildir size reporting:
/scripts/generate_maildirsize -confirm userna5
# Jeff Sh's list all email addresses on the server.
(
for i in $(cat /etc/trueuserdomains | awk '{print $2}'); do
lil-cpanel mail list accounts -u $i
done
)
#===============================================================================
# Exim
#===============================================================================
# Force Exim to re-read the configuration file without having downtime.
kill -HUP `cat /var/spool/exim/exim-daemon.pid`
# Rebuild the Exim Conf file
/scripts/buildeximconf
# Force Exim queue delivery
exim -qff -v
# Kill entire Exim queue
exiqgrep -i | xargs exim -Mrm
# Jason Sm's destroy exim queue in a hurry
service exim stop && find /var/spool/exim/input/*/ -type f -exec rm -f {} \; && find /var/spool/exim/msglog/*/ -type f -exec rm -f {} \; && service exim restart
# Jason Sm's remove all outbound emails from exim queue for specified user
exiqgrep -i -f EMAIL_ADDRESS_HERE | xargs exim -Mrm
# Count how many messages are in the queue for a specific domain:
exim -bp | exiqsumm | grep <domain.com>
# See the 5 most recent sent emails in Exim
exiqgrep -if <domain.com> | head -5
# See the 5 most recent received emails in Exim
exiqgrep -ir domain.com | head -5
#===============================================================================
# cPanel/WHM
#===============================================================================
# Reset root pw temporarily and get one-time Root WHM login.
whmapi1 create_user_session user=root service=whostmgrd
# Jonathan Su.'s WHM URL process, good when you need to specify the username.
whmapi1 create_user_session user=root service=whostmgrd | grep url | cut -c 8-
# cPanel native process for just a Root WHM URL (forces Root user)
/usr/local/cpanel/scripts/whmlogin
## OR ##
whmlogin
# Run when changing the hostname on a VPS or dedicated server:
/scripts/restartsrv_cpsrvd; /usr/local/cpanel/cpkeyclt --force; /usr/local/cpanel/bin/checkallsslcerts --allow-retry --verbose
# Force cPanel to check/update/activate the cPanel license.
/usr/local/cpanel/cpkeyclt --force
# Check the IP that cPanel is using for it's license:
lynx -dump https://www.inmotionhosting.com/ip
# Jeff Sh's check all IPs to see if they're associated with a cPanel license somehow
(
for x in $(/scripts/ipusage | awk '{print $1}'); do
echo $x
lynx -dump https://verify.cpanel.net/app/verify?ip=$x | grep -i "cpanel/whm active"
done
)
# Delete/remove IP from the server using whmapi1
whmapi1 delip ip=<ip>
# Change the hostname of the server
/usr/local/cpanel/bin/set_hostname <fqdn_hostname>
# Sign service ssl with cpanel
/usr/local/cpanel/bin/checkallsslcerts --allow-retry --verbose
# Force update of Name Server Record Report
/usr/local/cpanel/scripts/updatenameserverips
# Force a cPanel backup process
/usr/local/cpanel/bin/backup --force
# Install the ConfigServer Explorer (File Manager for WHM)
cd /usr/src; rm -fv /usr/src/cse.tgz; wget https://download.configserver.com/cse.tgz; tar -xzf cse.tgz; cd cse; sh install.sh; rm -Rfv /usr/src/cse*
# Uninstall the ConfigServer Explorer (File Manager for WHM)
cd /usr/src; rm -fv /usr/src/cse.tgz; wget http://download.configserver.com/cse.tgz; tar -xzf cse.tgz; cd cse; sh uninstall.sh; rm -Rfv /usr/src/cse*
# Get a list of all cPanel users on the server.
awk '{print $2}' /etc/trueuserdomains
# Install Softaculous (after submitting for a license in System Center, of course) WITH InMotion Hosting branding.
(
sleep 15m
yum -y install softaculous-imh
/usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php
/usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cli.php -l
)
# Install Softaculous (after submitting for a lincese in System center, of course) WITHOUT InMotion Hosting branding - This is to be used for Resellers.
# Source: https://www.softaculous.com/docs/admin/installing-softaculous-in-cpanel/
(
sleep 15m
wget -N http://files.softaculous.com/install.sh
chmod 755 install.sh
./install.sh
)
# Install the WordPress Toolkit (free version) to replace WordPress Manager in cPanel. If the customer wants the Deluxe version, they need to purhcase a license from cPanel.
sh <(curl https://wp-toolkit.plesk.com/cPanel/installer.sh || wget -O - https://wp-toolkit.plesk.com/cPanel/installer.sh)
# Install PostgreSQL for cPanel
/usr/local/cpanel/scripts/installpostgres
# Remove PostgreSQL from cPanel (opposite of the above method)
yum -y remove postgresql cpanel-postgresql
# Jeff Sh's Disable the WHM Security Questions
sed -ine "s/SecurityPolicy\:\:SourceIPCheck=1/SecurityPolicy\:\:SourceIPCheck=0/g" /var/cpanel/cpanel.config; /scripts/restartsrv cpanel
# Jeff Sh's Re-enable the WHM Security Questions
sed -ine "s/SecurityPolicy\:\:SourceIPCheck=0/SecurityPolicy\:\:SourceIPCheck=1/g" /var/cpanel/cpanel.config; /scripts/restartsrv cpanel
# Jeff Sh's - Whitelist all InMotion Hosting IPs to avoid security questions, run:
(
echo -e "144.208.77.66
173.247.250.216
198.46.90.10
216.54.0.191/31
216.54.31.80/29
96.238.89.252/24
38.140.187.242/29
205.168.179.26/29
204.148.74.86/30
98.152.208.218/29
52.186.90.168
173.231.218.25" >> /var/cpanel/userhomes/cpanel/.cpanel/securitypolicy/iplist/root
)
# Jeff Sh's Reset the password for all cPanel accounts to a randomly generated one.
(
export ALLOW_PASSWORD_CHANGE=1
ls -1 /var/cpanel/users | while read user; do
pass=$(pwmake 80)
echo "$user $pass" >> ~/new-cpanel-pass_$(date +%Y-%m-%d).txt
/scripts/realchpass $user $pass
/scripts/ftpupdate
done
export ALLOW_PASSWORD_CHANGE=0
)
# Suspend all cPanel accounts on a server
(
for username in $(cat /etc/userdomains | awk {'print $2'} | grep -v nobody | sort -n | uniq); do
/scripts/suspendacct $username
done
)
# Reset cPanel account to defaults (run as cPanel user) - Make a backup first!!
rm -rf ~/{mail/*,public_html/*,etc/*,tmp/*}
# Upgrade to EasyApache 4. Use the Wiki as it was recently updated and works.
# https://wiki.inmotionhosting.com/index.php?title=EasyApache_4
# Jeff Sh's update all php.ini files with the same values (WordPress suggested defaults) and rebuild/restart PHP-FPM.
(
IFS=$'\n'
for PHP_INI_FILE in $(find /opt/cpanel/ea-php*/root/etc/ -maxdepth 1 -type f -name php.ini); do
echo "Making changes to $PHP_INI_FILE..."
sed -ine '/^ *\(short_open_tag\|asp_tags\|expose_php\|display_errors\)/s/=.*/= Off/;
/^ *\(zlib.output_compression\|allow_url_fopen\|allow_url_include\)/s/=.*/= On/;
s/\;zlib.output_compression = Off/zlib.output_compression = On/;
/^ *max_execution_time/s/=.*/= 300/;
/^ *max_input_time/s/=.*/= 120/;
/^ *max_input_vars/s/=.*/= 5000/;
s/\; max_input_vars = 1000/max_input_vars = 5000/;
/^ *memory_limit/s/=.*/= 512M/;
s/error_reporting = .*/error_reporting = E_ALL \& ~E_NOTICE \& ~E_DEPRECATED \& ~E_STRICT/;
/^ *\(post_max_size\|upload_max_filesize\)/s/=.*/= 256M/' $PHP_INI_FILE
done
/scripts/php_fpm_config --rebuild
/scripts/restartsrv_apache_php_fpm
for PHP_INI_FILE in $(find /opt/cpanel/ea-php*/root/etc/ -maxdepth 1 -type f -name php.ini); do
echo $PHP_INI_FILE:
egrep "max_exec_time =|max_input_time =|max_input_vars =|memory_limit =|post_max_size =|upload_max_size =" $PHP_INI_FILE
done
)
# Jeff Sh's update all php.ini files with custom values and rebuild/restart PHP-FPM.
(
read -p "max_execution_time (default 300): " MAX_EXEC_TIME
read -p "max_input_time (default 120): " MAX_INPUT_TIME
read -p "max_input_vars (default 5000): " MAX_INPUT_VARS
read -p "memory_limit (default 512M): " MEMORY_LIMIT
read -p "post_max_size and upload_max_filesize (default 256M): " UPLOAD_LIMIT
VAR_LIST=(EXEC_TIME INPUT_TIME INPUT_VARS MEMORY UPLOAD)
for VAR in "${VAR_LIST[@]}"; do
case $VAR in
EXEC_TIME)
if [ -z $MAX_EXEC_TIME ]; then MAX_EXEC_TIME=300; fi
;;
INPUT_TIME)
if [ -z $MAX_INPUT_TIME ]; then MAX_INPUT_TIME=120; fi
;;
INPUT_VARS)
if [ -z $MAX_INPUT_VARS ]; then MAX_INPUT_VARS=5000; fi
;;
MEMORY)
if [ -z $MEMORY_LIMIT ]; then MEMORY_LIMIT="512M"; fi
;;
UPLOAD)
if [ -z $UPLOAD_LIMIT ]; then UPLOAD_LIMIT="256M"; fi
;;
esac
done
IFS=$'\n'
for PHP_INI_FILE in $(find /opt/cpanel/ea-php*/root/etc/ -maxdepth 1 -type f -name php.ini); do
echo "Making changes to $PHP_INI_FILE..."
sed -ine '/^ *\(short_open_tag\|asp_tags\|expose_php\|display_errors\)/s/=.*/= Off/;
/^ *\(zlib.output_compression\|allow_url_fopen\|allow_url_include\)/s/=.*/= On/;
s/\;zlib.output_compression = Off/zlib.output_compression = On/;
/^ *max_execution_time/s/=.*/= '${MAX_EXEC_TIME}'/;
/^ *max_input_time/s/=.*/= '${MAX_INPUT_TIME}'/;
/^ *max_input_vars/s/=.*/= '${MAX_INPUT_VARS}'/;
s/\; max_input_vars = 1000/max_input_vars = '${MAX_INPUT_VARS}'/;
/^ *memory_limit/s/=.*/= '${MEMORY_LIMIT}'/;
s/error_reporting = .*/error_reporting = E_ALL \& ~E_NOTICE \& ~E_DEPRECATED \& ~E_STRICT/;
/^ *\(post_max_size\|upload_max_filesize\)/s/=.*/= '${UPLOAD_LIMIT}'/' $PHP_INI_FILE
done
/scripts/php_fpm_config --rebuild
/scripts/restartsrv_apache_php_fpm
for PHP_INI_FILE in $(find /opt/cpanel/ea-php*/root/etc/ -maxdepth 1 -type f -name php.ini); do
echo $PHP_INI_FILE:
egrep "max_exec_time =|max_input_time =|max_input_vars =|memory_limit =|post_max_size =|upload_max_size =" $PHP_INI_FILE
done
)
# Jeff Sh's update all php.ini files, but allow short open tags (which is a security risk to do, so really shouldn't be done).
(
IFS=$'\n'
for PHP_INI_FILE in $(find /opt/cpanel/ea-php*/root/etc/ -maxdepth 1 -type f -name php.ini); do
echo "Changes made to $PHP_INI_FILE:"
sed -ine '/^ *\(asp_tags\|expose_php\|display_errors\)/s/=.*/= Off/;
s/short_open_tag = Off/short_open_tag = On/;
/^ *\(zlib.output_compression\|allow_url_fopen\|allow_url_include\)/s/=.*/= On/;
s/\;zlib.output_compression = Off/zlib.output_compression = On/;
/^ *max_execution_time/s/=.*/= 300/;
/^ *max_input_time/s/=.*/= 120/;
/^ *max_input_vars/s/=.*/= 5000/;
s/\; max_input_vars = 1000/max_input_vars = 5000/;
/^ *memory_limit/s/=.*/= 512M/;
s/error_reporting = .*/error_reporting = E_ALL \& ~E_NOTICE \& ~E_DEPRECATED \& ~E_STRICT/;
/^ *\(post_max_size\|upload_max_filesize\)/s/=.*/= 256M/' $PHP_INI_FILE
done;
/scripts/php_fpm_config --rebuild;
/scripts/restartsrv_apache_php_fpm;
for PHP_INI_FILE in $(find /opt/cpanel/ea-php*/root/etc/ -maxdepth 1 -type f -name php.ini); do
echo $PHP_INI_FILE:
egrep "max_exec_time =|max_input_time =|max_input_vars =|memory_limit =|post_max_size =|upload_max_size =" $PHP_INI_FILE
done
)
# When you've updated to EasyApache 4 and the 500 error check reports many .htaccess "SetEnv" errors:
(
IFS=$'\n'
for htaccess_file in $(find /home*/ -maxdepth 5 -type f -name .htaccess -not -path "*/virtfs/*"); do
echo "Changes made to $htaccess_file:"
sed -i -e 's/^\s*SetEnv/#SetEnv/gIw /dev/stdout' $htaccess_file
done
)
# Remove cPHulk block
/scripts/cphulkdwhitelist <ip>
# Add cPHulk block
/scripts/cphulkdblacklist <ip>
# Paul Sk's flush cPHulk login history and add the IP to the CSF/APF firewall.
allow() {
whmapi1 flush_cphulk_login_history_for_ips ip="$1"
/scripts/cphulkdwhitelist "$1"
[ -f /etc/csf/csf.conf ] && csf -a "$1" || apf -a "$1"
}
allow <ip>
# Append to WHM session URL to autofix SSH
scripts2/doautofixer?autofix=safesshrestart
# Jeff Sh's empty every users .trash folder
find /home/*/.trash/* -exec rm -rf {} \;
# If there is a home2, home3, etc etc, you can use this command.
find /home*/*/.trash/* -exec rm -rf {} \;
# Jason Sm's convert to EA4, ignoring EA3's profile
wget -O /etc/cpanel/ea4/profiles/custom/compatability.json https://www.dropbox.com/s/3jioukxn1dgfs17/compatability.json && /scripts/migrate_ea3_to_ea4 --run --install_profile /etc/cpanel/ea4/profiles/custom/compatability.json
# Jeff Sh's backup all cPanel users on server, skipping the home directory.
(
for cpuser in $(awk '{print $2}' /etc/trueuserdomains); do
/scripts/pkgacct $cpuser --skiphomedir
done
)
# Install FreeTDS to enable customers to connect to remote MSSQL servers.
yum -y install ea-freetds
# Jason Sm's "kick DNS Admin in the pants"
rpm -e --nopostun imh-cpanel-dnsadmin; yum -y install imh-cpanel-dnsadmin; i=$(awk '{print $2}' /etc/trueuserdomains); pkill -9 -f dnsadmin; rm -Rf /var/cpanel/clusterqueue/status/imh*; rm -Rf /var/cpanel/cluster/root; mv /var/cpanel/cluster/$i /var/cpanel/cluster-old; /scripts/restartsrv_dnsadmin; /scripts/dnscluster syncall
# For cPanel v94, if dnsadmin fails to start, make sure it' set as a dormant service, then restart it.
whmapi1 set_tweaksetting key='dormant_services' value='cpdavd,cphulkd,cpsrvd,dnsadmin,spamd'
# Jon A's rebuild the DNS Cluster and sync the specified domain.
cp -R /var/named /var/named-$(date +%s) && echo -e "\n\e[33mEnter cPanel username (use root if unsure):\e[39m " ; read cpuser ; echo -n "Enter your API key: " ; read apikey ; echo -n "Enter your API user: " ; read apiuser ; if [ -d /var/cpanel/cluster/$cpuser ]; then mv /var/cpanel/cluster/$cpuser /root/cluster-$cpuser-$(date +%s); fi; mkdir -p /var/cpanel/cluster/$cpuser/config; echo -e "#version 2.0\nuser=${apiuser}\napikey=${apikey}\nmodule=IMH\ndebug=0" >> /var/cpanel/cluster/$cpuser/config/imh ; echo "write-only" >> /var/cpanel/cluster/$cpuser/config/imh-dnsrole; echo -e "imh\n2.3" >> /var/cpanel/cluster/$cpuser/config_standalone_sync_write-only.cache; echo -e "imh\n2.3" >> /var/cpanel/cluster/$cpuser/config_write-only_sync.cache; echo -e "\n\e[32mEnter the domain which DNS needs to be pushed:\e[39m " ; read i; domsoa1=sudo cat /var/named/$i.db | grep -i serial | awk '{print $1}'; domsoa=echo $domsoa1 | awk {'print $1'} && soadate=echo $domsoa | cut -c1-8; newsoa=date +%F | sed 's/-//g' | awk '{print $0"00"}'; sed -i "s/${domsoa}/${newsoa}/g" /var/named/$i.db; echo $i | xargs /scripts/dnscluster synczone && pkill -9 dnsadmin && /scripts/restartsrv_dnsadmin && /scripts/dnscluster syncall
# Jason Sm's enable proxy subdomains for all cPanel accounts (change "add" to "remove" to reverse)
for username in $(print $2} /etc/trueuserdomains);do /scripts/proxydomains add --user=$username; done
# Jason Sm's package all cPanel accounts with --skiphomedir
for i in $(awk '{print $2}' /etc/trueuserdomains); do /scripts/pkgacct --skiphomedir $i; done
# Jason Sm's restore all cpmove files in home directory forward loop
for backup in $(ls /home/ | grep cpmove |tr "\n" " " );do /scripts/restorepkg /home/$backup;done
# Jason Sm's run fixperms on all cPanel accounts
for i in $(awk '{print $2}' /etc/trueuserdomains); do fixperms -v $i; done
# Jason Sm's kill all pending/in-progress account restorations in WHM
cat /dev/null > /var/cpanel/backups/queue/restore_queue.stor ; /scripts/restartsrv_cpsrvd
# Disable IPv6 on cPanel
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
systemctl disable --now cpipv6
# Jason Sm's list of what IPs accessed cPanel password change function
grep passwd/index.html /usr/local/cpanel/logs/access_log | awk '{print $1" "$3}' | sort | uniq -c | sort -n -k1
# Jason Sm's suspend/unsuspend a cPanel account
read -p "cPanel username to suspend/unsuspend: " username; whmapi1 suspendacct user=$username && whmapi1 unsuspendacct user=$username
# Jason Sm's ensure Horde and Roundcube are enabled
whmapi1 set_tweaksetting key=skiphorde value=0 && whmapi1 set_tweaksetting key=skiproundcube value=0
# Jason Sm's reset all cPanel contact addresses
read -ep "What should the new contact address for all cPanel accounts be? " email; for username in $(awk '{print $2}' /etc/trueuserdomains); do whmapi1 modifyacct user=$username contactemail=$email; done
# Noah A's find how much RAM PHP-FPM is using for a cPanel user.
ps -u <username> -C php-fpm -o "rss,cmd" | awk '/ pool / { sum+=$1; count++ }; END { if (count > 0) printf ("%d%s\n", sum/count/1024,"M") }'
# Sometimes, the above replies blank and it's due to the "/ pool /" part. So...
ps -u <username> -C php-fpm -o "rss,cmd" | awk '{ sum+=$1; count++ }; END { if (count > 0) printf ("%d%s\n", sum/count/1024,"M") }'
# Noah A's find how much RAM is being used by PHP-FPM to find a safe max_children limit.
ps -C php-fpm -o "rss,cmd" | awk '/ pool / { sum+=$1; count++ }; END { if (count > 0) printf ("%d%s\n", sum/count/1024,"M") }'
# Same issue as the other. If the above doesn't work:
ps -C php-fpm -o "rss,cmd" | awk '{ sum+=$1; count++ }; END { if (count > 0) printf ("%d%s\n", sum/count/1024,"M") }'
# Jason Sm's restart services while respecting chkserv.conf
for i in apache_php_fpm crond dnsadmin dovecot exim eximstats ftpd httpd imap mysql named pop3 spamd rsyslog syslogd tailwatchd cpsrvd; do /scripts/restartsrv_$i; done
# Jason Sm's set configurable defaults for PHP-FPM .yaml files (check for existing /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml first, as this will nuke that file)
read -p "Enter new max_requests for all sites using PHP-FPM (default is 25): " requests; read -p "Enter new process_idle_timeout value for all sites using PHP-FPM (default is 10): " timeout; read -p "Enter new max_children value for all sites using PHP-FPM (default is 5): " children; mkdir /var/cpanel/ApachePHPFPM; echo "php_admin_value_disable_functions : passthru,shell_exec,exec,system" > /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml && echo "pm_max_children: $children" >> /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml && echo "pm_process_idle_timeout: $timeout" >> /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml && echo "pm_max_requests: $requests" >> /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml && /scripts/php_fpm_config --rebuild
# Robert H's recluster dns and sync all zones twice script
cp -R /var/named /var/named-$(date +%s) && echo -e "\n\e[33mEnter cPanel username (use root if unsure):\e[39m " ; read cpuser ; echo -n "Enter your API key: " ; read apikey ; echo -n "Enter your API user: " ; read apiuser ; if [ -d /var/cpanel/cluster/$cpuser ]; then mv /var/cpanel/cluster/$cpuser /root/cluster-$cpuser-$(date +%s); fi; mkdir -p /var/cpanel/cluster/$cpuser/config; echo -e "#version 2.0\nuser=${apiuser}\napikey=${apikey}\nmodule=IMH\ndebug=0" >> /var/cpanel/cluster/$cpuser/config/imh ; echo "write-only" >> /var/cpanel/cluster/$cpuser/config/imh-dnsrole; echo -e "imh\n2.3" >> /var/cpanel/cluster/$cpuser/config_standalone_sync_write-only.cache; echo -e "imh\n2.3" >> /var/cpanel/cluster/$cpuser/config_write-only_sync.cache; echo -e "\n\e[32mEnter the domain which DNS needs to be pushed:\e[39m " ; read i; domsoa1=$(sudo cat /var/named/$i.db | grep -i serial | awk '{print $1}'); domsoa=$(echo $domsoa1 | awk {'print $1'}) && soadate=$(echo $domsoa | cut -c1-8); newsoa=$(date +%F | sed 's/-//g' | awk '{print $0"00"}'); sed -i "s/${domsoa}/${newsoa}/g" /var/named/$i.db; echo $i | xargs /scripts/dnscluster synczone && pkill -9 dnsadmin && /scripts/restartsrv_dnsadmin && /scripts/dnscluster syncall
# Chase S' sync all zones
newSerial="$(date +"%Y%m%d")51"; for domain in $(\ls -1 /var/named/ | grep ".db"); do echo -n $domain" "; egrep -io "[0-9]{10}.*serial" /var/named/$domain | awk '{print $1}'; done | awk -v newSerial=$newSerial '{ if ( $2 < newSerial ) print $0}' > /var/named/UPDATE_DNS; OLDIFS=$IFS; IFS=$'\n'; for zone in $(cat /var/named/UPDATE_DNS); do zoneFile=$(echo $zone | awk '{print $1}'); oldSerial=$(echo $zone | awk '{print $2}'); replace $oldSerial $newSerial -- /var/named/$zoneFile; done; IFS=$OLDIFS; \rm -frv /var/named/UPDATE_DNS;/scripts/dnscluster syncall; for i in $(\ls /var/named | grep db | awk -F".db" {'print $1'}); do echo -n "$i: @ns1.inmotionhosting.com:"; dig @ns1.inmotionhosting.com $i +short | tr -d '\n'; echo -n " @ns2.inmotionhosting.com:"; dig @ns2.inmotionhosting.com $i +short | tr -d '\n'; echo -n " SOA:"; dig @ns2.inmotionhosting.com $i SOA +short | awk {'print $3'}; done
# Jeff Sh's backup, change the nameservers in all domains in zone files, then update the SOA and sync with DNS cluster.
change_ns_zones() {
read -p "Old Primary Nameserver: " OLD1
read -p "NEW Primary Nameserver: " NEW1
read -p "Old Secondary Nameserver: " OLD2
read -p "NEW Secondary Nameserver: " NEW2
read -p "Enter New SOA: " NEWSERIAL
echo "Backing up /var/named..."
tar -czf /backup/named_backup_$(date +%Y%m%d_$H%M).tar.gz /var/named
sed -i '/Previous value removed/d' /var/named/*.db
echo "Processing changes to all domain zone files..."
OLDIFS=$IFS
IFS=$'\n'
for ZONEFILE in $(find /var/named -maxdepth 1 -type f -name *.db); do
sed -ine "s/$OLD1/$NEW1/g; s/$OLD2/$NEW2/g" $ZONEFILE
done
for domain in $(\ls -1 /var/named/ | grep ".db"); do
echo -n $domain" "
egrep -io "[0-9]{10}.*serial" /var/named/$domain | awk '{print $1}'
done | awk -v NEWSERIAL=$NEWSERIAL '{ if ( $2 < NEWSERIAL ) print $0}' > /var/named/UPDATE_DNS
for zone in $(cat /var/named/UPDATE_DNS); do
zoneFile=$(echo $zone | awk '{print $1}')
OLDSERIAL=$(echo $zone | awk '{print $2}')
replace $OLDSERIAL $NEWSERIAL -- /var/named/$zoneFile
done
IFS=$OLDIFS
\rm -frv /var/named/UPDATE_DNS
/scripts/dnscluster syncall
for i in $(\ls /var/named | grep db | awk -F ".db" {'print $1'}); do
resp1=$(dig @ns1.inmotionhosting.com $i +short | tr -d '\n')
resp2=$(dig @ns2.inmotionhosting.com $i +short | tr -d '\n')
soa=$(dig @ns2.inmotionhosting.com $i SOA +short | awk {'print $3'})
echo -en "\033[36m$i\033[0m: @ns1.inmotionhosting.com: $resp1"
echo -n " @ns2.inmotionhosting.com: $resp2"
if [[ "$resp1" == "$resp2" ]]; then
echo -en " \033[32mMATCH\033[0m"
else
echo -en " \033[1;31mNO MATCH\033[0m"
fi
echo -e " \033[35mSOA:\033[0m $soa"
done
}; change_ns_zones
# Jeff Sh's backup, find and replace value in all zone files, then update the SOA and sync with DNS cluster.
dns_find_replace() {
read -p "Find: " OLD
read -p "Replace with: " NEW
read -p "Enter New SOA: " NEW_SERIAL
echo "Backing up /var/named..."
tar -czf /backup/named_backup_$(date +%Y%m%d_%H%M).tar.gz /var/named
sed -i '/Previous value removed/d' /var/named/*.db
echo "Processing changes to all domain zone files..."
IFS=$'\n'
for ZONEFILE in $(find /var/named -maxdepth 1 -type f -name *.db); do
sed -ine "s/$OLD/$NEW/g;" $ZONEFILE
done
for DOMAIN in $(\ls -1 /var/named/ | grep ".db"); do
echo -n $DOMAIN" "
egrep -m 1 -io "[0-9]{10}.*serial" /var/named/$DOMAIN | awk '{print $1}'
done | awk -v NEW_SERIAL=$NEW_SERIAL '{ if ( $2 < NEW_SERIAL ) print $0}' > /var/named/UPDATE_DNS
OLDIFS=$IFS
IFS=$'\n'
for ZONE in $(cat /var/named/UPDATE_DNS); do
ZONE_FILE=$(echo $zone | awk '{print $1}')
OLD_SERIAL=$(echo $zone | awk '{print $2}')
replace $OLD_SERIAL $NEW_SERIAL -- /var/named/$ZONE_FILE
done
IFS=$OLDIFS
\rm -frv /var/named/UPDATE_DNS
/scripts/dnscluster syncall
for i in $(\ls /var/named | grep db | awk -F ".db" {'print $1'}); do
resp1=$(dig @ns1.inmotionhosting.com $i +short | tr -d '\n')
resp2=$(dig @ns2.inmotionhosting.com $i +short | tr -d '\n')
soa=$(dig @ns2.inmotionhosting.com $i SOA +short | awk {'print $3'})
echo -en "\033[36m$i\033[0m: @ns1.inmotionhosting.com: $resp1"
echo -n " @ns2.inmotionhosting.com: $resp2"
if [[ "$resp1" == "$resp2" ]]; then
echo -en " \033[32mMATCH\033[0m"
else
echo -en " \033[1;31mNO MATCH\033[0m"
fi
echo -e " \033[35mSOA:\033[0m $soa"
done
}; dns_find_replace
# Jeff Sh's display the full list of domains on the server, then wait for ENTER to continue with a resync. Useful to reset DNS auth for lots of domains.
full_dns_auth_reset() {
echo
ls /var/named/ | grep db$ | rev | cut -c 4- | rev
echo
read -p "Press any key after you've submitted the domains for DNS Authority reset..." -n 1
read -p "Enter New SOA: " NEW_SERIAL
echo "Backing up /var/named..."
tar -czf /backup/zonefile_backup_$(date +"%Y%m%d_%H%M").tar.gz /var/named
sed -i '/Previous value removed/d' /var/named/*.db
for DOMAIN in $(\ls -1 /var/named/ | grep ".db"); do
echo -n $DOMAIN" "
egrep -io "[0-9]{10}.*serial" /var/named/$DOMAIN | awk '{print $1}'
done | awk -v NEW_SERIAL=$NEW_SERIAL '{ if ( $2 < NEW_SERIAL ) print $0}' > /var/named/UPDATE_DNS
OLDIFS=$IFS
IFS=$'\n'
for ZONE in $(cat /var/named/UPDATE_DNS); do
ZONE_FILE=$(echo $ZONE | awk '{print $1}')
OLD_SERIAL=$(echo $ZONE | awk '{print $2}')
echo -n "Performing changes on $ZONE... "
replace $OLD_SERIAL $NEW_SERIAL -- /var/named/$ZONE_FILE
done
IFS=$OLDIFS
rm -f /var/named/UPDATE_DNS
/scripts/dnscluster syncall
for i in $(\ls /var/named | grep db | awk -F ".db" {'print $1'}); do
resp1=$(dig @ns1.inmotionhosting.com $i +short | tr -d '\n')
resp2=$(dig @ns2.inmotionhosting.com $i +short | tr -d '\n')
soa=$(dig @ns2.inmotionhosting.com $i SOA +short | awk {'print $3'})
echo -en "\033[36m$i\033[0m: @ns1.inmotionhosting.com: $resp1"
echo -n " @ns2.inmotionhosting.com: $resp2"
if [[ "$resp1" == "$resp2" ]]; then
echo -en " \033[32mMATCH\033[0m"
else
echo -en " \033[1;31mNO MATCH\033[0m"
fi
echo -e " \033[35mSOA:\033[0m $soa"
done
}; full_dns_auth_reset
# Richardo's rotate all SOA serials
(
for i in $(ls /var/named/*.db); do
sed "5s/.*/\t\t\t\t\t\t$serials\; Serial Number/" -i $i
done
/scripts/dnscluster syncall
)
# Fix DNS Admin sync from Power Panel (DNS Authority Key)
# Check if /root/.accesshash exists?
ls -l /root/.accesshash
# No? Then gotta create a new one.
whmapi1 accesshash generate=1
# Make sure it's there:
grep accesshash /var/cpanel/cpanel.config
# Now submit a request to sync your DNS SSH key to the server (dkey) again to update/refresh the T3 server.
# You can now activate the key in Power Panel.
# Nick We's Black Magic to push DNS internally -- Even when you've done the things in this script manually, this contains some sort of wicked black magic that makes it work ¯\_(ツ)_/¯
cp -R /var/named /var/named-$(date +%s) && echo -e "\n\e[33mEnter cPanel username (use root if unsure):\e[39m " ; read cpuser ; echo -n "Enter your API key: " ; read apikey ; echo -n "Enter your API user: " ; read apiuser ; if [ -d /var/cpanel/cluster/$cpuser ]; then mv /var/cpanel/cluster/$cpuser /root/cluster-$cpuser-$(date +%s); fi; mkdir -p /var/cpanel/cluster/$cpuser/config; echo -e "#version 2.0\nuser=${apiuser}\napikey=${apikey}\nmodule=IMH\ndebug=0" >> /var/cpanel/cluster/$cpuser/config/imh ; echo "write-only" >> /var/cpanel/cluster/$cpuser/config/imh-dnsrole; echo -e "imh\n2.3" >> /var/cpanel/cluster/$cpuser/config_standalone_sync_write-only.cache; echo -e "imh\n2.3" >> /var/cpanel/cluster/$cpuser/config_write-only_sync.cache; echo -e "\n\e[32mEnter the domain which DNS needs to be pushed:\e[39m " ; read i; domsoa1=$(sudo cat /var/named/$i.db | grep -i serial | awk '{print $1}'); domsoa=$(echo $domsoa1 | awk {'print $1'}) && soadate=$(echo $domsoa | cut -c1-8); newsoa=$(date +%F | sed 's/-//g' | awk '{print $0"00"}'); sed -i "s/${domsoa}/${newsoa}/g" /var/named/$i.db; echo $i | xargs /scripts/dnscluster synczone && pkill -9 dnsadmin && /scripts/restartsrv_dnsadmin && /scripts/dnscluster syncall
# Shane G's remap all databases to new .json file
for i in '$(print $2}' /etc/trueuserdomains); do /scripts/rebuild_dbmap $i; done
# Jeff Sh's install imagick PECL for all PHP versions.
# DO NOT RUN THIS IF IMAGICK PHP MODULE INSTALLED FROM EASYAPACHE 4, IT'S DUPLICATE AND WILL CAUSE ERRORS.
(
echo "\n" | for PHPVER in $(ls -d /opt/cpanel/ea-php* | cut -d / -f 4); do
scl enable $PHPVER "pecl install imagick"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's remove imagick PECL for all PHP versions.
(
for PHPVER in $(ls -d /opt/cpanel/ea-php* | cut -d / -f 4); do
scl enable $PHPVER "pecl uninstall imagick"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's install imagick PECL for all versions of PHP with WebP support.
yum -y remove ImageMagick* && cd /root && rm -f ImageMagick.tar.gz && yum -y install bzip2-devel libtiff-devel giflib-devel ghostscript-devel libwmf-devel jasper-devel libtool-ltdl-devel libXext-devel libXt-devel OpenEXR-devel libwebp-devel rpmdevtool libtool-ltdl-devel ImageMagick-devel freetype-devel ghostscript-devel libwmf-devel jasper-devel lcms-devel bzip2-devel librsvg librsvg2 librsvg2* liblpr-1 liblqr-1-devel libtool-ltdl-devel autotrace-devel freetype +bytecode graphviz gs wmf jbig jpeg2 lcms jpeg libjpeg libjpeg-devel libtiff && cd /tmp && wget http://mirror.checkdomain.de/imagemagick/ImageMagick.tar.gz && tar xvfz ImageMagick.tar.gz && cd ImageMagick* && ./configure --prefix=/usr --with-rsvg=yes --with-wmf=yes --with-png=yes --with-libtiff=yes --with-tiff=yes --with-jpeg=yes --with-jp2=yes --with-freetype=yes && make && make install && ldconfig /usr/local/lib
# Jeff Sh's install Imagick EasyApache 4 PHP extension for all versions of PHP installed.
(
echo "\n" | for i in $(ls -d /opt/cpanel/ea-php* | cut -d / -f 4); do
yum -y install $i-php-imagick
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Install LibSodium and the PHP PECL for all PHP 7.x versions:
(
yum -y install libsodium libsodium-devel
for PHPVER in $(ls -d /opt/cpanel/ea-php* | cut -d / -f 4); do
scl enable $PHPVER "pecl install libsodium"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's install MongoDB PECL for all PHP versions.
(
echo "\n" | for PHPVER in $(ls -d /opt/cpanel/ea-php* | cut -d / -f 4); do
scl enable $PHPVER "pecl install mongodb"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's remove MongoDB PECL for all PHP versions.
(
echo "\n" | for PHPVER in $(ls -d /opt/cpanel/ea-php* | cut -d / -f 4); do
scl enable $PHPVER "pecl uninstall mongodb"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's install YAML PECL for all PHP versions that has PECL. Replace 'install' with 'uninstall' and remote "echo '\n' |" to remove.
(
echo "\n" | for PHPVER in $(ls -d /opt/cpanel/ea-php* | cut -d / -f 4); do
scl enable $PHPVER "pecl install yaml"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's install SSH2 PECL for PHP 7+
# NOTE: The ssh2 PECL module for PHP currently only supports PHP 7.x in it's "alpha" version. Since a stable version is not yet available,
# the module installer interface does not support it's installation, thus cPanel doesn't support this installation!
(
yum -y install libssh2-devel
for PHPVER in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
scl enable $PHPVER "pecl install https://pecl.php.net/get/ssh2-1.2.tgz"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's install SSH2 PECL for PHP 5.x
(
yum -y install libssh2-devel
for PHPVER in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
scl enable $PHPVER "pecl install ssh2"
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's fix cpanel-wp-cli setup
(
yum -y install cpanel-wp-cli
ln -s /usr/local/cpanel/3rdparty/share/cpanel-wp-cli/wp-cli.phar /usr/local/bin/wp
)
# Jeff Sh's fix for fixing WP-CLI on CageFS systems (Cloudlinux)
vim /etc/cagefs/conf.d/wpcli.cfg
# Add:
[wpcli]
comment=Allow wp-cli to work on the server
paths=/usr/local/bin/wp
# Then update CageFS:
cagefsctl --force-update
# Run to resolve "API key used has insufficient ACLs. The clustering ACL is required." in DNS clusters
(
yum clean all
yum -y update imh-dnskeyapi
)
# Nelson S's suspend all child accounts of a reseller without suspending the reseller itself
suspend_children() {
for usr in $(awk -F': ' -v"USER=$1" '$2 ~ USER && $1 !~ USER {print $1}' /etc/trueuserowners); do
/scripts/suspendacct $usr
done
}; suspend_children reseller_userna5
# Jon A's change the document root of a domain
changedocroot() {
echo 'Domain: ' && read domain
echo 'New Documentroot: ' && read newdocroot
cpuser=$(grep $domain /etc/trueuserdomains | awk '{print $2}')
olddocroot=$(grep documentroot /var/cpanel/userdata/$cpuser/$domain|awk '{print $2}')
echo $cpuser $olddocroot
replace "documentroot: $olddocroot" "documentroot: $newdocroot" -- /var/cpanel/userdata/$cpuser/$domain
replace "path: $olddocroot/cgi-bin" "path: $newdocroot/cgi-bin" -- /var/cpanel/userdata/$cpuser/$domain
replace "documentroot: $olddocroot" "documentroot: $newdocroot" -- /var/cpanel/userdata/$cpuser/$domain\_SSL
replace "path: $olddocroot/cgi-bin" "path: $newdocroot/cgi-bin" -- /var/cpanel/userdata/$cpuser/$domain\_SSL
rm -f /var/cpanel/userdata/$cpuser/$domain\_SSL.cache
rm -f /var/cpanel/userdata/$cpuser/$domain\.cache
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
}; changedocroot
# Jeff Sh's change the cPanel homedir value - Based on Jon A's document root change.
changehomedir() {
echo 'Domain: ' && read domain
echo 'New Homedir: ' && read newhomedir
cpuser=$(grep $domain /etc/trueuserdomains | awk '{print $2}')
oldhomedir=$(grep homedir /var/cpanel/userdata/$cpuser/$domain|awk '{print $2}')
echo $cpuser $oldhomedir
replace "homedir: $oldhomedir" "homedir: $newhomdir" -- /var/cpanel/userdata/$cpuser/$domain
replace "homedir: $oldhomedir" "homedir: $newhomdir" -- /var/cpanel/userdata/$cpuser/$domain\_SSL
rm -f /var/cpanel/userdata/$cpuser/$domain\_SSL.cache
rm -f /var/cpanel/userdata/$cpuser/$domain\.cache
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
}; changehomedir
# Change the email quota for a cPanel email address. Remove the entry to make it unlimited. Change theh value to change the quota.
/home/<user>/etc/<domain>/quota
# Manually execute the transport queue
/usr/local/cpanel/bin/cpbackup_transporter
# Fix cPanel locale issues
mv /var/cpanel/locale /var/cpanel/bad_locale; /usr/local/cpanel/bin/build_locale_databases --force
# Rebuild the cPanel Userdata
(
mv /var/cpanel/userdata /var/cpanel/userdata.$(date +%Y%m%d)
mkdir /var/cpanel/userdata
/usr/local/cpanel/bin/userdata_update --reset
/usr/local/cpanel/bin/fix_userdata_perms
/scripts/updateuserdatacache
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
)
# Install the cPanel Application Manager tool, which is installed via Ruby mod_passenger
yum -y install ea-ruby24-mod_passenger
# Reverse the changes done by the WHM Transfer Tool when Live Transfer was left enabled. Credit: Nicholas B. & Nelson S.
# From Nelson S.:
# To disable it you have to remove proxy_backend from all of the userdata files, easy enough with a mass sed. Then rebuild httpdconf and boom it's gone, yay.
# and then you have to comment out RedirectMatch for cgi-sys/movingpage.cgi in the .htaccess as well, find + sed works for this too
find /home -type d -path '/home/virtfs' -prune -o -type f -name .htaccess -exec sed -i.bak -E 's_(RedirectMatch.*movingpage\.cgi)_#\1_g' {} \; -print
# From Nicholas B.:
# Transfer Tool redirects, you also need to run the WHMAPI command unset_all_service_proxy_backends alongside the redirect removal script that others have provided.
# You can do this by running the loop:
(
for user in $(cat /etc/trueuserowners | cut -d : -f1); do
whmapi1 unset_all_service_proxy_backends username=$user
done
)
# Convert CentOS on cPanel to CloudLinux
# if you have activation key (most common)
wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k <activation_key>
### or ###
# if you have IP based license
sh cldeploy -i
reboot
#===============================================================================
# AutoSSL
#===============================================================================
# When a domain is failing HTTP DCV, make sure the root nameservers are working from the server.
(
for i in {a..m}; do
echo -n "$i: "
dig +short $i.root-servers.net @$i.root-servers.net
done
)
# Check the resolvers used by cPanel...
/scripts/cpdig <domain> A --verbose
/usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'local $Cpanel::DnsRoots::Resolver::DEBUG=1; print Dumper(Cpanel::DnsRoots->new()->get_ipv4_addresses_for_domain("<domain>"));'
# Disable all AutoSSL emails
whmapi1 set_tweaksetting key=notify_expiring_certificates value=0
# Delete all pending AutoSSL certs for a user
sqlite3 /var/cpanel/autossl_queue_cpanel.sqlite
delete from requests where username='USERNAME';
# Levi J's search through AutoSSL logs
read -p "Search for?: " searchterm; for log in $(sudo ls -tr /var/cpanel/logs/autossl/); do sudo cat /var/cpanel/logs/autossl/$log/txt | grep -A 10 $searchterm; done
# Jason Sm's set Let's Encrypt and run autossl (credit to Sean C. for assistance) -- Updated by Jon A. for new ToS agreement.
# Note: This is NOT the Let's Encrypt cPanel plugin. This is changing the provider of the AutoSSL that's native to cPanel and integrates with WHM (called "The Let's Encrypt Plugin").
# The "Let's Encrypt for cPanel" plugin is a paid-for plugin. Learn more: https://letsencrypt-for-cpanel.com/docs/comparison-with-cpanel-autossl/
# INSTALLATION:
(
/scripts/install_lets_encrypt_autossl_provider
whmapi1 set_autossl_provider provider=LetsEncrypt x_terms_of_service_accepted="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
whmapi1 x_terms_of_service_accepted="https://acme-v01.api.letsencrypt.org/terms"
whmapi1 set_tweaksetting key=global_dcv_rewrite_exclude value=1
whmapi1 start_autossl_check_for_all_users
)
# REMOVAL:
/usr/local/cpanel/scripts/uninstall_lets_encrypt_autossl_provider
# Fix the AutoSSL CRON job
cat /etc/cron.d/cpanel_autossl
# Should return:
30 0 * * * root /usr/local/cpanel/bin/autossl_check --all
# If not:
echo "30 0 * * * root /usr/local/cpanel/bin/autossl_check --all" > /etc/cron.d/cpanel_autossl
#========================================================================================
# MISC DATA CENTER INFORMATION
#========================================================================================
# Data Center PING test IPs
WCDC: 198.46.95.108
ECDC: 173.231.208.118
# DC Certificate Docs
https://wiki.inmotionhosting.com/index.php?title=SAS_70_Type_2_and_Type_2_SSAE_16_SOC_2#Equinix_.28ECDC.29_Reports
# DC Tiers
WC is Tier 3
EC is Tier 4
#========================================================================================
# NGINX
#========================================================================================
################################################################################
############################ IMPORTANT NOTE ####################################
################################################################################
# For new IMH NGINX installations, the below is out of date as of 2020-02-21 per #qos from Jacob H. Kept for archival reasons as the
# processs to remove NGINX is still valid if the associated installation process was used. But all new installations must use the new installation
# process.
#
# Install IMH NGINX, configure it for mod_remoteip for Apache logs to have the correct IP reported. This also includes the Safari fix if used with HTTP/2.
install_nginx() {
yum -y install epel-release imh-python && yum -y remove drush
sed -i 's/apache_port=.*/apache_port=0.0.0.0:8080/' /var/cpanel/cpanel.config
sed -i 's/apache_ssl_port=.*/apache_ssl_port=0.0.0.0:8443/' /var/cpanel/cpanel.config
service cpanel restart
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
yum -y install imh-nginx imh-ngxconf imh-ngxutil imh-cpanel-cache-manager ea-apache24-mod_cloudflare ea-apache24-mod_remoteip
echo -e "\n#IMH - Make sure iOS devices work correctly with HTTP/2\nproxy_hide_header Upgrade;" >> /etc/nginx/conf.d/nginx-includes.conf;
echo -e "\n#IMH - Correct the Apache logs for NGINX.\nLogFormat \"%{X-Real-IP}i %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined" >> /etc/apache2/conf.d/includes/pre_main_global.conf
echo -e "\n#IMH - Correct the IP address reported to Apache by NGINX.\n<IfModule remoteip_module>\nRemoteIPHeader X-Forwarded-For\nRemoteIPInternalProxy 127.0.0.0/8 ::1 $(hostname -i)\n</IfModule>" >> /etc/apache2/conf.d/includes/pre_main_global.conf
echo -e "\n#IMH - Make sure that visitors IP is in the logs and not the Cloudflare IP.\nreal_ip_header CF-Connecting-IP;" >> /etc/nginx/conf.d/cloudflare2.conf
for vhost in $(ls /etc/nginx/vhosts/*.conf); do
sed -i '/ssl_protocols/c\ssl_protocols TLSv1.2 TLSv1.3;' $vhost
done
sed -i '/ssl_protocols/c\ssl_protocols TLSv1.2 TLSv1.3;' /etc/nginx/nginx.conf
nginx -t
for vhost in $(ls /etc/nginx/vhosts/*.conf); do
sed -i "/ssl_ciphers/c\ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;" $vhost
done
ngxconf -Rrd
service nginx start
/scripts/php_fpm_config --rebuild
/scripts/restartsrv_apache_php_fpm
netstat -nlp | grep -P 'nginx|httpd'
}; install_nginx
# Remove IMH NGINX
uninstall_nginx() {
sed -i 's/apache_port=.*/apache_port=0.0.0.0:80/' /var/cpanel/cpanel.config
sed -i 's/apache_ssl_port=.*/apache_ssl_port=0.0.0.0:443/' /var/cpanel/cpanel.config
sed -i '/\#IMH .*/d' /etc/apache2/conf.d/includes/pre_main_global.conf
sed -i '/LogFormat .*/d' /etc/apache2/conf.d/includes/pre_main_global.conf
sed -i '/RemoteIPHeader .*/d' /etc/apache2/conf.d/includes/pre_main_global.conf
sed -i '/RemoteIPInternalProxy .*/d' /etc/apache2/conf.d/includes/pre_main_global.conf
yum -y remove imh-nginx imh-ngxconf imh-ngxutil imh-cpanel-cache-manager
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
service httpd restart
/scripts/php_fpm_config --rebuild
/scripts/restartsrv_apache_php_fpm
netstat -nlp | grep -P 'nginx|httpd'
}; uninstall_nginx
################################################################################
########################### SEE NOTE ABOVE #####################################
################################################################################
# Install IMH NGINX - As of 2020-02-21
yum -y install imh-ultrastack-ded && tail -f /var/log/messages | grep post_install
# Remove IMH NGINX - As of 2020-02-21
yum -y remove imh-ultrastack-ded imh-nginx imh-cpanel-cache-manager imh-ngxconf && netstat -nlp | egrep "httpd|nginx"
# Install Engintron NGINX
cd /; rm -f engintron.sh; wget --no-check-certificate https://raw.githubusercontent.com/engintron/engintron/master/engintron.sh; bash ./engintron.sh install
# Remove Engintron NGINX
cd /; rm -f engintron.sh; wget --no-check-certificate https://raw.githubusercontent.com/engintron/engintron/master/engintron.sh; bash ./engintron.sh remove
# Install nginx tools (if missing)
yum -y install imh-ngxconf imh-ngxutil imh-cpanel-cache-manager
# Forced full rebuild of the NGINX configuration
ngxconf -Rrd --force
# Rebuild just a single cPanel user
ngxconf -u <cpanel_user> -rd
# Purge NGINX cache
ngxutil -Xu <cPanel_user>
# Purge the NGINX cache for ALL users
ngxutil -Z
# Show NGINX cache stats for a domain (add "-E user@email.com" to email the report)
ngxutil -Sx -z 5000 -d <domain>
# Show the NGINX cache status for the server (add "-E user@email.com" to email the report)
ngxutil -Sx
# Jason Sm's purge all NGINX cache zones
for i in $(awk '{print $2}' /etc/trueuserdomains); do ngxutil -Xu $i; done
# Jason Sm's force NGINX to pass visitor IPs to Apache for logging
grep -rli '%h' /var/cpanel/templates/apache2_4/* | xargs -i@ sed -i 's/%h/%{X-Real-IP}i/g' @ ; /usr/local/cpanel/scripts/rebuildhttpdconf ; service httpd restart
# Jason Sm's disable static content acceleration in IMH-NGINX stack
grep -rli 'accel_static_content' /home/*/.imh/nginx/ | xargs -i@ sed -i 's/accel_static_content: true/accel_static_content: false/g' @ ; ngxconf -Rr
# Tyler K's prevent NGINX requests from looking like loopback requests.
# mod_remoteip must also be installed for Apache.
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.0/8 ::1 <MAIN_SERVER_IP>
grep -rli '%h' /var/cpane/templates/apache2_4/* | xargs -i@ sed -i 's/%h/%{X-Real-IP}i/g' @
# Jason Sm's fix for IMH-NGINX + HTTP/2 serving to iOS/OSX
echo "proxy_hide_header Upgrade;" >> /etc/nginx/conf.d/nginx-includes.conf; ngxconf -Rrd --force; service nginx restart
# Nelson S's locate duplicate proxy_* entries in NGINX
grep -irE 'proxy_(busy_)?buffer' /etc/nginx/
# Jeff Sh's set NGINX to only allow TLSv1.2 and TLSv1.3 for all vhosts & server, update the NGINX configuration template for vhosts and set the ciphers on the server and vosts.
(
for vhost in $(ls /etc/nginx/vhosts/*.conf); do
sed -i '/ssl_protocols/c\ssl_protocols TLSv1.2 TLSv1.3;' $vhost
done
sed -i '/ssl_protocols/c\ssl_protocols TLSv1.2 TLSv1.3;' /etc/nginx/nginx.conf
for vhost in $(ls /etc/nginx/vhosts/*.conf); do
sed -i "/ssl_ciphers/c\ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';" $vhost
done
sed -i '/ssl_protocols/c\ssl_protocols TLSv1.2 TLSv1.3;' /opt/ngxconf/templates/default_server.j2
nginx -t
sleep 10
ngxconf -Rrd
service nginx restart
)
# To get the real remote IPs via Sucuri through to Apache and NGINX logs, add this to the /etc/nginx/conf.d/sucuri.conf file, then rebuild NGINX. Make sure mod_remoteip is installed.
echo -e "# Define header with original client IP
real_ip_header X-Forwarded-For;
# Define trusted Firewall IPs
set_real_ip_from 192.88.134.0/23;
set_real_ip_from 185.93.228.0/22;
set_real_ip_from 66.248.200.0/22;
set_real_ip_from 208.109.0.0/22;
set_real_ip_from 2a02:fe80::/29;" > /etc/nginx/conf.d/sucuri.conf
# Betsy H's get the real remote IPs via Cloudflare through to Apache and NGINX logs. We need to make sure mod_remoteip and mod_cloudflare are installed or it doesn't work.
(
echo "real_ip_header CF-Connecting-IP;" > /etc/nginx/conf.d/cloudflare2.conf
yum -y install ea-apache24-mod_remoteip ea-apache24-mod_cloudflare
ngxconf -Rrd --force
)
# Fix for Beaver Builder on NGINX platforms. Add this to the functions.php file (or tell the customer to do it):
add_filter( 'fl_builder_render_assets_inline', '__return_true' );
# Source: https://docs.wpbeaverbuilder.com/beaver-builder/developer/tutorials-guides/change-how-css-and-javascript-are-loaded/
#===============================================================================
# Apache
#===============================================================================
# If service httpd status doesnt work, add the following to <Location /whm-server-status> to allow IPv6 loopbacks
Allow from 127.0.0.1 ::1
# Install mod_cloudflare for EA4 - OUTDATED
wget -O /etc/yum.repos.d/EA4-Mod-Cloudflare.repo http://download.opensuse.org/repositories/home:/Jperkster:/EA4_Mod_Cloudflare/CentOS-7/home:Jperkster:EA4_Mod_Cloudflare.repo ; yum install ea-apache24-mod_cloudflare
# Intall mod_cloudflare for EA4
yum install ea-apache24-mod_cloudflare
#===============================================================================
# MySQL/MariaDB
#===============================================================================
# Live list of MySQL queries
while true ; do clear ; mysqladmin pr ; sleep 2 ; done
# Jeff Sh's better version of above
watch mysqladmin pr
# Jeff Sh's get a full live list of the MySQL queries from a database, including the full command being run.
(
read -p "Enter database name: " database
watch -n 2 'mysql ${database} -e "show full processlist;"'
)
# Jeff Sh's MyTop setup and config.
yum -y install mytop && echo "db=mysql" > /root/.mytop; mytop
# Repair all DB tables (InnoDB)
mysqlcheck -reA
# Add to my.cnf to fix long sleeping processes:
interactive_timeout = 90
wait_timeout = 90
# To make these live right away, run these SQL commands:
SET GLOBAL interactive_timeout = 90;SET GLOBAL wait_timeout = 90;
# Protect the MySQL local file. Added to /etc/my.cnf
local-infile = 0
# Set read-only queries to have a timeout of 100 seconds.
max_statement_time = 100
# Turn OFF Strict Mode on MySQL, leaving other modes active:
sql-mode = 'ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
# All together.
interactive_timeout = 90
wait_timeout = 90
local-infile = 0
sql-mode = 'ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
max_statement_time = 100
# Default my.cnf on a fresh install of cPanel.
[mysqld]
performance-schema=0
innodb_file_per_table=1
max_allowed_packet=268435456
open_files_limit=10000
default-storage-engine=MyISAM
# Slow Query Logging to file
slow_query_log = On
long_query_time = 3
slow_query_log_file = /var/log/mysql_slow_queries
# Slow Query Logging to the "mysql" DB, table "slow_log"
slow_query_log = 1
long_query_time = 3
log_output = TABLE
log-slow-admin-statements
# Check all user-defined my.cnf files for issues (/home/*/.my.cnf)
/usr/local/cpanel/scripts/check_users_my_cnf
# Brandon P.'s repair all MyISAM databases
for i in $(find /var/lib/mysql/ -name '*.MYI'); do myisamchk -r -f $i; done
# Jeff Sh.'s repair all MyISAM databases, if Brandon's doesn't work or there are "myisamchk: error: 140 when opening MyISAM-table" errors.
(
for i in $(find /var/lib/mysql/ -name '*.MYI' | sed 's/.\{4\}$//'); do
myisamchk -r -f $i
done
)
# Jeff Sh.'s repair all MySQL databases.
(
mysqlcheck -reA
for i in $(find /var/lib/mysql/ -name '*.MYI'); do
myisamchk -r -f $i
done
for i in $(find /var/lib/mysql/ -name '*.MYI' | sed 's/.\{4\}$//'); do
myisamchk -r -f $i
done
)
# Jeff Sh's tool for backup and repair of all databases. Good for when you want to pass arguments before actually running it.
wget -a /var/log/mysql_db_repair.log -O ./mysqlrepairall https://raw.githubusercontent.com/Hummdis/mysqlrepairall/master/mysqlrepairall && chmod +x ./mysqlrepairall && ./mysqlrepairall
# More streamlined version, which is good for the "just run it".
curl -sL https://raw.githubusercontent.com/Hummdis/mysqlrepairall/master/mysqlrepairall | bash -
# Will H.'s dump all databases loop
mkdir /backup/db_backups; touch /backup/db_backups/list; for db in $( mysql -e 'show databases' | grep -v "Database\|information_schema" | awk '{print $1}' ) ; do mysqldump --add-drop-table --max_allowed_packet=1G $db > /backup/db_backups/$db.sql && echo $db >> list; done
# Jeff Sh's dump all user databases loop - SAFEST BACKUP METHOD
(
TIMESTAMP=$(date +%Y-%m-%d_%H%M)
mkdir -p /backup/db_backups/$TIMESTAMP
LIST="/backup/db_backups/${TIMESTAMP}/01_LIST"
echo -e "\nBacking up each database individually to /backup/db_backups/${TIMESTAMP}/"
touch $LIST
for DB in $(mysql -e 'show databases' | grep -vE "Database|schema|cphulk|leech|modsec" | awk '{print $1}' ); do
echo -n "Backing up DB: ${DB}..."
mysqldump --add-drop-table --max_allowed_packet=1G $DB > /backup/db_backups/$TIMESTAMP/$DB.sql && echo $DB >> $LIST
echo -e "\033[32mDone\033[0m"
done
echo -e "DB Backup list located at ${LIST}"
)
# Jeff Sh's create DB and matching user, then import all databases from Will H. dump loop above. Make sure you're in side the directory with these.
# This does skip the mysql.sql file since it recreates the DB and matching username as needed. Passwords are randomized.
(
for x in $(ls *.sql | grep -v mysql.sql | cut -d. -f1); do
echo -n "Working on ${x}..."
PASSWDDB="$(pwmake 80)"
mysql -e "CREATE DATABASE ${x} /*\!40100 DEFAULT CHARACTER SET utf8 */;"
mysql -e "CREATE USER ${x}@localhost IDENTIFIED BY '${PASSWDDB}';"
mysql -e "GRANT ALL PRIVILEGES ON ${x}.* TO '${x}'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
mysql -u root $x < ${x}.sql
echo -e "\033[32mDone\033[0m"
done
)
# Jeff Sh.'s dump all databases to a single SQL file. (This really is not the best idea. Only keeping in file for informational purposes.)
mysqldump -u root --events --max_allowed_packet=1G --all-databases > /backup/db_backups/all_databases_$(date +%Y-%m-%d_%H%M).sql
# Jeff Sh.'s one liner for backing up and repairing all databases. (This really is not the best idea as it backs up all SQL databases to a single file. Only keeping in file for informational purposes.)
(
mkdir /backup/db_backups
mysqldump -u root --max_allowed_packet=1G --all-databases > /backup/db_backups/all_databases_`date +%Y-%m-%d_%H%M`.sql
mysqlcheck -resAo
for i in $(find /var/lib/mysql/ -name '*.MYI'); do
myisamchk -r -f $i
done
for i in $(find /var/lib/mysql/ -name '*.MYI' | sed 's/.\{4\}$//'); do
myisamchk -r -f $i
done
)
# WHM API for MySQL to MariaDB 10.2 upgrade - Change to 10.3 if 10.3 is what customer wants.
whmapi1 start_background_mysql_upgrade version=10.2
# WHM API for MySQL < 5.6 to MySQL 5.6 Upgrade
whmapi1 start_background_mysql_upgrade version=5.6
# Jeff Sh.'s find the number of times a MySQL database has been reported as 'corrupt' or 'crashed' in the current month.
(
CMONTH=$(date +%Y-%m)
echo -e "CORRUPT TABLE SEARCH\n# Found:\tDatabase:"
sudo cat /var/lib/mysql/*.err | awk "/$CMONTH/ && /corrupt/" | grep -vE "corrupted|InnoDB:" | awk '{print $9}' | sort | uniq -c | sort -rn
echo -e "\n\nCRASHED TABLE SEARCH\n# Found:\tDatabase:"
sudo cat /var/lib/mysql/*.err | awk "/$CMONTH/ && /crashed/" | awk '{print $7}' | sort | uniq -c | sort -rn
)
# Jeff Sh's find the number of MySQL 5.6+ tables that have been reported as 'crashed' or 'corrupt' in the past 3 days.
(
TODAY=$(date +%Y-%m-%d)
OLDEST=$(date --date="${TODAY} -3 day" +%Y-%m-%d)
echo -e "CORRUPT TABLE SEARCH\n# Found:\tDatabase:"
sed -n '/'${OLDEST}'/,/'${TODAY}'/p' /var/lib/mysql/*.err | awk '$9 ~ /corrupt/{print;}' | grep -v "corrupted" | uniq -c | sort -rn
echo -e "\nCRASHED TABLE SEARCH\n# Found:\tDatabase:"
sed -n '/'${OLDEST}'/,/'${TODAY}'/p' /var/lib/mysql/*.err | awk '$7 ~ /crashed/{print;}' | uniq -c | sort -rn
)
# Jeff Sh's find the number of MySQL 5.5 and OLDER tables that have been reported as 'crashed' or 'corrupt' in the past 3 days.
(
TODAY=$(date +%y%m%d)
OLDEST=$(date --date="${TODAY} -3 day" +%y%m%d)
echo -e "CORRUPT TABLE SEARCH\n# Found:\tDatabase:"
sed -n '/'${TODAY}'/,/'${OLDEST}'/p' /var/lib/mysql/*.err | awk '$9 ~ /corrupt/{print;}' | grep -v "corrupted" | uniq -c | sort -r
echo -e "\nCRASHED TABLE SEARCH\n# Found:\tDatabase:"
sed -n '/'${OLDEST}'/,/'${TODAY}'/p' /var/lib/mysql/*.err | awk '$7 ~ /crashed/{print;}' | uniq -c | sort -rn
)
# Use MySQL tuner -- Bypasses downloading and executes the latest version, always.
curl -sL https://raw.github.com/major/MySQLTuner-perl/master/mysqltuner.pl | perl
# Force MySQL recovery -- see Jacob H. wiki page for innodb recovery and make sure this isn't already in the file!
echo "innodb_force_recovery = 1" >> /etc/my.cnf
# Jason Sm's kill all MySQL processes except for those run by root
for i in $(mysqladmin pr | grep localhost | grep -v root | awk '{print $2}'); do echo "kill $i;" | mysql; done
# Jeff Sh's kill all sleeping MySQL processes.
for i in $(mysql -e "show processlist" | awk '/Sleep/ {print $1}') ; do mysql -e "KILL $i;"; done
# Kale M's create a database and user, grant privileges
(
read -ep 'Name:' n && n="${USER}_${n}"
p="$(pwmake 80)"
uapi Mysql create_database name="${n}"
uapi Mysql create_user name="${n}" password="${p}" && uapi Mysql set_privileges_on_database user="${n}" database="${n}" privileges='ALL PRIVILEGES'
printf "\n\nDB: ${n}\nPW: ${p}\n\n"
)
# Jon A's dump all databases for a cPanel user
echo "cp user: "; read $CP; for I in $(whmapi1 list_databases | grep "name: $CP" | sed 's/name://'); do mysqldump --add-drop-table --max_allowed_packet=1G $I; done
# Jon A's delete all MySQL users from a cPanel user
echo 'cp user: '; read CP; for I in $(whmapi1 list_database_users | grep "name: $CP" | sed 's/name: //'); do mysql -e 'DROP USER $I'; done
# Mathew L's run MySQL without using SystemD.
mk_mysqld() {
hostname="$1"
[[ -z "$hostname" ]] && return 1
echo "/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/lib/mysql/$hostname.err --open-files-limit=50000 --pid-file=/var/lib/mysql/$hostname.pid --socket=/var/lib/mysql/mysql.sock --port=3306"
}; mk_mysqld
# Noah A's fix WP Rocket Cached - Run it under the needed database, not from the CLI.
DELETE FROM wp_options WHERE `option_name` LIKE '%rocket_preload_batch%';
# Jeff Sh's stop and restart the MySQL server without permisson restrictions that will allow you to recreate the Root user.
/scripts/restartsrv_mysql --stop && sed -i 's/mysql:1/mysql:0/g' /etc/chkserv.d/chkservd.conf && /etc/chkserv.d/chkservd.conf && mysqld_safe --skip-grant-tables --skip-networking &
# Then, make your changes. After you're done, reverse the above to start it normally.
/scripts/restartsrv_mysql --stop && sed -i 's/mysql:0/mysql:1/g' /etc/chkserv.d/chkservd.conf && /etc/chkserv.d/chkservd.conf && /scripts/restartsrv_mysql --start
# Setup MySQL/MariaDB Log Rotations to prevent logs from getting too big and taking up tons of space.
http://ronaldbradford.com/blog/the-correct-approach-to-rolling-mysql-logs-2010-02-22/
#===============================================================================
# SYSTEM
#===============================================================================
# Jeff Sh's Quick Setup -- Often servers are not setup with the needed things or generally have "issues". I run this to ensure "the needful" is there.
curl -sL https://hummdis.com/imh/scripts/quick_setup.sh | bash -
# Install ConfigServer File Manager (CSE) for WHM
(
cd /usr/src
rm -fv /usr/src/cse.tgz
wget https://download.configserver.com/cse.tgz
tar -xzf cse.tgz
cd cse
sh install.sh
rm -Rfv /usr/src/cse*
cd
)
# Remove ConfigServer File Manager (CSE) for WHM
(
cd /usr/src
rm -fv /usr/src/cse.tgz
wget http://download.configserver.com/cse.tgz
tar -xzf cse.tgz
cd cse
sh uninstall.sh
rm -Rfv /usr/src/cse*
cd
)
# Jeff Sh's perform a DNS lookup for each domain on a server. You'll need to fist copy-and-paste the domain list, then press CTRL-D.
(
domains=$(cat)
for domain in $domains; do
echo "${domain}: $(dig @1.1.1.1 $domain +short)"
done
)
# Force a reinstall of a given package with all package dependancies (really big hammer!!)
(
read -p "Package Name: " PKG
yum reinstall $(repoquery --requires --recursive --resolve ${PKG})
)
# Install the imh-dedrads tools in case they're missing from a system
yum -y install dedrads
# Roger Sm's Check PTR records on local server
(
for i in $(/opt/*rads/hosts* -a | awk '{print $2}'); do
domain=$(dig @ns.inmotionhosting.com +short A $i | tr '\n' ' ')
if [[ "$domain" == *"$(hostname -I) " ]]; then
echo "FAILED DOMAIN: $i ($domain)"
fi
done
)
# Jeff Sh's install Django, run as the cPanel user:
curl -sL https://bootstrap.pypa.io/get-pip.py | python -
pip install django==<version>
# or to just install the latest version:
pip install django
# Jeff Sh's install Redis on CentOS 7+ with PHP 7.x modules.
(
yum -y install epel-release && yum -y remove drush
yum -y install redis
systemctl enable --now redis
for php in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
yum -y install $php-php-redis
done
echo "service[redis]=x,x,x,/etc/init.d/redis restart,redis|redis,redis" > /etc/chkserv.d/redis
echo "+" > /var/run/chkservd/redis
echo "redis:1" >> /etc/chkserv.d/chkservd.conf
/scripts/restartsrv_chkservd
systemctl status redis
)
# Jeff Sh's install Redis PHP 5.x modules (DOES NOT INSTALL REDIS - Use above)
(
cd /usr/src
wget https://pecl.php.net/get/redis-4.2.0.tgz
tar -zxvf redis-4.2.0.tgz
cd redis-4.2.0
for php in $(ls -d /opt/cpanel/ea-php5* | cut -d / -f 4); do
/opt/cpanel/${php}/root/bin/phpize
./configure --with-php-config=/opt/cpanel/${php}/root/bin/php-config
make && make install
echo "extension=redis.so" >> /opt/cpanel/${php}/root/etc/php.ini
make clean
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's remove Redis.
(
systemctl stop redis
yum -y remove redis
for php in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
yum -y remove $php-php-redis
done
rm -f /etc/chkserv.d/redis
sed -i 's/redis:1//g' /etc/chkserv.d/chkservd.conf
/scripts/restartsrv_chkservd
)
# Jeff Sh's install Memcached on CentOS 7+
(
yum -y install epel-release && yum -y remove drush
yum -y install memcached
yum -y install ea-apache24-mod_socache_memcache
systemctl enable --now memcached
for php in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
yum -y install $php-php-memcached
done
systemctl status memcached
)
# Jeff Sh's remove Memcached on CentOS 7+
(
systemctl disable memcached
for php in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
yum -y remove $php-php-memcache
done
yum -y remove memcached
yum -y remove ea-apache24-mod_socache_memcache
)
# Jeff Sh's install Brotli PHP 7.x extension (not available in EasyApache or PECL)
(
cd /usr/src
git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git
cd php-ext-brotli
for php in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
/opt/cpanel/${php}/root/bin/phpize
./configure --with-php-config=/opt/cpanel/${php}/root/bin/php-config
make && make install
echo "extension=brotli.so" >> /opt/cpanel/${php}/root/etc/php.ini
make clean
done
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Jeff Sh's remove Brotli PHP 7.x extension
(
for php in $(ls -d /opt/cpanel/ea-php7* | cut -d / -f 4); do
sed -i '/extension=brotli.so/d' /opt/cpanel/${php}/root/etc/php.ini
done
find /opt/cpanel/ea-php* -type f -name "brotli.so" -print -delete
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_httpd
)
# Install Elasticsearch 7.x on CentOS 7+ -- Note that the default Repo install has failed to start numerous times, so this is the safest way:
# Sources:
# https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html#rpm-repo
# https://computingforgeeks.com/how-to-install-elasticsearch-on-centos/
(
cd /var/lib && rm -rf ./elasticsearch > /dev/null 2>&1
yum -y install epel-release && yum -y remove drush
yum -y update
yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
cat <<EOF | sudo tee /etc/profile.d/java8.sh
export JAVA_HOME=/usr/lib/jvm/jre-openjdk
export PATH=\$PATH:\$JAVA_HOME/bin
export CLASSPATH=.:\$JAVA_HOME/jre/lib:\$JAVA_HOME/lib:\$JAVA_HOME/lib/tools.jar
EOF
source /etc/profile.d/java8.sh
cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
yum clean all && yum makecache && yum -y install elasticsearch-oss
sed -i "s%-Djava.io.tmpdir=\${ES_TMPDIR}%-Djava.io.tmpdir=/var/log/elasticsearch%" /etc/elasticsearch/jvm.options
systemctl enable --now elasticsearch
echo "service[elasticsearch]=x,x,x,/etc/init.d/elasticsearch restart,elasticsearch|elasticsearch,elasticsearch" > /etc/chkserv.d/elasticsearch
echo "+" > /var/run/chkservd/elasticsearch
echo "elasticsearch:1" >> /etc/chkserv.d/chkservd.conf
/scripts/restartsrv_chkservd
systemctl status elasticsearch
curl -A "Elasticsearch Post-Install Test" localhost:9200
)
#----
# Note on Elasticserach failing to start -- If it fails with error: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
# Edit /etc/elasticsearch/jvm.options and replace:
# Comment This: -Djava.io.tmpdir=${ES_TMPDIR}
# Add this: -Djava.io.tmpdir=/var/log/elasticsearch
# Then restart Elasticsearch
# Jeff Sh's removal of ElasticSearch on CentOS 7 (Opposite of above)
(
systemctl stop elasticsearch
systemctl disable elasticsearch
rm -f /etc/yum.repos.d/elasticsearch.repo
yum -y remove elasticsearch-oss && yum clean all
rm -f /etc/chkserv.d/elasticsearch
rm -f /var/run/chkservd/elasticsearch
sed -ine "s/elasticsearch:1//g" /etc/chkserv.d/chkservd.conf
/scripts/restartsrv_chkservd
)
###############################################################################
# Jeff Sh's install Varnish on CentOS 7
# A note about Varnish -- Varnish is a reverse HTTP proxy, sometimes referred to as an HTTP accelerator or a webaccelerator.
# A reverse proxy is a proxy server that appears to clients as an ordinary server. Varnish stores (caches) files or fragments of files in memory that
# are used to reduce theresponse time and network bandwidth consumption on future, equivalent requests. Varnish is designed for modern hardware, modern
# operating systems and modern work loads.
# With that said, the process below installs Varnish, but that's all it does. You still need to configure Varnish, which can be more coding than
# configuring. This is why MH is needed to have this conversation with the client.
(
yum install -y epel-release && yum -y remove drush
yum clean all
yum -y update
yum install pygpgme yum-utils
wget --content-disposition https://packagecloud.io/varnishcache/varnish60lts/packages/el/7/varnish-6.0.3-1.el7.x86_64.rpm/download.rpm
yum -y localinstall varnish-6.0.3-1.el7.x86_64.rpm
systemctl enable --now varnish
systemctl status varnish
echo "service[varnish]=x,x,x,/etc/init.d/varnish restart,varnish|varnish,varnish" > /etc/chkserv.d/varnish
echo "+" > /var/run/chkservd/varnish
echo "varnish:1" >> /etc/chkserv.d/chkservd.conf
)
###############################################################################
# Install LiteSpeed Web Server (MUST GET SERIAL NUMBER FROM CUSTOMER -- THIS IS A PAID APPLICATION)
bash <( curl https://get.litespeed.sh ) CUSTOMER_SERIAL_NO
# Then just accept all of the defaults as they can all be changed later if needed.
# Check for backups using Backups 2.0
read -ep "What is the user? " user; cat /opt/backup/logs/users/$user | grep -v skipped | tail -365
# If installing Backup Manager 3 on a VPS+ and you get an error under CentOS 6, then run:
# Jeff Sh's if YUM is broken from Python errors, try this:
alternatives --install /usr/bin/python python /usr/bin/python2.7 20000; alternatives --install /usr/bin/python python /usr/bin/python3.2 20000; alternatives --test --config python; alternatives --config python
# Jeff Sh's export DNS zone file for a given domain to a text file in the home directory of the domain.
(
read -p "Enter domain to export: " DOMAIN
if [ -z "$DOMAIN" ]; then
echo "No domain given. Exiting."
else
OWNER=$(/scripts/whoowns $DOMAIN)
cp /var/named/${DOMAIN}.db /home/${OWNER}/${DOMAIN}_ZoneFile_$(date +%Y%m%d).txt
if [ $? -ne 0 ]; then
echo "Export failed."
else
chown $OWNER:$OWNER /home/${OWNER}/${DOMAIN}_ZoneFile_$(date +%Y%m%d).txt
fi
fi
)
# Jeff Sh's list all Zombie processes (it's a process)
ps aux | egrep "Z|defunct"
# Now, find the parent ID of what's returned above
ps -o ppid=<Child_PID>
# Tell the parent process to re-read the child process table and terminate any Zombies...
kill -s SIGCHLD <Parent_PID>
# If that doesn't work, then the 2nd to last option is to terminate the parent process (not restart it)
# and then start it back up again.
kill -9 <Parent_PID>
# If that doesn't work in case of a huge surge in Zombie processes causing or heading towards system outage,
# you will have no choice but to go for a system reboot.
# List services, targets, and timers
systemctl list-unit-files
# Print number of cores
grep -c proc /proc/cpuinfo
# List the top 10 memory consuming processes.
ps -auxf | sort -nr -k 4 | head -10
# List the top 10 CPU consuming processes.
ps -auxf | sort -nr -k 3 | head -10
# Check rpm changelog for a given service
rpm -q --changelog SERVICE_NAME
# Package account
/scripts/pkgacct
# Clear system journal.
journalctl --disk-usage; sleep 5; journalctl --vacuum-size=200M; journalctl --verify
# Repair the RPM database, easy way...
rpm --rebuilddb -v -v
# Jeff Sh's repair the RPM database, long way... (Use only if above doesn't work)
mkdir ~/rpmbackups/
tar -zcvf ~/rpmbackups/rpmdb-$(date +"%d%m%Y").tar.gz /var/lib/rpm
rm -f /var/lib/rpm/__db*
/usr/lib/rpm/rpmdb_verify /var/lib/rpm/Packages
cd /var/lib/rpm/ && mv Packages Packages.back
/usr/lib/rpm/rpmdb_dump Packages.back | /usr/lib/rpm/rpmdb_load Packages
/usr/lib/rpm/rpmdb_verify Packages
rpm -qa >/dev/null
rpm -vv --rebuilddb
# Check RPM changelog for a given service
rpm -q --changelog SERVICE_NAME
# Kill all PHP processes
killall -9 php php-cgi
# Upgrade to EA4
# It's best to use the Wiki on this one.
# https://wiki.inmotionhosting.com/index.php?title=EasyApache_4
# rsync to new server
rsync -avzP --bwlimit=1000 /home/ user@hostname:/home/
# Prints curl and openssl version among other things
php -r 'echo v(curl_version(), JSON_PRETTY_PRINT);'
php -i |grep OpenSSL
# Tree scan for vps/dedi
/opt/dedrads/du-tree <path>
# Tree scan for shared (use from inside cPanel account)
/opt/sharedrads/du-tree
# Useful output for file tree
du -ch --max-depth=1 2> /dev/null | sort -h
# Outputs disk usage of each directory in /home/
du -ch /home --max-depth=1
# Install PHP switcher -- Only supports up to PHP 7.1 and for EasyApache 3 systems only.
yum -y install imh-php{52,53,54,55,56,70,71} cpanel-phpconf && echo -e 'Include "/usr/local/apache/conf/php.conf"
Include "/etc/apache2/conf.d/php71.conf"
Include "/etc/apache2/conf.d/php70.conf"
Include "/etc/apache2/conf.d/php56.conf"
Include "/etc/apache2/conf.d/php55.conf"
Include "/etc/apache2/conf.d/php54.conf"
Include "/etc/apache2/conf.d/php53.conf"
Include "/etc/apache2/conf.d/php52.conf"' > /etc/apache2/conf.d/php.conf
/scripts/rebuildhttpdconf
service httpd restart
# Uninstall PHP switcher
yum -y remove imh-php{52,53,54,55,56,70,71} cpanel-phpconf
# then go to /usr/local/apache/conf/imh-php.conf and remove the PHP version conf include directives
# Jeff Sh and Nick We install an older version of PHP (specifically 5.2 or 5.3) on CentOS 7 systems.
# Cannot be used with MultiPHP Manager. Must have .htaccess entry manually applied.
install_oldphp() {
while true; do
echo "Installer an older version of PHP"
echo -e "\t1. Install PHP 5.2\n\t2. Install PHP 5.3\n\tq. Quit"
read -p "Please enter a selection: " SELECTION
case $SELECTION in
1) # PHP 5.2
PHP_VER="php52"
;;
2) # PHP 5.3
PHP_VER="php53"
;;
q|Q) # Quit
break
;;
*) # Default
echo "Invalid option. Try again."
continue
;;
esac
# check for DSO?
if [ ! -z $PHP_VER ]; then
cd /usr/src
# download old imh-php source
yumdownloader imh-$PHP_VER
# unpack contents
rpm2cpio imh-$PHP_VER*.x86_64.rpm | cpio -idmv
mv -v ./opt/$PHP_VER /opt/
yum -y install epel-release
yum -y remove drush
yum -y install facter
yum -y install libc-client sqlite2 mhash cpanel-phpconf libicu-last libtidy imh-mm libmcrypt compat-libtidy ea-apache24-mod_suexec ea-apache24-mod_suphp postgresql-libs
/opt/$PHP_VER/bin/php -v
# add custom handler to Apache conf
echo "
# IMH Custom Apache Loader for ${PHP_VER}
<IfModule mod_suphp.c>
# SuPHP configuration for ${PHP_VER}
<Directory />
suPHP_AddHandler application/x-httpd-$PHP_VER
</Directory>
</IfModule>
" >> /etc/apache2/conf.d/includes/pre_main_global.conf
# add handler line to /etc/suphp.conf
sed -i.bk$(date +%F) "/\[handlers\]/c \[handlers]\napplication/x-httpd-$PHP_VER = \"php:/opt/$PHP_VER/bin/php-cgi\"" /etc/suphp.conf
# rebuild and restart Apache
/scripts/rebuildhttpdconf && /scripts/restartsrv_httpd
/opt/$PHP_VER/bin/php -v
echo -e "\n\n\n\nCOMPLETE!\nAdd this line to the top of .htaccess to get a site to use ${PHP_VER}:"
echo "AddHandler application/x-httpd-${PHP_VER} .php"
break # Break out of loop.
fi
done
exit 0
}; install_oldphp
# Roger Sm's install list all PHP 7.3 modules and install the same ones for PHP 7.4.
(
read -p "PHP to copy from (i.e. php71): " FROM
read -p "PHP to install (i.e. php74): " INSTALL
install_list=$(yum list installed | grep $FROM | awk '{print $1}' | sed 's/$FROM/$INSTALL/i' | grep -viE "NoArch|debuginfo" | sed 's/.x86_64//gi')
yum -y install <<< echo ${install_list[@]}
)
# Disable security manager emails
/usr/local/cpanel/3rdparty/bin/perl -I/usr/local/cpanel -MCpanel::iContact::EventImportance::Writer -e 'my $writer = Cpanel::iContact::EventImportance::Writer->new(); $writer->set_event_importance('Check','SecurityAdvisorStateChange',0); $writer->save_and_close();'
# Check for Dirty Cow kernel patch
/usr/bin/kcarectl --patch-info | grep 5195
# Reinstall DNS Admin
yum -y remove imh-cpanel-dnsadmin && rpm -e --nopostun imh-cpanel-dnsadmin && yum clean; yum -y install imh-cpanel-dnsadmin && /usr/local/cpanel/whostmgr/bin/dnsadmin --start; rm -f /var/cpanel/clusterqueue/status/imh{,-down};/usr/local/cpanel/cpkeyclt
# Fixes broken Dell repos due to invalid signature and DNS Admin in cPanel v82.0
rpm --import http://linux.dell.com/repo/pgp_pubkeys/0x1285491434D8786F.asc
# Flush iptables and rebuild with APF's directives
systemctl stop iptables-services; systemctl mask iptables-services; rm -f /etc/apf/internals/.last.full; apf -r
# Prints php handler(s)
/usr/local/cpanel/bin/rebuild_phpconf --current
# Jon A's check what's using the most swap and sort them
for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -nk 2,2
# Find files owned by a user outside of the /home/ directory
find / -group <cPanel username>
# Microsoft delisting request
https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&ccsid=636237112963379299
# Check if all disks are HDD or SSD (replace sd* with sdb for second drive only, and so on -- 0 is SSD, 1 is HDD)
cat /sys/block/sd*/queue/rotational
# Find all .htaccess, php.ini and .user.ini files and print the "memory_limit" value is set to:
find /home/ -type f \( -name ".htaccess" -o -name "php.ini" -o -name ".user.ini" \) -exec grep "memory_limit" {} \;
# Jason Sm's ls without ls
for i in *; do if [ -d $i ]; then i="$i/"; fi ; echo $i; done
# Jason S' other ls without ls
stat -c '%A %n' *
# Jason Sm's recursive ls with awk
ls -R /path/to/files/ | awk '/:$/&&f{s=$0;f=0}/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}NF&&f{ print s"/"$0 }'
# Jason Sm's pipe NLP output into text file for top 10 resource consumers
for i in $(sa -cmi | head -10 | cut -d' ' -f1 | grep -v root | grep -v mysql); do echo $i >> /home/topusers.txt && /opt/dedrads/nlp $i >> /home/topusers.txt; done
# Jason Sm's check_software forward loop, use in a screen session, then CTRL+A : to enter command mode, $scrollback 100000 to increase buffer, $hardcopy -h <filename> when loop is complete will write results to <filename>
/opt/dedrads/check_software $(awk '{print $2}' /etc/trueuserdomains)
# Jason Sm's print all domains and document roots
for i in $(awk '{print $2}' /etc/trueuserdomains); do /opt/dedrads/account-review $i | grep -i docroot | awk '{print $2" has a document root of "$4}' | grep -v Docroot | uniq | sort -h ; done
# Jason Sm's find all .tar.gz files ("where are my backups?")
find /* -type f -name "*.tar.gz" -size +1G -exec du -sh {} \; | grep -vE "(/var|/usr|/root|/opt|cpbackup|\.cpanm|\.cpan)" | sort -h
# Jason Sm's find inode usage in current directory
for i in *; do echo -e "$(find $i | wc -l)\t$i"; done | sort -n
# Jason Sm's grep for alphanumeric characters only
egrep '[[:alnum:]]'
# Jason Sm's check /var/log/secure for list of IPs accessing server as a given user, sorted by frequency
egrep 'Accepted publickey|Accepted password' /var/log/secure | awk '{print "times "$11" logged in via SSH as user "$9}' | sort | uniq -c | sort -n -k1
# Jason Sm's set bash prompt to something sensible:
echo "export PS1='[\u@\h \w]\$ '" > /etc/profile.d/bash_prompt.sh
# Jason Sm's find all SSL .key files
find / -type f -name '*.key'
# Jason Sm's recursive find and replace
grep -rli 'string1' * | xargs -i@ sed -i 's/string1/string2/g' @
# List services, targets, and timers
systemctl list-unit-files
# Jeff Sh's rebuild all PHP-FPM .yaml files
for DOMAIN in $(ls /var/named/ | grep db$ | rev | cut -c 4- | rev); do /scripts/php_fpm_config --rebuild --domain=$DOMAIN; done
# Jeff Sh's delete and re-create all PHP-FPM .yaml files so that they all use the server default.
(
find /var/cpanel/userdata -name "*.php-fpm.yaml" -exec rm -f {} \;
/scripts/php_fpm_config --convert_all --noprompt
)
# Jason Sm's print live memory usage by user in megabytes (credit to mathewl for while loop)
while true; do clear; ps hax -o rss,user | awk '{a[$2]+=$1;}END{for(i in a)print i" is using "int(a[i]/1024+0.5)" MB of memory right now" ;}' | sort -rnk4 | head; sleep 2; done
# Nick D's stop backups hackjob, generates a 1GB block of data per count value, 10GB as written, modify count to change that
dd if=/dev/zero of=/home/$(insert cpanel account here)/STOP_BACKUPS bs=1G count=10 oflag=direct
# Nick D's more elegant stop backups hackjob, replace 10G with size required
fallocate -l 10G STOP_BACKUPS
# Nick D's get the lastmodified time for all files under the current dir
find . -type f -exec stat -c "%y : %n" {} \; | sort
# Nick D's print what IPs are accessing what HTTP resources
sudo cat /usr/local/apache/logs/access_log |awk '{print $1" "$7}'|sort|uniq -c|sort -n -k1
# Riley L's server memory spikes - logs to /home/memory.txt
for log in `ls -1 /var/log/sa/sa[0-9]*`; do echo $log; sar -q -f $log | egrep -v "Average|ldavg" | awk '{if ($5>=.3) print $1" "$2" "$3" "$4" "$5" "$6" "$7}'; echo //; done >> /home/memory.txt
# Riley L's check RAID info
/opt/MegaRAID/MegaCli/MegaCli64 -PDList -aALL
# Riley L's construct smartctl arguments (for RAID health)
smartctl --scan-open | grep -v failed | cut -f1 -d# | xargs -rn1 -d'\n' echo "smartctl -H"
# Julien F's print php version for every site on EA4
grep phpversion /var/cpanel/userdata/*/domain.com
# Austin V's install NodeJS - OUTDATED - See next oneliner.
wget https://nodejs.org/dist/v8.11.3/node-v8.11.3-linux-x64.tar.xz && sudo tar --strip-components 1 -xvf node-v* -C /usr/local && ln -s /usr/local/bin/node /usr/bin/node && node --version
# Install NodeJS inside of cPanel, even on shared servers:
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash && export NVM_DIR="$HOME/.nvm" && source ~/.bashrc && nvm install 10.15.0
# Install NodeJS v10 via EasyApache and make symlinks to the proper binaries.
yum -y install ea-nodejs10
ln -s /opt/cpanel/ea-nodejs10/bin/npm /usr/bin/npm
ln -s /opt/cpanel/ea-nodejs10/bin/node /usr/bin/node
ln -s /opt/cpanel/ea-nodejs10/bin/npx /usr/bin/npx
# Larry Wi's quick server review - logs to /home/review.txt
wget --no-check-certificate https://www.dropbox.com/s/h22zeu2lmfp2q7c/quickie.sh -O /usr/local/bin/quickie.sh; chmod +x /usr/local/bin/quickie.sh; /usr/local/bin/quickie.sh > /home/review.txt
# Kevin A's list all domains on server
for a in /var/named/*.db; do echo $(basename $a .db); done
# Nick We's quick and dirty get an idea of recent CPU consumers for the past 30 days:
for day in {1..30}; do echo "Day $day"; sa -cmi --other-usracct-file /var/log/sa/sar$day | head; echo; echo; done
# Harry J's fixperms for dso
find /home/*/public_html/ -type d -print -exec chmod 755 {} \;
find /home/*/public_html/ -type f -print -exec chmod 644 {} \;
# Hanna S' print IP of machine
curl -s fetchip.com | grep -Ei '[1-9]{1}[0-9]{2}.' | xargs printf '[+] IP returned as : %s\n'
# Jon A's verify all domains point to new server after a migration
for I in $(awk -F '[:]' '{print $1}' /etc/userdomains); do echo $I && dig +short $I @ns; done
# Jeff Sh's remove all Mac OS X files and folders in all home directories to free up space.
(
for i in $(awk '{print $2}' /etc/trueuserdomains); do
find /home/$i/ -name "__MACOSX" -exec rm -rf {} \;
done
for i in $(awk '{print $2}' /etc/trueuserdomains); do
find /home/$i/ -name ".DS_Store" -exec rm -f {} \;
done
)
# Install aws-cli -- This is as per: https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html
(
cd /usr/src/
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
)
# The infamous large file scan - WARNING - SLOW - See Zeb W's below!
job(){ width=$((`tput cols`-`echo $1|wc -m`));offset=$(($width/2));col=1;while [ $col -lt $offset ];do echo -n " ";col=$(($col+1));done;echo -e "$1"; };LargeFileLocator(){ task(){ echo "=> $1";echo; };check(){ if [ -z $1 ];then dir=$(pwd);fi;if [ -d $1 ];then if [ `ls $1|wc -l` -gt 0 ];then cd $1;if [ -z `ls|grep -v "-"|du -h|grep '[0-9]G'|head -1|awk {'print $1'}` ];then echo -e "\tALL LOOKS GOOD IN HERE. ($1)";echo;else du -m --max-depth=3|sort -nr|cut -f2|tr \\n \\0|xargs -0 du -sh|sed 's/.\///'|grep -v '[0-9]M\|[0-9]K'|awk -v wd="$(pwd)" '{print wd"/"$2" "$1}'|sort|awk '{print "ATTENTION: "$2" found ==> "$1}'|sed 's/^/\t /'|sed 's/\/\.//';echo;fi;else echo -e "\tNOTHING FOUND IN HERE. ($1)";echo;fi;else echo -e "\tNOTHING FOUND HERE. ($1)";fi; };clear;echo;job "LARGE FILE/FOLDER LOCATOR";echo;job "`df -h|sed '1d'|grep -v "none\|udev\|tmp"|awk -v svr=$(hostname|cut -d\. -f1) '{print "Currently "$3"("$5") of "$2" used."}'`";job "`df -h|sed '1d'|grep -v "none\|udev\|tmp"|awk -v svr=$(hostname|cut -d\. -f1) '{print $4" of free space is left on "svr}'`";echo;echo;task "Checking for large orphaned files in home dir:";if [ -z `ls -lah /home |awk {'print $9'}|sed '1,3d'|grep -v "-"|grep -v "......[0-9]"|xargs -I {} du -smh "/home/"{}|grep -o '[0-9]G'|head -1` ];then echo -e "\tALL LOOKS NORMAL IN HERE. (/home)";echo;else check "/home"|grep -vw "`echo $(cat /etc/trueuserdomains|awk '{print "/home/"$2}')|sed -e '1,10s/ /.*$\\\|/g'`"|sed '/^.*home$/d';fi;task "Looking for large cPanel user folders:";for user in `cat /etc/trueuserdomains | awk '{print $2}'`;do if [ `du -ms "/home/"$user|cut -f1` -gt 1000 ];then echo -e "\tcPanel User $user seems pretty large...";check "/home/$user";fi;done;task "Checking for large standard log files:";check "/var/log";task "Looking for large mysql db's & logs:";check "/var/lib/mysql";task "Looking for large WHM (scheduled) backups:";check "/backup";echo; };st=`date +%s`;LargeFileLocator;et=`date +%s`;job "DONE";job "(Execution Time: `expr $et - $st`s)";echo;
# Zeb W's faster, better, quicker, more gooder large file scan.
(
curl -s https://gitlab.com/Zebouski/my-cpanel-scripts/uploads/b5719c1a75e0d4ddb644105218f29f47/largefinder2.zip > /tmp/largefinder2.zip
/opt/imh-python/bin/python2.7 /tmp/largefinder2.zip --devices --users -t 100000000 /backup/ /root/ /tmp/ /var/log/ /var/softaculous/
)
# Corey St's server precheck script
RED='\033[0;31m';GREEN='\033[92m';NC='\033[0m';color=${NC};PATH=$PATH:/opt/dedrads:/usr/local/cpanel/scripts:/usr/local/cpanel/bin:/opt/tier1adv/bin:/opt/sharedrads:/scripts;echo -e "${GREEN}$(curl -s -A '' http://conf.us/toolbox/dotheneedful.txt)${NC}";echo;echo "Hostname:" $(hostname);echo "Main IP:" $(hostname -i);echo "IPs:" $(ipusage |wc -l);echo "cPanel Accounts: " $(cat /etc/trueuserdomains |wc -l);if [ -d /etc/cpanel/ea4 ];then eaversion="EasyApache 4";else eaversion="EasyApache 3";fi;echo "EA Version:" $eaversion;if [ -s /etc/csf ];then firewall=CSF;firewallservice=csf;else firewall=APF;firewallservice=apf;fi;echo "Firewall: $firewall";echo ;echo "------Load------";echo "Load: " $(uptime | awk -F'[a-z]:' '{ print $2}');echo "CPUs: " $(nproc);echo;echo "------Exim------";if [ -s /etc/mailips ];then mailip=`cat /etc/mailips |grep "*:" |awk '{print $2}'`;else mailip=`hostname -i`;fi;echo "Mail IP: $mailip";rdns=$(dig @ns1.inmotionhosting.com -x $mailip +short);if ! [ "`hostname`." == "$rdns" ];then color=${RED};else color=${NC};fi;echo -e "${color}rDNS: $(dig @ns1.inmotionhosting.com -x $mailip +short)${NC}";queue=$(exim -bpc);if [ $queue -gt 100 ];then color=${RED};else color=${NC};fi;echo -e "${color}Queue: $(exim -bpc)${NC}";echo;echo "------Disk------";df -h |grep --color=never '^Filesystem\|^/dev';echo;for service in httpd exim cpanel mysql named;do if ! (( $(ps -ef | grep -v grep | grep $service | wc -l) > 0 ));then echo -e "${RED}\!\!\!\!\! $service is DOWN \!\!\!\!\!${NC}";fi;done;for service in nginx varnish redis;do if (( $(ps -ef | grep -v grep | grep $service | wc -l) > 0 ));then echo -e "${RED}\!\!\!\!\! $service is RUNNING \!\!\!\!\!${NC}";fi;done;
# Tyler K's show instances of 5-min load average passing number of server's cores
for i in $(ls /var/log/sa | grep -v sar) ; do sar -q -f /var/log/sa/$i | awk -v var="$(cat /proc/cpuinfo | grep processor | wc -l)" ' $5 >= var ' ; done
# Tyler K's login checker script
job(){ width=$((`tput cols`-`echo $1|wc -m`));offset=$(($width/2));col=1;while [ $col -lt $offset ];do echo -n " ";col=$(($col+1));done;echo -e "$1"; }; clear; echo ; job "LOGIN CHECKER" ; echo ; datetime=$(head -1 /usr/local/cpanel/logs/session_log | cut -d' ' -f1-2); echo " Successful cPanel Logins Since" ${datetime:1} ":"; echo ; awk -F'[ :]' '$9=="NEW"{users[$10][$8]+=1;}END{if(length(users) > 0){for(i in users){if(i !~ /@/){print "\t"i ;for(y in users[i])print "\t\t"y": "users[i][y] }}}}' /usr/local/cpanel/logs/session_log ; echo ; datetime=$(head -1 /var/log/secure | cut -d' ' -f1-3); echo " Successful SSH Logins Since" $datetime ":" ; echo ; awk -F' ' '$6=="Accepted"{ips[$11]+=1;}END{if(length(ips) > 0){for(i in ips)print "\t"i": " ips[i]}}' /var/log/secure ; echo ; datetime=$(head -1 /var/log/messages | cut -d' ' -f1-3); echo " Successful FTP Logins Since" $datetime ":" ; echo ; awk -F' ' '/logged in/{ips[$6]+=1;}END{if(length(ips) > 0){for(i in ips)print "\t"i": " ips[i]}else{print "\tNone"}}' /var/log/messages ; echo ;
# Tyler K's add additional column to sar -r to show total available memory
sar -r | awk '/kbmemfree/{print $0,"Available (mb)"}; $1 !~ /Average:/ && NR!=1{print $0, ($3+$6+$7)/1000} $1 ~ /Average/ {print $0, ($2+$5+$6)/1000} '
# James Wi's check server software
clear; echo -e "SERVER SOFTWARE"; cat /etc/redhat-release | awk '{print "\tOS: " $1, $3}'; httpd -v 2> /dev/null | awk 'NR > 1 { exit }; 1 Â {print "\tApache version: " $3}';php -v | awk 'NR > 1 { exit }; 1 {print "\tPHP Version: " $2}'; mysql -V | awk '{print "\tMYSQL Version: " $5}' | sed 's/,//'; handler=`/usr/local/cpanel/bin/rebuild_phpconf --current | awk 'NR==4 {print $3}'`; if [ "$handler" = "suphp" ]; then echo -e "\tPHP Handler: $handler\tSafe to run fixperms"; else echo -e "\tPHP Handler: $handler\tDO NOT RUN FIXPERMS"; fi; switcher=`ls /usr/local/apache/conf | grep imh-php.conf`; if [ -z "$switcher" ]; then echo -e "\tThe switcher is not installed"; else echo -e "\tThe switcher is installed"; fi; echo; echo "Nameservers"; ns=`cat /etc/wwwacct.conf | grep NS2 | awk '{print $2}'`; if [ "$ns" = "ns2.inmotionhosting.com" ]; then echo -e "\tNo custom nameservers"; else echo -e "\tCustom nameservers are setup"; cat /etc/wwwacct.conf | grep -B1 NS2 | awk '{print "\t" $2}';fi; echo; echo -e "Memory"; free -m | awk 'NR==2 {print "\tTotal Memory: " $2, "\n\tMemory Used: " $3, "\n\tMemory Free: " $4 "\n\tMemory Cached: " $7}'; echo; echo -e "Hard Drive"; df -h | awk 'NR==2 {print "\tSize: "$2 "\n\tUsed: " $3 "\n\tAvail: " $4}'; echo; echo -e "Users"; nmbrofusers=`ls /var/cpanel/users | wc -l`; if [ "$nmbrofusers" -le 50 ]; then sudo cat /etc/trueuserdomains | awk 'BEGIN { print ORS=" "}; {print FNR ") " $2}'; echo; else echo -e "test"; fi
# Jon E's "what the fuck is going on with this server" oneliner
echo -e "\nServer :" $(uptime); echo "Apache :" $(service httpd status | grep -iE 'uptime|active'); echo "MySQL :" $(echo "status;" | mysql | grep -i uptime);echo -e "\t" $(mysqladmin status); echo -e "\nType\t Used\t\t Percent"; df -h | sed -n '2,2p' | awk '{print "Disk:\t",$3,"\t\t",$5}'; df -i | sed -n '2,2p' | awk '{print "Inodes:\t",$3,"\t",$5,"\n"}'; netstat -plan | awk '/.*[0-9]+.[0-9]+.[0-9]+.[0-9].*/{gsub(/::ffff:/,"",$0);print $4"\t" $5}' | cut -sd. -f 1->netstat.log; echo "Netstat report"; echo; echo "Number of Connections to each port:"; cat netstat.log | awk {'print $1'} | cut -d: -f 2 | sort | uniq -c | sort -nk 1 | tail; echo; echo "Number of connections from each IP:"; cat netstat.log | awk {'print $2'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1 | tail; echo; echo "The number of instances of a particular IP connecting to particular port"; cat netstat.log | awk {'print $1 "\t" $2'} | cut -d: -f 2 | sort | uniq -c | sort -nk 1 | tail; apachectl fullstatus | awk '{print $14}' | sort | uniq -c | sort -n
# Mike R's full server review
echo;echo "Server Review, compiled by Miker";echo -e "\nType\t Used / Available\t\t Percent";df -h | sed -n '2,2p' | awk '{print "Disk:\t",$3" / "$2,"\t\t\t",$5}';df -i | sed -n '2,2p' | awk '{print "Inodes:\t",$3" / "$2,"\t\t",$5"\n"}';echo -e "\nServer :" uptime;echo "Apache :" service httpd status | grep -i uptime;echo "MySQL :" echo "status;" | mysql | grep -i uptime;echo -e "\t" mysqladmin status;echo;echo "Services: ";ps cax | grep mysqld > /dev/null; if [ $? -eq 0 ]; then echo "mysql is running"; else echo "mysql is not running"; fi; ps cax | grep httpd > /dev/null; if [ $? -eq 0 ]; then echo "httpd is running"; else echo "httpd is not running"; fi; ps cax | grep exim > /dev/null; if [ $? -eq 0 ]; then echo "exim is running"; else echo "exim is not running"; fi; ps cax | grep named > /dev/null; if [ $? -eq 0 ]; then echo "named is running"; else echo "named is not running(Are they root?)"; fi; ps cax | grep pure-ftpd > /dev/null; if [ $? -eq 0 ]; then echo "ftpd is running"; else echo "ftpd is not running"; fi; ps cax | grep courier > /dev/null; if [ $? -eq 0 ]; then echo "courier is running"; else echo "courier is not running"; fi;echo;echo "Usage: "; mpstat | tail -2; echo ""; echo "Memory: "; free -m; echo; echo "Vmstat: "; vmstat; echo;echo ""; echo "Load Average: "; cat /proc/loadavg; echo -ne "Thread Count: "; cat /proc/cpuinfo | grep processor | wc -l; echo;netstat -tunap | grep -v 0.0.0.0 | awk '/.*[0-9]+.[0-9]+.[0-9]+.[0-9].*/{gsub(/::ffff:/,"",$0);print $4"\t" $5 "\t" $6"\t" $7}' | awk -F"/" '{print $1"\t"$2}' > netstat.log;echo; echo "Connections:";echo;echo "Number of connections to each port:";cat netstat.log | awk {'print $1'} | cut -d: -f 2 | sort | uniq -c | sort -nrk 1|head -10;echo;echo "Number of connections from each IP:";cat netstat.log | awk {'print $2'} | cut -d: -f 1 | sort | uniq -c | sort -nrk 1|head -10;echo;echo "Number of instances of a particular IP connecting to particular port with connection states:";cat netstat.log | awk -F":" {'print $2 "\t" $3'} | awk {'print $1 "\t" $2 "\t" $4 "\t" $6'} | sort | uniq -c | sort -nrk 1|head -10;echo;echo "SYN_RECV connections:";cat netstat.log | awk -F":" {'print $2 "\t" $3'} | awk {'print $1 "\t" $2 "\t" $4 "\t" $6'} | sort | uniq -c | sort -nrk 1 | grep SYN_RECV; echo;echo "Most CPU Intensive:"; ps auxf | sort -nr -k 3 | head -2;echo; echo "Most Memory Internsive:"; ps auxf | sort -nr -k 4 | head -2;echo;echo "PHP Version";/usr/local/cpanel/bin/rebuild_phpconf --current;echo;echo "Software versions";echo;echo "Python Version:";python -V;echo "MySQL Version:";mysql -V;echo "cPanel Version:";cat /usr/local/cpanel/version;echo "CentOS Version:";cat /etc/redhat-release;echo;echo "Active Logins:";echo;who -q;echo;who;echo;echo "Show all IPs on the server:";echo;ifconfig|grep inet|grep -v "127.0.0.1\|inet6"|awk {'print $2'}|cut -d: -f2;echo;echo "Show cPanel accounts:";echo;/opt/dedrads/listacct;echo;echo "Cron Jobs by user:";echo; /opt/dedrads/check_crons --recent |sort -nr|head;echo;echo "Check for OOM kills:";grep -i oom /var/log/messages|grep -v "Authentication failed for user"|grep -v pure-ftpd;echo; echo "Checking for segmentation errors:";echo;grep Segmentation /usr/local/apache/logs/error_log|wc -l;echo;echo "Process Tree:";pstree -AGp;echo; echo "****Mail Review****";echo;echo "Location and volume of mailing scripts:";echo; sudo cat /var/log/exim_mainlog| LC_ALL=C grep -i .|grep cwd|awk -F'=' '{print $2}'|cut -d' ' -f1|sort|uniq -c|sort -nr|head -20;echo;echo; echo " Top Email senders:";echo;cat /var/log/exim_mainlog| awk 'match ($0,/<= ([^@<>]+(@|\+)[^ ]+)/,a) {print a[1]}' |sort|uniq -c|sort -nr|head -20;echo;echo;echo "Top Mail subjects:";echo;cat /var/log/exim_mainlog | grep courier_login |awk 'match($0,/T="([^"]*)"/,a){print a[1]}'| sort | uniq -c | sort -nr|head -15;echo;echo;echo "IMAP Connections by mail box:";echo;/opt/dedrads/check_imap --mailbox;echo;echo;echo "IMAP Connections by User:";echo;/opt/dedrads/check_imap --userconns;echo;echo;echo "Email logins by acct:";echo;/opt/dedrads/check_imap --login_email|sort -nr|head -10;echo;echo;echo "Failed Logins by IP address:";echo;/opt/dedrads/check_imap --login_failed;echo;echo;echo "Email logins by IP";echo;/opt/dedrads/check_imap --login_ip|sort -nr|head -10;echo;echo;echo "Checks to see if you are hitting the maximum number allowed connections";echo;/opt/dedrads/check_imap --checkerror|tail -10;echo;echo "Show where bounces are going to:";echo;/opt/dedrads/check_exim --queuebybounceback |sort -nr|head -10;echo;echo "Check for Boxtrapper wars";echo "Over 1000 is bad";echo;/opt/dedrads/check_boxtrapper --logs |grep -v "Scanning /var/log/exim_mainlog for boxtrapper wars - big numbers are bad (usually 1k-> >100K). You can ignore 'transport'."|sort -nr|head -10;echo; echo "There are currently $(find /var/spool/exim/input/ -type f -name \*-H|wc -l) email messages in queue on $(hostname|cut -d\. -f1)";echo;echo;echo "MailScan for all users:";echo;for i in $(\ls /var/cpanel/users); do /opt/dedrads/mailscan $i; done;echo;echo "**** CHECK SOFTWARE ****";echo;user=$(\ls /var/cpanel/users/); /opt/dedrads/nlp $user; /opt/dedrads/check_user $user; /opt/dedrads/check_software $user;echo |echo "MySQL Optimization Check:";echo;cd /root/; wget --no-check-certificate https://raw.github.com/major/MySQLTuner-perl/master/mysqltuner.pl; chmod +x mysqltuner.pl; ./mysqltuner.pl;echo;echo;/opt/dedrads/server_overview;echo;echo;sa -cmi;for i in $(cat /etc/trueuserdomains|awk {'print $1'}|sed 's/://');do echo $i;echo;grep date +"%d/%b" /usr/local/apache/domlogs/$i|/opt/dedrads/nlp;echo;done
# Nick P's Server Review - Updated from Mike R's
echo;echo "Server Review, compiled by NickP";echo -e "\nType\t Used / Available\t\t Percent";df -h | sed -n '2,2p' | awk '{print "Disk:\t",$3" / "$2,"\t\t\t",$5}';df -i | sed -n '2,2p' | awk '{print "Inodes:\t",$3" / "$2,"\t\t",$5"\n"}'; echo -e "\nServer :" $(uptime);echo "Apache :" $(uptime -p httpd); echo "MySQL :" $(uptime -p mysql);echo "Services: ";ps cax | grep mysqld > /dev/null; if [ $? -eq 0 ]; then echo "mysql is running"; else echo "mysql is not running"; fi; ps cax | grep httpd > /dev/null; if [ $? -eq 0 ]; then echo "httpd is running"; else echo "httpd is not running"; fi; ps cax | grep exim > /dev/null; if [ $? -eq 0 ]; then echo "exim is running"; else echo "exim is not running"; fi; ps cax | grep named > /dev/null; if [ $? -eq 0 ]; then echo "named is running"; else echo "named is not running(Are they root?)"; fi; ps cax | grep pure-ftpd > /dev/null; if [ $? -eq 0 ]; then echo "ftpd is running"; else echo "ftpd is not running"; fi; ps cax | grep dovecot > /dev/null; if [ $? -eq 0 ]; then echo "dovecot is running"; else echo "dovecot is not running"; fi;echo;echo "Usage: "; mpstat | tail -2; echo ""; echo "Memory: "; free -m; echo; echo "Vmstat: "; vmstat; echo; echo ""; echo "Load Average: "; cat /proc/loadavg; echo -ne "Thread Count: "; cat /proc/cpuinfo | grep processor | wc -l; echo; netstat -tunap | grep -v 0.0.0.0 | awk '/.[0-9]+.[0-9]+.[0-9]+.[0-9]./{gsub(/::ffff:/,"",$0);print $4"\t" $5 "\t" $6"\t" $7}' | awk -F"/" '{print $1"\t"$2}' > netstat.log;echo; echo "Connections:";echo;echo "Number of connections to each port:";cat netstat.log | awk {'print $1'} | cut -d: -f 2 | sort | uniq -c | sort -nrk 1|head -10;echo; echo "Number of connections from each IP:";cat netstat.log | awk {'print $2'} | cut -d: -f 1 | sort | uniq -c | sort -nrk 1|head -10;echo;echo "Number of instances of a particular IP connecting to particular port with connection states:";cat netstat.log | awk -F":" {'print $2 "\t" $3'} | awk {'print $1 "\t" $2 "\t" $4 "\t" $6'} | sort | uniq -c | sort -nrk 1|head -10;echo; echo "SYN_RECV connections:";cat netstat.log | awk -F":" {'print $2 "\t" $3'} | awk {'print $1 "\t" $2 "\t" $4 "\t" $6'} | sort | uniq -c | sort -nrk 1 | grep SYN_RECV; echo; echo "Most CPU Intensive:"; ps auxf | sort -nr -k 3 | head -2;echo;echo "Most Memory Internsive:"; ps auxf | sort -nr -k 4 | head -2;echo;echo "PHP Version";/usr/local/cpanel/bin/rebuild_phpconf --current;echo;echo "Software versions";echo;echo "Python Version:";python -V;echo "MySQL Version:";mysql -V;echo "cPanel Version:";cat /usr/local/cpanel/version;echo "CentOS Version:";cat /etc/redhat-release;echo;echo "Active Logins:";echo;who -q;echo;who;echo; echo "Show all IPs on the server:";ifconfig|grep inet|grep -v "127.0.0.1\|inet6"|awk {'print $2'}|cut -d: -f2;echo; echo "Show cPanel accounts:";ls /var/cpanel/users | grep -v system; echo "Cron Jobs by user:";echo; /opt/dedrads/check_crons --recent |sort -nr|head;echo;echo "Check for OOM kills:";dmesg | grep -i oom;sudo cat /var/log/messages | grep -i killed;echo;echo "Checking for segmentation errors:";echo;grep Segmentation /usr/local/apache/logs/error_log|wc -l;echo;echo "Process Tree:";pstree -AGp;echo;echo "****Mail Review****";echo;echo;echo "Location and volume of mailing scripts:";echo; sudo cat /var/log/exim_mainlog| LC_ALL=C grep -i .|grep cwd|awk -F'=' '{print $2}'|cut -d' ' -f1|sort|uniq -c|sort -nr|head -20;echo;echo; echo "Top Email senders:";echo;cat /var/log/exim_mainlog| awk 'match ($0,/<= ([^@<>]+(@|\+)[^ ]+)/,a) {print a[1]}' |sort|uniq -c|sort -nr|head -20;echo;echo;echo "Top Mail subjects:";echo;cat /var/log/exim_mainlog | grep dovecot_login |awk 'match($0,/T="([^"]*)"/,a){print a[1]}'| sort | uniq -c | sort -nr|head -15;echo;echo;echo "IMAP Connections by mail box:";ps auwx | grep imap-login | awk '{if ($1 ~ /[a-z]+[0-9]+/){print $12}; }' | sort |uniq -c | sort -nk1;echo;echo;echo "IMAP Connections by User:";echo;ps auwx | grep imap-login | awk '{if ($1 ~ /[a-z]+[0-9]+/){print $1}; }' | sort | uniq -c | sort -nk1;echo;echo;echo "Email logins by acct:";echo;tail -${LINES-45000} /var/log/maillog | grep imap-login | awk '/LOGIN/{print $7}' | sort | uniq -c | sort -nk1 | tail -2|sort -nr|head -10;echo;echo;echo "Failed Logins by IP address:";echo;tail -${LINES-45000} /var/log/maillog | grep imap-login |awk '/LOGIN FAILED/{print $9 }' | sort | uniq -c | sort -nk1 | tail -15;echo;echo;echo "Email logins by IP";echo;tail -${LINES-45000} /var/log/maillog | grep imap-login | awk '{print $10}' |grep -v '127.0.0.1'| sed -e '/^$/d' | sort | uniq -c | sort -nk1|sort -nr|head -10;echo; echo "There are currently $(exim -bpc) email messages in queue on $(hostname).";echo;echo;echo "MailScan for all users:";echo;unalias ls;for i in $(ls -A /var/cpanel/users | grep -v system); do /opt/dedrads/mailscan $i; done;echo;echo "**** CHECK SOFTWARE ****";echo; for i in $(\ls -A /var/cpanel/users); do /opt/dedrads/check_software $i; /opt/dedrads/check_crons $i; echo; done;for i in $(cat /etc/userdomains| grep -v nobody|awk {'print $1'}|sed 's/://');do echo $i;echo;/opt/dedrads/nlp -d $(date +"%m/%d") /var/log/apache2/domlogs/$i;echo;done
# Use wget to download a whole directory from a remote server
wget -rkpN -e robots=off http://www.example.com/
# Search for all files/folders that have the immutable flag set.
lsattr -a -R 2>/dev/null /* | grep -P "(?<=-)i(?=-).* "
# Paul S's busy site snapshot (real time) - 1st column is the sum of CPU time used and the 2nd is the sum of total time in seconds spent processing requests for each host.
( curl -sA 'IMH' http://127.0.0.1/whm-server-status\
| /usr/bin/lynx -stdin -width 99999 -dump\
| awk '/[0-9]+-[0-9]+/ && !/127.0.0.1/ && $14!="" {split($14,host,":"); print $5,$8,host[1]}'\
| sort -k3\
| awk '{totalcpu[$3] += sprintf("%f",$1); totaldur[$3] += $2}\
END{ for (host in totalcpu) { printf "%.2f %.0f%s %s\n",totalcpu[host],totaldur[host]/1000,"s",host; } }' \
| sort -nk2\
| tail\
| column -t )
#===============================================================================
# PERFORMANCE/SPEED TESTING
#===============================================================================
# Perform a Speedtest on the server - Shared
git clone https://github.com/sivel/speedtest-cli; ./speedtest-cli/speedtest.py --share
# or
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python - --share
# Get the official Speedtest.net from Ookla for VPS+ -- Make sure ports 1:65535 are allowed for TCP/UDP out if running CSF.
wget https://bintray.com/ookla/rhel/rpm -O bintray-ookla-rhel.repo; mv bintray-ookla-rhel.repo /etc/yum.repos.d/; yum -y install speedtest; speedtest --progress=yes --selection-details
# Noah A's Download speed test. Another way to do a speed test, more realistic.
imh_speedtest() {
read -p "Enter username:" USER
fallocate -l 100M /home/${USER}/public_html/test_download_file
chown ${USER}:${USER} /home/${USER}/public_html/test_download_file
}; imh_speedtest
# On local system, JumpStation or VPS:
local_speedtest() {
read -p "Enter FQDN for server: " SERVER
read -p "Enter server username: " USER
wget -O /dev/null http://${SERVER}/~${USER}/test_download_file
}; local_speedtest
# Jeff Sh's Benchmark test - Runs in a screen! This takes a while. (the 'stuff' command is legit, leave it)
(
screen -dmS "Benchmark Test"
screen -S "Benchmark Test" -X stuff 'wget -qO- bench.sh | bash\n'
)
#===============================================================================
# LOG SEARCHES & NOTABLE FILES
#===============================================================================
# Make a backup of all know log file locations
tar -czvf ~/all_system_logs_$(date +%Y-$m-%d).tar.gz /var/log/ /var/cpanel/logs /var/cpanel/horde/log/ /var/cpanel/roundcube/log/ /usr/local/cpanel/logs/ /usr/local/cpanel/3rdparty/mailmain/logs/ /var/lib/mysql/*.err
# The cPanel master list for cPanel log file locations:
https://documentation.cpanel.net/display/CKB/The+cPanel+Log+Files
# Search PHP-FPM logs for reports of max workers/children
cat /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/error.log | grep max
cat /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/error.log | grep max_children
# Jeff Sh's search all PHP-FPM logs and display the 10 most recent results
(
echo "Enter Search Term (defaults to 'max_children'): "
read USER
if [ -z "$USER" ]; then
SEARCH="max_children"
else
SEARCH=$(echo $USER | sed s/[.]/_/g)
fi
echo "Searching $SEARCH in all PHP-FPM Logs...."
for FPMLOG in $(find /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/ -maxdepth 1 -type f -name error.log); do
echo "Found in $FPMLOG:"
grep $SEARCH $FPMLOG | tail -10
done
)
# IMH Wiki sar one-liner -
# https://wiki.inmotionhosting.com/index.php?title=Tracking_VPS_Resource_Abuse#Tools_In_Depth
for log in $(ls /var/log/sa/sa[0-9]*);do echo $log - `sar -q -f $log|grep Average`;done
# AlexKr - IMH Wiki sar one-liner - memory variant
for log in $(ls /var/log/sa/sa[0-9]*);do echo $log - `sar -r -f $log|grep Average`;done
# Levi J. sar highest memory using parsing oneliner
sarlogs=$(find /var/log/sa/ -maxdepth 1 -exec basename {} \; | egrep 'sa([0-9]{2})' |sort); printf '\nSAR Daily Averages: \nMultiple for a single day implies a reboot. \n-----------------------------\n'; stdbuf -o0 paste <(echo 'Date | CPU% '; for log in $sarlogs; do sar -q -f /var/log/sa/$log | grep 'Average' | awk '{print $6}' | sed "s/^/$log | /"; done;) <(echo 'MEM% '; for log in $sarlogs; do sar -r -f /var/log/sa/$log | grep 'Average' | awk '{print $4}'; done;) <(echo 'SWAP% '; for log in $sarlogs; do sar -S -f /var/log/sa/$log | grep 'Average' | awk '{print $4}'; done;)
# Default IMH NGINX log
sudo cat /var/log/ngxconf.log | grep
# NGINX Helper Plugin Log
~/public_html/wp-content/uploads/nginx-helper/nginx.log
# Exim Main Log
sudo cat /var/log/exim_mainlog | grep
# Mail Log
sudo cat /var/log/maillog | grep
# Samuel J's run NLP one log at a time (press any key to advance)
for user in $(find /var/cpanel/users -type f -not -name system -exec basename {} \;); do echo $user && /opt/dedrads/nlp $user && read -n 1 -s ; done
# Custom SA rule file
/etc/mail/spamassassin/imh_custom.cf
# cPanel File Manager Access Logs
cat /usr/local/cpanel/logs/access_log | grep filemanager/index.html
# cPanel email account access logs
cat /usr/local/cpanel/logs/access_log | grep pops/index.html
# Apache log on EasyApache 3 systems (exists on EasyApache 4 systems, but linked in /var/log/apache2 as well.
sudo cat /var/log/apache2/error_log | grep
# On EasyApache 3 systems, the Apache log is in:
sudo cat /usr/local/apache/logs/error_log | grep
# Check if a system is EasyApache 4
ls -al /etc/cpanel/ea4/is_ea4
# SpamExperts log analyzer.
https://cpjump.inmotionhosting.com/semanage/
# cPanel backup log
/usr/local/cpanel/logs/cpbackup
# cPanel transport log
/usr/local/cpanel/logs/cpbackup_transporter
# Get all cPanel users on a server. Credit: Noah A
awk -F: '{print $1}' /etc/trueuserowners
# Setup MySQL/MariaDB Log Rotations to prevent logs from getting too big and taking up tons of space.
http://ronaldbradford.com/blog/the-correct-approach-to-rolling-mysql-logs-2010-02-22/
# When troubleshooting DNS Cluster issues, check the log:
tail -100 /usr/local/cpanel/logs/access_log | grep cgi
# Then check the DNS Key file:
stat /usr/local/cpanel/whostmgr/docroot/cgi/imhapi/set-dns-key.cgi
# If the above 'stat' command fails, it's because imh-dnskeyapi is not installed
yum install -y imh-dnskeyapi
# DNS Admin Log
/usr/local/cpanel/logs/dnsadmin_log
#===============================================================================
# SHELLSCAN TOOLS
#===============================================================================
# The "standard" APS shellscan command -- Updated 2020-06-05 per https://wiki.inmotionhosting.com/index.php?title=IMH_Shellscan#Standard_Usage
mkdir /home/tier1adv/shellscans; read -ep "Ticket Number: " ticket; log="/home/tier1adv/shellscans/$(date +%m-%d-%Y).$ticket"; echo "Shellscan log created at $log";for i in $(sudo cat /etc/trueuserdomains | awk '{print $2}'); do sudo shellscan -c 4 -u $i -a off|tee "$log"; done; if grep -q "No hacks found" $log ; then hacks="No hacks found" ; elif grep -q "Hacks found" ; then hacks="Hacks found" ; else hacks="Scan failed" ; fi ; mail -s "$ticket:$(hostname) completed. $hacks. Log can be found at $log" shellscan@inmotionhosting.com
# More concise version of the standard shellscan oneliner from the wiki. With a more reliable list of cpanel users. - AlexKr
mkdir -p /home/tier1adv/shellscans; read -p "Ticket Number: " ticket; log="/home/tier1adv/shellscans/$(date +%m-%d-%Y).$ticket"; echo "Shellscan log created at: $log"; users=$(awk -F: '{print $1}' /etc/trueuserowners); sudo shellscan -c 4 --mail shellscan@inmotionhosting.com --note "${ticket} : Full VPS Shellscan" -a off -u $users | tee "$log"
# Alex Kr's full VPS scan, improved wiki version, with update
mkdir -p /home/tier1adv/shellscans; read -p "Ticket Number: " ticket; log="/home/tier1adv/shellscans/$(date +%m-%d-%Y).$ticket"; echo "Shellscan log created at: $log"; users=$(awk -F: '{print $1}' /etc/trueuserowners); sudo shellscan --update --freshclam --mail shellscan@inmotionhosting.com --note "${ticket} : Full VPS Shellscan" -c 4 -a off -u $users | tee "$log"
# Jason Sm's much cleaner shellscan loop
shellscan --update --freshclam -u $(awk '{print $2}' /etc/trueuserdomains) -a off
# Jason Sm's clamscan from / excluding virtual files in /sys/
clamscan -r -i --exclude-dir="^/dev" --exclude-dir="^/proc" --exclude-dir="^/sys" --remove=no /
# The commone one that's run:
shellscan --update --freshclam -u $(awk '{print $2}' /etc/trueuserdomains) -a off -c 6 --mail aps@inmotionhosting.com
# Shellscan for high load dedicated servers (max -c value is equal to 2x the amount of available cores)
shellscan -c 8 --update --freshclam -u $(awk '{print $2}' /etc/trueuserdomains) -a off
# Shellscan for high load VPS servers (max -c value is equal to 2x the amount of available cores)
shellscan -c 6 --update --freshclam -u $(awk '{print $2}' /etc/trueuserdomains) -a off
# Automatically set shellscan to use 2x amount of cores as -c value
cores=`nproc`; limit=$(echo "2 * $cores" | bc); shellscan -c $limit --update --freshclam -u $(awk '{print $2}' /etc/trueuserdomains) -a off
# Part 1, cron job for daily clamscan
clamscan -r -i --exclude-dir="^/sys" --log=/home/userna5/scanlogs/scanlog-`date +%Y-%m-%H_%k:%M:%S`.txt /
# Part 2, cron job to chown contents of folder to ensure cPanel readability
chown -R userna5:userna5 /home/userna5/scanlogs/*
# Part 3, cron job to prone out log files older than 14 days
find -P /home/userna5/scanlogs/. -type f -mtime '+14' -exec rm {} \;
# Jason Sm's regenerate list of shellscan hits (replace "quarantine_*" with the shellscan's ID number [i.e. quarantine_1573550177])
awk -F '"' '/home/ && /{/,/}/ {print $2 $3 $4}' /home/*/quarantine/quarantine_*/scanlog
# Samuel J's strace shellscan PIDs
for i in $(ps -aux | grep scan | grep -v 'SCREEN\|grep' | awk '{print $2}' | tr "\n" " ") ; do printf "%s\n$i\n\n"; timeout 1s strace -p $i ; done
# William W's parse shellscan scanlogs for hits only
cat /home/*/quarantine/quarantine_*/scanlog >> scan.txt && awk '/{/,/}/' scan.txt
# Install ClamAVconnector for Exiscan in Exim:
(
cd /usr/src
curl -s httpupdate.cpanel.net/cpanelsync/addons/modules/clamavconnector-Linux-x86_64.tar.bz2 | tar -xvj
cd clamavconnector-*
./install
echo "clamavconnector" >> /var/cpanel/addonmodules
echo -n `/usr/bin/clamscan -V | awk '{print $2}' | cut -d/ -f1` > /var/cpanel/addonmoduleversions/clamavconnector
freshclam
)
# Run Clamscan on the server for all users.
clamscan -ri --max-dir-recursion=1000 --exclude-dir="virtfs" --exclude="zip$" --exclude="tar.gz$" /home/ > scan_$(date +%Y-%m-%d_%H%M).txt
# Jeff Sh's run Clamscan with quarantine.
(
freshclam
mkdir -p ~/clamav_scans/
DATE=$(date +%Y%m%d%H%M)
LOG=~/clamav_scans/clamscan_${DATE}.log
for USER in $(sudo cat /etc/trueuserdomains | awk '{print $2}'); do
echo -e "\nScanning ${USER}"; mkdir -p /home/$USER/quarantine/quarantine_$DATE; clamscan -ri --move=/home/$USER/quarantine/quarantine_$DATE --log=/home/$USER/quarantine/quarantine_$DATE/scanlog --max-dir-recursion=1000 --exclude="zip$" --exclude="tar.gz$" /home/$USER/
HACKS=$(grep 'Infected files:' /home/${USER}/quarantine/quarantine_${DATE}/scanlog | awk '{pring $3}')
if [ "$HACKS" > 0 ]; then
echo "WARNING: ${HACKS} hacks found for user ${USER}." >> $LOG
else
echo "No hacks found for user ${USER}" >> $LOG
fi
done
)
# For cPanel version 88+, install ImmunifyAV Free version - Running only this command will make it available in WHM only. See next commands.
curl -sL https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.sh | bash -
# Enable the cPanel user's ability to scan their own files with ImunifyAV
/opt/alt/python35/share/imunify360/scripts/av-userside-plugin.sh && imunify-antivirus config update '{"PERMISSIONS": {"allow_malware_scan": true}}'
# Disable the cPanel user's ability to scan their own files with ImunifyAV
imunify-antivirus config update '{"PERMISSIONS": {"allow_malware_scan": false}}' && /opt/alt/python35/share/imunify360/scripts/av-userside-plugin.sh -r
#!#!#!#!#!
# On cPanel v94.0.7, this changed from the above /opt/alt/python35 path to /usr/share, so if the above fails:
/usr/share/av-userside-plugin.sh && imunify-antivirus config update '{"PERMISSIONS": {"allow_malware_scan": true}}'
imunify-antivirus config update '{"PERMISSIONS": {"allow_malware_scan": false}}' && /usr/share/av-userside-plugin.sh -r
# For the paid-for version of Imunify360, not ImunifyAV or ImunifyAV+:
# For customers with an activation key:
wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh
bash i360deploy.sh --key <activation_key>
# For customers with an IP-based license
wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh
bash i360deploy.sh
# Jeff Sh's list all infected files found by ImunifyAV since a given date (YYYYMMDD format) and move them to a quarantine folder.
# They're then placed into a Gzipped Tarball to prevent execution and access.
function mkmv () {
dir="$2"
tmp="$2"; tmp="${tmp: -1}"
[ "$tmp" != "/" ] && dir="$(dirname "$2")"
[ -a "$dir" ] ||
mkdir -p "$dir" &&
mv "$@"
}
(
read -p "Date (YYYYMMDD): " SINCE_DATE
read -p "Result Limit: " RESULT_LIMIT
read -p "Delete infected files found in the cPanel user .trash folders? [N/y] " DELETE_TRASH
QLIST="/tmp/quarantine_list.txt"
DELETE_LIST="/tmp/delete_list.txt"
DATE_STAMP=$(date +%Y%m%d-%H%M)
QFOLDER="/backup/imunify-quarantine"
MVDIR=$QFOLDER/$DATE_STAMP
mkdir -p $MVDIR
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")
imunify-antivirus malware history list --since $SINCE_DATE --limit $RESULT_LIMIT | sed -n '1!p' | awk -F" {2,}" '{print " "$7" "}' >> $QLIST
if [[ $DELETE_TRASH =~ ^[Yy]$ ]]; then
grep -i ".trash" $QLIST > $DELETE_LIST
for DELETE in $(cat $DELETE_LIST); do
echo "Deleting infected file found in the .trash folder: $DELETE"
rm -f "$DELETE"
done
fi
for INFECTED in $(cat $QLIST); do
echo "Moving to Quarantine: ${INFECTED}"
mkmv "$INFECTED" $MVDIR/"$INFECTED"
done
echo "Making Gzipped Tarball..."
tar -czf $QFOLDER/$DATE_STAMP.tar.gz $QFOLDER/$DATE_STAMP && cd $QFOLDER/ && rm -rf ./$DATE_STAMP
rm -f $DELETE_LIST $QLIST
IFS=$SAVEIFS
echo -e "\n\n===== COMPLETE! =====\nFiles moved to quarantine at $QFOLDER/$SINCE_DATE.tar.gz"
)
# Alex Kr's run Shellscan only for some users. Includes an update!
# Useful for when a scan fails to complete and a scan should be run,
# but only for the remaining users to be scanned.
# Note: must assign list of users to the variable "users" as noted below.
$ users=$(cat) # paste list of users then hit, ENTER, then Ctrl-D to signify EOF
mkdir -p /home/tier1adv/shellscans; read -p "Ticket Number: " ticket; log="/home/tier1adv/shellscans/$(date +%m-%d-%Y).$ticket"; echo "Shellscan log created at: $log"; sudo shellscan --update --freshclam --mail shellscan@inmotionhosting.com --note "${ticket} : Full VPS Shellscan" -c 4 -a off -u $users | tee "$log"
# Shellscan stuck/frozen repair for loop from the wiki.
# Run this to find scan procs, then kill child processes with 'kill -9 ####'
# where #### = proc num. Make sure not to kill parent process or scan will die!
# Sometimes a scan can be rescured in this way.
for process in $(ps aux | awk '(/shellscan/ || /clamscan/) && !/screen/ {print $2}' ); do printf "%s\n$i\n\n"; timeout 1s strace -p $process; done
# Alex Kr's find all scanlogs that were modified on or after the date scan was
# started and print any hacks found. Useful for finding all logs created by the
# 'for-loop' from the official wiki scan since each is in a folder of a
# different name. Note: only works on VPS+.
read -p "Date scan initiated? (YYYY-MM-DD): " date; log_dirs=$(find /home/*/quarantine -name quarantine_* -type d -newermt $date); for i in $log_dirs; do echo -e "\n${i}/scanlog"; cat ${i}/scanlog | awk '/{/,/}/' | awk -F '"' '{print $2}'; done
#===============================================================================
# APF, CSF and Fail2ban Firewalls
#===============================================================================
# Reinstall APF....assuming you've removed whatever firewall they have or none is installed.
(
yum -y install apf-ded whm-addip
chkconfig --add apf
service apf start
)
# Remove APF only.
(
service apf stop
chkconfig --del apf
tar -czf /backup/apf_backup_$(date +%Y-%m-%d_%H%M).tar.gz /etc/apf
rm -fr /etc/init.d/apf /usr/local/sbin/apf /etc/apf /usr/local/cpanel/whostmgr/cgi/{apfadd,addon_add2apf.cgi}
yum -y remove apf-ded whm-addip
rm -rf /usr/local/cpanel/whostmgr/cgi/apfadd
rm -f /usr/local/cpanel/whostmgr/cgi/addon_add2apf.cgi
grep -q add_ip_to_firewall /var/cpanel/pluginscache.yaml && sed -i '3,/add_ip_to_firewall/d' /var/cpanel/pluginscache.yaml
rm -rf /etc/cron.d/apf-fastload
)
# Install CSF - From IMH Repo (Including APF/FirewallD removal) and disable MaxMind.
(
service apf stop
chkconfig --del apf
tar -czf /backup/apf_backup_$(date +%Y-%m-%d_%H%M).tar.gz /etc/apf
rm -fr /etc/init.d/apf /usr/local/sbin/apf /etc/apf /usr/local/cpanel/whostmgr/cgi/{apfadd,addon_add2apf.cgi}
yum -y remove apf-ded whm-addip
rm -rf /usr/local/cpanel/whostmgr/cgi/apfadd
rm -f /usr/local/cpanel/whostmgr/cgi/addon_add2apf.cgi
grep -q add_ip_to_firewall /var/cpanel/pluginscache.yaml && sed '3,/add_ip_to_firewall/d' -i /var/cpanel/pluginscache.yaml
rm -rf /etc/cron.d/apf-fastload
yum -y remove firewalld
yum install -y csf-ded
service csf start
cd; curl -sL https://download.configserver.com/csupdate | perl
sed -i 's/\(LF_\(PERMBLOCK\|SSHD\|FTPD\|SMTPAUTH\|POP3D\|IMAPD\|CPANEL\|HTACCESS\|MODSEC\|CPANEL_ALERT\) *= *"\)[^"]\+/\11/;s/\(\(AUTO_UPDATES\|SMTP_BLOCK\|SYNFLOOD\) *= *"\)[^"]\+/\11/;s/\(LF_TRIGGER *= *"\)[^"]\+/\13/;s/\(SYSLOG_CHECK *= *"\)[^"]\+/\13600/;s/\(LF_INTEGRITY *= *"\)[^"]\+/\186400/;s/CC_SRC = \"1\"/CC_SRC = \"2\"/g' /etc/csf/csf.conf
csf -r
service_list=(saslauthd portreserve rpcbind abrt-xorg abrtd)
for service in "${service_list[@]}"; do
systemctl stop $service
systemctl disable $service
chkconfig $service off
done
)
# Install CSF - From IMH Repo (No APF/FirewallD removal) and disable MaxMind.
(
yum install -y csf-ded
service csf start
cd
curl -sL https://download.configserver.com/csupdate | perl
sed -i 's/\(LF_\(PERMBLOCK\|SSHD\|FTPD\|SMTPAUTH\|POP3D\|IMAPD\|CPANEL\|HTACCESS\|MODSEC\|CPANEL_ALERT\) *= *"\)[^"]\+/\11/;s/\(\(AUTO_UPDATES\|SMTP_BLOCK\|SYNFLOOD\) *= *"\)[^"]\+/\11/;s/\(LF_TRIGGER *= *"\)[^"]\+/\13/;s/\(SYSLOG_CHECK *= *"\)[^"]\+/\13600/;s/\(LF_INTEGRITY *= *"\)[^"]\+/\186400/;s/CC_SRC = \"1\"/CC_SRC = \"2\"/g' /etc/csf/csf.conf
csf -r;
service_list=(saslauthd portreserve rpcbind abrt-xorg abrtd)
for service in "${service_list[@]}"; do
systemctl stop $service
systemctl disable $service
chkconfig $service off
done
)
# Uninstall CSF - From IMH Repo
(
tar -czf /backup/csf_backup_$(date +%Y-%m-$d_%H%M).tar.gz /etc/csf/
service csf stop
service lfd stop
mkdir -p /root/old-csf/
cp -r /etc/csf/ /root/old-csf/
yum -y remove csf-ded
)
# Install CSF - From CSF Site (No APF/FirewallD removal) and disable MaxMind - Used for Bare Metal servers.
(
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
echo "Testing Perl Modules"
sleep 5
perl /usr/local/csf/bin/csftest.pl
read -p "Press ENTER to continue..."
service csf start
cd; curl -sL https://download.configserver.com/csupdate | perl
sed -i 's/\(LF_\(PERMBLOCK\|SSHD\|FTPD\|SMTPAUTH\|POP3D\|IMAPD\|CPANEL\|HTACCESS\|MODSEC\|CPANEL_ALERT\) *= *"\)[^"]\+/\11/;s/\(\(AUTO_UPDATES\|SMTP_BLOCK\|SYNFLOOD\) *= *"\)[^"]\+/\11/;s/\(LF_TRIGGER *= *"\)[^"]\+/\13/;s/\(SYSLOG_CHECK *= *"\)[^"]\+/\13600/;s/\(LF_INTEGRITY *= *"\)[^"]\+/\186400/;s/CC_SRC = \"1\"/CC_SRC = \"2\"/g' /etc/csf/csf.conf
csf -r
service_list=(saslauthd portreserve rpcbind abrt-xorg abrtd avahi-daemon bluetooth cups gdm ksmtuned ModemManager)
for service in "${service_list[@]}"; do
systemctl stop $service
systemctl disable $service
chkconfig $service off
done
)
# Inistall CSF GUI on Bare Metal servers using Webmin
https://doxfer.webmin.com/Webmin/ConfigServer_Security_%26_Firewall
# Uninstall CSF - using CSF tools and YUM repos.
(
tar -czf /backup/csf_backup_$(date +%Y-%m-%d_%H%M).tar.gz /etc/csf
yum -y remove csf-ded
cd /etc/csf
sh uninstall.sh
echo "Searching for other CSF files...(not automatically removed)"
find / -name "csf"
)
# Update CSF
curl -sL https://download.configserver.com/csupdate | perl
# or
csf -u
# Enable all Brute Force protections, Auto Updates, SMTP Blocking, SynFlood attacks, SysLog checking and LF Integrity (updated for 13.04):
(
sed -i 's/\(LF_\(PERMBLOCK\|SSHD\|FTPD\|SMTPAUTH\|POP3D\|IMAPD\|CPANEL\|HTACCESS\|MODSEC\|CPANEL_ALERT\) *= *"\)[^"]\+/\11/;s/\(\(AUTO_UPDATES\|SMTP_BLOCK\|SYNFLOOD\) *= *"\)[^"]\+/\11/;s/\(LF_TRIGGER *= *"\)[^"]\+/\13/;s/\(SYSLOG_CHECK *= *"\)[^"]\+/\13600/;s/\(LF_INTEGRITY *= *"\)[^"]\+/\186400/;s/CC_SRC = \"1\"/CC_SRC = \"2\"/g' /etc/csf/csf.conf
csf -r
service_list=(saslauthd portreserve rpcbind abrt-xorg abrtd)
for service in "${service_list[@]}"; do
systemctl stop $service
systemctl disable $service
chkconfig $service off
done
)
# Install Fail2ban to work with CSF/LFD
https://wiki.inmotionhosting.com/index.php?title=Fail2ban_VPS_Dedicated
# Fix the Add IP to Firewall plugin when 403 happens.
(
sed -i "/permit_unregistered_apps_as_reseller=0/c\permit_unregistered_apps_as_reseller=1" /var/cpanel/cpanel.config
yum -y remove whm-addip
yum -y install whm-addip
service cpanel restart
)
# Note: As of 2019-12-29, MaxMind REQUIRES you to create an account on their
# site and to generate a license key to use their databases. See:
# https://www.maxmind.com/en/geolite2/signup
# https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
#
# You MUST set the following to continue using the IP lookup features of csf,
# otherwise an error will be generated and the features will not work
#
# MaxMind License Key:
MM_LICENSE_KEY = ""
# Change CSF to use DB-IP, ipdeny.com and iptoasn.com instead of MaxMind
sed -ine "s/CC_SRC = \"1\"/CC_SRC = \"2\"/g" /etc/csf/csf.conf; csf -r
# -- Default CSF Firewall Entries
###START{INMOTION_DEFAULT_FIREWALL_ENTRIES}
##18248365b2c0da1bepwb#
d=21|s=74.124.194.113
d=20|s=74.124.194.113
##0efdzb849ebc220840js#
205.134.240.204
##075843d7fb005e121lax#
d=2087|s=38.122.109.70
d=22|s=38.122.109.70
##0a0fcb6d4b1c570230v
d=22|s=216.54.31.80/29
d=2087|s=216.54.21.80/29
d=22|s=24.249.121.215
d=2087|s=24.249.121.215
##fd9zkjvkeo9di21jfxt3#
d=22|s=198.46.90.6
d=22|s=198.46.90.7
d=22|s=198.46.90.8
d=22|s=198.46.90.9
##180c0664d285fz10fmtr#
38.140.187.242/29
70.39.232.170
96.238.89.252/24
98.152.208.218/29
198.46.90.10
198.46.90.17
144.208.77.66
173.247.250.216
204.148.74.86/30
205.168.179.26/29
216.54.0.191/31
216.54.31.80/29
##IMH_REMOTE_COVID19_IPS
52.186.90.168
173.231.218.25
###END{INMOTION_DEFAULT_FIREWALL_ENTRIES}
# -- Default APF Firewall Entries
###START{INMOTION_DEFAULT_FIREWALL_ENTRIES}
##18248365b2c0da1bepwb#
d=21:s=74.124.194.113
d=20:s=74.124.194.113
##0efdzb849ebc220840js#
205.134.240.204
##075843d7fb005e121lax#
d=2087:s=38.122.109.70
d=22:s=38.122.109.70
##0a0fcb6d4b1c570230v
d=22:s=216.54.31.80/29
d=2087:s=216.54.21.80/29
d=22:s=24.249.121.215
d=2087:s=24.249.121.215
##fd9zkjvkeo9di21jfxt3#
d=22:s=198.46.90.6
d=22:s=198.46.90.7
d=22:s=198.46.90.8
d=22:s=198.46.90.9
##180c0664d285fz10fmtr#
38.140.187.242/29
70.39.232.170
96.238.89.252/24
98.152.208.218/29
198.46.90.10
198.46.90.17
144.208.77.66
173.247.250.216
204.148.74.86/30
205.168.179.26/29
216.54.0.191/31
216.54.31.80/29
##IMH_REMOTE_COVID19_IPS
52.186.90.168
173.231.218.25
###END{INMOTION_DEFAULT_FIREWALL_ENTRIES}
####START{SUCURI_FIREWALL_IP_ENTRIES}
208.109.0.0/22
66.248.200.0/22
185.93.228.0/22
192.88.134.0/23
###END{SUCURI_FIREWALL_IP_ENTRIES}
###START{CLOUDFLARE_IP_ENTRIES}
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22
###END{CLOUDFLARE_IP_ENTRIES}
################################################################################
# NOTE ABOUT CLOUDFLARE IPS
# Cloudflare at times updates their IP list. So, the following can be done to
# help automate the list update process for CSF (APF is below):
echo "Include /etc/csf/cloudflare_ipv4.allow" >> /etc/csf/csf.allow
echo "Include /etc/csf/cloudflare_ipv6.allow" >> /etc/csf/csf.allow
wget -qO /etc/csf/cloudflare_ipv4.allow https://www.cloudflare.com/ips-v4
wget -qO /etc/csf/cloudflare_ipv6.allow https://www.cloudflare.com/ips-v6
# Now, create the following CRON job as the Root user:
0 1 * * * wget -qO /etc/csf/cloudflare_ipv4.allow https://www.cloudflare.com/ips-v4; wget -qO /etc/csf/cloudflare_ipv6.allow https://www.cloudflare.com/ips-v6; csf -r > /dev/null
#################
# APF Setup
# Due to limitations in APF, this is not as easy to implement as CSF. It would be better to remove APF and install CSF to achieve these needs.
###START{UPTIME_ROBOT_IPS}
69.162.124.224/28
63.143.42.240/28
216.245.221.80/28
104.131.107.63
122.248.234.23
128.199.195.156
138.197.150.151
139.59.173.249
146.185.143.14
159.203.30.41
159.89.8.111
165.227.83.148
178.62.52.237
18.221.56.27
188.226.183.141
216.144.250.150
34.233.66.117
46.101.250.135
46.137.190.132
52.60.129.180
54.64.67.106
54.67.10.127
54.79.28.129
54.94.142.218
###END{UPTIME_ROBOT_IPS}
###START{STACKPATH_CDN_IPS}
69.16.133.0/24
69.16.176.0/20
69.16.182.0/24
69.16.184.0/24
69.16.188.0/24
74.209.134.0/24
74.209.134.128/25
81.171.60.0/24
81.171.61.0/24
81.171.68.64/26
81.171.105.0/24
81.171.106.64/26
81.171.112.0/24
94.46.144.0/20
94.46.153.128/25
94.46.154.128/25
94.46.155.128/25
103.66.28.0/22
103.228.104.0/24
146.88.130.128/25
151.139.0.0/17
151.139.0.0/19
151.139.11.128/25
151.139.13.0/24
151.139.14.128/25
151.139.15.128/25
151.139.16.128/25
151.139.18.128/25
151.139.19.128/25
151.139.21.0/24
151.139.23.0/24
151.139.24.0/25
151.139.25.0/24
151.139.29.0/24
151.139.32.0/24
151.139.33.128/25
151.139.34.128/25
151.139.35.128/25
151.139.36.128/25
151.139.37.128/25
151.139.38.128/25
151.139.40.0/22
151.139.41.0/24
151.139.44.0/22
151.139.45.0/24
151.139.48.0/22
151.139.49.0/24
151.139.52.0/22
151.139.56.128/25
151.139.58.0/23
151.139.59.0/24
151.139.60.0/22
151.139.64.0/23
151.139.66.0/23
151.139.67.0/24
151.139.68.0/22
151.139.72.0/22
151.139.76.0/23
151.139.77.0/24
151.139.78.0/23
151.139.80.0/22
151.139.81.0/24
151.139.84.0/22
151.139.88.0/23
151.139.90.0/23
151.139.92.0/23
151.139.93.0/24
151.139.94.0/23
151.139.96.0/23
151.139.97.0/24
151.139.98.0/23
151.139.114.0/23
151.139.116.0/23
151.139.118.0/23
151.139.120.0/22
173.245.194.0/24
173.245.208.64/26
173.245.210.64/26
173.245.216.64/26
173.245.218.64/26
205.185.216.0/22
205.185.217.0/24
205.185.219.0/25
209.197.7.0/24
209.197.8.0/21
209.197.9.0/24
209.197.11.0/24
209.197.13.224/27
209.197.21.0/24
209.197.24.0/21
209.197.27.128/25
209.197.31.0/25
209.234.242.0/25
192.166.245.71/32
192.166.245.98/32
35.201.16.129/32
35.244.107.67/32
108.61.185.90/32
104.156.232.232/32
35.198.52.85/32
35.198.12.22/32
37.235.52.70/32
37.235.52.196/32
120.26.119.191/32
47.97.251.164/32
151.236.21.35/32
151.236.21.87/32
149.154.159.21/32
151.236.15.26/32
35.242.213.204/32
35.242.210.32/32
158.255.208.86/32
151.236.20.95/32
151.236.24.35/32
151.236.24.50/32
34.249.164.113/32
54.76.234.169/32
149.154.157.239/32
151.236.18.167/32
104.214.150.207/32
104.214.147.166/32
34.85.22.40/32
35.200.117.161/32
45.32.45.117/32
45.32.52.15/32
103.209.192.93/32
45.252.191.10/32
213.183.56.71/32
213.183.56.187/32
35.186.155.99/32
34.87.56.240/32
102.133.165.127/32
102.133.168.247/32
151.236.23.78/32
151.236.23.142/32
46.246.93.179/32
46.246.126.136/32
34.90.24.209/32
35.204.22.69/32
151.236.14.231/32
151.236.14.238/32
95.138.170.88/32
95.138.175.4/32
45.32.183.237/32
45.32.179.191/32
185.157.232.52/32
185.157.233.153/32
23.253.20.207/32
23.253.22.201/32
207.148.1.50/32
149.28.254.195/32
45.32.69.31/32
45.32.94.5/32
149.28.235.77/32
63.209.33.45/32
52.52.23.91/32
52.53.106.71/32
34.201.233.220/32
34.203.52.30/32
45.32.129.60/32
45.63.90.144/32
104.238.157.42/32
45.32.225.132/32
35.245.111.92/32
35.245.0.188/32
78.142.19.197/32
84.54.49.15/32
###END{STACKPATH_CDN_IPS}
# Add these to /etc/hosts.allow for WHM Host Access Control
## START OF INMOTION HOSTING IPs FOR SERVER ACCESS.
ALL : 38.140.187.242 : allow
# InMotion Hosting
ALL : 144.208.77.66 : allow
# InMotion Hosting
ALL : 198.46.90.10 : allow
# InMotion Hosting
ALL : 216.54.0.191 : allow
# InMotion Hosting
ALL : 216.54.31.82 : allow
# InMotion Hosting
ALL : 96.238.89.0 : allow
# InMotion Hosting
ALL : 98.152.208.0 : allow
# InMotion Hosting
ALL : 204.148.74.0 : allow
# InMotion Hosting
ALL : 205.168.179.0 : allow
# InMotion Hosting
ALL : 216.54.31.0 : allow
# InMotion Hosting
ALL : 173.247.250.216 : allow
# InMotion Hosting
ALL : 205.134.240.204 : allow
# InMotion Hosting
ALL : 198.46.90.8 : allow
# InMotion Hosting
ALL : 52.186.90.168 : allow
# InMotion Hosting
ALL : 173.231.218.25 : allow
# InMotion Hosting
## END OF INMOTION HOSTING IPs FOR SERVER ACCESS.
# Add to CSF config to to CIDR deny every country code but USA, if they really need it...ONLY WORKS ON DEDI DUE TO IP FIREWALL LIMIT OF 3000 ON VPS PLANS.
AD, AE, AF, AG, AI, AL, AM, AO, AQ, AR, AS, AT, AU, AW, AX, AZ, BA, BB, BD, BE, BF, BG, BH, BI, BJ, BL, BM, BN, BO, BQ, BR, BS, BT, BV, BW, BY, BZ, CA, CC, CD, CF, CG, CH, CI, CK, CL, CM, CO, CR, CU, CV, CW, CX, CX, CY, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, EH, ER, ES, ET, FI, FJ, FK, FM, FO, FR, GA, GB, GD, GE, GF, GG, GH, GI, GL, GM, GN, GP, GQ, GR, GS, GT, GU, GW, GY, HK, HM, HN, HR, HT, HU, ID, IE, IL, IM, IN, IO, IQ, IR, IS, IT, JE, JM, JO, JP, KE, KG, KH, KI, KM, KN, KP, KR, KW, KY, KZ, LA, KB, LC, LI, LK, LR, LS, LT, LU, LV, LY, MA, MC, MD, ME, MF, MG, MH, MK, ML, MM, MN, MO, MP, MQ, MR, MS, MT, MU, MV, MW, MX, MY, MZ, NA, NC, NE, NF, NG, NI, NL, NO, NP, NR, NU, NZ, OM, PA, PE, PF, PG, PH, PK, PL, PM, PN, PR, PS, PT, PW, PY, QA, RE, RO, RS, RU, RW, SA, SB, SC, SD, SE, SG, SH, SI, SK, SL, SM, SN, SO, SR, SS, ST, SV, SX, SY, SZ, TC, TD, TF, TG, TH, TJ, TK, TL, TM, TN, TO, TR, TT, TV, TW, TZ, UA, UG, UM, UY, UZ, VA, VC, VE, VG, VI, VN, VU, WF, WS, YE, YT, AZ, ZM, ZW
###BEGIN{GTMetrix_IPs}
208.70.247.157
204.187.14.70
204.187.14.71
204.187.14.72
204.187.14.73
204.187.14.74
204.187.14.75
204.187.14.76
204.187.14.77
204.187.14.78
199.10.31.194
199.10.31.195
199.10.31.196
13.85.80.124
13.84.146.132
13.84.146.226
40.74.254.217
13.84.43.227
104.214.75.209
172.255.61.34
172.255.61.35
172.255.61.36
172.255.61.37
172.255.61.38
172.255.61.39
172.255.61.40
13.70.66.20
52.147.27.127
191.235.85.154
191.235.86.0
52.66.75.147
52.175.28.116
###END{GTMetrix_IPs}
# Block All Digital Ocean IPs, because I've had to do this to stop a DDoS on a
# server that was being hit by over 300 random ones and as we blocked each IPv4
# block a new IP block would show up, leaving little choice but to do this.
##START{ALL_586_IPv4_DIGITAL_OCEAN_IP_BLOCKS}
103.253.144.0/22
104.131.0.0/18
104.131.128.0/20
104.131.144.0/20
104.131.160.0/20
104.131.176.0/20
104.131.192.0/19
104.131.224.0/19
104.131.64.0/18
104.236.0.0/18
104.236.128.0/18
104.236.192.0/18
104.236.64.0/18
104.248.0.0/20
104.248.100.0/22
104.248.104.0/22
104.248.108.0/22
104.248.112.0/20
104.248.128.0/20
104.248.144.0/20
104.248.160.0/20
104.248.16.0/20
104.248.176.0/20
104.248.192.0/20
104.248.208.0/20
104.248.224.0/20
104.248.240.0/20
104.248.32.0/20
104.248.48.0/20
104.248.64.0/20
104.248.80.0/20
104.248.96.0/22
107.170.0.0/17
107.170.128.0/19
107.170.160.0/19
107.170.192.0/18
128.199.128.0/18
128.199.192.0/18
128.199.32.0/19
128.199.64.0/18
134.122.0.0/20
134.122.112.0/20
134.122.16.0/20
134.122.32.0/20
134.122.48.0/20
134.122.64.0/20
134.122.80.0/20
134.122.96.0/20
134.209.0.0/20
134.209.112.0/20
134.209.128.0/22
134.209.132.0/22
134.209.136.0/22
134.209.140.0/22
134.209.144.0/20
134.209.160.0/20
134.209.16.0/20
134.209.176.0/20
134.209.192.0/20
134.209.208.0/20
134.209.224.0/20
134.209.240.0/20
134.209.32.0/20
134.209.48.0/20
134.209.64.0/20
134.209.80.0/20
134.209.96.0/20
138.197.0.0/20
138.197.112.0/20
138.197.128.0/20
138.197.144.0/20
138.197.160.0/20
138.197.16.0/20
138.197.176.0/20
138.197.192.0/20
138.197.208.0/20
138.197.224.0/22
138.197.228.0/22
138.197.232.0/22
138.197.236.0/22
138.197.240.0/22
138.197.252.0/22
138.197.32.0/20
138.197.48.0/22
138.197.52.0/22
138.197.56.0/22
138.197.60.0/22
138.197.64.0/20
138.197.80.0/20
138.197.96.0/20
138.68.0.0/20
138.68.112.0/22
138.68.116.0/22
138.68.120.0/23
138.68.122.0/23
138.68.124.0/22
138.68.128.0/20
138.68.144.0/20
138.68.160.0/20
138.68.16.0/20
138.68.176.0/20
138.68.192.0/22
138.68.196.0/22
138.68.200.0/22
138.68.204.0/22
138.68.208.0/20
138.68.224.0/20
138.68.240.0/20
138.68.32.0/24
138.68.33.0/24
138.68.34.0/24
138.68.36.0/22
138.68.40.0/21
138.68.48.0/20
138.68.64.0/20
138.68.80.0/20
138.68.96.0/20
139.59.0.0/20
139.59.112.0/20
139.59.128.0/19
139.59.160.0/20
139.59.16.0/20
139.59.176.0/20
139.59.192.0/22
139.59.196.0/22
139.59.200.0/22
139.59.204.0/22
139.59.208.0/21
139.59.216.0/22
139.59.220.0/22
139.59.224.0/20
139.59.240.0/20
139.59.32.0/20
139.59.48.0/22
139.59.52.0/22
139.59.56.0/21
139.59.64.0/20
139.59.80.0/20
139.59.96.0/20
141.0.169.0/24
141.0.170.0/24
142.93.0.0/20
142.93.112.0/20
142.93.128.0/20
142.93.144.0/20
142.93.160.0/20
142.93.16.0/20
142.93.176.0/20
142.93.192.0/20
142.93.208.0/20
142.93.224.0/20
142.93.240.0/20
142.93.32.0/20
142.93.48.0/20
142.93.64.0/20
142.93.80.0/20
142.93.96.0/20
146.185.128.0/19
146.185.160.0/20
146.185.176.0/21
146.185.184.0/21
157.230.0.0/20
157.230.112.0/20
157.230.128.0/20
157.230.144.0/20
157.230.160.0/20
157.230.16.0/20
157.230.176.0/20
157.230.192.0/22
157.230.196.0/22
157.230.200.0/22
157.230.204.0/22
157.230.208.0/20
157.230.224.0/20
157.230.240.0/20
157.230.32.0/20
157.230.48.0/20
157.230.64.0/22
157.230.68.0/22
157.230.72.0/22
157.230.76.0/22
157.230.80.0/20
157.230.96.0/20
157.245.0.0/20
157.245.112.0/20
157.245.128.0/20
157.245.144.0/20
157.245.160.0/20
157.245.16.0/22
157.245.176.0/20
157.245.192.0/20
157.245.20.0/22
157.245.208.0/20
157.245.224.0/20
157.245.240.0/20
157.245.24.0/22
157.245.28.0/22
157.245.32.0/20
157.245.48.0/20
157.245.64.0/20
157.245.80.0/20
157.245.96.0/20
159.203.0.0/20
159.203.112.0/20
159.203.128.0/20
159.203.144.0/22
159.203.148.0/22
159.203.152.0/22
159.203.156.0/22
159.203.160.0/20
159.203.16.0/20
159.203.176.0/20
159.203.192.0/20
159.203.208.0/20
159.203.224.0/20
159.203.240.0/20
159.203.32.0/20
159.203.48.0/22
159.203.52.0/22
159.203.56.0/21
159.203.64.0/20
159.203.80.0/20
159.203.96.0/20
159.65.0.0/20
159.65.112.0/20
159.65.128.0/20
159.65.144.0/20
159.65.160.0/20
159.65.16.0/20
159.65.176.0/20
159.65.192.0/20
159.65.208.0/22
159.65.212.0/22
159.65.216.0/21
159.65.224.0/20
159.65.240.0/20
159.65.32.0/20
159.65.48.0/20
159.65.64.0/20
159.65.80.0/20
159.65.96.0/20
159.89.0.0/20
159.89.112.0/20
159.89.128.0/20
159.89.144.0/20
159.89.160.0/20
159.89.16.0/20
159.89.176.0/20
159.89.192.0/20
159.89.208.0/22
159.89.212.0/22
159.89.216.0/22
159.89.220.0/22
159.89.224.0/20
159.89.240.0/22
159.89.244.0/22
159.89.248.0/22
159.89.252.0/22
159.89.32.0/20
159.89.48.0/21
159.89.58.0/24
159.89.59.0/24
159.89.60.0/24
159.89.61.0/24
159.89.62.0/24
159.89.63.0/24
159.89.64.0/20
159.89.80.0/20
159.89.96.0/20
161.35.0.0/20
161.35.112.0/20
161.35.128.0/20
161.35.144.0/20
161.35.160.0/20
161.35.16.0/20
161.35.176.0/20
161.35.192.0/20
161.35.208.0/20
161.35.224.0/20
161.35.240.0/22
161.35.244.0/22
161.35.248.0/22
161.35.252.0/22
161.35.32.0/20
161.35.48.0/20
161.35.64.0/20
161.35.80.0/20
161.35.96.0/20
162.243.0.0/17
162.243.128.0/19
162.243.160.0/20
162.243.176.0/21
162.243.184.0/22
162.243.188.0/23
162.243.190.0/24
162.243.191.0/24
162.243.192.0/18
163.47.8.0/22
164.90.128.0/20
164.90.144.0/20
164.90.160.0/20
164.90.176.0/20
164.90.192.0/20
164.90.208.0/20
164.90.252.0/22
165.22.0.0/20
165.22.112.0/20
165.22.128.0/20
165.22.144.0/20
165.22.160.0/20
165.22.16.0/20
165.22.176.0/20
165.22.192.0/20
165.22.208.0/20
165.22.224.0/20
165.22.240.0/20
165.22.32.0/20
165.22.48.0/20
165.22.64.0/20
165.227.0.0/20
165.227.112.0/20
165.227.128.0/20
165.227.144.0/20
165.227.160.0/20
165.227.16.0/20
165.227.176.0/20
165.227.192.0/20
165.227.208.0/20
165.227.224.0/20
165.227.240.0/22
165.227.244.0/22
165.227.248.0/22
165.227.252.0/22
165.227.32.0/20
165.227.48.0/20
165.227.64.0/20
165.227.80.0/20
165.227.96.0/20
165.22.80.0/20
165.22.96.0/20
167.172.0.0/22
167.172.112.0/20
167.172.12.0/22
167.172.128.0/20
167.172.144.0/20
167.172.160.0/20
167.172.16.0/20
167.172.176.0/20
167.172.192.0/20
167.172.208.0/20
167.172.224.0/20
167.172.240.0/20
167.172.32.0/20
167.172.4.0/22
167.172.48.0/20
167.172.64.0/20
167.172.80.0/20
167.172.8.0/22
167.172.96.0/20
167.71.0.0/20
167.71.112.0/20
167.71.128.0/20
167.71.144.0/20
167.71.160.0/20
167.71.16.0/20
167.71.176.0/20
167.71.192.0/20
167.71.208.0/20
167.71.224.0/20
167.71.240.0/20
167.71.32.0/20
167.71.48.0/20
167.71.64.0/20
167.71.80.0/20
167.71.96.0/20
167.99.0.0/20
167.99.112.0/20
167.99.128.0/20
167.99.144.0/20
167.99.160.0/20
167.99.16.0/22
167.99.176.0/20
167.99.192.0/20
167.99.20.0/22
167.99.208.0/20
167.99.224.0/20
167.99.240.0/20
167.99.24.0/22
167.99.28.0/22
167.99.32.0/20
167.99.48.0/20
167.99.64.0/20
167.99.80.0/20
167.99.96.0/20
174.138.0.0/20
174.138.100.0/22
174.138.104.0/22
174.138.108.0/22
174.138.112.0/22
174.138.116.0/22
174.138.120.0/22
174.138.124.0/22
174.138.16.0/20
174.138.32.0/20
174.138.48.0/20
174.138.64.0/20
174.138.80.0/20
174.138.96.0/22
178.128.0.0/20
178.128.112.0/20
178.128.128.0/22
178.128.132.0/22
178.128.136.0/22
178.128.140.0/22
178.128.144.0/20
178.128.160.0/20
178.128.16.0/20
178.128.176.0/20
178.128.192.0/20
178.128.208.0/20
178.128.224.0/20
178.128.240.0/20
178.128.32.0/20
178.128.48.0/20
178.128.64.0/20
178.128.80.0/20
178.128.96.0/20
178.62.0.0/18
178.62.128.0/18
178.62.192.0/18
178.62.64.0/18
185.14.184.0/22
188.166.0.0/18
188.166.128.0/22
188.166.132.0/22
188.166.136.0/22
188.166.140.0/22
188.166.144.0/20
188.166.160.0/21
188.166.168.0/21
188.166.176.0/20
188.166.192.0/22
188.166.196.0/22
188.166.200.0/22
188.166.204.0/22
188.166.208.0/20
188.166.224.0/20
188.166.240.0/20
188.166.64.0/18
188.226.128.0/17
192.241.128.0/19
192.241.160.0/19
192.241.192.0/19
192.241.224.0/20
192.241.240.0/20
192.34.56.0/21
192.81.208.0/21
192.81.216.0/22
192.81.220.0/22
198.199.112.0/21
198.199.120.0/22
198.199.124.0/22
198.199.64.0/20
198.199.80.0/21
198.199.88.0/22
198.199.92.0/22
198.199.96.0/20
198.211.112.0/22
198.211.116.0/23
198.211.118.0/23
198.211.120.0/21
198.211.96.0/20
204.48.16.0/20
206.189.0.0/20
206.189.112.0/20
206.189.128.0/20
206.189.144.0/20
206.189.160.0/20
206.189.16.0/20
206.189.176.0/20
206.189.192.0/20
206.189.208.0/20
206.189.224.0/20
206.189.240.0/22
206.189.244.0/22
206.189.248.0/22
206.189.252.0/22
206.189.32.0/20
206.189.48.0/20
206.189.64.0/20
206.189.80.0/20
206.189.96.0/20
206.81.0.0/20
206.81.16.0/20
207.154.192.0/20
207.154.208.0/20
207.154.224.0/20
207.154.240.0/20
208.68.36.0/22
209.97.128.0/20
209.97.144.0/20
209.97.160.0/20
209.97.176.0/20
37.139.0.0/19
45.55.0.0/19
45.55.100.0/22
45.55.104.0/22
45.55.108.0/22
45.55.112.0/22
45.55.116.0/22
45.55.120.0/22
45.55.124.0/22
45.55.128.0/18
45.55.192.0/18
45.55.32.0/19
45.55.64.0/19
45.55.96.0/22
46.101.0.0/18
46.101.128.0/17
46.101.64.0/22
46.101.68.0/22
46.101.72.0/21
46.101.80.0/20
46.101.96.0/19
5.101.104.0/22
5.101.108.0/24
5.101.109.0/24
5.101.110.0/24
5.101.111.0/24
5.101.96.0/21
64.225.0.0/20
64.225.112.0/20
64.225.16.0/20
64.225.32.0/20
64.225.48.0/20
64.225.64.0/20
64.225.80.0/22
64.225.84.0/22
64.225.88.0/22
64.225.92.0/22
64.225.96.0/20
64.227.0.0/20
64.227.112.0/20
64.227.16.0/20
64.227.32.0/20
64.227.48.0/20
64.227.64.0/20
64.227.80.0/20
64.227.96.0/20
67.205.128.0/20
67.205.144.0/20
67.205.160.0/20
67.205.176.0/20
67.207.64.0/24
67.207.65.0/24
67.207.66.0/24
67.207.68.0/22
67.207.72.0/22
67.207.76.0/22
67.207.80.0/20
68.183.0.0/20
68.183.112.0/20
68.183.128.0/20
68.183.144.0/20
68.183.160.0/20
68.183.16.0/20
68.183.176.0/20
68.183.192.0/20
68.183.208.0/20
68.183.224.0/20
68.183.240.0/22
68.183.244.0/22
68.183.248.0/22
68.183.252.0/22
68.183.32.0/20
68.183.48.0/20
68.183.64.0/20
68.183.80.0/20
68.183.96.0/20
69.55.48.0/22
69.55.54.0/23
69.55.58.0/23
69.55.60.0/22
80.240.128.0/20
82.196.0.0/20
95.85.0.0/18
##END{ALL_DIGITAL_OCEAN_IPs}
#===============================================================================
# PCI COMPLIANCE
#===============================================================================
# Check OpenSSH ciphers
nmap -Pn -sV --script ssh2-enum-algos -p 22 IP
# Ciphers, Apache configs and more:
https://hummdis.com/projects/dev-null/2018/make-your-free-ssl-get-a-rating/
# Check SSH server
wget -O ~/ssh-audit.py https://raw.githubusercontent.com/arthepsy/ssh-audit/master/ssh-audit.py; chmod +x ~/ssh-audit.py; ~/ssh-audit.py -p $(netstat -tulnp | grep sshd | grep -Po '[0\.]{3}[0:]\K\d+') $(hostname -i)
# Check the RPM changelog for the CVE specifically - if listed, the CVE has been patched.
rpm -q --changelog <application> | grep <cve_number>
# For example:
# rpm -q --changelog kernel | grep CVE-2017-1000251
# See also: https://access.redhat.com/discussions/2713931
#===============================================================================
# MODSECURITY
#===============================================================================
# Install the ModSecurity Manager to whitelist IPs as found on Shared servers
yum -y install modsec-cpanelplugin
# Install the ConfigServer ModSecurity Control (CMC)
cd /usr/src; rm -fv /usr/src/cmc.tgz; wget http://download.configserver.com/cmc.tgz; tar -xzf cmc.tgz; cd cmc; sh install.sh; rm -Rfv /usr/src/cmc*; cd
# Remove the CofigServer ModSecurity Control (CMC)
cd /usr/src; rm -fv /usr/src/cmc.tgz; wget http://download.configserver.com/cmc.tgz; tar -xzf cmc.tgz; cd cmc; sh uninstall.sh; rm -Rfv /usr/src/cmc*; cd
# Output what modsec rules are triggered by what files
grep ModSecurity /usr/local/apache/logs/error_log | grep -v collections_remove_stale | grep -v collection_store | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n
# Jason Sm's show today's ModSecurity violations
grep -i "$(date "+%a %b %d")" /usr/local/apache/logs/error_log | grep -iE 'ModSecurity.*error|error.*ModSecurity' | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n
# Jason Sm's remove ModSecurity rule by id #, distill and restart httpd after
read -p "Rule ID: " id; echo "SecRuleRemoveById " $id >> /etc/apache2/conf.d/imh-modsec/post_virtualhost_global.conf; /usr/local/cpanel/scripts/rebuildhttpdconf; /scripts/restartsrv_httpd
# Jason Sm's remove an IP from ModSec blocks (add this in ModSecurity Tools in WHM)
SecRule REMOTE_ADDR "@ipMatch xxx.xxx.xxx.xxx" "id:96091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off"
# Whitelist IP for ModSecurity -- Add to /etc/apache2/conf.d/modsec2.whitelist.conf -- Change the 127.0.0.1 IP to the actual IP.
SecRule REMOTE_ADDR "@contains 127.0.0.1" "id:1,phase:1,nolog,allow,ctl:ruleEngine=Off"
# Noah A's Black Magic to remove a ModSecurity rule from the binary file.
sed -r -i "s/(to_block...)1/(\1)0/" /var/cpanel/secdatadir/nobody-resource.pag
#===============================================================================
# VIRTUOZZO
#===============================================================================
# Change VPS hostname on node
vzctl set <ctid> --hostname server.domain.com --save
# VPS node migration log
/opt/vzmigrate/vzmigrate.log
# Change the VPS plan
vpspkgtype <ctid> 1KHA|2KHA|3KHA
# Current package type of VPS
vzlist -Ho ctid,hostname,description,status <ctid>
# View in-progress migrations
ls -l /opt/vzmigrate/inprogress/
# View scheduled migrations
ls -l /opt/vzmigrate/sched
# Start container
vzctl start <ctid>
# Unsuspend container
unsuspend_vps <ctid>
# Suspend VPS
suspend_vps <ctid> -r [ra,moved,billing,canceled,tos,leagl,other,vz7]
# Temp Upgrade
sudo /opt/vpsrads/temp_upgrade -v <ctid> -d <duration> -p <package>
# New VPS Package List for upgrades/downgrades (2021-05-10)
vzlist -o description | grep ram | sort | uniq
2core2ram45disk
4core4ram75disk
6core6ram105disk
8core8ram140disk
# Check for historical VPS move record
grep <ctid> /opt/vzmigrate/vzmigrate.log
# Create a snapshot on the node:
sudo /opt/vpsrads/snapshot --create <ctid> --d <description>
# List all known VPS snapshots
sudo /opt/vpsrads/snapshot --list <ctid>
# List the details of the snapshots
sudo /opt/vpsrads/snapshot --info ID <ctid>
# Chase S's search the current node for which VPS is assigned an IP(s) (change IP 1.2.3.4 and 4.3.2.1 to actual IPs)
vzlist -Ho ctid,ip | egrep "1.2.3.4|4.3.2.1"
# Or
grep -RlE "1.2.3.4|4.3.2.1" /vz/private/*/ve.conf
# Or
for i in $(vzlist -Ho ctid); do
echo $i; vzctl exec $i 'ip a | egrep "1.2.3.4|4.3.2.1"'
done
#===============================================================================
# CLOUD VPS AND BARE METAL SERVERS
#===============================================================================
# Larry M's Cloud VPS AMP not working for SSH keys
mkdir /root/.ssh/; chmod 700 /root/.ssh/
touch /root/.ssh/authorized_keys; chmod 600 /root/.ssh/authorized_keys
ssh-keygen -t rsa -b 4096 -f /root/.ssh/goodkey
cat /root/.ssh/goodkey.pub >> /root/.ssh/authorized_keys
# Jeff Sh's whitelist all IMH IPs in Ubuntu UFW firewall
(
ip_list=(74.124.194.113 205.134.240.204 38.122.109.70 216.54.21.80/29)
ip_list+=(24.249.121.215 198.46.90.6 198.46.90.7 198.46.90.9 144.208.77.66)
ip_list+=(173.247.250.216 198.46.90.10 216.54.0.191/31 216.54.31.80/29)
ip_list+=(96.238.89.252/24 38.140.187.242/29 205.168.179.26/29 204.148.74.86/30)
ip_list+=(98.152.208.218/29 52.186.90.168 173.231.218.25)
for ip in "${ip_list[@]}"; do
ufw allow from $ip
done
)
### -OR- ###
###START{INMOTION_DEFAULT_FIREWALL_ENTRIES}
-A ufw-user-input -s 74.124.194.113 -j ACCEPT
-A ufw-user-input -s 205.134.240.204 -j ACCEPT
-A ufw-user-input -s 38.122.109.70 -j ACCEPT
-A ufw-user-input -s 216.54.21.80/29 -j ACCEPT
-A ufw-user-input -s 24.249.121.215 -j ACCEPT
-A ufw-user-input -s 198.46.90.6 -j ACCEPT
-A ufw-user-input -s 198.46.90.7 -j ACCEPT
-A ufw-user-input -s 198.46.90.9 -j ACCEPT
-A ufw-user-input -s 144.208.77.66 -j ACCEPT
-A ufw-user-input -s 173.247.250.216 -j ACCEPT
-A ufw-user-input -s 198.46.90.10 -j ACCEPT
-A ufw-user-input -s 216.54.0.190/31 -j ACCEPT
-A ufw-user-input -s 216.54.31.80/29 -j ACCEPT
-A ufw-user-input -s 96.238.89.0/24 -j ACCEPT
-A ufw-user-input -s 38.140.187.240/29 -j ACCEPT
-A ufw-user-input -s 205.168.179.24/29 -j ACCEPT
-A ufw-user-input -s 204.148.74.84/30 -j ACCEPT
-A ufw-user-input -s 98.152.208.216/29 -j ACCEPT
-A ufw-user-input -s 52.186.90.168 -j ACCEPT
-A ufw-user-input -s 173.231.218.25 -j ACCEPT
###END{INMOTION_DEFAULT_FIREWALL_ENTRIES}
# UFW help: https://help.ubuntu.com/community/UFW
#===============================================================================
# WEBSITE FILE STUFF (A.K.A WORDPRESS)
#===============================================================================
# Jeff Sh's deny access to whole site, except for IMH support offices and Cx IP. Add to .htaccess file.
# BEGIN -- Deny all access to this site, except specific IPs
Order deny,allow
deny from all
# Customer IP:
allow from
# Hosting Support Offices:
allow from 216.54.0.191/31
allow from 216.54.31.80/29
allow from 96.238.89.252/24
allow from 38.140.187.242/29
allow from 205.168.179.26/29
allow from 204.148.74.86/30
allow from 98.152.208.218/29
# END -- Deny all access
# --> Use this for permitting .htpasswd to non WordPress subdirectories.
# NOTE: The last line in the WordPress entry MUST be:
# RewriteRule ./ /index.php [L]
# It should NOT be:
# RewriteRule . /index.php [L]
# This fixes sub-directory security access using .htpasswd.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ./ /index.php [L]
</IfModule>
# END WordPress
# Allow access to subdirectories.
<IfModule mod_rewrite.c>
RewriteBase /
RewriteCond %{REQUEST_URI} ^/DIR_NAME1/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/DIR_NAME2/(.*)$
RewriteRule ^.*$ - [L]
</IfModule>
# End allow access to subdirectories.
# Add WordPress user to WordPress site (WordPress User ID #)
(
read -p "Enter WordPress Username to CREATE: " WPUID
wp user create ${WPUID} donotreply@inmotionhosting.com --role=administrator --skip-{themes,plugins}
)
# Jeff Sh's Remove WordPress User from WordPress site (prompts for WordPress username) and reassign all content to first admin (lowest WordPress user ID) user found.
(
read -p "Enter WordPress User ID to DELETE: " WPUID
wp user delete ${WPUID} --reassign=$(wp user list --roles=administrator --format=ids --skip-{themes,plugins} | { read first rest ; echo $first ; }) --skip-{themes,plugins}
)
# Jeff Sh's reset the WordPress user password (prompts for WordPress User ID #)
(
read -p "Enter WordPress User ID #: " WPUID
randpass=$(pwmake 80)
wp user update ${WPUID} --user_pass=$randpass --skip-{themes,plugins}
echo -e "\nNew password: $randpass"
)
# Jeff Sh's Rebuild the WordPress Permalink Structure
(
wppl=$(wp option get permalink_structure --skip-{themes,plugins})
wild_pl="/%second%/%post_id%/%postname%/%category%/%author%/%minute%/%hour%/%day%/%monthnum%/%year%/"
wp rewrite structure $wild_pl --skip-{themes,plugins}
wp rewrite structure $wppl --skip-{themes,plugins}
)
# Jeff Sh's delete all inactive plugins
wp plugin delete $(wp plugin list --status=inactive --field=name --skip-{themes,plugins}) --skip-{themes,plugins}
# Locate the WordPress login page if it's been moved from wp-admin by a security plugin:
# iThemes login slug
wp option pluck itsec-storage hide-backend slug --skip-{themes,plugins}
# Cerber Security login slug
wp option pluck cerber-main loginpath --skip-{themes,plugins}
# Get WPS hide login slug
wp option get whl_page --skip-{themes,plugins}
# All In One WP Security (all-in-one-wp-security-and-firewall)
wp option pluck aio_wp_security_configs aiowps_login_page_slug --skip-{themes,plugins}
# Easy Hide Login (easy-hide-login)
# In the database, navigate to: phpmyadmin > wp_options table > option_name = wpseh_l01gnhdlwp
# example.com?slug
wp option pluck wpseh_l01gnhdlwp slug --skip-{themes,plugins}
# Rename wp-login.php (rename-wp-login)
# In the database, navigate to: phpmyadmin > wp_options table > option_name = rwl_page
wp option pluck rwl_page --skip-{themes,plugins}
# For WordPress sites, you can install and activate the WP-Redis plug-in with:
wp plugin install wp-redis --force --activate --skip-{themes,plugins}; wp redis enable --skip-{themes,plugins}
# Jeff Sh.'s WordPress check.
wp core is-installed --network --skip-{themes,plugins}; if [ $(echo $?) = 0 ]; then echo -e "\e[5;31mWORDPRESS MULTISITE \e[0m"; else echo -e "\n\t\t\t\e[38;5;39mSTANDARD WordPress\e[0m"; fi; echo -e "VRSN : $(wp core version)\t\e[93mLatest Available:\e[0m $(wp core check-update --skip-{plugins,themes} --field=version)"; echo -e "SITE : $(wp option get siteurl --skip-{plugins,themes})"; echo -e "HOME : $(wp option get home --skip-{plugins,themes})"; echo -e "BASE : $(wp config get DB_NAME --skip-{plugins,themes})"; echo -e "USER : $(wp config get DB_USER --skip-{plugins,themes})"; echo -e "PSWD : $(wp config get DB_PASSWORD --skip-{plugins,themes})"; wp theme list --skip-{plugins,themes} | awk '!/inactive/ && /active/ {print "THEM : " $1 "\nUDAT : " $3}'; echo "PLUG : $(wp plugin list --skip-{plugins,themes} | grep active | wc -l)"; echo; echo -e "\n\e[38;5;39mVerifing WordPress Installation...\e[0m"; wp core verify-checksums --skip-{plugins,themes}; echo;
# Jeff Sh.'s WordPress check all.
wp core is-installed --network --skip-{themes,plugins}; if [ $(echo $?) = 0 ]; then echo -e "\t\t\t\e[5;31mWORDPRESS MULTISITE e[0m"; else echo -e "\n\t\t\t\e[38;5;39mSTANDARD WordPress\e[0m"; fi; echo -e "VRSN : $(wp core version)\t\e[93mLatest Available:\e[0m $(wp core check-update --skip-{plugins,themes} --field=version)"; echo -e "SITE : $(wp option get siteurl --skip-{plugins,themes})"; echo -e "HOME : $(wp option get home --skip-{plugins,themes})"; echo -e "BASE : $(wp config get DB_NAME --skip-{plugins,themes})"; echo -e "USER : $(wp config get DB_USER --skip-{plugins,themes})"; echo -e "PSWD : $(wp config get DB_PASSWORD --skip-{plugins,themes})"; wp theme list --skip-{plugins,themes} | awk '!/inactive/ && /active/ {print "THEM : " $1 "\nUDAT : " $3}'; echo "PLUG : $(wp plugin list --skip-{plugins,themes} | grep active | wc -l)"; echo; echo -e "\e[38;5;39mCheckinig for Add Handlers...\e[0m"; grep -r AddHandler --include ".htaccess" $(pwd) | awk '!/backup-/ && !/.trash/'; if [ $? -ne 0 ] ; then echo -e "No PHP Add Handlers Found\n"; else echo -e "\n\e[38;5;39mWordPress Themes:\e[0m"; wp theme list --skip-{plugins,themes}; echo -e "\n\e[38;5;39mVerifing WordPress Installation...\e[0m"; wp core verify-checksums --skip-{plugins,themes}; echo; echo -e "\e[38;5;39mVerifing WordPress Plugins...\e[0m"; wp plugin verify-checksums --skip-{plugins,themes} --all; fi
# Jeff Sh.'s FixPerms with DSO check.
fp() { if ! /usr/local/cpanel/bin/rebuild_phpconf --current | grep -iq ': dso'; then fixperms -v $1 | tee -a ${1}.$(date +'%m-%k-%Y_%k:%M').fixperms.log; else echo "Server runs DSO, refusing to fixperms"; fi; }; fp
# Jeff Sh's move all files that WordPress reports as "should not exist" to ~/wp_removed_files/ (better than deleting them). Since "mv" doesn't support making directories, we'll use our own function.
(
function mkmv () {
dir="$2"
tmp="$2"; tmp="${tmp: -1}"
[ "$tmp" != "/" ] && dir="$(dirname "$2")"
[ -a "$dir" ] ||
mkdir -p "$dir" &&
mv "$@"
}
read -p "Enter domain: " domain
bkdir=~/wp_removed_files/${domain}/$(date +%Y%m%d_%H%M)
mkdir -p $bkdir
wp core verify-checksums --skip-{themes,plugins} >> rm-f.txt 2>&1
for i in $(cat rm-f.txt | awk '{print $6}' | grep -v 'checksums.'); do
echo "Moving $i"
mkmv $i $bkdir/$i
done
rm -f rm-f.txt
)
# Check all sites on server for 500 errors:
(
for i in $( awk -F ':' 'FNR > 1 {print $1}' /etc/userdomains ); do
echo -ne "\nTesting $i: "
curl -s --max-time 5 -ILA "Website 500 error check" $i | grep -q -i 500 && {
echo "500 ISE detected, last 5 lines of /usr/local/apache/logs/error_log:";
tail -n5 /usr/local/apache/logs/error_log;
} || echo "No 500 ISE Detected."
done
)
# Jamie P's WordPress Core, plugin and theme update.
for i in $(find /home/* -maxdepth 5 -type f -name 'wp-config.php' | xargs dirname); do wp core update --path=$i --skip-{plugins,themes}; wp plugin update --path=$i --all --skip-{plugins,themes}; wp theme update --path=$i --all --skip-{plugins,themes}; done
# Jason Sm's move all .htaccess files out of the way
find /home/*/public_html -type f -name '.htaccess' -execdir mv {} .htaccess_null \;
# Jason Sm's move all .htaccess files back (reverses above command)
find /home/*/public_html -type f -name '.htaccess_null' -execdir mv {} .htaccess \;
# Jason Sm's add to top of functions.php of active WP theme just after opening <?php tag to disable heartbeat
add_action( 'init', 'stop_heartbeat', 1 );
function stop_heartbeat() {
wp_deregister_script('heartbeat');
}
# Jason Sm's limit redirect from wp-admin to wp-login.php to specified IP addresses
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^216.54.31.82$
RewriteCond %{REMOTE_ADDR} !^97.93.113.5$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
# Enable WebP support in .htaccess files:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{REQUEST_URI} .*(jpe?g|png|gif)$
RewriteCond %{DOCUMENT_ROOT}/$1.webp -f
RewriteRule (.*) $1.webp [T=image/webp,E=accept:1]
</IfModule>
<IfModule mod_headers.c>
Header append Vary Accept env=REDIRECT_accept
</IfModule>
AddType image/webp .webp
# Jason Sm's add mod_deflate gzip compression to .htaccess for all cPanel accounts
for username in $(awk '{print $2}' /etc/trueuserdomains); do echo -e 'AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript' >> /home/$username/.htaccess && chown $username:$username /home/$username/.htaccess; done
# Jason Sm's add mod_expires browser caching to .htaccess for all cPanel accounts
for username in $(awk '{print $2}' /etc/trueuserdomains); do echo -e 'ExpiresActive On\nExpiresByType image/jpg "access plus 1 year"\nExpiresByType image/jpeg "access plus 1 year"\nExpiresByType image/gif "access plus 1 year"\nExpiresByType image/png "access plus 1 year"\nExpiresByType text/css "access plus 1 month"\nExpiresByType application/pdf "access plus 1 month"\nExpiresByType text/x-javascript "access plus 1 month"\nExpiresByType application/x-shockwave-flash "access plus 1 month"\nExpiresByType image/x-icon "access plus 1 year"\nExpiresDefault "access plus 2 days"' >> /home/$username/.htaccess && chown $username:$username /home/$username/.htaccess; done
# Jason Sm's overwrite all .htaccess files in directories with a wp-config.php file with a basic WordPress .htaccess file (this will DESTROY the original file so be careful)
find /home/* -maxdepth 5 -type f -name 'wp-config.php' -execdir bash -c 'echo -e "# BEGIN WordPress\n<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteBase /\nRewriteRule ^index\.php$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . /index.php [L]\n</IfModule>\n# END WordPress" > ".htaccess"' _ {} \;
# Jason Sm's update wp-cli and install super-cache management plugin
wp cli update && wp package install git@github.com:wp-cli/wp-super-cache-cli.git
# Jason Sm's install a plugin for all WordPress sites
##### ATTENTION -- This is against policy to use as of January 31, 2020 as it contains the --allow-root plugin. Keeping for informational purposes only. #####
read -p "WordPress plugin shortcode: " plugin; for i in $(find /home/* -maxdepth 5 -type f -name 'wp-config.php' | xargs dirname); do wp plugin install $plugin --path=`$i --activate --allow-root --skip-{plugins,themes}`; done
# Jason Sm's activate wp-super-cache for all WordPress sites (install for all using above command first)
##### ATTENTION -- This is against policy to use as of January 31, 2020 as it contains the --allow-root plugin. Keeping for informational purposes only. #####
for i in $(find /home/* -maxdepth 5 -type f -name 'wp-config.php' | xargs dirname); do wp super-cache enable --path=$($i --allow-root); done
# Jason Sm's add 30 second crawl-delay to robots.txt for all document roots with .htaccess files
for i in $(find /home/* -maxdepth 5 -type f -name '.htaccess' | rev | cut -d'/' -f 2-6 | rev); do cd $i; echo 'User-agent: *' > robots.txt && echo 'Crawl-delay: 30' >> robots.txt; done
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123
</Files>
# Riley L's iteratively disable WP plugins, run from inside wp-content/plugins directory
total=$(ls | wc -l ); counter=1; for i in $(ls); do mv $i $i.disabled; echo; echo; echo "currently on $counter of $total"; let counter+=1; echo "$i is disabled"; read -rsp $'Press enter to continue...'; echo; echo "re-enabled $i"; mv $i.disabled $i; done; echo;
# Shehab A's iteratively disable wp plugins using WP-CLI instead of moving the plugin folder. This only changes current active plugins.
for i in $(wp plugin list --skip-{themes,plugins} | grep -w active | awk '/active/ {print $1}'); do wp plugin toggle $i --skip-{plugins,themes}; echo "Hit any key to re-enable, and go to the next plugin"; read -n 1 -s; wp plugin toggle $i --skip-{plugins,themes}; done
# Jon A's disable the plugins for a set period of time.
read -p 'How long (in seconds) to disable plugins: ' time && dbname=$(grep DB_NAME wp-config.php | cut -d \' -f 4) && dbpass=$(grep DB_PASSWORD wp-config.php | cut -d \' -f 4) && dbuser=$(grep DB_USER wp-config.php | cut -d \' -f 4) && dbprefix=$(grep table_prefix wp-config.php | cut -d \' -f 2) && plugins=$(mysql --user=$dbuser --password=$dbpass $dbname -sNe "select option_value from `echo $dbprefix`options where option_name='active_plugins'") && mysql --user=$dbuser --password=$dbpass $dbname -e "update $(echo $dbname).$(echo $dbprefix)options set option_value='' where $(echo $dbprefix)options.option_name='active_plugins'" && echo "sleeping for $time " && sleep $time && mysql --user=$dbuser --password=$dbpass $dbname -e "update $(echo $dbname).$(echo $dbprefix)options set option_value='$plugins' where $(echo $dbprefix)options.option_name='active_plugins'" && echo done
# Larry Wi's reinstall WP core files the pretty way, run as the cPanel user
cd; echo -ne "Please provide the full path of the WordPress files you are replacing: "; read p; wget https://wordpress.org/latest.tar.gz --no-check-certificate; tar -zxvf latest.tar.gz; rm -rf latest.tar.gz; cd wordpress; yes | cp -rfvpc . $p; cd; rm -rf wordpress;
# Or just use:
wp core download --version=$(wp core version) --force --skip-{themes,plugins}
# Nick We's grab database configuration from wp-config.php
awk -F"'" '/DB_/{print $4}' wp-config.php
# Edward H's execute `wp core verify-checksums` against every WordPress installation under a given cPanel user.
find ~/public_html -name 'wp-config.php' -execdir echo {}; wp core verify-checksums \;
# Edward H's switch to default WP theme to repair broken themes without wp-cli, run from document root as cPanel user
u=`grep DB_USER wp-config.php|cut -d\' -f4`;db=`grep DB_NAME wp-config.php|cut -d\' -f4`;pass=`grep DB_PASSWORD wp-config.php|cut -d\' -f4`; mysql $db -u $u --password=$pass -e "UPDATE wp_options SET option_value = 'twentyseventeen' WHERE option_name = 'template';UPDATE wp_options SET option_value = 'twentyseventeen' WHERE option_name = 'stylesheet';UPDATE wp_options SET option_value = 'twentyseventeen' WHERE option_name = 'current_theme'"
# Will P's reset prestashop admin password (run from document root)
(
clear
cfg="./config/settings.inc.php"
cookie=`grep -i "cookie_key" $cfg | awk -F\' '{print $4}'`
qd=`grep -i "db_name" $cfg | awk -F\' '{print $4}'`
qu=`grep -i "db_user" $cfg | awk -F\' '{print $4}'`
qp=`grep -i "db_passwd" $cfg | awk -F\' '{print $4}'`
qf=`grep -i "db_prefix" $cfg | awk -F\' '{print $4}'`
echo "Cookie: $cookie"
echo "Database: $qd"
echo "User: $qu"
echo "Password: $qp"
echo "Prefix: $qf"
printf "New Password: "
read newpass
qc1="UPDATE "
qc2="employee SET passwd = MD5( '";qc3="' ) WHERE id_employee =1;"
qc=$qc1$qf$qc2$cookie$newpass$qc3
mysql -D $qd -u $qu -p $qp -e "$qc" && echo "Updated password for Admin user to: $newpass"
)
# Jon A's enter this code in the console on sites that have right click disabled to re-enable the right click functionality
for I in $(locate php.ini); do sed -i "s/^memory_limit*/memory_limit = 512M/" $I; done;
# Jeff Sh's backup the public_html directory and exclude any cache folders.
cd public_html; wp db dump; cd ~;
tar -czvf ~/backup-public_html-$(date +%Y-%m-%d).tar.gz --exclude="*/cache/*" ./public_html/
# Alex Kr. force HTTPS using the .htaccess
sed -i.$(date -I).bak '1i# Begin Force HTTPS\n<IfModule mod_rewrite.c>\nRewriteEngine On\nOptions +FollowSymlinks\nRewriteCond %{HTTPS} off\nRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]\n</IfModule>\n# End Force HTTPS\n' .htaccess
# Konami Code - If you don't know what this does, nobody can help you.
:arrow_up: :arrow_up: :arrow_down: :arrow_down: :arrow_left: :arrow_right: :arrow_left: :arrow_right: :b: :a: