#!/bin/bash # Example: sudo webinoly -verify # Example: sudo webinoly -verify=critical # Example: sudo webinoly -verify -check-for-updates webinoly_verify() { # Not run when update stack is running! if [[ $(conf_read stack-update) == "running" ]]; then echo "${blu}${dim}Verify skipped because update stack is in process...${end}" return fi # Webinoly Verify command echo "${blu}${dim}Verifying integrity of the entire Webinoly system...${end}${red}" [[ $verify == "critical" ]] && local critical_mode="true" ##################################### ##### Webinoly Integrity Test ##### ##################################### local ver_one_err="0" local ver_one_war="0" if [[ ! -f /opt/webinoly/lib/api-events_sample ]]; then echo "- [ERROR] File: /opt/webinoly/lib/api-events_sample not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/bkp ]]; then echo "- [ERROR] File: /opt/webinoly/lib/bkp not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/datadog ]]; then echo "- [ERROR] File: /opt/webinoly/lib/datadog not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/ex-ssl-authentication ]]; then echo "- [ERROR] File: /opt/webinoly/lib/ex-ssl-authentication not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/ex-ssl-cleanup ]]; then echo "- [ERROR] File: /opt/webinoly/lib/ex-ssl-cleanup not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/general ]]; then echo "- [ERROR] File: /opt/webinoly/lib/general not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/headers ]]; then echo "- [ERROR] File: /opt/webinoly/lib/bkp not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/install ]]; then echo "- [ERROR] File: /opt/webinoly/lib/install not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/public_suffix_list.dat ]]; then echo "- [ERROR] File: /opt/webinoly/lib/public_suffix_list.dat not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/sites ]]; then echo "- [ERROR] File: /opt/webinoly/lib/sites not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/site-ssl ]]; then echo "- [ERROR] File: /opt/webinoly/lib/site-ssl not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/timezone.dat ]]; then echo "- [ERROR] File: /opt/webinoly/lib/timezone.dat not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/update ]]; then echo "- [ERROR] File: /opt/webinoly/lib/update not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/verify ]]; then echo "- [ERROR] File: /opt/webinoly/lib/verify not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/lib/webin ]]; then echo "- [ERROR] File: /opt/webinoly/lib/webin not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/template-site-php ]]; then echo "- [ERROR] File: /opt/webinoly/templates/template-site-php not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/template-site-proxy ]]; then echo "- [ERROR] File: /opt/webinoly/templates/template-site-proxy not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/template-site-proxycache ]]; then echo "- [ERROR] File: /opt/webinoly/templates/template-site-proxycache not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/template-site-ssl ]]; then echo "- [ERROR] File: /opt/webinoly/templates/template-site-ssl not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/template-site-sslredirect ]]; then echo "- [ERROR] File: /opt/webinoly/templates/template-site-sslredirect not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/template-site-wwwredirect ]]; then echo "- [ERROR] File: /opt/webinoly/templates/template-site-wwwredirect not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/nginx.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/nginx.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/conf.d/fastcgi.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/conf.d/fastcgi.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/conf.d/upstream.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/conf.d/upstream.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/acl.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/acl.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/auth.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/auth.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/header.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/header-html.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/headers.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-html.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/headers-html.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-html.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/headers-http.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-http.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/headers-https.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-https.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/locations.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/locations.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/php.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/php.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/phpx.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/phpx.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/wpcommon.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpcommon.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/wpcommon-noauth.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpcommon-noauth.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/wpfc.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpfc.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/nginx/common/wpsubdir.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpsubdir.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/admin_tools.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/admin_tools.conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/certbot-deploy-hook ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/certbot-deploy-hook not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/conf not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/duply ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/duply not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/nginx-blackhole ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/nginx-blackhole not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/sysctl ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/sysctl not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/tools-site-blackhole ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/tools-site-blackhole not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/templates/general/tools-site-localhost ]]; then echo "- [ERROR] File: /opt/webinoly/templates/general/tools-site-localhost not found!" local ver_one_err="1" fi if [[ ! -f /opt/webinoly/webinoly.conf ]]; then echo "- [ERROR] File: /opt/webinoly/webinoly.conf not found!" local ver_one_err="1" fi if [[ ! -f /usr/bin/webinoly ]]; then echo "- [ERROR] File: /usr/bin/webinoly not found!" local ver_one_err="1" fi if [[ ! -f /usr/bin/site ]]; then echo "- [ERROR] File: /usr/bin/site not found!" local ver_one_err="1" fi if [[ ! -f /usr/bin/httpauth ]]; then echo "- [ERROR] File: /usr/bin/httpauth not found!" local ver_one_err="1" fi if [[ ! -f /usr/bin/log ]]; then echo "- [ERROR] File: /usr/bin/log not found!" local ver_one_err="1" fi if [[ ! -f /usr/bin/stack ]]; then echo "- [ERROR] File: /usr/bin/stack not found!" local ver_one_err="1" fi if [[ -n $(conf_read init-error-flag) ]]; then echo "- [ERROR] This copy of Webinoly is not genuine!" local ver_one_err="1" fi if [[ -z $critical_mode ]]; then # Check if Webinoly is updated local ver_currentver=$(conf_read app-version) local ver_checkver=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true) if ! [[ -n $ver_checkver && -n $ver_currentver && ${ver_currentver//.} -ge ${ver_checkver//.} ]]; then echo "${dim}- [WARNING] Webinoly App is not updated. A new version is available!${end}${red}" local ver_one_war="1" fi if [[ $ver_currentver != $app_version ]]; then echo "${dim}- [WARNING] Webinoly App version check is corrupted! (Installed: $app_version != Conf: ${ver_currentver}) ${end}${red}" local ver_one_war="1" fi # Configuration File - Check for duplicate directives if [[ -f /opt/webinoly/webinoly.conf ]]; then IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this. for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf) do if [[ $(grep "^$(echo $i | cut -d':' -f 1 -s):" -c /opt/webinoly/webinoly.conf) -gt 1 ]]; then echo "${dim}- [WARNING] Duplicate variable directive in Configuration File! ($(echo $i | cut -d':' -f 1 -s)) ${end}${red}" local ver_one_war="1" fi done fi # Temp dynvar in conf file if [[ -n $(conf_read force-flag) ]]; then echo "${dim}- [WARNING] Temporal variable (force-flag) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read delautopma) ]]; then echo "${dim}- [WARNING] Temporal variable (delautopma) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read temp-path) ]]; then echo "${dim}- [WARNING] Temporal variable (temp-path) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read nginx-reload) ]]; then echo "${dim}- [WARNING] Temporal variable (nginx-reload) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read quiet) ]]; then echo "${dim}- [WARNING] Temporal variable (quiet) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read multi-bkp-db) ]]; then echo "${dim}- [WARNING] Temporal variable (multi-bkp-db) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read multi-bkp-dbh) ]]; then echo "${dim}- [WARNING] Temporal variable (multi-bkp-dbh) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read stack-update) ]]; then echo "${dim}- [WARNING] Temporal variable (stack-update) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ -n $(conf_read mysql-reinstall) ]]; then echo "${dim}- [WARNING] Temporal variable (mysql-reinstall) has been found in the Webinoly Configuration File! ${end}${red}" local ver_one_war="1" fi if [[ $ver_one_err == "1" ]]; then echo "(1) Webinoly Integrity Test has failed!" elif [[ $ver_one_war == "1" ]]; then echo "${dim}(1) Webinoly Integrity Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(1) Webinoly Integrity Test successful!${end}${red}" fi fi ################################ ##### NGINX Verification ##### ################################ local ver_two_err="0" local ver_two_war="0" if [[ $(conf_read nginx) == "true" ]]; then # Check if NGINX command is installed if ! which nginx >/dev/null ; then echo "- [ERROR] Seems like NGIN command is not installed!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/nginx.conf ]]; then echo "- [ERROR] File: /etc/nginx/nginx.conf not found!" local ver_two_err="1" fi if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then if [[ ! -f /etc/apt/trusted.gpg || -z $(grep -Foia "nginx signing key" /etc/apt/trusted.gpg) ]]; then echo "- [ERROR] Nginx Apt Key not found!" local ver_two_err="1" fi if [[ ! -f /etc/apt/sources.list || -z $(grep -Fo "nginx.org/packages/" /etc/apt/sources.list) ]]; then echo "- [ERROR] Nginx PPA not found in sources list!" local ver_two_err="1" fi else if [[ ! -f /usr/share/keyrings/nginx-archive-keyring.gpg || ! -s /usr/share/keyrings/nginx-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/nginx-archive-keyring.gpg | grep '[^[:space:]]') ]]; then echo "- [ERROR] Nginx Apt Key not found!" local ver_two_err="1" fi if [[ ! -f /etc/apt/sources.list.d/nginx.list || ! -s /etc/apt/sources.list.d/nginx.list || -z $(cat -v /etc/apt/sources.list.d/nginx.list | grep -m 1 '[^[:space:]]') ]]; then echo "- [ERROR] Nginx PPA not found in sources list!" local ver_two_err="1" fi fi fi # NGINX Optim if [[ $(conf_read nginx-optim) == "true" ]]; then if [[ ! -f /etc/nginx/fastcgi_params ]]; then echo "- [ERROR] File: /etc/nginx/fastcgi_params not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/conf.d/fastcgi.conf ]]; then echo "- [ERROR] File: /etc/nginx/conf.d/fastcgi.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/conf.d/upstream.conf ]]; then echo "- [ERROR] File: /etc/nginx/conf.d/upstream.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/acl.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/acl.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/auth.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/auth.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/header.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/header.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/headers.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/headers.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/headers-html.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/headers-html.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/headers-http.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/headers-http.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/headers-https.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/headers-https.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/locations.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/locations.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/php.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/php.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/phpx.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/phpx.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/wpcommon.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/wpcommon.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/wpcommon-noauth.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/wpcommon-noauth.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/wpfc.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/wpfc.conf not found!" local ver_two_err="1" fi if [[ ! -f /etc/nginx/common/wpsubdir.conf ]]; then echo "- [ERROR] File: /etc/nginx/common/wpsubdir.conf not found!" local ver_two_err="1" fi if [[ ! -f /opt/webinoly/templates/source/default ]]; then echo "- [ERROR] File: /opt/webinoly/templates/source/default not found!" local ver_two_err="1" fi if [[ ! -f /opt/webinoly/templates/source/nginx.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/source/nginx.conf not found!" local ver_two_err="1" fi if [[ -f /etc/nginx/common/wpfc.conf && ( -n $(grep -F "" /etc/nginx/common/wpfc.conf) || -n $(grep -F "" /etc/nginx/common/wpfc.conf) ) ]]; then echo "- [ERROR] File: /etc/nginx/common/wpfc.conf is corrupted!" local ver_two_err="1" fi if [[ -f /etc/nginx/common/locations.conf && ( -n $(grep -F "" /etc/nginx/common/locations.conf) || -n $(grep -F "" /etc/nginx/common/locations.conf) ) ]]; then echo "- [ERROR] File: /etc/nginx/common/locations.conf is corrupted!" local ver_two_err="1" fi fi # NGINX tools site if [[ $(conf_read nginx) == "true" ]]; then if [[ -z $ADMIN_TOOLS_SITE ]]; then echo "- [ERROR] ADMIN_TOOLS_SITE variable is corrupted!" # You never know! local ver_two_err="1" fi if [[ -n $(conf_read tools-port) && -n $(conf_read tools-site) && ( ! -f /etc/nginx/sites-available/$(conf_read tools-site) || ! -f /etc/nginx/sites-enabled/$(conf_read tools-site) ) ]]; then echo "- [ERROR] Tools-Site seems to have a domain configured, but this site does not exist! ($(conf_read tools-site))" local ver_two_err="1" fi if [[ ! -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]]; then echo "- [ERROR] File: /etc/nginx/sites-available/$ADMIN_TOOLS_SITE not found!" local ver_two_err="1" fi if [[ ! -d /var/www/$ADMIN_TOOLS_SITE ]]; then echo "- [ERROR] Folder: /var/www/$ADMIN_TOOLS_SITE not found!" local ver_two_err="1" fi if [[ -z $(conf_read tools-port) ]]; then echo "- [ERROR] Port Tools is not set or not found!" local ver_two_err="1" fi if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/nginx_status ]]; then echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/nginx_status not found!" local ver_two_err="1" fi fi if [[ -z $critical_mode ]]; then if [[ $(conf_read nginx) != "true" ]]; then if [[ -f /etc/nginx/nginx.conf ]]; then echo "${dim}- [WARNING] Seems like NGINX is installed but Webinoly can not detect it!${end}${red}" local ver_two_war="1" fi if [[ -f /etc/nginx/fastcgi.conf ]]; then echo "${dim}- [WARNING] Seems like NGINX is installed but Webinoly can not detect it!${end}${red}" local ver_two_war="1" fi fi if [[ $(conf_read nginx) != "true" && -n $(conf_read tools-port) ]]; then if [[ -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE || -d /var/www/$ADMIN_TOOLS_SITE ]]; then echo "${dim}- [WARNING] Seems like Nginx Tools are enabled but Webinoly can not detect it!${end}${red}" local ver_two_war="1" fi fi # Check for Tools and Default site. if [[ -n $(conf_read default-site) && ! ( $(conf_read default-site) =~ ^(default|blackhole)$ ) && ! -L /etc/nginx/sites-enabled/$(conf_read default-site) ]]; then echo "${dim}- [WARNING] Default site not found or is not enabled!${end}${red}" local ver_two_war="1" fi if [[ -n $(conf_read tools-site) && $(conf_read tools-site) != "default" && ! -L /etc/nginx/sites-enabled/$(conf_read tools-site) ]]; then echo "${dim}- [WARNING] Tools site not found or is not enabled!${end}${red}" local ver_two_war="1" fi # NGINX Conf check if [[ $(conf_read nginx) != "true" && $(conf_read nginx-optim) == "true" ]]; then echo "${dim}- [WARNING] NGINX Configuration corrupted!${end}${red}" local ver_two_war="1" fi if [[ $(conf_read nginx-optim) == "true" && ! ( -s /etc/nginx/.htpasswd || ( -n $(conf_read tools-site) && -s /etc/nginx/apps.d/.htpasswd-$(conf_read tools-site) )) ]]; then echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found to access the server tools on port $(conf_read tools-port).${end}${red}" fi # HTTP Headers if [[ $(conf_read nginx-optim) == "true" && -z $(conf_read header-csp) ]]; then echo "${blu}${dim}- [INFO] Setting a Content-Security-Policy Header is highly recommended!${end}${red}" fi if [[ $(conf_read nginx-optim) == "true" && $(conf_read header-xssp) == "true" ]]; then echo "${blu}${dim}- [INFO] X-XSS Header is no longer recommended, use a strong CSP instead!${end}${red}" fi if [[ $(conf_read nginx) == "true" ]]; then # Webinoly Stack version if [[ $(conf_read server-version) != $svr_version ]]; then echo "${dim}- [WARNING] Webinoly Stack version check is corrupted! (Installed: $svr_version != Conf: $(conf_read server-version)) ${end}${red}" local ver_two_war="1" fi # Check Nginx Branch in Configuration File if [[ $(($(sudo nginx -v 2>&1 | cut -d'.' -f 2 -s)%2)) == 1 && $(conf_read nginx-ppa) != "mainline" ]]; then echo "- [ERROR] Nginx Branch in Configuration File is corrupted!" local ver_two_err="1" elif [[ $(($(sudo nginx -v 2>&1 | cut -d'.' -f 2 -s)%2)) == 0 && $(conf_read nginx-ppa) != "stable" && -n $(conf_read nginx-ppa) ]]; then echo "- [ERROR] Nginx Branch in Configuration File is corrupted!" local ver_two_err="1" fi fi if [[ $ver_two_err == "1" ]]; then echo "(2) NGINX Verification Test has failed!" elif [[ $ver_two_war == "1" ]]; then echo "${dim}(2) NGINX Verification Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(2) NGINX Verification Test successful!${end}${red}" fi fi ############################## ##### PHP Verification ##### ############################## local ver_three_err="0" local ver_three_war="0" if [[ $(conf_read php) == "true" ]]; then # Check if PHP command is installed if ! which php >/dev/null ; then echo "- [ERROR] Seems like PHP command is not installed!" local ver_three_err="1" fi if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/php.ini ]]; then echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/php.ini not found!" local ver_three_err="1" fi if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then if [[ ! -f /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || ! -s /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg | grep -m 1 '[^[:space:]]') ]]; then echo "- [ERROR] PHP Apt Key not found!" local ver_three_err="1" fi if [[ ! -f /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || ! -s /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || -z $(cat -v /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list | grep -m 1 '[^[:space:]]') ]]; then echo "- [ERROR] PHP PPA not found in sources list!" local ver_three_err="1" fi else if [[ ! -f /usr/share/keyrings/php-archive-keyring.gpg || ! -s /usr/share/keyrings/php-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/php-archive-keyring.gpg | grep '[^[:space:]]') ]]; then echo "- [ERROR] PHP Apt Key not found!" local ver_three_err="1" fi if [[ ! -f /etc/apt/sources.list.d/php.list || ! -s /etc/apt/sources.list.d/php.list || -z $(cat -v /etc/apt/sources.list.d/php.list | grep -m 1 '[^[:space:]]') ]]; then echo "- [ERROR] PHP PPA not found in sources list!" local ver_three_err="1" fi fi fi # PHP Optim if [[ $(conf_read php-optim) == "true" ]]; then if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf ]]; then echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf not found!" local ver_three_err="1" fi if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf ]]; then echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf not found!" local ver_three_err="1" fi if [[ ! -f /opt/webinoly/templates/source/www.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/source/www.conf not found!" local ver_three_err="1" fi if [[ ! -f /opt/webinoly/templates/source/php.ini ]]; then echo "- [ERROR] File: /opt/webinoly/templates/source/php.ini not found!" local ver_three_err="1" fi if [[ ! -f /opt/webinoly/templates/source/php-fpm.conf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/source/php-fpm.conf not found!" local ver_three_err="1" fi fi # PHP Tools if [[ $(conf_read php) == "true" && $(conf_read nginx) == "true" ]]; then if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/ping ]]; then echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/ping not found!" local ver_three_err="1" fi if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/status ]]; then echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/status not found!" local ver_three_err="1" fi if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php ]]; then echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php not found!" local ver_three_err="1" fi fi if [[ -z $critical_mode ]]; then if [[ -f /etc/php/$(conf_read php-ver)/fpm/php.ini && $(conf_read php) != "true" ]]; then echo "${dim}- [WARNING] Seems like PHP is installed but Webinoly can not detect it!${end}${red}" local ver_three_war="1" fi if [[ $(conf_read php) != "true" && $(conf_read nginx) == "true" ]]; then if [[ -f /var/www/$ADMIN_TOOLS_SITE/htdocs/status ]]; then echo "${dim}- [WARNING] Seems like PHP Tools are enabled but Webinoly can not detect it!${end}${red}" local ver_three_war="1" fi if [[ -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php ]]; then echo "${dim}- [WARNING] Seems like PHP Tools are enabled but Webinoly can not detect it!${end}${red}" local ver_three_war="1" fi fi # PHP Conf check if [[ $(conf_read php) != "true" && $(conf_read php-optim) == "true" ]]; then echo "${dim}- [WARNING] PHP Configuration corrupted!${end}${red}" local ver_three_war="1" fi # Check for PHP version if [[ $(conf_read php) == "true" ]]; then local ver_php_ver=$(php -v | grep -m1 "" | sed 's/PHP \([^\-]*\).*/\1/' | cut -f 1-2 -d'.') if [[ $(conf_read php-ver) != $ver_php_ver ]]; then echo "${dim}- [WARNING] PHP Version corrupted in Configuration file! (Installed: $ver_php_ver != Conf: $(conf_read php-ver)) ${end}${red}" local ver_three_war="1" fi if ! [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4|8.0|8.1|8.2|8.3)$ ]]; then echo "${dim}- [WARNING] Unknown PHP version!${end}${red}" local ver_three_war="1" elif [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4|8.0)$ ]]; then echo "${dim}- [WARNING] You have an obsolete PHP version installed (${ver_php_ver}) that not even receive security updates!${end}${red}" local ver_three_war="1" #elif [[ $ver_php_ver == "8.1" ]]; then # echo "${blu}${dim}- [INFO] PHP v8.2 or later is recommended to get an optimal perfomance! (Current: ${ver_php_ver}) ${end}${red}" fi fi if [[ $ver_three_err == "1" ]]; then echo "(3) PHP Verification Test has failed!" elif [[ $ver_three_war == "1" ]]; then echo "${dim}(3) PHP Verification Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(3) PHP Verification Test successful!${end}${red}" fi fi ######################################## ##### MySQL/MariaDB Verification ##### ######################################## local ver_four_err="0" local ver_four_war="0" # MySQL/MariaDB if [[ $(conf_read mysql) == "true" || $(conf_read mysql-client) == "true" ]]; then # Check if MYSQL command is installed if ! which mysql >/dev/null ; then echo "- [ERROR] Seems like MYSQL command is not installed!" local ver_four_err="1" fi if [[ ! -d /etc/mysql ]]; then echo "- [ERROR] Folder: /etc/mysql not found!" local ver_four_err="1" fi fi if [[ $(conf_read mysql) == "true" ]]; then if [[ $(conf_read db-engine) == "mysql" ]]; then local ver_mysql_ver=$(sudo mysql --version | grep -Eo "Ver [0-9\.]+" | cut -f 2 -d' ' | cut -f 1-2 -d'.') if [[ -n $(sudo mysql --version | grep -Fio "MariaDb") ]]; then echo "- [ERROR] MySQL DB Engine in Configuration File is corrupted!" local ver_four_err="1" fi else # To check supported versions: https://mariadb.com/kb/en/mariadb-server/ local ver_mysql_ver=$(sudo mysql --version | sed 's/.*Distrib \([^\-]*\).*/\1/' | cut -f 1-2 -d'.') if [[ -z $(sudo mysql --version | grep -Fio "MariaDb") || ( -n $(conf_read db-engine) && $(conf_read db-engine) != "mariadb" ) ]]; then echo "- [ERROR] MySQL DB Engine in Configuration File is corrupted!" local ver_four_err="1" fi fi if [[ ! -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf ]]; then echo "- [ERROR] File: $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf not found!" local ver_four_err="1" fi if [[ ! -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf ]]; then echo "- [ERROR] File: $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf not found!" local ver_four_err="1" fi # PPA & Keys if [[ $(conf_read db-engine) == "mysql" ]]; then if [[ ! -f /usr/share/keyrings/mysql-archive-keyring.gpg || ! -s /usr/share/keyrings/mysql-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mysql-archive-keyring.gpg | grep -m 1 '[^[:space:]]') ]]; then echo "- [ERROR] MySQL Apt Key not found!" local ver_four_err="1" fi if [[ ! -f /etc/apt/sources.list.d/mysql.list || ! -s /etc/apt/sources.list.d/mysql.list || -z $(cat -v /etc/apt/sources.list.d/mysql.list | grep -m 1 '[^[:space:]]') ]]; then echo "- [ERROR] MySQL PPA not found in sources list!" local ver_four_err="1" fi elif [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then if [[ ! -f /etc/apt/trusted.gpg || -z $(grep -Foia "mariadb signing key" /etc/apt/trusted.gpg) ]]; then echo "- [ERROR] MariaDB Apt Key not found!" local ver_four_err="1" fi if [[ ! -f /etc/apt/sources.list || -z $(grep -Fo "mirrors.syringanetworks.net/mariadb/repo" /etc/apt/sources.list) ]]; then echo "- [ERROR] MariaDB PPA not found in sources list!" local ver_four_err="1" fi else if [[ ! -f /usr/share/keyrings/mariadb-archive-keyring.gpg || ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mariadb-archive-keyring.gpg | grep '[^[:space:]]') ]]; then echo "- [ERROR] MariaDB Apt Key not found!" local ver_four_err="1" fi if [[ ! -f /etc/apt/sources.list.d/mariadb.list || ! -s /etc/apt/sources.list.d/mariadb.list || -z $(cat -v /etc/apt/sources.list.d/mariadb.list | grep -m 1 '[^[:space:]]') ]]; then echo "- [ERROR] MariaDB PPA not found in sources list!" local ver_four_err="1" fi fi # MySQL/MariaDB Connection if [[ -n $(conf_read mysql-root) ]]; then # Dynvar can be removed safely! local ROOT_PASS=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) [[ -z $ROOT_PASS ]] && ROOT_PASS="dUmb" if ! sudo mysql --connect-timeout=10 --user=root -p$ROOT_PASS -e "quit" 2>/dev/null; then echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (root)" local ver_four_err="1" fi fi if ! sudo mysql --connect-timeout=10 --user=admin -e "quit" 2>/dev/null; then echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (admin)" local ver_four_err="1" fi fi if [[ -z $critical_mode ]]; then # MySQL RAM requirements! if [[ $(conf_read db-engine) == "mysql" && $ram -lt 2 ]]; then echo "${dim}- [WARNING] You have MySQL set as database engine, you should not use it in production with less than 2GB RAM. (4GB recommended) ${end}${red}" local ver_four_war="1" fi # Check for MySQL version if [[ $(conf_read mysql) == "true" ]]; then if [[ $(conf_read mysql-ver) != $ver_mysql_ver ]]; then echo "${dim}- [WARNING] MySQL/MariaDB Version corrupted in Configuration file! (Installed: $ver_mysql_ver != Conf: $(conf_read mysql-ver)) ${end}${red}" local ver_four_war="1" fi # MySQL and MariaDB can be mixed, don't worry! if ! [[ $ver_mysql_ver =~ ^(8.0|10.0|10.1|10.2|10.3|10.4|10.5|10.6|10.11)$ ]]; then echo "${dim}- [WARNING] Unknown MySQL/MariaDB version!${end}${red}" local ver_four_war="1" elif [[ $ver_mysql_ver =~ ^(10.0|10.1|10.2|10.3)$ ]]; then echo "${dim}- [WARNING] You have an obsolete MariaDB version (${ver_mysql_ver}) installed that not even receive security updates!${end}${red}" local ver_four_war="1" elif [[ $ver_mysql_ver =~ ^(10.4)$ ]]; then echo "${blu}${dim}- [INFO] MariaDB v10.6 or later is recommended to get an optimal perfomance! (Current: ${ver_mysql_ver}) ${end}${red}" fi fi if [[ $(conf_read mysql) != "true" && $(conf_read mysql-tool-pma) == "true" ]]; then echo "${dim}- [WARNING] MySQL Configuration corrupted!${end}${red}" local ver_four_war="1" fi if [[ -d /etc/mysql && $(conf_read mysql) != "true" && $(conf_read mysql-client) != "true" ]]; then echo "${dim}- [WARNING] Seems like some MySQL data remains but MySQL is not installed or Webinoly can not detect it!${end}${red}" local ver_four_war="1" fi if [[ ( -d /var/www/$ADMIN_TOOLS_SITE/htdocs/pma || -d /usr/share/phpmyadmin ) && $(conf_read mysql-tool-pma) != "true" ]]; then echo "${dim}- [WARNING] Seems like phpMyAdmin is installed but Webinoly can not detect it!${end}${red}" local ver_four_war="1" fi if [[ $(conf_read mysql-client) == "true" ]]; then # DB Role - Check Privileges! local dbrolecheck=$(conf_read dbrole) local dbrolecheck=${dbrolecheck,,} if [[ $dbrolecheck == "all" ]]; then echo "${blu}${dim}- [INFO] DB Default Privileges are set to ALL, you should consider a more-restrictive value! (Also, some external DB services may not work) ${end}${red}" elif [[ $dbrolecheck == "grant" ]]; then echo "${blu}${dim}- [INFO] DB Default Privileges are set to GRANT, you should consider a more-restrictive value! ${end}${red}" elif [[ $dbrolecheck == "basic" ]]; then echo "${blu}${dim}- [INFO] DB Default Privileges are set to BASIC, some sites may not work properly with basic privileges! ${end}${red}" fi # Saved DB Credentials conf_write quiet true if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbu) && -n $(conf_read external-dbp) && -n $(conf_read external-dbx) ]]; then local svdb=$(check_mysql_connection $(conf_read external-dbh) $(conf_read external-dbx) $(conf_read external-dbu) $(conf_read external-dbp) -master-admin) if [[ $svdb == "false" ]]; then echo "- [ERROR] External DB Connection failed! (Saved credentials for: $(conf_read external-dbh):$(conf_read external-dbx))" local ver_four_err="1" elif [[ $svdb == "truebutnotmaster" ]]; then echo "${dim}- [WARNING] External DB Connection seems like not have Master user privileges! (Saved credentials for: $(conf_read external-dbh):$(conf_read external-dbx)) ${end}${red}" local ver_four_war="1" fi fi conf_delete quiet fi if [[ $ver_four_err == "1" ]]; then echo "(4) MySQL/MariaDB Verification Test has failed!" elif [[ $ver_four_war == "1" ]]; then echo "${dim}(4) MySQL/MariaDB Verification Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(4) MySQL/MariaDB Verification Test successful!${end}${red}" fi fi ######################################### ##### Service Status Verification ##### ######################################### local ver_five_err="0" local ver_five_war="0" if [[ $(conf_read nginx) == "true" ]] && ! systemctl is-active --quiet nginx; then echo "- [ERROR] Nginx service not running!" local ver_five_err="1" fi if [[ $(conf_read php) == "true" ]] && ! systemctl is-active --quiet php$(conf_read php-ver)-fpm; then echo "- [ERROR] PHP service not running!" local ver_five_err="1" fi if [[ $(conf_read mysql) == "true" ]] && ! systemctl is-active --quiet mysql; then echo "- [ERROR] MySQL/MariaDB service not running!" local ver_five_err="1" fi if [[ $(conf_read php-tool-redis) == "true" ]] && ! systemctl is-active --quiet redis-server; then echo "- [ERROR] Redis service not running!" local ver_five_err="1" fi if [[ $(conf_read php-tool-memcached) == "true" ]] && ! systemctl is-active --quiet memcached; then echo "- [ERROR] Memcached service not running!" local ver_five_err="1" fi if [[ $(conf_read php-tool-postfix) == "true" ]] && ! systemctl is-active --quiet postfix; then echo "- [ERROR] Postfix service not running!" local ver_five_err="1" fi if [[ $(conf_read nginx) == "true" ]] && ! sudo nginx -t 2>/dev/null; then echo "- [ERROR] Nginx Configuration check failed!" local ver_five_err="1" fi if [[ -z $critical_mode ]]; then if [[ $ver_five_err == "1" ]]; then echo "(5) Service Status Verification Test has failed!" else echo "${gre}${dim}(5) Service Status Verification Test successful!${end}${red}" fi fi ########################################### ##### Operating System Verification ##### ########################################### local ver_six_err="0" local ver_six_war="0" local swa=$(grep SwapTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k') if [[ $(conf_read linux-optim) == "true" && ( -z $swa || $swa == "0" ) && $(conf_read swap-mem) != 0 ]]; then echo "- [ERROR] SWAP Memory File not found!" local ver_six_err="1" fi # Check OS support if [[ $(lsb_release -i | cut -d':' -f 2 | xargs) != "Ubuntu" ]]; then echo "- [ERROR] This Operating System is not supported!" local ver_six_err="1" elif [[ $(check_ubuntu_release) != "true" ]]; then echo "- [ERROR] This Ubuntu version is not supported!" local ver_six_err="1" elif [[ $(lsb_release -c | cut -d':' -f 2 | xargs) == "bionic" ]]; then #echo "${blu}${dim}- [INFO] You should start considering moving to Ubuntu 22.04 or 20.04 ${end}${red}" echo "${dim}- [WARNING] Support for Ubuntu 18.04 will be removed very soon! ${end}${red}" local ver_six_war="1" fi # Double-Check for sudo/root privileges if [[ $(whoami) != "root" ]]; then echo "- [ERROR] This user has no sudo/root privileges!" local ver_six_err="1" fi # Check disk usage local ver_disk=$(df -h --output=pcent / | grep -Eo "[0-9]+") if [[ $ver_disk =~ ^[0-9]+$ && $ver_disk -gt 75 ]]; then echo "${dim}- [WARNING] You are running out of disk space! (Usage: ${ver_disk}%) (Logs: $(sudo du -sh /var/log | cut -d"/" -f 1 -s))${end}${red}" local ver_six_war="1" fi # Check if WGET is installed if ! which wget >/dev/null ; then echo "- [ERROR] Seems like WGET package is not installed!" local ver_six_err="1" fi # Check for OS Updates # Run in non-critical mode and when updating Webinoly to remember that is important to keep the OS updated, not only Webinoly. # For example, we can implement new Nginx directives and it will fails if Nginx package is not updated. if [[ -z $critical_mode || -n $check_for_updates ]]; then if [[ -f /usr/lib/update-notifier/apt-check ]]; then local ver_os_updates=$(echo $(/usr/lib/update-notifier/apt-check --human-readable) | grep -Eo "[0-9]+ " | head -1 | sed "s/ //") if [[ $ver_os_updates =~ ^[0-9]+$ && $ver_os_updates -gt 0 ]]; then echo "${dim}- [WARNING] Operating System is not updated, $ver_os_updates updates can be installed immediately.${end}${red}" local ver_six_war="1" fi fi fi if [[ -z $critical_mode ]]; then # Check for BASH Shell # This is a very "shity" method, but checking if file exists is very reliable # If modified: this same script is in installer, general lib and verify if [[ $(conf_read shell-check) != "false" && -n $(echo $(tty) | grep -Eo "pts/[0-9]+") && -n $(logname) ]]; then local ver_pre_pid=$(ps -au | grep -E "pts/[0-9]+[ ]+S[s]?[ ]+" | sed '/sudo/d' | tail -n 1) [[ -n $ver_pre_pid ]] && local ver_shell_pid=$(echo $ver_pre_pid | awk '{print $2}') [[ -n $ver_shell_pid && -f /proc/$ver_shell_pid/cmdline ]] && local ver_shell_current=$(tr -d '\000' < /proc/$ver_shell_pid/cmdline) [[ -n $ver_shell_pid && -f /proc/$ver_shell_pid/status ]] && local ver_shell_status=$(grep -Eo '^Name:.*bash.*' /proc/$ver_shell_pid/status) # Double check!!! if [[ -n $ver_shell_current && $ver_shell_current != *"bash"* && -z $ver_shell_status ]]; then # Should never be displayed because is blocked in general lib, but who knows! echo "${dim}- [WARNING] Seems like you are using an interactive shell different than BASH! ${dim}($(echo $ver_pre_pid | awk '{print $1}'):${ver_shell_current}) ${end}${red}" local ver_six_war="1" elif [[ -z $ver_shell_current ]]; then echo "${blu}${dim}- [INFO] Shell check fails to retrieve data! ${end}${red}" fi fi # Check if timezone is set if [[ -z $(conf_read timezone) ]] || ! grep -Fxq $(conf_read timezone) /opt/webinoly/lib/timezone.dat; then echo "${dim}- [WARNING] Timezone is not set or not valid!${end}${red}" local ver_six_war="1" fi if [[ $ver_six_err == "1" ]]; then echo "(6) Operating System Verification Test has failed!" elif [[ $ver_six_war == "1" ]]; then echo "${dim}(6) Operating System Verification Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(6) Operating System Verification Test successful!${end}${red}" fi fi ########################################### ##### Additional Tools Verification ##### ########################################### local ver_seven_err="0" local ver_seven_war="0" # Web Tools if [[ $(conf_read php-tool-redis) == "true" ]]; then # Check if REDIS command is installed if ! which redis-cli >/dev/null ; then echo "- [ERROR] Seems like Redis command is not installed!" local ver_seven_err="1" fi if [[ ! -d /etc/redis ]]; then echo "- [ERROR] Folder: /etc/redis not found!" local ver_seven_err="1" fi # 18.04 - /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg # 20.04 - /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg # 22.04 - /usr/share/keyrings/redis-archive-keyring.gpg if [[ ( ! -f /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg | grep '[^[:space:]]') ) && ( ! -f /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg | grep '[^[:space:]]') ) && ( ! -f /usr/share/keyrings/redis-archive-keyring.gpg || ! -s /usr/share/keyrings/redis-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/redis-archive-keyring.gpg | grep '[^[:space:]]') ) ]]; then echo "- [ERROR] Redis Apt Key not found!" local ver_seven_err="1" fi # 18.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list # 20.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list # 22.04 - /etc/apt/sources.list.d/redis.list if [[ ( ! -f /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || ! -s /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || -z $(cat -v /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list | grep -m 1 '[^[:space:]]')) && ( ! -f /etc/apt/sources.list.d/redis.list || ! -s /etc/apt/sources.list.d/redis.list || -z $(cat -v /etc/apt/sources.list.d/redis.list | grep -m 1 '[^[:space:]]')) ]]; then echo "- [ERROR] Redis PPA not found in sources list!" local ver_seven_err="1" fi fi if [[ $(conf_read mysql-tool-pma) == "true" && ! -d /var/www/$ADMIN_TOOLS_SITE/htdocs/pma ]]; then echo "- [ERROR] Folder: /var/www/$ADMIN_TOOLS_SITE/htdocs/pma not found!" local ver_seven_err="1" fi if [[ $(conf_read php-tool-memcached) == "true" ]]; then # Check if MEMCACHED command is installed if ! which memcached >/dev/null ; then echo "- [ERROR] Seems like Memcached command is not installed!" local ver_seven_err="1" fi fi if [[ $(conf_read php-tool-postfix) == "true" && ! -d /etc/postfix ]]; then echo "- [ERROR] Folder: /etc/postfix not found!" local ver_seven_err="1" fi if [[ $(conf_read php-tool-postfix) == "true" && ! -f /opt/webinoly/templates/source/main.cf ]]; then echo "- [ERROR] File: /opt/webinoly/templates/source/main.cf not found!" local ver_seven_err="1" fi if [[ $(conf_read nginx-tool-ssl) == "true" ]]; then # Check if CERTBOT command is installed if ! which certbot >/dev/null ; then echo "- [ERROR] Seems like Certbot command is not installed!" local ver_seven_err="1" fi fi if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then # Check if DUPLY command is installed if ! which duply >/dev/null ; then echo "- [ERROR] Seems like Duply command is not installed!" local ver_seven_err="1" fi # Check if DUPLICITY command is installed if ! which duplicity >/dev/null ; then echo "- [ERROR] Seems like Duplicity command is not installed!" local ver_seven_err="1" fi fi if [[ -z $critical_mode ]]; then # Check for SSL Orphan-Certs for cert in "/etc/letsencrypt/live"/* do domain=$(echo $cert | cut -f 5 -d "/") if [[ -d $cert && ! -f /etc/nginx/sites-available/$domain && -n $domain ]]; then echo "${blu}${dim}- [INFO] SSL Orphan-Cert found ($domain)!${end}${red}" fi done # Backups integrity if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then if [[ -d $HOME/.duply ]]; then for f in $HOME/.duply/* do if [[ -d $f && ! -f $f/conf ]]; then echo "${dim}- [WARNING] Backup Configuration corrupted! (Not found: ${f}/conf) ${end}${red}" local ver_seven_war="1" elif [[ -d $f && -f $f/conf && ! -d $(grep -E "^SOURCE[ ]?=" $f/conf | cut -f 2 -d "'" ) ]]; then echo "${dim}- [WARNING] Backup Configuration corrupted! (Invalid source in: ${f}/conf) ${end}${red}" local ver_seven_war="1" fi done fi fi if [[ $ver_seven_err == "1" ]]; then echo "(7) Additional Tools Verification Test has failed!" elif [[ $ver_seven_war == "1" ]]; then echo "${dim}(7) Additional Tools Verification Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(7) Additional Tools Verification Test successful!${end}${red}" fi fi ################################## ##### Checking Permissions ##### ################################## local ver_eight_err="0" local ver_eight_war="0" if [[ -z $critical_mode ]]; then # /var/www if [[ -d /var/www ]]; then local ver_perm_user=$(find /var/www -path "/var/www/*" ! -path "/var/www/\.*" ! -user www-data | head -10) local ver_perm_dire=$(find /var/www ! -path "/var/www/\.*" -type d ! -perm 755 | head -10) # Exclude dotted folders local ver_perm_file=$(find /var/www ! -path "/var/www/\.*/*" -type f ! -perm 644 | head -10) # Exclude files inside dotted folders if [[ $(conf_read login-www-data) != "true" && -d /var/www && $(stat -c '%U' /var/www) != "www-data" ]]; then echo "${dim}- [WARNING] Directory owner is not 'www-data' /var/www ${end}${red}" local ver_eight_war="1" elif [[ $(conf_read login-www-data) == "true" && -d /var/www && $(stat -c '%U' /var/www) != "root" ]]; then echo "${dim}- [WARNING] Directory owner is not 'root' /var/www ${end}${red}" local ver_eight_war="1" fi if [[ -n $ver_perm_user ]]; then echo "$ver_perm_user" | sed "s/^/${dim}- \[WARNING\] File or directory owner is not 'www-data' /" | sed "s/$/${end}${red}/" local ver_eight_war="1" fi if [[ -n $ver_perm_dire ]]; then echo "$ver_perm_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 755 /" | sed "s/$/${end}${red}/" local ver_eight_war="1" fi if [[ -n $ver_perm_file ]]; then echo "$ver_perm_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/" local ver_eight_war="1" fi fi # Check for .ssh folders while true do [[ -z $ver_count_ssh ]] && local ver_count_ssh=0 if [[ $ver_count_ssh == 0 ]]; then local ver_check_dir=$CURRENT_HOME local ver_check_user=$CURRENT_USER local ver_count_ssh=1 elif [[ $ver_count_ssh == 1 ]]; then local ver_check_dir="/var/www" local ver_check_user="www-data" local ver_count_ssh=2 # Always check root when logname user is different! elif [[ $ver_count_ssh == 2 && $CURRENT_HOME != "/root" ]]; then local ver_check_dir="/root" local ver_check_user="root" local ver_count_ssh=3 else break fi if [[ -d $ver_check_dir/.ssh ]]; then local ver_ssh_owner=$(find $ver_check_dir/.ssh ! -user $ver_check_user | head -10) local ver_ssh_dire=$(sudo find $ver_check_dir/.ssh -type d ! -perm 700 | head -10) local ver_ssh_file=$(sudo find $ver_check_dir/.ssh ! -path "$ver_check_dir/.ssh/*.pub" -type f ! -perm 600 | head -10) local ver_ssh_fpub=$(sudo find $ver_check_dir/.ssh -path "$ver_check_dir/.ssh/*.pub" -type f ! -perm 644 | head -10) if [[ -n $ver_ssh_owner ]]; then echo "$ver_ssh_owner" | sed "s/^/${dim}- \[WARNING\] File owner is not '${ver_check_user}' /" | sed "s/$/${end}${red}/" local ver_eight_war="1" fi if [[ -n $ver_ssh_dire ]]; then echo "$ver_ssh_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 700 /" | sed "s/$/${end}${red}/" local ver_eight_war="1" fi if [[ -n $ver_ssh_file ]]; then echo "$ver_ssh_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 600 /" | sed "s/$/${end}${red}/" local ver_eight_war="1" fi if [[ -n $ver_ssh_fpub ]]; then echo "$ver_ssh_fpub" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/" local ver_eight_war="1" fi fi done if [[ $ver_eight_err == "1" ]]; then echo "(8) Permissions Verification Test has failed!" elif [[ $ver_eight_war == "1" ]]; then echo "${dim}(8) Permissions Verification Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(8) Permissions Verification Test successful!${end}${red}" fi fi ################################ ##### Sites Verification ##### ################################ local ver_nine_err="0" local ver_nine_war="0" if [[ -z $critical_mode ]]; then for ver_site in "/etc/nginx/sites-available"/* do local ver_domi=$(echo $ver_site | cut -f 5 -d "/") [[ ! -f /etc/nginx/sites-available/$ver_domi ]] && continue # Double check! if [[ $ver_domi != "html" && $ver_domi != $ADMIN_TOOLS_SITE ]]; then # If WordPress, then check connection! if [[ $(is_wp $ver_domi) == "true" ]]; then if [[ ( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && ( ! -s /etc/nginx/apps.d/.htpasswd-$ver_domi || -z $(cat -v /etc/nginx/apps.d/.htpasswd-$ver_domi | grep -m 1 '[^[:space:]]')) && $(is_wp_auth $ver_domi) == "true" ]]; then echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found for $ver_domi${end}${red}" fi wp_conf_retrieve $ver_domi false false if [[ $wp_dbhost_host == "localhost" && ( -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname $mysql_param) != "true" ) ]]; then echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}" local ver_nine_war="1" elif [[ $wp_dbhost_host == "localhost" && -n $wp_dbhost_port ]]; then echo "${blu}${dim}- [INFO] Localhost with custom port could have a negative impact in performance (Site: $ver_domi | Host: ${wp_dbhost}).${end}${red}" elif [[ $wp_dbhost_host != "localhost" && ( -z $wp_dbhost_host || -z $wp_dbhost_port || -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass $wp_dbname) != "true" ) ]]; then echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}" local ver_nine_war="1" fi # If not WP but WP files are found then alert! (people manually installing WP) elif [[ -f /var/www/$ver_domi/wp-config.php || -f /var/www/$ver_domi/htdocs/wp-config.php ]]; then echo "${red}${dim}- [WARNING] Seems like $ver_domi is a WordPress site but configured for a different type! ${end}${red}" local ver_nine_war="1" fi fi done if [[ $ver_nine_err == "1" ]]; then echo "(9) Sites Verification Test has failed!" elif [[ $ver_nine_war == "1" ]]; then echo "${dim}(9) Sites Verification Test has some warning messages you should attend!${end}${red}" else echo "${gre}${dim}(9) Sites Verification Test successful!${end}${red}" fi fi echo "${end}" if [[ $ver_one_err != 0 || $ver_two_err != 0 || $ver_three_err != 0 || $ver_four_err != 0 || $ver_five_err != 0 || $ver_six_err != 0 || $ver_seven_err != 0 || $ver_eight_err != 0 || $ver_nine_err != 0 ]]; then echo "${red}*******************************************************" echo "******** ${bol}> > > E R R O R < < <${end}${red} ***********" echo "******** ${bol}System could not work properly${end}${red} ***********" echo "******************************************************* ${end}" conf_write stack-build-error-flag true return 1 elif [[ $ver_one_war != 0 || $ver_two_war != 0 || $ver_three_war != 0 || $ver_four_war != 0 || $ver_five_war != 0 || $ver_six_war != 0 || $ver_seven_war != 0 || $ver_eight_war != 0 || $ver_nine_war != 0 ]]; then if [[ -z $critical_mode ]]; then echo "${red}***************************************************************************************************" echo "******** ${bol}[ W A R N I N G ] There are some messages that should be attended!${end}${red} ***********" echo "*************************************************************************************************** ${end}" fi conf_delete stack-build-error-flag return 0 else conf_delete stack-build-error-flag [[ -z $critical_mode ]] && echo "${bol}${gre}Integrity test successfully passed!!! ${end}" return 0 fi }