d4d07db02f
- No passwords are passed in command line now for better security. - Better check for master admin users. - No need to ask for external credentials when not really needed.
1126 lines
No EOL
44 KiB
Bash
1126 lines
No EOL
44 KiB
Bash
#!/bin/bash
|
|
|
|
|
|
webinoly_verify() {
|
|
# Not run when update stack is running!
|
|
if [[ $(conf_read stack-update) == "running" ]]; then
|
|
echo "${blu}${dim}Verify skipped because update stack is in process...${end}"
|
|
return
|
|
fi
|
|
|
|
# Webinoly Verify command
|
|
echo "${blu}${dim}Verifying integrity of the entire Webinoly system...${end}${red}"
|
|
[[ $verify == "critical" ]] && local critical_mode="true"
|
|
|
|
|
|
#####################################
|
|
##### Webinoly Integrity Test #####
|
|
#####################################
|
|
|
|
local ver_one_err="0"
|
|
local ver_one_war="0"
|
|
|
|
if [[ ! -f /opt/webinoly/lib/api-events_sample ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/api-events_sample not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/bkp ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/bkp not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/datadog ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/datadog not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/ex-ssl-authentication ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/ex-ssl-authentication not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/ex-ssl-cleanup ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/ex-ssl-cleanup not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/general ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/general not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/headers ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/bkp not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/install ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/install not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/public_suffix_list.dat ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/public_suffix_list.dat not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/sites ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/sites not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/site-ssl ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/site-ssl not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/timezone.dat ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/timezone.dat not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/update ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/update not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/verify ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/verify not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/lib/webin ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/lib/webin not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
|
|
if [[ ! -f /opt/webinoly/templates/template-site-php ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/template-site-php not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/template-site-proxy ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/template-site-proxy not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/template-site-proxycache ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/template-site-proxycache not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/template-site-ssl ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/template-site-ssl not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/template-site-sslredirect ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/template-site-sslredirect not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/template-site-wwwredirect ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/template-site-wwwredirect not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/nginx.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/nginx.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/conf.d/fastcgi.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/conf.d/fastcgi.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/conf.d/upstream.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/conf.d/upstream.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/acl.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/acl.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/auth.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/auth.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/header.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/header-html.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/headers.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-html.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/headers-html.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-html.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/headers-http.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-http.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/headers-https.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-https.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/locations.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/locations.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/php.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/php.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/phpx.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/phpx.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/wpcommon.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpcommon.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/wpcommon-noauth.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpcommon-noauth.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/wpfc.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpfc.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/nginx/common/wpsubdir.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpsubdir.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/general/admin_tools.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/general/admin_tools.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/general/conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/general/conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/general/duply ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/general/duply not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/general/nginx-blackhole ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/general/nginx-blackhole not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/general/sysctl ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/general/sysctl not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/general/tools-site-blackhole ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/general/tools-site-blackhole not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/general/tools-site-localhost ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/general/tools-site-localhost not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
|
|
if [[ ! -f /opt/webinoly/webinoly.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/webinoly.conf not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /usr/bin/webinoly ]]; then
|
|
echo "- [ERROR] File: /usr/bin/webinoly not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /usr/bin/site ]]; then
|
|
echo "- [ERROR] File: /usr/bin/site not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /usr/bin/httpauth ]]; then
|
|
echo "- [ERROR] File: /usr/bin/httpauth not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /usr/bin/log ]]; then
|
|
echo "- [ERROR] File: /usr/bin/log not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
if [[ ! -f /usr/bin/stack ]]; then
|
|
echo "- [ERROR] File: /usr/bin/stack not found!"
|
|
local ver_one_err="1"
|
|
fi
|
|
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
# Check if Webinoly is updated
|
|
local ver_currentver=$(conf_read app-version)
|
|
local ver_checkver=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true)
|
|
if ! [[ -n $ver_checkver && -n $ver_currentver && ${ver_currentver//.} -ge ${ver_checkver//.} ]]; then
|
|
echo "${dim}- [WARNING] Webinoly App is not updated. A new version is available!${end}${red}"
|
|
local ver_one_war="1"
|
|
fi
|
|
|
|
if [[ $ver_currentver != $app_version ]]; then
|
|
echo "${dim}- [WARNING] Webinoly App version check is corrupted! (Installed: $app_version != Conf: ${ver_currentver}) ${end}${red}"
|
|
local ver_one_war="1"
|
|
fi
|
|
|
|
# Configuration File - Check for duplicate directives
|
|
if [[ -f /opt/webinoly/webinoly.conf ]]; then
|
|
IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this.
|
|
for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf)
|
|
do
|
|
if [[ $(grep "^$(echo $i | cut -d':' -f 1 -s):" -c /opt/webinoly/webinoly.conf) -gt 1 ]]; then
|
|
echo "${dim}- [WARNING] Duplicate variable directive in Configuration File! ($(echo $i | cut -d':' -f 1 -s)) ${end}${red}"
|
|
local ver_one_war="1"
|
|
fi
|
|
done
|
|
fi
|
|
|
|
if [[ $ver_one_err == "1" ]]; then
|
|
echo "(1) Webinoly Integrity Test has failed!"
|
|
elif [[ $ver_one_war == "1" ]]; then
|
|
echo "${dim}(1) Webinoly Integrity Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(1) Webinoly Integrity Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
################################
|
|
##### NGINX Verification #####
|
|
################################
|
|
|
|
local ver_two_err="0"
|
|
local ver_two_war="0"
|
|
|
|
if [[ $(conf_read nginx) == "true" ]]; then
|
|
if [[ ! -f /etc/nginx/nginx.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/nginx.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
|
|
if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
|
|
if [[ ! -f /etc/apt/trusted.gpg || -z $(grep -Foia "nginx signing key" /etc/apt/trusted.gpg) ]]; then
|
|
echo "- [ERROR] Nginx Apt Key not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/apt/sources.list || -z $(grep -Fo "nginx.org/packages/" /etc/apt/sources.list) ]]; then
|
|
echo "- [ERROR] Nginx PPA not found in sources list!"
|
|
local ver_two_err="1"
|
|
fi
|
|
else
|
|
if [[ ! -f /usr/share/keyrings/nginx-archive-keyring.gpg || ! -s /usr/share/keyrings/nginx-archive-keyring.gpg ]]; then
|
|
echo "- [ERROR] Nginx Apt Key not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/apt/sources.list.d/nginx.list || ! -s /etc/apt/sources.list.d/nginx.list ]]; then
|
|
echo "- [ERROR] Nginx PPA not found in sources list!"
|
|
local ver_two_err="1"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# NGINX Optim
|
|
if [[ $(conf_read nginx-optim) == "true" ]]; then
|
|
if [[ ! -f /etc/nginx/fastcgi_params ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/fastcgi_params not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/conf.d/fastcgi.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/conf.d/fastcgi.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/conf.d/upstream.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/conf.d/upstream.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/acl.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/acl.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/auth.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/auth.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/header.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/header.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/headers.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/headers.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/headers-html.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/headers-html.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/headers-http.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/headers-http.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/headers-https.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/headers-https.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/locations.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/locations.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/php.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/php.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/phpx.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/phpx.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/wpcommon.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/wpcommon.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/wpcommon-noauth.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/wpcommon-noauth.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/wpfc.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/wpfc.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/common/wpsubdir.conf ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/common/wpsubdir.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
|
|
|
|
if [[ ! -f /opt/webinoly/templates/source/default ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/source/default not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/source/nginx.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/source/nginx.conf not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
fi
|
|
|
|
# NGINX tools site
|
|
if [[ $(conf_read nginx) == "true" ]]; then
|
|
if [[ -z $ADMIN_TOOLS_SITE ]]; then
|
|
echo "- [ERROR] ADMIN_TOOLS_SITE variable is corrupted!" # You never know!
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ -n $(conf_read tools-port) && -n $(conf_read tools-site) && ( ! -f /etc/nginx/sites-available/$(conf_read tools-site) || ! -f /etc/nginx/sites-enabled/$(conf_read tools-site) ) ]]; then
|
|
echo "- [ERROR] Tools-Site seems to have a domain configured, but this site does not exist! ($(conf_read tools-site))"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]]; then
|
|
echo "- [ERROR] File: /etc/nginx/sites-available/$ADMIN_TOOLS_SITE not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -d /var/www/$ADMIN_TOOLS_SITE ]]; then
|
|
echo "- [ERROR] Folder: /var/www/$ADMIN_TOOLS_SITE not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ -z $(conf_read tools-port) ]]; then
|
|
echo "- [ERROR] Port Tools is not set or not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/nginx_status ]]; then
|
|
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/nginx_status not found!"
|
|
local ver_two_err="1"
|
|
fi
|
|
fi
|
|
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
if [[ $(conf_read nginx) != "true" ]]; then
|
|
if [[ -f /etc/nginx/nginx.conf ]]; then
|
|
echo "${dim}- [WARNING] Seems like NGINX is installed but Webinoly can not detect it!${end}${red}"
|
|
local ver_two_war="1"
|
|
fi
|
|
if [[ -f /etc/nginx/fastcgi.conf ]]; then
|
|
echo "${dim}- [WARNING] Seems like NGINX is installed but Webinoly can not detect it!${end}${red}"
|
|
local ver_two_war="1"
|
|
fi
|
|
fi
|
|
|
|
if [[ $(conf_read nginx) != "true" && -n $(conf_read tools-port) ]]; then
|
|
if [[ -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE || -d /var/www/$ADMIN_TOOLS_SITE ]]; then
|
|
echo "${dim}- [WARNING] Seems like Nginx Tools are enabled but Webinoly can not detect it!${end}${red}"
|
|
local ver_two_war="1"
|
|
fi
|
|
fi
|
|
|
|
# Check for Tools and Default site.
|
|
if [[ -n $(conf_read default-site) && ! ( $(conf_read default-site) =~ ^(default|blackhole)$ ) && ! -L /etc/nginx/sites-enabled/$(conf_read default-site) ]]; then
|
|
echo "${dim}- [WARNING] Default site not found or is not enabled!${end}${red}"
|
|
local ver_two_war="1"
|
|
fi
|
|
if [[ -n $(conf_read tools-site) && $(conf_read tools-site) != "default" && ! -L /etc/nginx/sites-enabled/$(conf_read tools-site) ]]; then
|
|
echo "${dim}- [WARNING] Tools site not found or is not enabled!${end}${red}"
|
|
local ver_two_war="1"
|
|
fi
|
|
|
|
# NGINX Conf check
|
|
if [[ $(conf_read nginx) != "true" && $(conf_read nginx-optim) == "true" ]]; then
|
|
echo "${dim}- [WARNING] NGINX Configuration corrupted!${end}${red}"
|
|
local ver_two_war="1"
|
|
fi
|
|
|
|
if [[ $(conf_read nginx-optim) == "true" && ! ( -s /etc/nginx/.htpasswd || ( -n $(conf_read tools-site) && -s /etc/nginx/apps.d/.htpasswd-$(conf_read tools-site) )) ]]; then
|
|
echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found to access the server tools on port $(conf_read tools-port).${end}${red}"
|
|
fi
|
|
|
|
# Webinoly Stack version
|
|
if [[ $(conf_read nginx) == "true" && $(conf_read server-version) != $svr_version ]]; then
|
|
echo "${dim}- [WARNING] Webinoly Stack version check is corrupted! (Installed: $svr_version != Conf: $(conf_read server-version)) ${end}${red}"
|
|
local ver_two_war="1"
|
|
fi
|
|
|
|
if [[ $ver_two_err == "1" ]]; then
|
|
echo "(2) NGINX Verification Test has failed!"
|
|
elif [[ $ver_two_war == "1" ]]; then
|
|
echo "${dim}(2) NGINX Verification Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(2) NGINX Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
##############################
|
|
##### PHP Verification #####
|
|
##############################
|
|
|
|
local ver_three_err="0"
|
|
local ver_three_war="0"
|
|
|
|
if [[ $(conf_read php) == "true" ]]; then
|
|
if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/php.ini ]]; then
|
|
echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/php.ini not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
|
|
if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
|
|
if [[ ! -f /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || ! -s /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg ]]; then
|
|
echo "- [ERROR] PHP Apt Key not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || ! -s /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list ]]; then
|
|
echo "- [ERROR] PHP PPA not found in sources list!"
|
|
local ver_three_err="1"
|
|
fi
|
|
else
|
|
if [[ ! -f /usr/share/keyrings/php-archive-keyring.gpg || ! -s /usr/share/keyrings/php-archive-keyring.gpg ]]; then
|
|
echo "- [ERROR] PHP Apt Key not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /etc/apt/sources.list.d/php.list || ! -s /etc/apt/sources.list.d/php.list ]]; then
|
|
echo "- [ERROR] PHP PPA not found in sources list!"
|
|
local ver_three_err="1"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# PHP Optim
|
|
if [[ $(conf_read php-optim) == "true" ]]; then
|
|
if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf ]]; then
|
|
echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf ]]; then
|
|
echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/source/www.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/source/www.conf not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/source/php.ini ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/source/php.ini not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /opt/webinoly/templates/source/php-fpm.conf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/source/php-fpm.conf not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
fi
|
|
|
|
# PHP Tools
|
|
if [[ $(conf_read php) == "true" && $(conf_read nginx) == "true" ]]; then
|
|
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/ping ]]; then
|
|
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/ping not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/status ]]; then
|
|
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/status not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php ]]; then
|
|
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php not found!"
|
|
local ver_three_err="1"
|
|
fi
|
|
fi
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
if [[ -f /etc/php/$(conf_read php-ver)/fpm/php.ini && $(conf_read php) != "true" ]]; then
|
|
echo "${dim}- [WARNING] Seems like PHP is installed but Webinoly can not detect it!${end}${red}"
|
|
local ver_three_war="1"
|
|
fi
|
|
|
|
if [[ $(conf_read php) != "true" && $(conf_read nginx) == "true" ]]; then
|
|
if [[ -f /var/www/$ADMIN_TOOLS_SITE/htdocs/status ]]; then
|
|
echo "${dim}- [WARNING] Seems like PHP Tools are enabled but Webinoly can not detect it!${end}${red}"
|
|
local ver_three_war="1"
|
|
fi
|
|
if [[ -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php ]]; then
|
|
echo "${dim}- [WARNING] Seems like PHP Tools are enabled but Webinoly can not detect it!${end}${red}"
|
|
local ver_three_war="1"
|
|
fi
|
|
fi
|
|
|
|
# PHP Conf check
|
|
if [[ $(conf_read php) != "true" && $(conf_read php-optim) == "true" ]]; then
|
|
echo "${dim}- [WARNING] PHP Configuration corrupted!${end}${red}"
|
|
local ver_three_war="1"
|
|
fi
|
|
|
|
# Check for PHP version
|
|
if [[ $(conf_read php) == "true" ]]; then
|
|
local ver_php_ver=$(php -v | grep -m1 "" | sed 's/PHP \([^\-]*\).*/\1/' | cut -f 1-2 -d'.')
|
|
|
|
if [[ $(conf_read php-ver) != $ver_php_ver ]]; then
|
|
echo "${dim}- [WARNING] PHP Version corrupted in Configuration file! (Installed: $ver_php_ver != Conf: $(conf_read php-ver)) ${end}${red}"
|
|
local ver_three_war="1"
|
|
fi
|
|
|
|
if ! [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4|8.0|8.1|8.2)$ ]]; then
|
|
echo "${dim}- [WARNING] Unknown PHP version!${end}${red}"
|
|
local ver_three_war="1"
|
|
elif [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4)$ ]]; then
|
|
echo "${dim}- [WARNING] You have an obsolete PHP version (${ver_php_ver}) installed that not even receive security updates!${end}${red}"
|
|
local ver_three_war="1"
|
|
#elif [[ $ver_php_ver == "8.0" ]]; then
|
|
# echo "${blu}${dim}- [INFO] PHP v8.1 or later is recommended to get an optimal perfomance! (Current: ${ver_php_ver}) ${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
if [[ $ver_three_err == "1" ]]; then
|
|
echo "(3) PHP Verification Test has failed!"
|
|
elif [[ $ver_three_war == "1" ]]; then
|
|
echo "${dim}(3) PHP Verification Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(3) PHP Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
########################################
|
|
##### MySQL/MariaDB Verification #####
|
|
########################################
|
|
|
|
local ver_four_err="0"
|
|
local ver_four_war="0"
|
|
|
|
# MySQL/MariaDB
|
|
if [[ $(conf_read mysql) == "true" ]]; then
|
|
if [[ $(conf_read db-engine) == "mysql" ]]; then
|
|
local ver_mysql_ver=$(sudo mysql --version | grep -Eo "Ver [0-9\.]+" | cut -f 2 -d' ' | cut -f 1-2 -d'.')
|
|
else
|
|
# To check supported versions: https://mariadb.com/kb/en/mariadb-server/
|
|
local ver_mysql_ver=$(sudo mysql --version | sed 's/.*Distrib \([^\-]*\).*/\1/' | cut -f 1-2 -d'.')
|
|
fi
|
|
|
|
if [[ ! -d /etc/mysql ]]; then
|
|
echo "- [ERROR] Folder: /etc/mysql not found!"
|
|
local ver_four_err="1"
|
|
fi
|
|
|
|
if [[ $(conf_read db-engine) == "mysql" ]]; then
|
|
if [[ ! -f /usr/share/keyrings/mysql-archive-keyring.gpg || ! -s /usr/share/keyrings/mysql-archive-keyring.gpg ]]; then
|
|
echo "- [ERROR] MySQL Apt Key not found!"
|
|
local ver_four_err="1"
|
|
fi
|
|
if [[ ! -f /etc/apt/sources.list.d/mysql.list || ! -s /etc/apt/sources.list.d/mysql.list ]]; then
|
|
echo "- [ERROR] MySQL PPA not found in sources list!"
|
|
local ver_four_err="1"
|
|
fi
|
|
elif [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
|
|
if [[ ! -f /etc/apt/trusted.gpg || -z $(grep -Foia "mariadb signing key" /etc/apt/trusted.gpg) ]]; then
|
|
echo "- [ERROR] MariaDB Apt Key not found!"
|
|
local ver_four_err="1"
|
|
fi
|
|
if [[ ! -f /etc/apt/sources.list || -z $(grep -Fo "mirrors.syringanetworks.net/mariadb/repo" /etc/apt/sources.list) ]]; then
|
|
echo "- [ERROR] MariaDB PPA not found in sources list!"
|
|
local ver_four_err="1"
|
|
fi
|
|
else
|
|
if [[ ! -f /usr/share/keyrings/mariadb-archive-keyring.gpg || ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg ]]; then
|
|
echo "- [ERROR] MariaDB Apt Key not found!"
|
|
local ver_four_err="1"
|
|
fi
|
|
if [[ ! -f /etc/apt/sources.list.d/mariadb.list || ! -s /etc/apt/sources.list.d/mariadb.list ]]; then
|
|
echo "- [ERROR] MariaDB PPA not found in sources list!"
|
|
local ver_four_err="1"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# MySQL/MariaDB Connection
|
|
if [[ $(conf_read mysql) == "true" ]]; then
|
|
if [[ -n $(conf_read mysql-root) ]]; then # Dynvar can be removed safely!
|
|
local ROOT_PASS=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
|
|
[[ -z $ROOT_PASS ]] && ROOT_PASS="dUmb"
|
|
if ! sudo mysql --connect-timeout=10 --user=root -p$ROOT_PASS -e "quit" 2>/dev/null; then
|
|
echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (root)"
|
|
local ver_four_err="1"
|
|
fi
|
|
fi
|
|
|
|
if ! sudo mysql --connect-timeout=10 --user=admin -e "quit" 2>/dev/null; then
|
|
echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (admin)"
|
|
local ver_four_err="1"
|
|
fi
|
|
fi
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
# MySQL RAM requirements!
|
|
if [[ $(conf_read db-engine) == "mysql" && $ram -lt 2 ]]; then
|
|
echo "${dim}- [WARNING] You have MySQL set as database engine, you should not use it in production with less than 2GB RAM. (4GB recommended) ${end}${red}"
|
|
local ver_four_war="1"
|
|
fi
|
|
|
|
# Check for MySQL version
|
|
if [[ $(conf_read mysql) == "true" ]]; then
|
|
if [[ $(conf_read mysql-ver) != $ver_mysql_ver ]]; then
|
|
echo "${dim}- [WARNING] MySQL/MariaDB Version corrupted in Configuration file! (Installed: $ver_mysql_ver != Conf: $(conf_read mysql-ver)) ${end}${red}"
|
|
local ver_four_war="1"
|
|
fi
|
|
|
|
# MySQL and MariaDB can be mixed, don't worry!
|
|
if ! [[ $ver_mysql_ver =~ ^(8.0|10.0|10.1|10.2|10.3|10.4|10.5|10.6)$ ]]; then
|
|
echo "${dim}- [WARNING] Unknown MySQL/MariaDB version!${end}${red}"
|
|
local ver_four_war="1"
|
|
elif [[ $ver_mysql_ver =~ ^(10.0|10.1)$ ]]; then
|
|
echo "${dim}- [WARNING] You have an obsolete MariaDB version (${ver_mysql_ver}) installed that not even receive security updates!${end}${red}"
|
|
local ver_four_war="1"
|
|
elif [[ $ver_mysql_ver =~ ^(10.2|10.3)$ ]]; then
|
|
echo "${blu}${dim}- [INFO] MariaDB v10.4 or later is recommended to get an optimal perfomance! (Current: ${ver_mysql_ver}) ${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
if [[ $(conf_read mysql) != "true" && $(conf_read mysql-tool-pma) == "true" ]]; then
|
|
echo "${dim}- [WARNING] MySQL Configuration corrupted!${end}${red}"
|
|
local ver_four_war="1"
|
|
fi
|
|
|
|
if [[ -d /etc/mysql && $(conf_read mysql) != "true" && $(conf_read mysql-client) != "true" ]]; then
|
|
echo "${dim}- [WARNING] Seems like some MySQL data remains but MySQL is not installed or Webinoly can not detect it!${end}${red}"
|
|
local ver_four_war="1"
|
|
fi
|
|
|
|
if [[ ( -d /var/www/$ADMIN_TOOLS_SITE/htdocs/pma || -d /usr/share/phpmyadmin ) && $(conf_read mysql-tool-pma) != "true" ]]; then
|
|
echo "${dim}- [WARNING] Seems like phpMyAdmin is installed but Webinoly can not detect it!${end}${red}"
|
|
local ver_four_war="1"
|
|
fi
|
|
|
|
# DB Role - Check Privileges!
|
|
if [[ $(conf_read mysql-client) == "true" ]]; then
|
|
local dbrolecheck=$(conf_read dbrole)
|
|
local dbrolecheck=${dbrolecheck,,}
|
|
if [[ $dbrolecheck == "all" ]]; then
|
|
echo "${blu}${dim}- [INFO] DB Default Privileges are set to ALL, you should consider a more-restrictive value! (Also, some external DB services may not work) ${end}${red}"
|
|
elif [[ $dbrolecheck == "grant" ]]; then
|
|
echo "${blu}${dim}- [INFO] DB Default Privileges are set to GRANT, you should consider a more-restrictive value! ${end}${red}"
|
|
elif [[ $dbrolecheck == "basic" ]]; then
|
|
echo "${blu}${dim}- [INFO] DB Default Privileges are set to BASIC, some sites may not work properly with basic privileges! ${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
if [[ $ver_four_err == "1" ]]; then
|
|
echo "(4) MySQL/MariaDB Verification Test has failed!"
|
|
elif [[ $ver_four_war == "1" ]]; then
|
|
echo "${dim}(4) MySQL/MariaDB Verification Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(4) MySQL/MariaDB Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
#########################################
|
|
##### Service Status Verification #####
|
|
#########################################
|
|
|
|
local ver_five_err="0"
|
|
local ver_five_war="0"
|
|
|
|
if ! systemctl is-active --quiet nginx && [[ $(conf_read nginx) == "true" ]]; then
|
|
echo "- [ERROR] Nginx service not running!"
|
|
local ver_five_err="1"
|
|
fi
|
|
if ! systemctl is-active --quiet php$(conf_read php-ver)-fpm && [[ $(conf_read php) == "true" ]]; then
|
|
echo "- [ERROR] PHP service not running!"
|
|
local ver_five_err="1"
|
|
fi
|
|
if ! systemctl is-active --quiet mysql && [[ $(conf_read mysql) == "true" ]]; then
|
|
echo "- [ERROR] MySQL/MariaDB service not running!"
|
|
local ver_five_err="1"
|
|
fi
|
|
if ! systemctl is-active --quiet redis-server && [[ $(conf_read php-tool-redis) == "true" ]]; then
|
|
echo "- [ERROR] Redis service not running!"
|
|
local ver_five_err="1"
|
|
fi
|
|
if ! systemctl is-active --quiet memcached && [[ $(conf_read php-tool-memcached) == "true" ]]; then
|
|
echo "- [ERROR] Memcached service not running!"
|
|
local ver_five_err="1"
|
|
fi
|
|
if ! systemctl is-active --quiet postfix && [[ $(conf_read php-tool-postfix) == "true" ]]; then
|
|
echo "- [ERROR] Postfix service not running!"
|
|
local ver_five_err="1"
|
|
fi
|
|
|
|
if ! sudo nginx -t 2>/dev/null && [[ $(conf_read nginx) == "true" ]]; then
|
|
echo "- [ERROR] Nginx Configuration check failed!"
|
|
local ver_five_err="1"
|
|
fi
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
if [[ $ver_five_err == "1" ]]; then
|
|
echo "(5) Service Status Verification Test has failed!"
|
|
else
|
|
echo "${gre}${dim}(5) Service Status Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
###########################################
|
|
##### Operating System Verification #####
|
|
###########################################
|
|
|
|
local ver_six_err="0"
|
|
local ver_six_war="0"
|
|
|
|
local swa=$(grep SwapTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k')
|
|
if [[ $(conf_read linux-optim) == "true" && ( -z $swa || $swa == "0" ) && $(conf_read swap-mem) != 0 ]]; then
|
|
echo "- [ERROR] SWAP Memory File not found!"
|
|
local ver_six_err="1"
|
|
fi
|
|
|
|
# Check OS support
|
|
if [[ $(lsb_release -i | cut -d':' -f 2 | xargs) != "Ubuntu" ]]; then
|
|
echo "- [ERROR] This Operating System is not supported!"
|
|
local ver_six_err="1"
|
|
elif [[ $(check_ubuntu_release) != "true" ]]; then
|
|
echo "- [ERROR] This Ubuntu version is not supported!"
|
|
local ver_six_err="1"
|
|
elif [[ $(lsb_release -c | cut -d':' -f 2 | xargs) == "bionic" ]]; then
|
|
#echo "${blu}${dim}- [INFO] You should start considering moving to Ubuntu 22.04 or 20.04 ${end}${red}"
|
|
echo "${dim}- [WARNING] Support for Ubuntu 18.04 will be removed very soon! ${end}${red}"
|
|
local ver_six_war="1"
|
|
fi
|
|
# Double-Check for sudo/root privileges
|
|
if [[ $(whoami) != "root" ]]; then
|
|
echo "- [ERROR] This user has no sudo/root privileges!"
|
|
local ver_six_err="1"
|
|
fi
|
|
|
|
# Check disk usage
|
|
local ver_disk=$(df -h --output=pcent / | grep -Eo "[0-9]+")
|
|
if [[ $ver_disk =~ ^[0-9]+$ && $ver_disk -gt 75 ]]; then
|
|
echo "${dim}- [WARNING] You are running out of disk space! (Usage: ${ver_disk}%) (Logs: $(sudo du -sh /var/log | cut -d"/" -f 1 -s))${end}${red}"
|
|
local ver_six_war="1"
|
|
fi
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
# Check for BASH Shell
|
|
# This is a very "shity" method, but checking if file exists is very reliable
|
|
# If modified: this same script is in installer, general lib and verify
|
|
if [[ $(conf_read shell-check) != "false" && -n $(echo $(tty) | grep -Eo "pts/[0-9]+") && -n $(logname) ]]; then
|
|
local ver_pre_pid=$(ps -au | grep -E "pts/[0-9]+[ ]+S[s]?[ ]+" | sed '/sudo/d' | tail -n 1)
|
|
[[ -n $ver_pre_pid ]] && local ver_shell_pid=$(echo $ver_pre_pid | awk '{print $2}')
|
|
[[ -n $ver_shell_pid && -f /proc/$ver_shell_pid/cmdline ]] && local ver_shell_current=$(tr -d '\000' < /proc/$ver_shell_pid/cmdline)
|
|
[[ -n $ver_shell_pid && -f /proc/$ver_shell_pid/status ]] && local ver_shell_status=$(grep -Eo '^Name:.*bash.*' /proc/$ver_shell_pid/status) # Double check!!!
|
|
|
|
if [[ -n $ver_shell_current && $ver_shell_current != *"bash"* && -z $ver_shell_status ]]; then
|
|
# Should never be displayed because is blocked in general lib, but who knows!
|
|
echo "${dim}- [WARNING] Seems like you are using an interactive shell different than BASH! ${dim}($(echo $ver_pre_pid | awk '{print $1}'):${ver_shell_current}) ${end}${red}"
|
|
local ver_six_war="1"
|
|
elif [[ -z $ver_shell_current ]]; then
|
|
echo "${blu}${dim}- [INFO] Shell check fails to retrieve data! ${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
# Check for updates
|
|
if [[ -a /usr/lib/update-notifier/apt-check ]]; then
|
|
local ver_os_updates=$(echo $(/usr/lib/update-notifier/apt-check --human-readable) | grep -Eo "^[0-9]+ " | head -1 | sed "s/ //")
|
|
if [[ $ver_os_updates =~ ^[0-9]+$ && $ver_os_updates -gt 0 ]]; then
|
|
echo "${dim}- [WARNING] Operating System is not updated, $ver_os_updates updates can be installed immediately.${end}${red}"
|
|
local ver_six_war="1"
|
|
fi
|
|
fi
|
|
|
|
# Check if timezone is set
|
|
if [[ -z $(conf_read timezone) ]] || ! grep -Fxq $(conf_read timezone) /opt/webinoly/lib/timezone.dat; then
|
|
echo "${dim}- [WARNING] Timezone is not set or not valid!${end}${red}"
|
|
local ver_six_war="1"
|
|
fi
|
|
|
|
|
|
if [[ $ver_six_err == "1" ]]; then
|
|
echo "(6) Operating System Verification Test has failed!"
|
|
elif [[ $ver_six_war == "1" ]]; then
|
|
echo "${dim}(6) Operating System Verification Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(6) Operating System Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
###########################################
|
|
##### Additional Tools Verification #####
|
|
###########################################
|
|
|
|
local ver_seven_err="0"
|
|
local ver_seven_war="0"
|
|
|
|
# Web Tools
|
|
if [[ $(conf_read php-tool-redis) == "true" ]]; then
|
|
if [[ ! -d /etc/redis ]]; then
|
|
echo "- [ERROR] Folder: /etc/redis not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
# 18.04 - /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg
|
|
# 20.04 - /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg
|
|
# 22.04 - /usr/share/keyrings/redis-archive-keyring.gpg
|
|
if [[ ( ! -f /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg ) && ( ! -f /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg ) && ( ! -f /usr/share/keyrings/redis-archive-keyring.gpg || ! -s /usr/share/keyrings/redis-archive-keyring.gpg ) ]]; then
|
|
echo "- [ERROR] Redis Apt Key not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
# 18.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list
|
|
# 20.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list
|
|
# 22.04 - /etc/apt/sources.list.d/redis.list
|
|
if [[ ( ! -f /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || ! -s /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list ) && ( ! -f /etc/apt/sources.list.d/redis.list || ! -s /etc/apt/sources.list.d/redis.list ) ]]; then
|
|
echo "- [ERROR] Redis PPA not found in sources list!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
fi
|
|
|
|
if [[ $(conf_read mysql-tool-pma) == "true" && ! -d /var/www/$ADMIN_TOOLS_SITE/htdocs/pma ]]; then
|
|
echo "- [ERROR] Folder: /var/www/$ADMIN_TOOLS_SITE/htdocs/pma not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
if [[ $(conf_read php-tool-memcached) == "true" && ! -f /usr/bin/memcached ]]; then
|
|
echo "- [ERROR] File: /usr/bin/memcached not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
if [[ $(conf_read php-tool-postfix) == "true" && ! -d /etc/postfix ]]; then
|
|
echo "- [ERROR] Folder: /etc/postfix not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
if [[ $(conf_read php-tool-postfix) == "true" && ! -f /opt/webinoly/templates/source/main.cf ]]; then
|
|
echo "- [ERROR] File: /opt/webinoly/templates/source/main.cf not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
if [[ $(conf_read nginx-tool-ssl) == "true" ]]; then
|
|
if [[ ! -L /snap/bin/certbot ]]; then
|
|
echo "- [ERROR] File: /snap/bin/certbot not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
fi
|
|
if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then
|
|
if [[ ! -f /usr/bin/duply ]]; then
|
|
echo "- [ERROR] File: /usr/bin/duply not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
# Remove the snap path!
|
|
if [[ ! -L /snap/bin/duplicity && ! -f /usr/local/bin/duplicity ]]; then
|
|
echo "- [ERROR] File: /usr/local/bin/duplicity not found!"
|
|
local ver_seven_err="1"
|
|
fi
|
|
fi
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
# Check for SSL Orphan-Certs
|
|
for cert in "/etc/letsencrypt/live"/*
|
|
do
|
|
domain=$(echo $cert | cut -f 5 -d "/")
|
|
if [[ -d $cert && ! -f /etc/nginx/sites-available/$domain ]]; then
|
|
echo "${blu}${dim}- [INFO] SSL Orphan-Cert found ($domain)!${end}${red}"
|
|
fi
|
|
done
|
|
|
|
# Backups integrity
|
|
if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then
|
|
if [[ -d $HOME/.duply ]]; then
|
|
for f in $HOME/.duply/*
|
|
do
|
|
if [[ -d $f && ! -f $f/conf ]]; then
|
|
echo "${dim}- [WARNING] Backup Configuration corrupted! (Not found: ${f}/conf) ${end}${red}"
|
|
local ver_seven_war="1"
|
|
elif [[ -d $f && -f $f/conf && ! -d $(grep -E "^SOURCE[ ]?=" $f/conf | cut -f 2 -d "'" ) ]]; then
|
|
echo "${dim}- [WARNING] Backup Configuration corrupted! (Invalid source in: ${f}/conf) ${end}${red}"
|
|
local ver_seven_war="1"
|
|
fi
|
|
done
|
|
fi
|
|
fi
|
|
|
|
if [[ $ver_seven_err == "1" ]]; then
|
|
echo "(7) Additional Tools Verification Test has failed!"
|
|
elif [[ $ver_seven_war == "1" ]]; then
|
|
echo "${dim}(4) Additional Tools Verification Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(7) Additional Tools Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
##################################
|
|
##### Checking Permissions #####
|
|
##################################
|
|
|
|
local ver_eight_err="0"
|
|
local ver_eight_war="0"
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
# /var/www
|
|
if [[ -d /var/www ]]; then
|
|
local ver_perm_user=$(find /var/www -path "/var/www/*" ! -path "/var/www/\.*" ! -user www-data | head -10)
|
|
local ver_perm_dire=$(find /var/www ! -path "/var/www/\.*" -type d ! -perm 755 | head -10) # Exclude dotted folders
|
|
local ver_perm_file=$(find /var/www ! -path "/var/www/\.*/*" -type f ! -perm 644 | head -10) # Exclude files inside dotted folders
|
|
|
|
if [[ $(conf_read login-www-data) != "true" && -d /var/www && $(stat -c '%U' /var/www) != "www-data" ]]; then
|
|
echo "${dim}- [WARNING] Directory owner is not 'www-data' /var/www ${end}${red}"
|
|
local ver_eight_war="1"
|
|
elif [[ $(conf_read login-www-data) == "true" && -d /var/www && $(stat -c '%U' /var/www) != "root" ]]; then
|
|
echo "${dim}- [WARNING] Directory owner is not 'root' /var/www ${end}${red}"
|
|
local ver_eight_war="1"
|
|
fi
|
|
if [[ -n $ver_perm_user ]]; then
|
|
echo "$ver_perm_user" | sed "s/^/${dim}- \[WARNING\] File or directory owner is not 'www-data' /" | sed "s/$/${end}${red}/"
|
|
local ver_eight_war="1"
|
|
fi
|
|
if [[ -n $ver_perm_dire ]]; then
|
|
echo "$ver_perm_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 755 /" | sed "s/$/${end}${red}/"
|
|
local ver_eight_war="1"
|
|
fi
|
|
if [[ -n $ver_perm_file ]]; then
|
|
echo "$ver_perm_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/"
|
|
local ver_eight_war="1"
|
|
fi
|
|
fi
|
|
|
|
# Check for .ssh folders
|
|
while true
|
|
do
|
|
[[ -z $ver_count_ssh ]] && local ver_count_ssh=0
|
|
if [[ $ver_count_ssh == 0 ]]; then
|
|
local ver_check_dir=$CURRENT_HOME
|
|
local ver_check_user=$CURRENT_USER
|
|
local ver_count_ssh=1
|
|
elif [[ $ver_count_ssh == 1 ]]; then
|
|
local ver_check_dir="/var/www"
|
|
local ver_check_user="www-data"
|
|
local ver_count_ssh=2
|
|
else
|
|
break
|
|
fi
|
|
|
|
if [[ -d $ver_check_dir/.ssh ]]; then
|
|
local ver_ssh_owner=$(find $ver_check_dir/.ssh ! -user $ver_check_user | head -10)
|
|
local ver_ssh_dire=$(sudo find $ver_check_dir/.ssh -type d ! -perm 700 | head -10)
|
|
local ver_ssh_file=$(sudo find $ver_check_dir/.ssh ! -path "$ver_check_dir/.ssh/*.pub" -type f ! -perm 600 | head -10)
|
|
local ver_ssh_fpub=$(sudo find $ver_check_dir/.ssh -path "$ver_check_dir/.ssh/*.pub" -type f ! -perm 644 | head -10)
|
|
|
|
if [[ -n $ver_ssh_owner ]]; then
|
|
echo "$ver_ssh_owner" | sed "s/^/${dim}- \[WARNING\] File owner is not '${ver_check_user}' /" | sed "s/$/${end}${red}/"
|
|
local ver_eight_war="1"
|
|
fi
|
|
if [[ -n $ver_ssh_dire ]]; then
|
|
echo "$ver_ssh_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 700 /" | sed "s/$/${end}${red}/"
|
|
local ver_eight_war="1"
|
|
fi
|
|
if [[ -n $ver_ssh_file ]]; then
|
|
echo "$ver_ssh_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 600 /" | sed "s/$/${end}${red}/"
|
|
local ver_eight_war="1"
|
|
fi
|
|
if [[ -n $ver_ssh_fpub ]]; then
|
|
echo "$ver_ssh_fpub" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/"
|
|
local ver_eight_war="1"
|
|
fi
|
|
fi
|
|
done
|
|
|
|
|
|
if [[ $ver_eight_err == "1" ]]; then
|
|
echo "(8) Permissions Verification Test has failed!"
|
|
elif [[ $ver_eight_war == "1" ]]; then
|
|
echo "${dim}(8) Permissions Verification Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(8) Permissions Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
################################
|
|
##### Sites Verification #####
|
|
################################
|
|
|
|
local ver_nine_err="0"
|
|
local ver_nine_war="0"
|
|
|
|
if [[ -z $critical_mode ]]; then
|
|
for ver_site in "/etc/nginx/sites-available"/*
|
|
do
|
|
local ver_domi=$(echo $ver_site | cut -f 5 -d "/")
|
|
if [[ $ver_domi != "html" && $ver_domi != $ADMIN_TOOLS_SITE ]]; then
|
|
if [[ $(is_wp $ver_domi) == "true" ]]; then
|
|
if [[ ! -s /etc/nginx/.htpasswd && ! -s /etc/nginx/apps.d/.htpasswd-$ver_domi && $(is_wp_auth $ver_domi) == "true" ]]; then
|
|
echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found for $ver_domi${end}${red}"
|
|
fi
|
|
|
|
wp_conf_retrieve $ver_domi false false
|
|
if [[ $wp_dbhost_host == "localhost" && ( -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname $mysql_param) != "true" ) ]]; then
|
|
echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}"
|
|
local ver_nine_war="1"
|
|
|
|
elif [[ $wp_dbhost_host == "localhost" && -n $wp_dbhost_port ]]; then
|
|
echo "${blu}${dim}- [INFO] Localhost with custom port could have a negative impact in performance (Site: $ver_domi | Host: ${wp_dbhost}).${end}${red}"
|
|
|
|
elif [[ $wp_dbhost_host != "localhost" && ( -z $wp_dbhost_host || -z $wp_dbhost_port || -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass $wp_dbname) != "true" ) ]]; then
|
|
echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}"
|
|
local ver_nine_war="1"
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
|
|
|
|
if [[ $ver_nine_err == "1" ]]; then
|
|
echo "(9) Sites Verification Test has failed!"
|
|
elif [[ $ver_nine_war == "1" ]]; then
|
|
echo "${dim}(9) Sites Verification Test has some warning messages you should attend!${end}${red}"
|
|
else
|
|
echo "${gre}${dim}(9) Sites Verification Test successful!${end}${red}"
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo "${end}"
|
|
if [[ $ver_one_err != 0 || $ver_two_err != 0 || $ver_three_err != 0 || $ver_four_err != 0 || $ver_five_err != 0 || $ver_six_err != 0 || $ver_seven_err != 0 || $ver_eight_err != 0 || $ver_nine_err != 0 ]]; then
|
|
echo "${red}*******************************************************"
|
|
echo "******** ${bol}> > > E R R O R < < <${end}${red} ***********"
|
|
echo "******** ${bol}System could not work properly${end}${red} ***********"
|
|
echo "******************************************************* ${end}"
|
|
conf_write stack-build-error-flag true
|
|
return 1
|
|
elif [[ $ver_one_war != 0 || $ver_two_war != 0 || $ver_three_war != 0 || $ver_four_war != 0 || $ver_five_war != 0 || $ver_six_war != 0 || $ver_seven_war != 0 || $ver_eight_war != 0 || $ver_nine_war != 0 ]]; then
|
|
if [[ -z $critical_mode ]]; then
|
|
echo "${red}***************************************************************************************************"
|
|
echo "******** ${bol}[ W A R N I N G ] There are some messages that should be attended!${end}${red} ***********"
|
|
echo "*************************************************************************************************** ${end}"
|
|
fi
|
|
conf_delete stack-build-error-flag
|
|
return 0
|
|
else
|
|
conf_delete stack-build-error-flag
|
|
[[ -z $critical_mode ]] && echo "${bol}${gre}Integrity test successfully passed!!! ${end}"
|
|
return 0
|
|
fi
|
|
} |