Kerala Cyber
Warriors
KCW Uploader V1.1
| Path : /usr/local/src/ |
|
|
| Current File : //usr/local/src/cpguard_install.sh |
#!/bin/bash
#Install script for cPGuard
#Written by OPSSHIELD LLP https://www.opsshield.com
echo "########################"
echo "########################"
echo "#####cPGuard manage script"
echo "#####Written and maintained by https://www.opsshield.com"
echo "#####Please email sales@opsshield.com for any questions regarding this software"
echo "########################"
echo "########################"
sleep 1
function setos() {
mkdir /opt/cpguard
rm -rf /usr/local/src/cpg
mkdir /usr/local/src/cpg
if [ "$DISTRO" = "YUM" ]; then
if [ "$OS" = "R6" ]; then
if ! grep -w "fs.inotify.max_user_watches = 5000000" /etc/sysctl.conf >/dev/null 2>&1; then
echo "fs.inotify.max_user_watches = 5000000" >> /etc/sysctl.conf
sysctl -p > /dev/null 2>&1
fi
if [ ! -f /etc/yum.repos.d/epel.repo ]; then
yum -y install epel-release.noarch > /dev/null 2>&1
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo
fi
yum --enablerepo=epel -y install rkhunter ipset rsync pcre2 json-c pcre libtool-ltdl rsync tar sqlite net-tools > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms6/cpg-nginx_1.26.1_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms6/cpg-php-fpm_8.1.29_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms6/cpg-clamav-libs_1.0_x86_64.rpm > /dev/null 2>&1
rpm -Uvh cpg-nginx_1.26.1_x86_64.rpm > /dev/null 2>&1
rpm -Uvh cpg-php-fpm_8.1.29_x86_64.rpm > /dev/null 2>&1
rpm -Uvh cpg-clamav-libs_1.0_x86_64.rpm > /dev/null 2>&1
mkdir /opt/cpguard/cpg-php-fpm/openssl/ssl/
cp -pr /etc/pki/tls/* /opt/cpguard/cpg-php-fpm/openssl/ssl/
##DOWNLOAD AND INSTALL CL6 PACKAGES
elif [ "$OS" = "R7" ]; then
echo "fs.inotify.max_user_watches = 10000000" > /etc/sysctl.d/cpguard.conf
sysctl -p /etc/sysctl.d/cpguard.conf > /dev/null 2>&1
if [ ! -f /etc/yum.repos.d/epel.repo ]; then
yum -y install epel-release > /dev/null 2>&1
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo
fi
yum --enablerepo=epel -y install rkhunter ipset rsync pcre2 pcre libtool-ltdl rsync tar openssl-libs sqlite net-tools > /dev/null 2>&1
yum --enablerepo=epel -y install oniguruma libzip > /dev/null 2>&1
yum --enablerepo=epel -y install compat-openssl10 > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms/cpg-nginx_1.26.1_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms/cpg-php-fpm_8.1.29_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms/cpg-clamav-libs_1.0_x86_64.rpm > /dev/null 2>&1
elif [ "$OS" = "R9" ]; then
echo "fs.inotify.max_user_watches = 10000000" > /etc/sysctl.d/cpguard.conf
sysctl -p /etc/sysctl.d/cpguard.conf > /dev/null 2>&1
if [ ! -f /etc/yum.repos.d/epel.repo ]; then
yum -y install epel-release > /dev/null 2>&1
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo
fi
yum --enablerepo=epel -y install rkhunter ipset iptables rsync pcre2 pcre libtool-ltdl rsync tar openssl-libs sqlite net-tools > /dev/null 2>&1
yum --enablerepo=epel -y install oniguruma libzip > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms9/cpg-nginx_1.26.1_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms9/cpg-php-fpm_8.1.29_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms9/cpg-clamav-libs_1.0_x86_64.rpm > /dev/null 2>&1
elif [ "$OS" = "AMZ2" ]; then
echo "fs.inotify.max_user_watches = 10000000" > /etc/sysctl.d/cpguard.conf
sysctl -p /etc/sysctl.d/cpguard.conf > /dev/null 2>&1
if [ ! -f /etc/yum.repos.d/epel.repo ]; then
yum -y install epel-release > /dev/null 2>&1
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo
fi
yum --enablerepo=epel -y install rkhunter ipset rsync pcre2 pcre libtool-ltdl rsync tar openssl-libs sqlite net-tools > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms/cpg-nginx_1.26.1_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms/cpg-php-fpm_8.1.29_x86_64.rpm > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/rpms/cpg-clamav-libs_1.0_x86_64.rpm > /dev/null 2>&1
fi
cd /usr/local/src/cpg
rpm -Uvh cpg-nginx_1.26.1_x86_64.rpm --force > /dev/null 2>&1
rpm -Uvh cpg-php-fpm_8.1.29_x86_64.rpm --force > /dev/null 2>&1
rpm -Uvh cpg-clamav-libs_1.0_x86_64.rpm --force > /dev/null 2>&1
if [ -f /opt/cpguard/cpg-php-fpm/sbin/php-fpm ] && [ -f /opt/cpguard/cpg-nginx/sbin/nginx ] && [ -f /opt/cpguard/cpg-clamav/lib64/libclamav.so ]; then
echo -ne "\r${green} =Installed dependency packages ${NC}"
echo -ne '\n'
else
echo -ne "\r${red} =Could not install dependency packages...please contact support ${NC}"
echo -ne '\n'
exit
fi
if [ -f /home/interworx/bin/iworx-web ]; then
yum install mod_security interworx-cli -y > /dev/null 2>&1
fi
elif [ "$DISTRO" = "DEB" ]; then
echo "fs.inotify.max_user_watches = 10000000" > /etc/sysctl.d/cpguard.conf
sysctl -p /etc/sysctl.d/cpguard.conf > /dev/null 2>&1
if [ "$OS" = "D10" ]; then
DEBIAN_FRONTEND=noninteractive apt-get install rkhunter ipset libpcre3 libpcre3-dev libpcre2-8-0 libltdl-dev libltdl7 wget rsync tar sqlite3 openssl curl libmhash2 lbzip2 net-tools libonig5 -y > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs/cpg-nginx_1.26.1_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs/cpg-php-fpm_8.1.29_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs/cpg-clamav-libs_1.0_x86_64.deb > /dev/null 2>&1
elif [ "$OS" = "U18" ]; then
DEBIAN_FRONTEND=noninteractive apt-get install rkhunter ipset libpcre3 libpcre2-8-0 libltdl-dev wget rsync tar sqlite3 openssl curl libmhash2 lbzip2 net-tools libltdl7 -y > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs9/cpg-nginx_1.26.1_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs9/cpg-php-fpm_8.1.29_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs9/cpg-clamav-libs_1.0_x86_64.deb > /dev/null 2>&1
elif [ "$OS" = "U24" ]; then
DEBIAN_FRONTEND=noninteractive apt-get install rkhunter ipset libpcre3 libpcre3-dev libpcre2-8-0 libltdl-dev libltdl7 wget rsync tar sqlite3 openssl curl libmhash2 lbzip2 net-tools libonig5 -y > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs24/cpg-nginx_1.26.1_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs24/cpg-php-fpm_8.1.29_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs24/cpg-clamav-libs_1.0_x86_64.deb > /dev/null 2>&1
elif [ "$OS" = "U24ARM" ]; then
DEBIAN_FRONTEND=noninteractive apt-get install rkhunter ipset libpcre3 libpcre3-dev libpcre2-8-0 libltdl-dev libltdl7 wget rsync tar sqlite3 openssl curl libmhash2 lbzip2 net-tools libonig5 -y > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs24/arm/cpg-nginx_1.26.1_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs24/arm/cpg-php-fpm_8.1.29_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs24/arm/cpg-clamav-libs_1.0_x86_64.deb > /dev/null 2>&1
elif [ "$OS" = "U22ARM" ]; then
DEBIAN_FRONTEND=noninteractive apt-get install rkhunter ipset libpcre3 libpcre3-dev libpcre2-8-0 libltdl-dev libltdl7 wget rsync tar sqlite3 openssl curl libmhash2 lbzip2 net-tools libonig5 -y > /dev/null 2>&1
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs/arm/ubuntu2204/cpg-nginx_1.26.1_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs/arm/ubuntu2204/cpg-php-fpm_8.1.29_x86_64.deb > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/debs/arm/ubuntu2204/cpg-clamav-libs_1.0_x86_64.deb > /dev/null 2>&1
fi
dpkg --force-all -i cpg-nginx_1.26.1_x86_64.deb > /dev/null 2>&1
dpkg --force-all -i cpg-php-fpm_8.1.29_x86_64.deb > /dev/null 2>&1
dpkg --force-all -i cpg-clamav-libs_1.0_x86_64.deb > /dev/null 2>&1
if lsb_release -d | grep 'Ubuntu 22\|bookworm' > /dev/null; then
if [ "$OS" = "U22ARM" ]; then
ln -s /opt/cpguard/cpg-php-fpm/openssl/lib/libssl.so.1.1 /lib/aarch64-linux-gnu/
ln -s /opt/cpguard/cpg-php-fpm/openssl/lib/libcrypto.so.1.1 /lib/aarch64-linux-gnu/
else
ln -s /opt/cpguard/cpg-php-fpm/openssl/lib/libssl.so.1.1 /lib/x86_64-linux-gnu/
ln -s /opt/cpguard/cpg-php-fpm/openssl/lib/libcrypto.so.1.1 /lib/x86_64-linux-gnu/
fi
fi
if [ -f /opt/cpguard/cpg-php-fpm/sbin/php-fpm ] && [ -f /opt/cpguard/cpg-nginx/sbin/nginx ] && [ -f /opt/cpguard/cpg-clamav/lib/libclamav.so ]; then
echo -ne "\r${green} =Installed dependency packages ${NC}"
echo -ne '\n'
else
echo -ne "\r${red} =Could not install dependency packages...please contact support ${NC}"
echo -ne '\n'
exit
fi
fi
}
function setconf() {
if [ "$OS" = "R6" ]; then
TMEZO=`cut -d '"' -f2 < /etc/sysconfig/clock | /usr/bin/head -1`
sed -i -e "s#; http://php.net/date.timezone#date.timezone = "$TMEZO"#g" /opt/cpguard/cpg-php-fpm/etc/php.ini
else
TMEZONE=`timedatectl | grep -oP 'zone\: \K\w[^\s]+'`
if [ $TMEZONE = "n/a" ] || [ $TMEZONE = "Host" ]; then
DTMZONE=`date +%:z | awk -F":" {'print $1'}`
if [[ "$DTMZONE" == +* ]]; then
DTMZONE1=`echo "${DTMZONE:1:1}"`
DTMZONE2=`echo "${DTMZONE:2:1}"`
if [ $DTMZONE1 -eq "0" ]; then
TMEZONE=Etc/GMT"+"$DTMZONE2
else
TMEZONE=Etc/GMT$DTMZONE
fi
elif [[ "$DTMZONE" == -* ]]; then
DTMZONE1=`echo "${DTMZONE:1:1}"`
DTMZONE2=`echo "${DTMZONE:2:1}"`
if [ $DTMZONE1 -eq "0" ]; then
TMEZONE=Etc/GMT"-"$DTMZONE2
else
TMEZONE=Etc/GMT$DTMZONE
fi
else
echo -ne "\r${red} Cannot find the system timezone...please contact support... ${NC}"
echo -ne '\n'
exit
fi
sed -i -e "s#; http://php.net/date.timezone#date.timezone = "$TMEZONE"#g" /opt/cpguard/cpg-php-fpm/etc/php.ini
else
sed -i -e "s#; http://php.net/date.timezone#date.timezone = "$TMEZONE"#g" /opt/cpguard/cpg-php-fpm/etc/php.ini
fi
fi
/usr/sbin/useradd cpguard -s /bin/false -M -d /opt/cpguard -r
/usr/sbin/usermod -L cpguard
chown -R cpguard:cpguard /opt/cpguard/
sed -i -e "s/readlink,//g" /opt/cpguard/cpg-php-fpm/etc/php.ini
chmod 000 /etc/cron.daily/rkhunter
#echo "+Starting cPGuard agent services..."
#/opt/cpguard/cpg-php-fpm/cpgphp-fpm.sh restart > /dev/null 2>&1
#/opt/cpguard/cpg-nginx/nginx_daemon.sh restart > /dev/null 2>&1
#if [ -s /opt/cpguard/cpg-nginx/nginx.pid ] && [ -s /opt/cpguard/cpg-php-fpm/var/run/php-fpm.pid ]; then
# echo -ne "\r${green} =cPGuard agent service is enabled ${NC}"
# echo -ne '\n'
#else
# echo -ne "\r${red} =cPGuard agent service has failed to start...please contact support ${NC}"
# echo -ne '\n'
#fi
}
function installfiles() {
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/latest/app.tar.gz > /dev/null 2>&1
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/latest/etc_cpguard.tar.gz > /dev/null 2>&1
tar -xvzf app.tar.gz > /dev/null 2>&1
tar -xvzf etc_cpguard.tar.gz > /dev/null 2>&1
mv app /opt/cpguard/app
mkdir /etc/cpguard
rsync -avz cpguard/ /etc/cpguard/ > /dev/null 2>&1
ln -s /opt/cpguard/app/cli/cpgcli /usr/bin/cpgcli
chmod 755 /opt/cpguard/app/cli/cpgcli
if [ -f /etc/debian_version ]; then
if [ "$OS" = "U22ARM" ] || [ "$OS" = "U24ARM" ]; then
mv /etc/cpguard/scripts/cpguard_arm /etc/cpguard/scripts/cpguard
mv /etc/cpguard/scripts/fscan_arm /etc/cpguard/scripts/fscan
mv /etc/cpguard/scripts/fscanfile_arm /etc/cpguard/scripts/fscanfile
mv /etc/cpguard/scripts/mscan_arm /etc/cpguard/scripts/mscan
mv /etc/cpguard/scripts/daily_arm /etc/cpguard/scripts/daily
mv /etc/cpguard/scripts/weekly_arm /etc/cpguard/scripts/weekly
mv /etc/cpguard/scripts/whitelist_arm /etc/cpguard/whitelist
chmod 755 /etc/cpguard/scripts/cpguard
chmod 755 /etc/cpguard/scripts/fscan
chmod 755 /etc/cpguard/scripts/fscanfile
chmod 755 /etc/cpguard/scripts/mscan
chmod 755 /etc/cpguard/scripts/daily
chmod 755 /etc/cpguard/scripts/weekly
chmod 755 /etc/cpguard/whitelist
else
mv /etc/cpguard/scripts/cpguard_deb /etc/cpguard/scripts/cpguard
mv /etc/cpguard/scripts/fscan_deb /etc/cpguard/scripts/fscan
mv /etc/cpguard/scripts/fscanfile_deb /etc/cpguard/scripts/fscanfile
mv /etc/cpguard/scripts/mscan_deb /etc/cpguard/scripts/mscan
mv /etc/cpguard/scripts/daily_deb /etc/cpguard/scripts/daily
mv /etc/cpguard/scripts/weekly_deb /etc/cpguard/scripts/weekly
chmod 755 /etc/cpguard/scripts/cpguard
chmod 755 /etc/cpguard/scripts/fscan
chmod 755 /etc/cpguard/scripts/fscanfile
chmod 755 /etc/cpguard/scripts/mscan
chmod 755 /etc/cpguard/scripts/daily
chmod 755 /etc/cpguard/scripts/weekly
fi
fi
mv /etc/cpguard/tmp/cpguard_modsec100.conf_sample /etc/cpguard/cpguard_modsec100.conf
mv /etc/cpguard/tmp/cpguard_modsec101.conf_sample /etc/cpguard/cpguard_modsec101.conf
mv /etc/cpguard/tmp/wafurls.txt_sample /etc/cpguard/wafurls.txt
mv /etc/cpguard/tmp/bfurls.txt_sample /etc/cpguard/bfurls.txt
touch /etc/cpguard/cpguard.log
touch /etc/cpguard/whitelistusers.txt
touch /etc/cpguard/userwatch.txt
touch /etc/cpguard/whitelistfiles.txt
touch /etc/cpguard/blacklistfiles.txt
touch /etc/cpguard/watchlist.txt
echo "mysql.sock" >> /etc/cpguard/whitelistfiles.txt
#echo "plugins/getastra/astra/libraries/plugins/astra-gk/var/db" >> /etc/cpguard/whitelistfiles.txt
echo "1.sh" >> /etc/cpguard/blacklistfiles.txt
echo "libworker.so" >> /etc/cpguard/blacklistfiles.txt
mkdir -p /opt/cpguard/common
touch /opt/cpguard/tmpdb.txt
touch /opt/cpguard/blacklistips.txt
touch /opt/cpguard/whitelistips.txt
touch /opt/cpguard/whitelistdomains.txt
touch /etc/cpguard/conf/location.dat
touch /opt/cpguard/blacklist-userips.txt
chmod 755 /etc/cpguard/scripts/meSamples.php
chmod 755 /etc/cpguard/scripts/bforce.php
cp -p /opt/cpguard/app/resources/email_templates/user_cms_threats_sample.html /opt/cpguard/app/resources/email_templates/user_cms_threats.html
chown cpguard:cpguard /etc/cpguard/wafurls.txt
chown cpguard:cpguard /etc/cpguard/blacklistfiles.txt
chown cpguard:cpguard /etc/cpguard/whitelistfiles.txt
chown cpguard:cpguard /etc/cpguard/bfurls.txt
chown cpguard:cpguard /etc/cpguard/whitelistusers.txt
chown cpguard:cpguard /opt/cpguard/blacklist-userips.txt
/opt/cpguard/cpg-php-fpm/bin/php /opt/cpguard/app/setup/install.php
mv /etc/cpguard/cron /etc/cron.d/cpguard
cp -p /opt/cpguard/app/resources/badbots.txt /etc/cpguard/
chown cpguard:cpguard /etc/cpguard/badbots.txt
chown -R cpguard:cpguard /opt/cpguard
chown cpguard:cpguard /etc/cpguard/conf/main.conf
cp -p /opt/cpguard/app/setup/databases/schedule.db /opt/cpguard/app/data/schedule.db
chmod 750 /opt/cpguard/app/data
echo "ALLOWIPCPROC=/usr/bin/postgres" >> /etc/rkhunter.conf
echo "ALLOWDEVFILE=/dev/shm/Sync_Event*" >> /etc/rkhunter.conf
if [ -f /usr/sbin/getenforce ]; then
CPGSE=`/usr/sbin/getenforce`
if [ $CPGSE = "Enforcing" ]; then
semanage fcontext -a -t system_cron_spool_t "/etc/cron.d/cpguard"
restorecon -RFv /etc/cron.d/cpguard
fi
fi
if [ -d /var/local/enhance ]; then
/usr/bin/docker exec -it litespeed chown webserver.webserver /usr/local/lsws/tmp > /dev/null 2>&1
/usr/bin/docker exec -it litespeed chown webserver.webserver /usr/local/lsws/tmp/secremote > /dev/null 2>&1
fi
}
csfwhitelitips () {
if [ -f /usr/sbin/csf ]; then
/usr/sbin/csf -a 104.248.44.154 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 168.119.180.141 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 94.237.29.205 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 37.97.190.233 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 72.14.186.130 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 188.116.8.88 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 45.77.35.77 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 94.130.24.31 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 37.97.189.139 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 137.184.200.210 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 159.89.87.35 "cPGuard" > /dev/null 2>&1
/usr/sbin/csf -a 167.99.149.179 "cPGuard" > /dev/null 2>&1
sed -i -e "/csf.ignore/a Include \/etc\/cpguard\/cpgips.txt" /etc/csf/csf.allow
echo 'Include /etc/cpguard/cpgips.txt' >> /etc/csf/csf.ignore
echo "user:cpguard" >> /etc/csf/csf.pignore
service lfd restart > /dev/null 2>&1
echo -ne "\r${green} =Whitelited IPs in CSF${NC}"
echo -ne '\n'
else
echo -ne "\r${red} CSF is not installed on this server. Please whitelist the IPs in /etc/cpguard/cpgips.txt manually ${NC}"
echo -ne '\n'
fi
if [ -d /var/local/enhance/controld ]; then
/usr/sbin/ufw allow from 137.184.200.210 to any proto tcp port 9098
/usr/sbin/ufw allow from 159.89.87.35 to any proto tcp port 9098
/usr/sbin/ufw allow from 167.99.149.179 to any proto tcp port 9098
echo -ne "\r${green} =Whitelited IPs in UFW${NC}"
echo -ne '\n'
fi
}
controlpanelfiles () {
if [ "$CP" = "cPanel" ]; then
CONFFILE="/etc/apache2/conf.d/modsec/modsec2.user.conf"
grep -v cpguard_modsec $CONFFILE > /root/cpg_modsec_conf.tmp
cat /root/cpg_modsec_conf.tmp > $CONFFILE
if ! grep cpguard_modsec100 $CONFFILE > /dev/null; then
echo "Include /etc/cpguard/cpguard_modsec100.conf" >> $CONFFILE
fi
rm -f /root/cpg_modsec_conf.tmp
if [ ! -d /var/cpanel/apps ]; then
mkdir /var/cpanel/apps
chmod 755 /var/cpanel/apps
fi
mkdir /var/cpanel/rbl_info/ >/dev/null 2>&1
cp -p /etc/cpguard/tmp/rbl/abuseat.yaml /var/cpanel/rbl_info/
cp -p /etc/cpguard/tmp/rbl/barracuda.yaml /var/cpanel/rbl_info/
cp -p /etc/cpguard/tmp/rbl/spameatingmonkey.yaml /var/cpanel/rbl_info/
cp -p /etc/cpguard/tmp/rbl/srbl_cpguard.yaml /var/cpanel/rbl_info/
echo "acl_abuseat_rbl=0" >> /etc/exim.conf.localopts
echo "acl_barracuda_rbl=0" >> /etc/exim.conf.localopts
echo "acl_spameatingmonkey_rbl=0" >> /etc/exim.conf.localopts
echo "acl_cpguardsrbl_rbl=0" >> /etc/exim.conf.localopts
if [ -f /usr/bin/wp ]; then
echo "RTKT_FILE_WHITELIST=/usr/bin/wp" >> /etc/rkhunter.conf
fi
sed -i -e "s/ErrorDocument 406/#ErrorDocument 406/g" /etc/apache2/conf.d/includes/errordocument.conf
cd /usr/local/src/cpg
if [ -f /usr/local/cpanel/3rdparty/bin/php ]; then
CPPHPSUBVER=`/usr/local/cpanel/3rdparty/bin/php -v | head -1 | awk -F" " {'print $2'} | awk -F"." {'print $1'}`
CPPHPSUBVERMIN=`/usr/local/cpanel/3rdparty/bin/php -v | head -1 | awk -F" " {'print $2'} | awk -F"." {'print $2'}`
else
CPPHPSUBVER=`/opt/cpguard/cpg-php-fpm/bin/php -v | head -1 | awk -F" " {'print $2'} | awk -F"." {'print $1'}`
CPPHPSUBVERMIN=`/opt/cpguard/cpg-php-fpm/bin/php -v | head -1 | awk -F" " {'print $2'} | awk -F"." {'print $2'}`
fi
if [ $CPPHPSUBVER -eq 8 ]; then
if [ $CPPHPSUBVERMIN -eq 1 ]; then
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/latest/cpguard-client.tar.gz
elif [ $CPPHPSUBVERMIN -eq 3 ]; then
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/latest/clent83/cpguard-client.tar.gz
fi
else
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/latest/clent72/cpguard-client.tar.gz
fi
tar -xvzf cpguard-client.tar.gz > /dev/null 2>&1
mkdir /usr/local/cpanel/base/frontend/jupiter/cpguard
rsync -avz cpguard-client/ /usr/local/cpanel/base/frontend/jupiter/cpguard/ > /dev/null 2>&1
mkdir /usr/local/cpanel/whostmgr/cgi/cpguard
cp -p cpguard-client/admin_plugin/index.php /usr/local/cpanel/whostmgr/cgi/cpguard/ > /dev/null 2>&1
echo "Resgistering WHM Plugin..."
/usr/local/cpanel/bin/register_appconfig /etc/cpguard/whm.cpguard.conf > /dev/null
echo "Resgistering cPanel Plugin..."
cp -p /usr/local/cpanel/base/frontend/jupiter/cpguard/cpanel/install.json_sample /usr/local/cpanel/base/frontend/jupiter/cpguard/cpanel/install.json
/usr/local/cpanel/scripts/install_plugin /usr/local/cpanel/base/frontend/jupiter/cpguard/cpanel/ --theme=jupiter > /dev/null
elif [ "$CP" = "DirectAdmin" ]; then
cd /usr/local/src/cpg
wget https://get-cpg.nyc3.cdn.digitaloceanspaces.com/latest/cpguard-client.tar.gz > /dev/null 2>&1
tar -xvzf cpguard-client.tar.gz > /dev/null 2>&1
mkdir -p /usr/local/directadmin/plugins/cpguard/cpguard
mkdir -p /usr/local/directadmin/plugins/cpguard/images
rsync -avz cpguard-client/directadmin-base/ /usr/local/directadmin/plugins/cpguard/ > /dev/null 2>&1
rsync -avz cpguard-client/ /usr/local/directadmin/plugins/cpguard/cpguard/ > /dev/null 2>&1
rsync -avz cpguard-client/assets/ /usr/local/directadmin/plugins/cpguard/images/ > /dev/null 2>&1
cp -p cpguard-client/admin_plugin/index.php /usr/local/directadmin/plugins/cpguard/admin/index.php > /dev/null 2>&1
elif [ "$CP" = "Plesk" ]; then
echo "Nothing to do" > /dev/null 2>&1
fi
}
#Main
red='\e[0;31m'
green='\e[0;32m'
blue='\e[4;34m'
NC='\e[0m'
OS=""
CP=""
DISTRO=""
if /bin/uname -a | grep aarch64 > /dev/null 2>&1; then
ARC="aarch64"
else
ARC="x86_64"
fi
if [ -d /opt/cpguard/app ]; then
echo -ne "\r${red} cPGuard app files still exists on this server. Please uninstall cPGuard before attempting the installation ${NC}"
echo -ne '\n'
exit
fi
if [ -z "$1" ]; then
echo -ne "\r${red} License key is missing...please add your license key into the installer command ${NC}"
echo -ne '\n'
exit
else
LICKEY=$1
fi
if [ ! -z "$2" ]; then
if [ ! -f "$2" ]; then
echo -ne "\r${red} "Inavlid INI file path..." ${NC}"
echo -ne '\n'
exit
fi
fi
echo "+Detecting Operating System...."
if [ -f /etc/redhat-release ] && [ ! -f /etc/os-release ]; then
if cat /etc/redhat-release | grep CloudLinux > /dev/null; then
OS="R6"
DISTRO="YUM"
else
echo -ne "\r${red} Unsupported OS...please check the system requirements for cPGuard ${NC}"
echo -ne '\n'
exit
fi
elif [ -f /etc/redhat-release ] && [ -f /etc/os-release ]; then
if cat /etc/os-release | grep VERSION_ID | grep '"9' > /dev/null; then
OS="R9"
DISTRO="YUM"
else
OS="R7"
DISTRO="YUM"
fi
elif [ ! -f /etc/redhat-release ] && [ -f /etc/os-release ] && [ ! -f /etc/debian_version ]; then
if cat /etc/os-release | grep VERSION_ID | grep '"2' > /dev/null; then
OS="AMZ2"
DISTRO="YUM"
fi
elif [ -f /etc/debian_version ]; then
DISTRO="DEB"
if lsb_release -d | grep 'Linux 9.' > /dev/null; then
echo -ne "\r${red} Unsupported OS...please check the system requirements for cPGuard ${NC}"
echo -ne '\n'
exit
elif lsb_release -d | grep 'Ubuntu 18' > /dev/null; then
OS="U18"
elif lsb_release -d | grep 'Ubuntu 24' > /dev/null; then
if [ $ARC == "aarch64" ]; then
OS="U24ARM"
else
OS="U24"
fi
elif [ $ARC == "aarch64" ]; then
if lsb_release -d | grep 'Ubuntu 22\|bookworm' > /dev/null; then
OS="U22ARM"
else
echo -ne "\r${red} Unsupported OS...please check the system requirements for cPGuard ${NC}"
echo -ne '\n'
exit
fi
else
OS="D10"
fi
else
echo -ne "\r${red} Unsupported OS...please check the system requirements for cPGuard ${NC}"
echo -ne '\n'
exit
fi
echo -ne "\r${green} =Identified the Server Operating System ${NC}"
echo -ne '\n'
echo "+Installing dependancy packages and setup OS"
sleep 2
setos
echo -ne "\r${green} =OS Setup is completed ${NC}"
echo -ne '\n'
echo "+Confiuring cPGuard packages..."
setconf
echo -ne "\r${green} = cPGuard package configuration is completed ${NC}"
echo -ne '\n'
echo "+Detecting Control Panel..."
if [ -f /usr/local/cpanel/cpsrvd ]; then
CP="cPanel"
elif [ -f /usr/local/directadmin/directadmin ]; then
CP="DirectAdmin"
elif [ -f /etc/psa/psa.conf ]; then
CP="Plesk"
elif [ ! -z "$2" ]; then
cp -p $2 /opt/cpguard/cpguard.ini
else
echo -ne "\r${red} Please follow the manual instructions if required to complete installing cPGuard ${NC}"
echo -ne '\n'
fi
if [ ! -z $CP ]; then
echo -ne "\r${green} =Identified $CP Control Panel ${NC}"
echo -ne '\n'
fi
echo "+Installing Files..."
sleep 2
installfiles
echo -ne "\r${green} =Installed cPGuard Files ${NC}"
echo -ne '\n'
echo "+Whitelisting OPSSHIELD IPs in CSF..."
sleep 2
csfwhitelitips
echo -ne '\n'
if [ ! -z $CP ]; then
echo "+Installing files for $CP.. "
sleep 2
controlpanelfiles
echo -ne "\r${green} =Installed files for $CP ${NC}"
echo -ne '\n'
fi
echo ""
echo ""
echo -ne "\r${red} ================================================= ${NC}"
echo -ne '\n'
echo "+Installing License and binding to App Portal..."
echo -ne "\r${green} ================================================= ${NC}"
echo ""
sleep 2
cpgcli license --key $LICKEY
echo ""
echo -ne "\r${green} ================================================= ${NC}"
echo -ne '\n'
echo -ne "\r${red} ================================================= ${NC}"
echo ""
echo ""
/opt/cpguard/cpg-php-fpm/bin/php /opt/cpguard/app/setup/summary.php
echo -ne "\r${green} If you need any assistance, please feel free to reach our support team ${NC}"
echo -ne '\n'
-=[ KCW uplo4d3r c0ded by cJ_n4p573r ]=-
Ⓒ2017 ҠЄГѦLѦ СүѣЄГ ЩѦГГіѺГՏ