File: //var/log/cloudlinux/managed3.0_install.sh
#!/usr/bin/env bash
SALT_VERSION='3006.18'
BASIC_SALT_SERVER='66.165.252.90'
CPANEL_SALT_SERVER='68.233.224.55'
ZABBIX_PROXY_TPA1='66.165.252.47'
ZABBIX_PROXY_TPA2='23.111.167.18'
ZABBIX_PROXY_ATL2='23.111.146.216'
ZABBIX_PROXY_DAL1='66.206.28.230'
ZABBIX_PROXY_LAX2='66.165.241.254'
HOSTNAME=$(hostname)
# Options for the script
### basic: Ubuntu or CentOS basic managed
### cpanel: New cpanel server
### lite: Existing cpanel server
usage() { echo "Usage: $0 [-t <type: basic, cpanel, lite>]" 1>&2; exit 1; }
while getopts ":t:" o; do
case "${o}" in
t)
a=${OPTARG}
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
# Function to check if a command exists
command_exists(){
if ! command -v $1 &> /dev/null
then
echo "$1 could not be found!"
exit
fi
}
# Function to test if the server can resolve DNS
dns_test(){
IP=$(ping -4 -q -w 1 -c 1 www.google.com|cut -d ' ' -f 3|head -1|tr -d '()')
if [[ $IP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "DNS is configured..."
else
echo "Could not resolve hostname. Please configure /etc/resolv.conf"
exit
fi
}
# Install all deps for Ubuntu
install_deps_ubuntu(){
command_exists "apt-get"
apt-get update
apt-get upgrade -y
apt-get install -y wget vim bc perl curl iptables unzip host libio-socket-ssl-perl libnet-ssleay-perl sendmail gnupg gnupg2
}
# Install all deps for CentOS
install_deps_centos(){
command_exists "yum"
yum upgrade -y
yum install -y wget vim bc perl curl iptables unzip bind-utils perl-IO-Socket-SSL perl-libwww-perl net-tools perl-LWP-Protocol-https tar
}
# Function to test if the server can resolve DNS
dns_test(){
# Need two ping tests because ping command from Ubuntu 16.04 don't have the -4 option
IP=$(ping -4 -q -w 1 -c 1 www.google.com|cut -d ' ' -f 3|head -1|tr -d '()')
IP_V2=$(ping -q -w 1 -c 1 www.google.com|cut -d ' ' -f 3|head -1|tr -d '()')
if [[ $IP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "DNS is configured..."
elif [[ $IP_V2 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "DNS is configured..."
else
echo "Could not resolve hostname. Please configure /etc/resolv.conf"
exit
fi
}
# Allow IPs on CSF
allow_ips(){
command_exists "csf"
csf -a $BASIC_SALT_SERVER
csf -a $CPANEL_SALT_SERVER
csf -a $ZABBIX_PROXY_TPA1
csf -a $ZABBIX_PROXY_TPA2
csf -a $ZABBIX_PROXY_ATL2
csf -a $ZABBIX_PROXY_DAL1
csf -a $ZABBIX_PROXY_LAX2
csf -r
}
# Install CSF (Aetherinox Fork)
install_csf(){
if [ -f /etc/csf/csf.conf ]; then
echo "CSF already installed"
allow_ips
else
# Aetherinox maintained CSF URLs
URL_1='https://download.configserver.dev/csf.zip'
URL_2='https://raw.githubusercontent.com/Aetherinox/csf-firewall/main/csf.zip'
URL_3='https://github.com/Aetherinox/csf-firewall/releases/latest/download/csf.zip'
for url in $URL_{1..3}; do
if [[ `wget -S --spider $url 2>&1 | grep 'HTTP/1.1 200 OK'` ]]; then
echo "$url is working"
wget -O /tmp/csf.zip $url
cd /tmp && unzip -oq csf.zip
echo "Running CSF compatibility test..."
perl /tmp/csf/csftest.pl
cd /tmp/csf && /bin/bash install.sh
echo "Configuring CSF..."
sed -i 's/^AUTO_UPDATES = .*/AUTO_UPDATES = "1"/' /etc/csf/csf.conf
sed -i 's/^TESTING = .*/TESTING = "0"/' /etc/csf/csf.conf
if ! grep -q "CSF_MASTER" /etc/csf/csf.blocklists; then
echo "" >> /etc/csf/csf.blocklists
echo "# Aetherinox maintained blocklists (100% confidence)" >> /etc/csf/csf.blocklists
echo "CSF_MASTER|43200|400000|https://raw.githubusercontent.com/Aetherinox/csf-firewall/main/blocklists/master.ipset" >> /etc/csf/csf.blocklists
echo "CSF_HIGHRISK|43200|0|https://raw.githubusercontent.com/Aetherinox/csf-firewall/main/blocklists/highrisk.ipset" >> /etc/csf/csf.blocklists
fi
sed -i 's/^MAXMIND|/#MAXMIND|/' /etc/csf/csf.blocklists
sed -i 's/^AUTOSHUN|/#AUTOSHUN|/' /etc/csf/csf.blocklists
sed -i 's/^RBN|/#RBN|/' /etc/csf/csf.blocklists
systemctl enable csf
systemctl enable lfd
systemctl start csf
systemctl start lfd
allow_ips
csf -r
echo "CSF (Aetherinox fork) installed and configured successfully"
break
fi
done
fi
}
# Install Salt
install_salt(){
if [[ -f "/root/.salt-is-installed" ]]
then
echo "Salt already installed"
else
touch /root/.salt-is-installed
curl -L https://bootstrap.saltstack.com -o /root/install_salt.sh
sudo sh /root/install_salt.sh -P -A $1 stable $SALT_VERSION
sudo systemctl enable salt-minion
fi
}
# Configure salt-minion
configure_salt(){
IP=`curl -s http://ipecho.net/plain`
masterfile='/etc/salt/minion.d/master.conf'
cat > /etc/salt/minion.d/master.conf << EOL
master: $1
hash_type: sha256
id: $HOSTNAME-$IP
EOL
service salt-minion restart
}
# Post install tasks for CentOS
post_install(){
cat > /etc/resolv.conf << EOL
nameserver 66.96.80.43
nameserver 66.96.80.194
EOL
if [ -f /etc/named.conf ]; then
sed -i "s/dnssec-validation yes/dnssec-validation no/" /etc/named.conf
fi
if [ -f /etc/redhat-release ]; then
echo "SELINUX=disabled" > /etc/selinux/config
fi
csf -r
systemctl restart salt-minion && sleep 5
echo "Process is finished!"
}
# Update cpanel
update_cpanel(){
if [ -d /etc/cpanel/ ]; then
command_exists /scripts/upcp
/scripts/upcp --force
else
echo "CPANEL 404... Moving along"
fi
}
# Add cpanel grains in case it's an existing customer
cpanel_grains(){
cat > /etc/salt/grains << EOL
hivelocity.apache.defaults: applied
hivelocity.comodo.apache: applied
hivelocity.cpanel.config: applied
hivelocity.php: applied
EOL
}
# Main functions
if [ -z "${a}" ]; then
usage
fi
# Test if we can go outside
dns_test
if [ ${a} == "cpanel" ]; then
if [ -f /etc/lsb-release ]; then
install_deps_ubuntu
else
install_deps_centos
fi
install_csf
install_salt $CPANEL_SALT_SERVER
configure_salt $CPANEL_SALT_SERVER
update_cpanel
post_install
elif [ ${a} == 'basic' ]; then
if [ -f /etc/lsb-release ]; then
install_deps_ubuntu
else
install_deps_centos
fi
install_csf
install_salt $BASIC_SALT_SERVER
configure_salt $BASIC_SALT_SERVER
post_install
elif [ ${a} == 'lite' ]; then
if [ -f /etc/lsb-release ]; then
install_deps_ubuntu
else
install_deps_centos
fi
install_csf
install_salt $CPANEL_SALT_SERVER
configure_salt $CPANEL_SALT_SERVER
allow_ips
cpanel_grains
post_install
fi