Mini Shell
#!/usr/bin/bash
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
# Note: Also called from Debian
# Arguments:
# RPM
# $1 == 1 - install package
# $1 == 2 - upgrade package
# DEB
# $1 == configure - RPM post/posttrans
rhel=$2
cl_venv_path=$3
if [[ $rhel -gt 6 ]]; then
systemctl daemon-reload
fi
# kill "cagefsctl --update"
ps --no-headers -A -o 'pid,command'|grep cagefsctl|grep update|awk '{print $1}'|xargs --no-run-if-empty kill
# CAG-764
if ps --no-headers -A -o 'pid,command'|grep cagefsctl|grep unmount-cur-ns &>/dev/null; then
ps --no-headers -A -o 'pid,command'|grep cagefsctl|grep mount|awk '{print $1}'|xargs --no-run-if-empty kill -9
ps --no-headers -A -o 'pid,command'|grep cagefsctl|grep unmount-cur-ns|awk '{print $1}'|xargs --no-run-if-empty kill -9
fi
# check for update for LIBLVE-20
UPDATES='/etc/sysconfig/lve_updates'
if [ -f "$UPDATES" ]; then
. "$UPDATES"
else
LIBLVE20='0'
fi
if [ "$LIBLVE20" != '1' ]; then
# we should force remount of CageFS
touch /usr/share/cagefs/need.remount
sed -i -e '/LIBLVE20/d' "$UPDATES" > /dev/null 2>&1
echo 'LIBLVE20="1"' >> "$UPDATES"
fi
# create directories needed when link protection is enabled
/usr/sbin/cagefsctl --create-dirs-for-symlink-protection
# remove old skeleton
rm -rf /usr/share/securelve-skeleton
# Migrate to new prefixes
/usr/sbin/cagefsctl --migrate-prefixes
# SecureLVE: change shell of all jailed users, enable all jailed users in CageFS
/usr/share/cagefs/migrate.sh
# Set fs.proc_can_see_other_uid to 0 if it is absent in /etc/sysctl.conf and move it to /etc/sysctl.d/90-cloudlinux.conf
"$cl_venv_path"/bin/cl_sysctl migrate --parameter fs.proc_can_see_other_uid --default-value 0
# CAG-976: /proc should be remounted with hidepid=2 after installation of cagefs package
/usr/share/cloudlinux/remount_proc.py
# cagefs 3.0 is NOT installed yet (old version of cagefs is installed) ?
if [ ! -e /etc/cagefs/etc.safe ]; then
# etc directory in skeleton is copied (NOT mounted) ?
if ! grep -m 1 /usr/share/cagefs-skeleton/etc /proc/mounts > /dev/null
then
rm -rf /usr/share/cagefs-skeleton/etc
fi
# var/log directory in skeleton is copied (NOT mounted) ?
if ! grep -m 1 /usr/share/cagefs-skeleton/var/log /proc/mounts > /dev/null
then
rm -rf /usr/share/cagefs-skeleton/var/log
fi
# search for users with invalid home dirs and repair them
if [ -d "/scripts" ]
then
/usr/share/cagefs/repair_homes.py --do-not-ask
fi
/usr/share/cagefs/repair_homes.py --rename-var-cagefs
/usr/share/cagefs/repair_homes.py --uninstall_cagefs_etc
touch /usr/share/cagefs/need.remount
fi
#install plugin for control panel
/usr/share/cagefs-plugins/install-cagefs-plugin.py --install
# Fix rights on update
chmod 0750 /usr/share/cagefs/exclude.d
# Create exclude users lists
/usr/share/cagefs/exclude_users_cleaner.py
# Create lists of safe users and groups
if [ -e "/etc/cagefs/etc.safe/passwd" ]; then
if [ ! -e "/etc/cagefs/etc.safe/safe.users" ]; then
echo -n "" > /etc/cagefs/etc.safe/safe.users
while read line
do
echo "$line" | cut -f1 -d: >> /etc/cagefs/etc.safe/safe.users
done < /etc/cagefs/etc.safe/passwd
chmod 0600 /etc/cagefs/etc.safe/safe.users
fi
fi
if [ -e "/etc/cagefs/etc.safe/group" ]; then
if [ ! -e "/etc/cagefs/etc.safe/safe.groups" ]; then
echo -n "" > /etc/cagefs/etc.safe/safe.groups
while read line
do
echo "$line" | cut -f1 -d: >> /etc/cagefs/etc.safe/safe.groups
done < /etc/cagefs/etc.safe/group
chmod 0600 /etc/cagefs/etc.safe/safe.groups
fi
fi
# Copy proxyexec to skeleton
if [ -e "/usr/share/cagefs-skeleton" ]; then
if [ -e "/usr/sbin/proxyexec" ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/sbin/
cp -f /usr/sbin/proxyexec /usr/share/cagefs-skeleton/usr/sbin/proxyexec
fi
if [ -e "/usr/lib64/libbsock.so" ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/lib64/
cp -f /usr/lib64/libbsock.so /usr/share/cagefs-skeleton/usr/lib64/libbsock.so 2> /dev/null
fi
if [ -e "/usr/lib64/libbsock_preload.so" ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/lib64/
cp -f /usr/lib64/libbsock_preload.so /usr/share/cagefs-skeleton/usr/lib64/libbsock_preload.so 2> /dev/null
fi
if [ -e "/usr/lib/libbsock.so" ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/lib/
cp -f /usr/lib/libbsock.so /usr/share/cagefs-skeleton/usr/lib/libbsock.so 2> /dev/null
fi
if [ -e "/usr/lib/libbsock_preload.so" ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/lib/
cp -f /usr/lib/libbsock_preload.so /usr/share/cagefs-skeleton/usr/lib/libbsock_preload.so 2> /dev/null
fi
if [ ! -e "/usr/share/cagefs-skeleton/usr/lib/bsock" ]; then
if [ -e "/usr/lib/bsock" ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/lib/
ln -s libbsock.so /usr/share/cagefs-skeleton/usr/lib/bsock
fi
fi
if [ ! -e "/usr/share/cagefs-skeleton/usr/lib64/bsock" ]; then
if [ -e "/usr/lib64/bsock" ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/lib64/
ln -s libbsock.so /usr/share/cagefs-skeleton/usr/lib64/bsock
fi
fi
if [ -e /usr/bin/crontab.cagefs ]; then
mkdir -p /usr/share/cagefs-skeleton/usr/bin/
cp -f /usr/bin/crontab.cagefs /usr/share/cagefs-skeleton/usr/bin/crontab.cagefs
fi
fi
if [ -e /usr/share/cagefs-skeleton ]; then
if [ ! -e /usr/share/cagefs-skeleton/var/spool/cron ]; then
mkdir -p -m 0755 /usr/share/cagefs-skeleton/var/spool/cron
fi
if [ ! -e /usr/share/cagefs-skeleton/var/run/screen ]; then
mkdir -p -m 0755 /usr/share/cagefs-skeleton/var/run/screen
fi
if [ ! -e /usr/share/cagefs-skeleton/var/cache/php-eaccelerator ]; then
mkdir -p -m 0755 /usr/share/cagefs-skeleton/var/cache/php-eaccelerator
fi
if [ ! -e /usr/share/cagefs-skeleton/opt/suphp/sbin ]; then
mkdir -p -m 0755 /usr/share/cagefs-skeleton/opt/suphp/sbin
fi
fi
# Add packages to CageFS
/usr/sbin/cagefsctl --add-default-rpm-packages > /dev/null 2>&1
find /etc/cagefs/users.enabled -type d 2> /dev/null | xargs --no-run-if-empty chmod 0751
find /etc/cagefs/users.enabled.save -type d 2> /dev/null | xargs --no-run-if-empty chmod 0751
find /etc/cagefs/users.disabled -type d 2> /dev/null | xargs --no-run-if-empty chmod 0751
find /etc/cagefs/users.disabled.save -type d 2> /dev/null | xargs --no-run-if-empty chmod 0751
chmod 0751 /etc/cagefs/filters > /dev/null 2>&1
chmod 0600 /etc/cagefs/filters/* > /dev/null 2>&1
chmod 0751 /etc/cagefs/conf.d > /dev/null 2>&1
chmod 0600 /etc/cagefs/conf.d/* > /dev/null 2>&1
chmod 0751 /etc/cagefs/etc.safe > /dev/null 2>&1
chmod 0600 /etc/cagefs/etc.safe/* > /dev/null 2>&1
chmod 0751 /etc/cagefs/exclude > /dev/null 2>&1
chmod 0600 /etc/cagefs/exclude/* > /dev/null 2>&1
chmod 0600 /etc/cagefs/cagefs.ini > /dev/null 2>&1
chmod 0600 /etc/cagefs/black.list > /dev/null 2>&1
chmod 0644 /etc/cagefs/cagefs.min.uid > /dev/null 2>&1
chmod 0600 /etc/cagefs/cagefs.mp > /dev/null 2>&1
chmod 0600 /etc/cagefs/cagefs.base.home.dirs > /dev/null 2>&1
chmod 0600 /etc/cagefs/*proxy.commands > /dev/null 2>&1
chmod 0700 /usr/share/cagefs/conf.d > /dev/null 2>&1
chmod 0600 /usr/share/cagefs/conf.d/* > /dev/null 2>&1
chmod 0600 /usr/share/cagefs/skeleton.files.list > /dev/null 2>&1
chmod 0600 /usr/share/cagefs/skeleton.libs.list > /dev/null 2>&1
chmod 0751 /etc/cagefs
chown root:root /etc/cagefs
mkdir -p /var/cagefs
chmod 0751 /var/cagefs
chown root:root /var/cagefs
mkdir -p /usr/share/cagefs/.cagefs.empty
chmod 0755 /usr/share/cagefs/.cagefs.empty
chown root:root /usr/share/cagefs/.cagefs.empty
# exclude /home/user/.cagefs directory from backup
for CPBACKUP_CONF in /usr/local/cpanel/etc/cpbackup-exclude.conf /etc/cpbackup-exclude.conf; do
if [ -e $CPBACKUP_CONF ]; then
if ! grep "\.cagefs" $CPBACKUP_CONF > /dev/null 2>&1 ; then
echo '.cagefs*' >> $CPBACKUP_CONF
fi
fi
done
if [ -e /etc/cagefs/cagefs.mp ]; then
# Add new line if needed
/usr/sbin/cagefsctl --check-mp
# Add /opt mount if needed
if [ -d /opt ]; then
if ! grep -m 1 -P '^/opt$' /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
echo "/opt" >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
# Add /var/spool/at if needed
if [ -d /var/spool/at ]; then
if ! grep -m 1 -P "^/var/spool/at$" /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
echo "/var/spool/at" >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
# Add /var/run/dbus if needed
if [ -d /var/run/dbus ]; then
if ! grep -m 1 -P "^/var/run/dbus$" /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
echo "/var/run/dbus" >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
# Remove /var/cpanel from cagefs.mp
if grep -m 1 -e '^/var/cpanel$' /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
sed -i -e '/^\/var\/cpanel$/d' /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
# Add /var/cpanel/userdata to cagefs.mp
if [ -d /var/cpanel/userdata ]; then
if ! grep -m 1 -e '^%/var/cpanel/userdata$' /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
echo '%/var/cpanel/userdata' >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
# Remove /var/run/proxyexec/cagefs.sock from cagefs.mp
if grep -m 1 -P '^/var/run/proxyexec/cagefs.sock$' /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
sed -i -e '/\/var\/run\/proxyexec\/cagefs.sock/d' /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
# Remove /var/www/cgi-bin from cagefs.mp on Plesk
if cldetect --detect-cp | grep Plesk >/dev/null 2>&1; then
if grep -m 1 -P "^/var/www/cgi-bin$" /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
sed -i -e '/\/var\/www\/cgi-bin/d' /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
# Add /tmp/clamd to cagefs.mp
if [ -d /tmp/clamd ]; then
if ! grep -m 1 -e '^/tmp/clamd$' /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
echo '/tmp/clamd' >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
# Add default mount points (user's personal)
if ! grep -m 1 -P '^@/var/spool/cron,' /etc/cagefs/cagefs.mp > /dev/null 2>&1; then
echo '# You can add personal (individual) mounts for users, like below.' >> /etc/cagefs/cagefs.mp
echo '# Please, start line with "@" symbol, and then specify path and permissions (comma separated).' >> /etc/cagefs/cagefs.mp
echo '# These directories will be virtualized for each user.' >> /etc/cagefs/cagefs.mp
echo '@/var/spool/cron,700' >> /etc/cagefs/cagefs.mp
echo '@/var/run/screen,777' >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
if ! grep -m 1 -P '^@/var/cache/php-eaccelerator,' /etc/cagefs/cagefs.mp > /dev/null 2>&1; then
echo '@/var/cache/php-eaccelerator,777' >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
# Remove /var/lib/dav, /var/www/html, /var/www/cgi-bin from cagefs.mp if they are not present
for dir in /var/lib/dav /var/www/html /var/www/cgi-bin; do
if [ ! -d $dir ]; then
if grep -m 1 -P "^$dir$" /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
sed -i -e "/^${dir////\\\/}$/d" /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
done
# Add /var/lve/php.dat.d to cagefs.mp
if [ -d /var/lve/php.dat.d ]; then
if ! grep -m 1 -e '^!/var/lve/php.dat.d$' /etc/cagefs/cagefs.mp >/dev/null 2>&1; then
echo '!/var/lve/php.dat.d' >> /etc/cagefs/cagefs.mp
touch /usr/share/cagefs/need.remount
fi
fi
fi
# configure CageFS
/usr/sbin/cagefsctl --reconfigure-cagefs
# CAG-1087: remove duplicate lines from /etc/cagefs/cagefs.base.home.dirs file
# https://stackoverflow.com/questions/1444406/how-to-delete-duplicate-lines-in-a-file-without-sorting-it-in-unix
if [[ -f /etc/cagefs/cagefs.base.home.dirs ]]; then
awk '!seen[$0]++' /etc/cagefs/cagefs.base.home.dirs > /etc/cagefs/cagefs.base.home.dirs.$$
if ! diff /etc/cagefs/cagefs.base.home.dirs /etc/cagefs/cagefs.base.home.dirs.$$ &>/dev/null; then
mv -f /etc/cagefs/cagefs.base.home.dirs.$$ /etc/cagefs/cagefs.base.home.dirs
else
rm -f /etc/cagefs/cagefs.base.home.dirs.$$
fi
fi
/usr/sbin/cagefsctl --update-users-status-fix-owner
if [ -e /usr/share/cagefs-skeleton/bin ]; then
if [ ! -e /usr/share/cagefs/etc.update.done ]; then
/usr/sbin/cagefsctl --force-update-etc
fi
/usr/sbin/cagefsctl --setup-cl-selector
/usr/sbin/cagefsctl --update-wrappers
/usr/sbin/cagefsctl --remove-blacklisted
/usr/sbin/cagefsctl --create-homeN-dirs-in-skeleton
fi
# CAG-526, CAG-634
/usr/sbin/cagefsctl --check-for-unsafe-mounts &>/dev/null
if [ -e /usr/share/cagefs-skeleton/bin ]; then
if [ -e /usr/share/cagefs/need.remount ]; then
/usr/sbin/cagefsctl --remount-all --without-lock
else
if ! grep -P "cagefs-skeleton\s" /proc/mounts > /dev/null 2>&1; then
/usr/sbin/cagefsctl --remount-all --without-lock
else
/sbin/service proxyexecd restart > /dev/null 2>&1
fi
fi
/usr/share/cagefs-plugins/install-cagefs-plugin.py --install-plesk-wrapper
else
/sbin/service proxyexecd restart > /dev/null 2>&1
fi
rm -f /usr/share/cagefs/need.remount
rm -f /usr/share/cagefs/etc.update.done
rm -f /usr/share/cagefs/skip.cagefs.restart
# Remove /var/cpanel mountpoint from skeleton
if [ -e /usr/share/cagefs-skeleton/var/cpanel ]; then
rmdir /usr/share/cagefs-skeleton/var/cpanel > /dev/null 2>&1
fi
# CAG-416
if [ -f /var/lib/mysql/.cl.selector/defaults.cfg ]; then
rm -f /var/lib/mysql/.cl.selector/defaults.cfg > /dev/null 2>&1
rmdir /var/lib/mysql/.cl.selector > /dev/null 2>&1
fi
# install hooks
# CAG-377 - Reinstall hooks on Plesk
if cldetect --detect-cp | grep Plesk >/dev/null 2>&1; then
/usr/sbin/cagefsctl --hook-remove
fi
/usr/sbin/cagefsctl --hook-install
/usr/sbin/cagefsctl --create-virt-mp-all
# CAG-913: remove "fix" of support. /var/.cagefs should not exist in real file system
rmdir /var/.cagefs &>/dev/null
rm -f /var/.cagefs
# Revert "LVEMAN-1425: PHP breaks after updating"
rm -f /var/log/cagefs-cl-setup-selector.log
# configure CageFS for OpenLiteSpeed
nohup /usr/sbin/cagefsctl --configure-openlitespeed &>/dev/null &
/usr/share/cagefs-plugins/install-cagefs-plugin.py --fix-services-without-lve
# synchronize CageFS features
/usr/share/cagefs/feature_manager.py sync
exit 0
Zerion Mini Shell 1.0