Mini Shell

Direktori : /opt/imunify360/venv/share/imunify360/scripts/
Upload File :
Current File : //opt/imunify360/venv/share/imunify360/scripts/csf_tool

#!/usr/bin/bash
#
# This script exit codes
# 0 means OK
# 1 some error or csf is not installed
#

function is_csf_installed {
  if which csf >/dev/null 2>&1; then
    echo "csf is installed"
    return 0
  else
    echo "csf is not installed"
    return 1
  fi
}

function enable_csf {
  systemctl start csf
  systemctl start lfd
  csf --enable # add csf to autostart
}

function disable_csf {
  systemctl stop csf
  systemctl stop lfd
  csf --disable # remove csf from autostart
}

function edit_allow_list {
    FILE=$1
    mapfile -t ip_comment < $FILE
    if [ "$2" = "remove" ] ; then
        for instance in "${ip_comment[@]}"
            do
                IFS=';' read -r ip comment <<< $instance
                    if [ ! -z $ip ]; then
                        sed -i "/$ip/d" /etc/csf/csf.allow
                        local rc=$?
                        test $rc = 0 || return $rc
                    fi
            done
        # remove imunify360 whitelist file
        sed -i "/imunify360.txt/d" /etc/csf/csf.allow
        sed -i "/^# csf_tool/d" /etc/csf/csf.allow
        remove_bins_from_pignore
    fi
    if [ "$2" = "add" ] ; then
        add_bins_to_pignore
        echo $'\n# csf_tool: ' >> /etc/csf/csf.allow
        for instance in "${ip_comment[@]}"
            do
                echo $instance
                    IFS=';' read -r ip comment <<< $instance
                    local out=`csf --add $ip "$comment" 2>&1`
                    local rc=$?
                    test $rc = 0 || return $rc
            done
    fi
}
BINS_TO_IGNORE="exe:/var/ossec/bin/ossec-monitord \
                exe:/var/ossec/bin/ossec-analysisd\
                exe:/var/ossec/bin/ossec-remoted"
ignore_file=/etc/csf/csf.pignore

function remove_bins_from_pignore {
  for exe in $BINS_TO_IGNORE; do
    sed -i "\|${exe}|d" $ignore_file
  done
}

function add_bins_to_pignore {

    should_restart=false

    for exe in $BINS_TO_IGNORE; do
        if ! grep -q $exe $ignore_file ; then
            echo "$exe" >> $ignore_file
            should_restart=true
        fi
    done

    if $should_restart; then
        echo 'Restarting CSF to apply pignore changes'
        csf --restartall > /dev/null
    fi
}

if [ "$1" = "" ] ; then
    echo "Usage: $0 enable/disable/status/coop_install"
    exit 1
fi
if [ "$1" = "status" ] ; then
    is_csf_installed
    exit $?
fi
if [ "$1" = "enable" ]
then
    is_csf_installed >/dev/null || exit 1
    enable_csf
    exit $?
fi
if [ "$1" = "disable" ]
then
    is_csf_installed >/dev/null || exit 1
    disable_csf
    exit $?
fi
if [ "$1" = "coop_install" ]
then
    is_csf_installed >/dev/null || exit 1
    edit_allow_list /etc/csf/imunify_allow.conf add
    exit $?
fi
if [ "$1" = "remove" ]
then
    edit_allow_list /etc/csf/imunify_allow.conf remove
    exit $?
fi

Zerion Mini Shell 1.0