Hacked By AnonymousFox
Current Path : /bin/ |
|
Current File : //bin/cl-linksafe-reconfigure |
#!/bin/bash
# CloudLinux Links Traversal Protection configure utility
set -o pipefail
source /opt/cloudlinux-linksafe/lib.sh
# just exit if it is solo edition
skip_on_cl_solo
PARAM_ALLOW_SGID="fs.protected_symlinks_allow_gid"
PARAM_ALLOW_HGID="fs.protected_hardlinks_allow_gid"
PARAM_S_CREATE="fs.protected_symlinks_create"
PARAM_H_CREATE="fs.protected_hardlinks_create"
SYSCTL_FILE="/etc/sysctl.d/cloudlinux-linksafe.conf"
SYSTEM_LINKSAFE_GID="$(getent group linksafe | cut -d: -f3)"
MAIN_SYSCTL_FILE="/etc/sysctl.conf"
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
function fix_linksafe {
# fix permissions for alt-php packages installed without linksafe group
find /opt/alt/php* \( -user root -a ! -group root -a ! -group linksafe \) -exec chown -h root:linksafe {} \; &> /dev/null
# fix permissions for alt-python packages installed without linksafe group
find /opt/alt/python* \( -user root -a ! -group root -a ! -group linksafe \) -exec chown -h root:linksafe {} \; &> /dev/null
# fix permissions for alt-ruby packages installed without linksafe group
find /opt/alt/ruby* \( -user root -a ! -group root -a ! -group linksafe \) -exec chown -h root:linksafe {} \; &> /dev/null
# fix permissions for native php
chown root:linksafe /usr/selector.etc/php.ini &> /dev/null
chown root:linksafe /usr/selector/lsphp &> /dev/null
chown root:linksafe /usr/selector/php &> /dev/null
chown root:linksafe /usr/selector/php-cli &> /dev/null
if [ -e /usr/sbin/cagefsctl ] && [ -e /usr/share/cagefs-skeleton/bin ]; then
if /usr/sbin/cagefsctl --skip-php-reload --setup-cl-selector &> /dev/null; then
if [ -e /usr/share/cagefs/need.remount ]; then
if /usr/sbin/cagefsctl --remount-all &> /dev/null; then
rm -f /usr/share/cagefs/need.remount &> /dev/null
fi
fi
fi
fi
}
function check_params_in_sysctl_file {
local ret_code=0
if ! grep "$PARAM_ALLOW_SGID" "$SYSCTL_FILE" > /dev/null; then
let ret_code+=1
fi
if ! grep "$PARAM_ALLOW_HGID" "$SYSCTL_FILE" > /dev/null; then
let ret_code+=1
fi
if ! grep "$PARAM_S_CREATE" "$SYSCTL_FILE" > /dev/null; then
let ret_code+=1
fi
if ! grep "$PARAM_H_CREATE" "$SYSCTL_FILE" > /dev/null; then
let ret_code+=1
fi
echo ${ret_code}
return ${ret_code}
}
function migrate_linksafe_params {
if [ -n "$SYSTEM_LINKSAFE_GID" ]; then
if ! grep "# SecureLinks Link Traversal" "${SYSCTL_FILE}" > /dev/null; then
echo "# SecureLinks Link Traversal Protection Section" >> "${SYSCTL_FILE}"
fi
if grep "$PARAM_S_CREATE" "$MAIN_SYSCTL_FILE" > /dev/null; then
migrate_symlink_value=$(grep "$PARAM_S_CREATE" ${MAIN_SYSCTL_FILE} | awk -F "=" '{print $2}' | sed "s/\ //g")
fi
if ! grep "$PARAM_S_CREATE" "${SYSCTL_FILE}" > /dev/null; then
if [[ 1 != "$migrate_symlink_value" ]]; then
echo "$PARAM_S_CREATE = 0" >> "${SYSCTL_FILE}"
else
echo "$PARAM_S_CREATE = 1" >> "${SYSCTL_FILE}"
fi
fi
if grep "$PARAM_H_CREATE" "$MAIN_SYSCTL_FILE" > /dev/null; then
migrate_hardlink_value=$(grep "$PARAM_H_CREATE" ${MAIN_SYSCTL_FILE} | awk -F "=" '{print $2}' | sed "s/\ //g")
fi
if ! grep "$PARAM_H_CREATE" "${SYSCTL_FILE}" > /dev/null; then
if [[ 1 != "$migrate_hardlink_value" ]]; then
echo "$PARAM_H_CREATE = 0" >> "${SYSCTL_FILE}"
else
echo "$PARAM_H_CREATE = 1" >> "${SYSCTL_FILE}"
fi
fi
if ! grep "$PARAM_ALLOW_SGID" "${SYSCTL_FILE}" > /dev/null; then
echo "$PARAM_ALLOW_SGID = $SYSTEM_LINKSAFE_GID" >> "${SYSCTL_FILE}"
fi
if ! grep "$PARAM_ALLOW_HGID" "${SYSCTL_FILE}" > /dev/null; then
echo "$PARAM_ALLOW_HGID = $SYSTEM_LINKSAFE_GID" >> "${SYSCTL_FILE}"
fi
fi
}
if [[ "$SYSTEM_LINKSAFE_GID" == "" ]]; then
groupadd -r linksafe
SYSTEM_LINKSAFE_GID="$(getent group linksafe | cut -d: -f3)"
fi
if id mailman &> /dev/null; then
usermod -a -G linksafe mailman &> /dev/null
fi
if [ ! -e "$SYSCTL_FILE" ]; then
touch "$SYSCTL_FILE"
fi
SYSCTL_LINKSAFE_GID=$(grep -F "$PARAM_ALLOW_SGID" "$SYSCTL_FILE" | awk '{print $3}')
if [[ 0 != "$(check_params_in_sysctl_file)" ]]; then
migrate_linksafe_params
fi
if [[ "$SYSCTL_LINKSAFE_GID" != "$SYSTEM_LINKSAFE_GID" ]]; then
sed -i -e "s/${PARAM_ALLOW_SGID}\s*=.*/${PARAM_ALLOW_SGID} = ${SYSTEM_LINKSAFE_GID}/" "$SYSCTL_FILE" &> /dev/null
sed -i -e "s/${PARAM_ALLOW_HGID}\s*=.*/${PARAM_ALLOW_HGID} = ${SYSTEM_LINKSAFE_GID}/" "$SYSCTL_FILE" &> /dev/null
fi
fix_linksafe
/usr/bin/plesk_configure
/usr/share/cloudlinux-linksafe/cpanel/hooks/cpanel-linksafe-install-hooks
sysctl --system &> /dev/null
Hacked By AnonymousFox1.0, Coded By AnonymousFox