0ct0pu5/webinoly
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
webinoly/lib/verify
Cristhian Martínez Ochoa 8a06fb6485 test 
Small fix
2023-09-29 20:56:09 -07:00

1284 lines
No EOL
52 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# Example: sudo webinoly -verify
# Example: sudo webinoly -verify=critical
# Example: sudo webinoly -verify -check-for-updates
webinoly_verify() {
# Not run when update stack is running!
if [[ $(conf_read stack-update) == "running" ]]; then
echo "${blu}${dim}Verify skipped because update stack is in process...${end}"
return
fi
# Webinoly Verify command
echo "${blu}${dim}Verifying integrity of the entire Webinoly system...${end}${red}"
[[ $verify == "critical" ]] && local critical_mode="true"
#####################################
##### Webinoly Integrity Test #####
#####################################
local ver_one_err="0"
local ver_one_war="0"
if [[ ! -f /opt/webinoly/lib/api-events_sample ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/api-events_sample not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/bkp ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/bkp not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/datadog ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/datadog not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/ex-ssl-authentication ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/ex-ssl-authentication not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/ex-ssl-cleanup ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/ex-ssl-cleanup not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/general ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/general not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/headers ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/bkp not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/install ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/install not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/public_suffix_list.dat ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/public_suffix_list.dat not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/sites ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/sites not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/site-ssl ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/site-ssl not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/timezone.dat ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/timezone.dat not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/update ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/update not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/verify ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/verify not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/lib/webin ]]; then
echo "- [ERROR] File: /opt/webinoly/lib/webin not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/template-site-php ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/template-site-php not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/template-site-proxy ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/template-site-proxy not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/template-site-proxycache ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/template-site-proxycache not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/template-site-ssl ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/template-site-ssl not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/template-site-sslredirect ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/template-site-sslredirect not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/template-site-wwwredirect ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/template-site-wwwredirect not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/nginx.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/nginx.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/conf.d/fastcgi.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/conf.d/fastcgi.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/conf.d/upstream.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/conf.d/upstream.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/acl.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/acl.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/auth.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/auth.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/header.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/header-html.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/headers.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-html.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/headers-html.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-html.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/headers-http.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-http.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/headers-https.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/headers-https.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/locations.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/locations.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/php.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/php.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/phpx.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/phpx.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/wpcommon.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpcommon.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/wpcommon-noauth.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpcommon-noauth.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/wpfc.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpfc.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/nginx/common/wpsubdir.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/nginx/common/wpsubdir.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/admin_tools.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/admin_tools.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/certbot-deploy-hook ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/certbot-deploy-hook not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/duply ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/duply not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/nginx-blackhole ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/nginx-blackhole not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/sysctl ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/sysctl not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/tools-site-blackhole ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/tools-site-blackhole not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/tools-site-localhost ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/tools-site-localhost not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/webinoly.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/webinoly.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /usr/bin/webinoly ]]; then
echo "- [ERROR] File: /usr/bin/webinoly not found!"
local ver_one_err="1"
fi
if [[ ! -f /usr/bin/site ]]; then
echo "- [ERROR] File: /usr/bin/site not found!"
local ver_one_err="1"
fi
if [[ ! -f /usr/bin/httpauth ]]; then
echo "- [ERROR] File: /usr/bin/httpauth not found!"
local ver_one_err="1"
fi
if [[ ! -f /usr/bin/log ]]; then
echo "- [ERROR] File: /usr/bin/log not found!"
local ver_one_err="1"
fi
if [[ ! -f /usr/bin/stack ]]; then
echo "- [ERROR] File: /usr/bin/stack not found!"
local ver_one_err="1"
fi
if [[ -n $(conf_read init-error-flag) ]]; then
echo "- [ERROR] This copy of Webinoly is not genuine!"
local ver_one_err="1"
fi
if [[ -z $critical_mode ]]; then
# Check if Webinoly is updated
local ver_currentver=$(conf_read app-version)
local ver_checkver=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true)
if ! [[ -n $ver_checkver && -n $ver_currentver && ${ver_currentver//.} -ge ${ver_checkver//.} ]]; then
echo "${dim}- [WARNING] Webinoly App is not updated. A new version is available!${end}${red}"
local ver_one_war="1"
fi
if [[ $ver_currentver != $app_version ]]; then
echo "${dim}- [WARNING] Webinoly App version check is corrupted! (Installed: $app_version != Conf: ${ver_currentver}) ${end}${red}"
local ver_one_war="1"
fi
# Configuration File - Check for duplicate directives
if [[ -f /opt/webinoly/webinoly.conf ]]; then
IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this.
for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf)
do
if [[ $(grep "^$(echo $i | cut -d':' -f 1 -s):" -c /opt/webinoly/webinoly.conf) -gt 1 ]]; then
echo "${dim}- [WARNING] Duplicate variable directive in Configuration File! ($(echo $i | cut -d':' -f 1 -s)) ${end}${red}"
local ver_one_war="1"
fi
done
fi
# Temp dynvar in conf file
if [[ -n $(conf_read force-flag) ]]; then
echo "${dim}- [WARNING] Temporal variable (force-flag) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read delautopma) ]]; then
echo "${dim}- [WARNING] Temporal variable (delautopma) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read temp-path) ]]; then
echo "${dim}- [WARNING] Temporal variable (temp-path) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read nginx-reload) ]]; then
echo "${dim}- [WARNING] Temporal variable (nginx-reload) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read quiet) ]]; then
echo "${dim}- [WARNING] Temporal variable (quiet) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read multi-bkp-db) ]]; then
echo "${dim}- [WARNING] Temporal variable (multi-bkp-db) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read multi-bkp-dbh) ]]; then
echo "${dim}- [WARNING] Temporal variable (multi-bkp-dbh) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read stack-update) ]]; then
echo "${dim}- [WARNING] Temporal variable (stack-update) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read mysql-reinstall) ]]; then
echo "${dim}- [WARNING] Temporal variable (mysql-reinstall) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ $ver_one_err == "1" ]]; then
echo "(1) Webinoly Integrity Test has failed!"
elif [[ $ver_one_war == "1" ]]; then
echo "${dim}(1) Webinoly Integrity Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(1) Webinoly Integrity Test successful!${end}${red}"
fi
fi
################################
##### NGINX Verification #####
################################
local ver_two_err="0"
local ver_two_war="0"
if [[ $(conf_read nginx) == "true" ]]; then
# Check if NGINX command is installed
if ! which nginx >/dev/null ; then
echo "- [ERROR] Seems like NGIN command is not installed!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/nginx.conf ]]; then
echo "- [ERROR] File: /etc/nginx/nginx.conf not found!"
local ver_two_err="1"
fi
if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
if [[ ! -f /etc/apt/trusted.gpg || -z $(grep -Foia "nginx signing key" /etc/apt/trusted.gpg) ]]; then
echo "- [ERROR] Nginx Apt Key not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/apt/sources.list || -z $(grep -Fo "nginx.org/packages/" /etc/apt/sources.list) ]]; then
echo "- [ERROR] Nginx PPA not found in sources list!"
local ver_two_err="1"
fi
else
if [[ ! -f /usr/share/keyrings/nginx-archive-keyring.gpg || ! -s /usr/share/keyrings/nginx-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/nginx-archive-keyring.gpg | grep '[^[:space:]]') ]]; then
echo "- [ERROR] Nginx Apt Key not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/nginx.list || ! -s /etc/apt/sources.list.d/nginx.list || -z $(grep '[^[:space:]]' /etc/apt/sources.list.d/nginx.list ) ]]; then
echo "- [ERROR] Nginx PPA not found in sources list!"
local ver_two_err="1"
fi
fi
fi
# NGINX Optim
if [[ $(conf_read nginx-optim) == "true" ]]; then
if [[ ! -f /etc/nginx/fastcgi_params ]]; then
echo "- [ERROR] File: /etc/nginx/fastcgi_params not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/conf.d/fastcgi.conf ]]; then
echo "- [ERROR] File: /etc/nginx/conf.d/fastcgi.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/conf.d/upstream.conf ]]; then
echo "- [ERROR] File: /etc/nginx/conf.d/upstream.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/acl.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/acl.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/auth.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/auth.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/header.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/header.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/headers.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/headers.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/headers-html.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/headers-html.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/headers-http.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/headers-http.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/headers-https.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/headers-https.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/locations.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/locations.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/php.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/php.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/phpx.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/phpx.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/wpcommon.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/wpcommon.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/wpcommon-noauth.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/wpcommon-noauth.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/wpfc.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/wpfc.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/common/wpsubdir.conf ]]; then
echo "- [ERROR] File: /etc/nginx/common/wpsubdir.conf not found!"
local ver_two_err="1"
fi
if [[ ! -f /opt/webinoly/templates/source/default ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/source/default not found!"
local ver_two_err="1"
fi
if [[ ! -f /opt/webinoly/templates/source/nginx.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/source/nginx.conf not found!"
local ver_two_err="1"
fi
if [[ -f /etc/nginx/common/wpfc.conf && ( -n $(grep -F "<wpcache-exclude-url>" /etc/nginx/common/wpfc.conf) || -n $(grep -F "<wpcache-exclude-cookie>" /etc/nginx/common/wpfc.conf) ) ]]; then
echo "- [ERROR] File: /etc/nginx/common/wpfc.conf is corrupted!"
local ver_two_err="1"
fi
if [[ -f /etc/nginx/common/locations.conf && ( -n $(grep -F "<locations-deny-extensions>" /etc/nginx/common/locations.conf) || -n $(grep -F "<locations-deny-files>" /etc/nginx/common/locations.conf) ) ]]; then
echo "- [ERROR] File: /etc/nginx/common/locations.conf is corrupted!"
local ver_two_err="1"
fi
fi
# NGINX tools site
if [[ $(conf_read nginx) == "true" ]]; then
if [[ -z $ADMIN_TOOLS_SITE ]]; then
echo "- [ERROR] ADMIN_TOOLS_SITE variable is corrupted!" # You never know!
local ver_two_err="1"
fi
if [[ -n $(conf_read tools-port) && -n $(conf_read tools-site) && ( ! -f /etc/nginx/sites-available/$(conf_read tools-site) || ! -f /etc/nginx/sites-enabled/$(conf_read tools-site) ) ]]; then
echo "- [ERROR] Tools-Site seems to have a domain configured, but this site does not exist! ($(conf_read tools-site))"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]]; then
echo "- [ERROR] File: /etc/nginx/sites-available/$ADMIN_TOOLS_SITE not found!"
local ver_two_err="1"
fi
if [[ ! -d /var/www/$ADMIN_TOOLS_SITE ]]; then
echo "- [ERROR] Folder: /var/www/$ADMIN_TOOLS_SITE not found!"
local ver_two_err="1"
fi
if [[ -z $(conf_read tools-port) ]]; then
echo "- [ERROR] Port Tools is not set or not found!"
local ver_two_err="1"
fi
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/nginx_status ]]; then
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/nginx_status not found!"
local ver_two_err="1"
fi
fi
if [[ -z $critical_mode ]]; then
if [[ $(conf_read nginx) != "true" ]]; then
if [[ -f /etc/nginx/nginx.conf ]]; then
echo "${dim}- [WARNING] Seems like NGINX is installed but Webinoly can not detect it!${end}${red}"
local ver_two_war="1"
fi
if [[ -f /etc/nginx/fastcgi.conf ]]; then
echo "${dim}- [WARNING] Seems like NGINX is installed but Webinoly can not detect it!${end}${red}"
local ver_two_war="1"
fi
fi
if [[ $(conf_read nginx) != "true" && -n $(conf_read tools-port) ]]; then
if [[ -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE || -d /var/www/$ADMIN_TOOLS_SITE ]]; then
echo "${dim}- [WARNING] Seems like Nginx Tools are enabled but Webinoly can not detect it!${end}${red}"
local ver_two_war="1"
fi
fi
# Check for Tools and Default site.
if [[ -n $(conf_read default-site) && ! ( $(conf_read default-site) =~ ^(default|blackhole)$ ) && ! -L /etc/nginx/sites-enabled/$(conf_read default-site) ]]; then
echo "${dim}- [WARNING] Default site not found or is not enabled!${end}${red}"
local ver_two_war="1"
fi
if [[ -n $(conf_read tools-site) && $(conf_read tools-site) != "default" && ! -L /etc/nginx/sites-enabled/$(conf_read tools-site) ]]; then
echo "${dim}- [WARNING] Tools site not found or is not enabled!${end}${red}"
local ver_two_war="1"
fi
# NGINX Conf check
if [[ $(conf_read nginx) != "true" && $(conf_read nginx-optim) == "true" ]]; then
echo "${dim}- [WARNING] NGINX Configuration corrupted!${end}${red}"
local ver_two_war="1"
fi
if [[ $(conf_read nginx-optim) == "true" && ! ( -s /etc/nginx/.htpasswd || ( -n $(conf_read tools-site) && -s /etc/nginx/apps.d/.htpasswd-$(conf_read tools-site) )) ]]; then
echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found to access the server tools on port $(conf_read tools-port).${end}${red}"
fi
# HTTP Headers
if [[ $(conf_read nginx-optim) == "true" && -z $(conf_read header-csp) ]]; then
echo "${blu}${dim}- [INFO] Setting a Content-Security-Policy Header is highly recommended!${end}${red}"
fi
if [[ $(conf_read nginx-optim) == "true" && $(conf_read header-xssp) == "true" ]]; then
echo "${blu}${dim}- [INFO] X-XSS Header is no longer recommended, use a strong CSP instead!${end}${red}"
fi
if [[ $(conf_read nginx) == "true" ]]; then
# Webinoly Stack version
if [[ $(conf_read server-version) != $svr_version ]]; then
echo "${dim}- [WARNING] Webinoly Stack version check is corrupted! (Installed: $svr_version != Conf: $(conf_read server-version)) ${end}${red}"
local ver_two_war="1"
fi
# Check Nginx Branch in Configuration File
if [[ $(($(sudo nginx -v 2>&1 | cut -d'.' -f 2 -s)%2)) == 1 && $(conf_read nginx-ppa) != "mainline" ]]; then
echo "- [ERROR] Nginx Branch in Configuration File is corrupted!"
local ver_two_err="1"
elif [[ $(($(sudo nginx -v 2>&1 | cut -d'.' -f 2 -s)%2)) == 0 && $(conf_read nginx-ppa) != "stable" && -n $(conf_read nginx-ppa) ]]; then
echo "- [ERROR] Nginx Branch in Configuration File is corrupted!"
local ver_two_err="1"
fi
fi
if [[ $ver_two_err == "1" ]]; then
echo "(2) NGINX Verification Test has failed!"
elif [[ $ver_two_war == "1" ]]; then
echo "${dim}(2) NGINX Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(2) NGINX Verification Test successful!${end}${red}"
fi
fi
##############################
##### PHP Verification #####
##############################
local ver_three_err="0"
local ver_three_war="0"
if [[ $(conf_read php) == "true" ]]; then
# Check if PHP command is installed
if ! which php >/dev/null ; then
echo "- [ERROR] Seems like PHP command is not installed!"
local ver_three_err="1"
fi
if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/php.ini ]]; then
echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/php.ini not found!"
local ver_three_err="1"
fi
if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
if [[ ! -f /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || ! -s /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || -z $(grep '[^[:space:]]' /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg ) ]]; then
echo "- [ERROR] PHP Apt Key not found!"
local ver_three_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || ! -s /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || -z $(grep '[^[:space:]]' /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list ) ]]; then
echo "- [ERROR] PHP PPA not found in sources list!"
local ver_three_err="1"
fi
else
if [[ ! -f /usr/share/keyrings/php-archive-keyring.gpg || ! -s /usr/share/keyrings/php-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/php-archive-keyring.gpg | grep '[^[:space:]]') ]]; then
echo "- [ERROR] PHP Apt Key not found!"
local ver_three_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/php.list || ! -s /etc/apt/sources.list.d/php.list || -z $(grep '[^[:space:]]' /etc/apt/sources.list.d/php.list ) ]]; then
echo "- [ERROR] PHP PPA not found in sources list!"
local ver_three_err="1"
fi
fi
fi
# PHP Optim
if [[ $(conf_read php-optim) == "true" ]]; then
if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf ]]; then
echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf not found!"
local ver_three_err="1"
fi
if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf ]]; then
echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf not found!"
local ver_three_err="1"
fi
if [[ ! -f /opt/webinoly/templates/source/www.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/source/www.conf not found!"
local ver_three_err="1"
fi
if [[ ! -f /opt/webinoly/templates/source/php.ini ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/source/php.ini not found!"
local ver_three_err="1"
fi
if [[ ! -f /opt/webinoly/templates/source/php-fpm.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/source/php-fpm.conf not found!"
local ver_three_err="1"
fi
fi
# PHP Tools
if [[ $(conf_read php) == "true" && $(conf_read nginx) == "true" ]]; then
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/ping ]]; then
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/ping not found!"
local ver_three_err="1"
fi
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/status ]]; then
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/status not found!"
local ver_three_err="1"
fi
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php ]]; then
echo "- [ERROR] File: /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php not found!"
local ver_three_err="1"
fi
fi
if [[ -z $critical_mode ]]; then
if [[ -f /etc/php/$(conf_read php-ver)/fpm/php.ini && $(conf_read php) != "true" ]]; then
echo "${dim}- [WARNING] Seems like PHP is installed but Webinoly can not detect it!${end}${red}"
local ver_three_war="1"
fi
if [[ $(conf_read php) != "true" && $(conf_read nginx) == "true" ]]; then
if [[ -f /var/www/$ADMIN_TOOLS_SITE/htdocs/status ]]; then
echo "${dim}- [WARNING] Seems like PHP Tools are enabled but Webinoly can not detect it!${end}${red}"
local ver_three_war="1"
fi
if [[ -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php ]]; then
echo "${dim}- [WARNING] Seems like PHP Tools are enabled but Webinoly can not detect it!${end}${red}"
local ver_three_war="1"
fi
fi
# PHP Conf check
if [[ $(conf_read php) != "true" && $(conf_read php-optim) == "true" ]]; then
echo "${dim}- [WARNING] PHP Configuration corrupted!${end}${red}"
local ver_three_war="1"
fi
# Check for PHP version
if [[ $(conf_read php) == "true" ]]; then
local ver_php_ver=$(php -v | grep -m1 "" | sed 's/PHP \([^\-]*\).*/\1/' | cut -f 1-2 -d'.')
if [[ $(conf_read php-ver) != $ver_php_ver ]]; then
echo "${dim}- [WARNING] PHP Version corrupted in Configuration file! (Installed: $ver_php_ver != Conf: $(conf_read php-ver)) ${end}${red}"
local ver_three_war="1"
fi
if ! [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4|8.0|8.1|8.2)$ ]]; then
echo "${dim}- [WARNING] Unknown PHP version!${end}${red}"
local ver_three_war="1"
elif [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4)$ ]]; then
echo "${dim}- [WARNING] You have an obsolete PHP version (${ver_php_ver}) installed that not even receive security updates!${end}${red}"
local ver_three_war="1"
elif [[ $ver_php_ver == "8.0" ]]; then
echo "${blu}${dim}- [INFO] PHP v8.1 or later is recommended to get an optimal perfomance! (Current: ${ver_php_ver}) ${end}${red}"
fi
fi
if [[ $ver_three_err == "1" ]]; then
echo "(3) PHP Verification Test has failed!"
elif [[ $ver_three_war == "1" ]]; then
echo "${dim}(3) PHP Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(3) PHP Verification Test successful!${end}${red}"
fi
fi
########################################
##### MySQL/MariaDB Verification #####
########################################
local ver_four_err="0"
local ver_four_war="0"
# MySQL/MariaDB
if [[ $(conf_read mysql) == "true" || $(conf_read mysql-client) == "true" ]]; then
# Check if MYSQL command is installed
if ! which mysql >/dev/null ; then
echo "- [ERROR] Seems like MYSQL command is not installed!"
local ver_four_err="1"
fi
if [[ ! -d /etc/mysql ]]; then
echo "- [ERROR] Folder: /etc/mysql not found!"
local ver_four_err="1"
fi
fi
if [[ $(conf_read mysql) == "true" ]]; then
if [[ $(conf_read db-engine) == "mysql" ]]; then
local ver_mysql_ver=$(sudo mysql --version | grep -Eo "Ver [0-9\.]+" | cut -f 2 -d' ' | cut -f 1-2 -d'.')
if [[ -n $(sudo mysql --version | grep -Fio "MariaDb") ]]; then
echo "- [ERROR] MySQL DB Engine in Configuration File is corrupted!"
local ver_four_err="1"
fi
else
# To check supported versions: https://mariadb.com/kb/en/mariadb-server/
local ver_mysql_ver=$(sudo mysql --version | sed 's/.*Distrib \([^\-]*\).*/\1/' | cut -f 1-2 -d'.')
if [[ -z $(sudo mysql --version | grep -Fio "MariaDb") || ( -n $(conf_read db-engine) && $(conf_read db-engine) != "mariadb" ) ]]; then
echo "- [ERROR] MySQL DB Engine in Configuration File is corrupted!"
local ver_four_err="1"
fi
fi
if [[ ! -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf ]]; then
echo "- [ERROR] File: $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf not found!"
local ver_four_err="1"
fi
if [[ ! -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf ]]; then
echo "- [ERROR] File: $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf not found!"
local ver_four_err="1"
fi
# PPA & Keys
if [[ $(conf_read db-engine) == "mysql" ]]; then
if [[ ! -f /usr/share/keyrings/mysql-archive-keyring.gpg || ! -s /usr/share/keyrings/mysql-archive-keyring.gpg || -z $(grep '[^[:space:]]' /usr/share/keyrings/mysql-archive-keyring.gpg ) ]]; then
echo "- [ERROR] MySQL Apt Key not found!"
local ver_four_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/mysql.list || ! -s /etc/apt/sources.list.d/mysql.list || -z $(grep '[^[:space:]]' /etc/apt/sources.list.d/mysql.list ) ]]; then
echo "- [ERROR] MySQL PPA not found in sources list!"
local ver_four_err="1"
fi
elif [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
if [[ ! -f /etc/apt/trusted.gpg || -z $(grep -Foia "mariadb signing key" /etc/apt/trusted.gpg) ]]; then
echo "- [ERROR] MariaDB Apt Key not found!"
local ver_four_err="1"
fi
if [[ ! -f /etc/apt/sources.list || -z $(grep -Fo "mirrors.syringanetworks.net/mariadb/repo" /etc/apt/sources.list) ]]; then
echo "- [ERROR] MariaDB PPA not found in sources list!"
local ver_four_err="1"
fi
else
if [[ ! -f /usr/share/keyrings/mariadb-archive-keyring.gpg || ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mariadb-archive-keyring.gpg | grep '[^[:space:]]') ]]; then
echo "- [ERROR] MariaDB Apt Key not found!"
local ver_four_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/mariadb.list || ! -s /etc/apt/sources.list.d/mariadb.list || -z $(grep '[^[:space:]]' /etc/apt/sources.list.d/mariadb.list ) ]]; then
echo "- [ERROR] MariaDB PPA not found in sources list!"
local ver_four_err="1"
fi
fi
# MySQL/MariaDB Connection
if [[ -n $(conf_read mysql-root) ]]; then # Dynvar can be removed safely!
local ROOT_PASS=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
[[ -z $ROOT_PASS ]] && ROOT_PASS="dUmb"
if ! sudo mysql --connect-timeout=10 --user=root -p$ROOT_PASS -e "quit" 2>/dev/null; then
echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (root)"
local ver_four_err="1"
fi
fi
if ! sudo mysql --connect-timeout=10 --user=admin -e "quit" 2>/dev/null; then
echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (admin)"
local ver_four_err="1"
fi
fi
if [[ -z $critical_mode ]]; then
# MySQL RAM requirements!
if [[ $(conf_read db-engine) == "mysql" && $ram -lt 2 ]]; then
echo "${dim}- [WARNING] You have MySQL set as database engine, you should not use it in production with less than 2GB RAM. (4GB recommended) ${end}${red}"
local ver_four_war="1"
fi
# Check for MySQL version
if [[ $(conf_read mysql) == "true" ]]; then
if [[ $(conf_read mysql-ver) != $ver_mysql_ver ]]; then
echo "${dim}- [WARNING] MySQL/MariaDB Version corrupted in Configuration file! (Installed: $ver_mysql_ver != Conf: $(conf_read mysql-ver)) ${end}${red}"
local ver_four_war="1"
fi
# MySQL and MariaDB can be mixed, don't worry!
if ! [[ $ver_mysql_ver =~ ^(8.0|10.0|10.1|10.2|10.3|10.4|10.5|10.6|10.11)$ ]]; then
echo "${dim}- [WARNING] Unknown MySQL/MariaDB version!${end}${red}"
local ver_four_war="1"
elif [[ $ver_mysql_ver =~ ^(10.0|10.1|10.2|10.3)$ ]]; then
echo "${dim}- [WARNING] You have an obsolete MariaDB version (${ver_mysql_ver}) installed that not even receive security updates!${end}${red}"
local ver_four_war="1"
elif [[ $ver_mysql_ver =~ ^(10.4)$ ]]; then
echo "${blu}${dim}- [INFO] MariaDB v10.6 or later is recommended to get an optimal perfomance! (Current: ${ver_mysql_ver}) ${end}${red}"
fi
fi
if [[ $(conf_read mysql) != "true" && $(conf_read mysql-tool-pma) == "true" ]]; then
echo "${dim}- [WARNING] MySQL Configuration corrupted!${end}${red}"
local ver_four_war="1"
fi
if [[ -d /etc/mysql && $(conf_read mysql) != "true" && $(conf_read mysql-client) != "true" ]]; then
echo "${dim}- [WARNING] Seems like some MySQL data remains but MySQL is not installed or Webinoly can not detect it!${end}${red}"
local ver_four_war="1"
fi
if [[ ( -d /var/www/$ADMIN_TOOLS_SITE/htdocs/pma || -d /usr/share/phpmyadmin ) && $(conf_read mysql-tool-pma) != "true" ]]; then
echo "${dim}- [WARNING] Seems like phpMyAdmin is installed but Webinoly can not detect it!${end}${red}"
local ver_four_war="1"
fi
if [[ $(conf_read mysql-client) == "true" ]]; then
# DB Role - Check Privileges!
local dbrolecheck=$(conf_read dbrole)
local dbrolecheck=${dbrolecheck,,}
if [[ $dbrolecheck == "all" ]]; then
echo "${blu}${dim}- [INFO] DB Default Privileges are set to ALL, you should consider a more-restrictive value! (Also, some external DB services may not work) ${end}${red}"
elif [[ $dbrolecheck == "grant" ]]; then
echo "${blu}${dim}- [INFO] DB Default Privileges are set to GRANT, you should consider a more-restrictive value! ${end}${red}"
elif [[ $dbrolecheck == "basic" ]]; then
echo "${blu}${dim}- [INFO] DB Default Privileges are set to BASIC, some sites may not work properly with basic privileges! ${end}${red}"
fi
# Saved DB Credentials
conf_write quiet true
if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbu) && -n $(conf_read external-dbp) && -n $(conf_read external-dbx) ]]; then
local svdb=$(check_mysql_connection $(conf_read external-dbh) $(conf_read external-dbx) $(conf_read external-dbu) $(conf_read external-dbp) -master-admin)
if [[ $svdb == "false" ]]; then
echo "- [ERROR] External DB Connection failed! (Saved credentials for: $(conf_read external-dbh):$(conf_read external-dbx))"
local ver_four_err="1"
elif [[ $svdb == "truebutnotmaster" ]]; then
echo "${dim}- [WARNING] External DB Connection seems like not have Master user privileges! (Saved credentials for: $(conf_read external-dbh):$(conf_read external-dbx)) ${end}${red}"
local ver_four_war="1"
fi
fi
conf_delete quiet
fi
if [[ $ver_four_err == "1" ]]; then
echo "(4) MySQL/MariaDB Verification Test has failed!"
elif [[ $ver_four_war == "1" ]]; then
echo "${dim}(4) MySQL/MariaDB Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(4) MySQL/MariaDB Verification Test successful!${end}${red}"
fi
fi
#########################################
##### Service Status Verification #####
#########################################
local ver_five_err="0"
local ver_five_war="0"
if [[ $(conf_read nginx) == "true" ]] && ! systemctl is-active --quiet nginx; then
echo "- [ERROR] Nginx service not running!"
local ver_five_err="1"
fi
if [[ $(conf_read php) == "true" ]] && ! systemctl is-active --quiet php$(conf_read php-ver)-fpm; then
echo "- [ERROR] PHP service not running!"
local ver_five_err="1"
fi
if [[ $(conf_read mysql) == "true" ]] && ! systemctl is-active --quiet mysql; then
echo "- [ERROR] MySQL/MariaDB service not running!"
local ver_five_err="1"
fi
if [[ $(conf_read php-tool-redis) == "true" ]] && ! systemctl is-active --quiet redis-server; then
echo "- [ERROR] Redis service not running!"
local ver_five_err="1"
fi
if [[ $(conf_read php-tool-memcached) == "true" ]] && ! systemctl is-active --quiet memcached; then
echo "- [ERROR] Memcached service not running!"
local ver_five_err="1"
fi
if [[ $(conf_read php-tool-postfix) == "true" ]] && ! systemctl is-active --quiet postfix; then
echo "- [ERROR] Postfix service not running!"
local ver_five_err="1"
fi
if [[ $(conf_read nginx) == "true" ]] && ! sudo nginx -t 2>/dev/null; then
echo "- [ERROR] Nginx Configuration check failed!"
local ver_five_err="1"
fi
if [[ -z $critical_mode ]]; then
if [[ $ver_five_err == "1" ]]; then
echo "(5) Service Status Verification Test has failed!"
else
echo "${gre}${dim}(5) Service Status Verification Test successful!${end}${red}"
fi
fi
###########################################
##### Operating System Verification #####
###########################################
local ver_six_err="0"
local ver_six_war="0"
local swa=$(grep SwapTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k')
if [[ $(conf_read linux-optim) == "true" && ( -z $swa || $swa == "0" ) && $(conf_read swap-mem) != 0 ]]; then
echo "- [ERROR] SWAP Memory File not found!"
local ver_six_err="1"
fi
# Check OS support
if [[ $(lsb_release -i | cut -d':' -f 2 | xargs) != "Ubuntu" ]]; then
echo "- [ERROR] This Operating System is not supported!"
local ver_six_err="1"
elif [[ $(check_ubuntu_release) != "true" ]]; then
echo "- [ERROR] This Ubuntu version is not supported!"
local ver_six_err="1"
elif [[ $(lsb_release -c | cut -d':' -f 2 | xargs) == "bionic" ]]; then
#echo "${blu}${dim}- [INFO] You should start considering moving to Ubuntu 22.04 or 20.04 ${end}${red}"
echo "${dim}- [WARNING] Support for Ubuntu 18.04 will be removed very soon! ${end}${red}"
local ver_six_war="1"
fi
# Double-Check for sudo/root privileges
if [[ $(whoami) != "root" ]]; then
echo "- [ERROR] This user has no sudo/root privileges!"
local ver_six_err="1"
fi
# Check disk usage
local ver_disk=$(df -h --output=pcent / | grep -Eo "[0-9]+")
if [[ $ver_disk =~ ^[0-9]+$ && $ver_disk -gt 75 ]]; then
echo "${dim}- [WARNING] You are running out of disk space! (Usage: ${ver_disk}%) (Logs: $(sudo du -sh /var/log | cut -d"/" -f 1 -s))${end}${red}"
local ver_six_war="1"
fi
# Check if WGET is installed
if ! which wget >/dev/null ; then
echo "- [ERROR] Seems like WGET package is not installed!"
local ver_six_err="1"
fi
# Check for OS Updates
# Run in non-critical mode and when updating Webinoly to remember that is important to keep the OS updated, not only Webinoly.
# For example, we can implement new Nginx directives and it will fails if Nginx package is not updated.
if [[ -z $critical_mode || -n $check_for_updates ]]; then
if [[ -f /usr/lib/update-notifier/apt-check ]]; then
local ver_os_updates=$(echo $(/usr/lib/update-notifier/apt-check --human-readable) | grep -Eo "[0-9]+ " | head -1 | sed "s/ //")
if [[ $ver_os_updates =~ ^[0-9]+$ && $ver_os_updates -gt 0 ]]; then
echo "${dim}- [WARNING] Operating System is not updated, $ver_os_updates updates can be installed immediately.${end}${red}"
local ver_six_war="1"
fi
fi
fi
if [[ -z $critical_mode ]]; then
# Check for BASH Shell
# This is a very "shity" method, but checking if file exists is very reliable
# If modified: this same script is in installer, general lib and verify
if [[ $(conf_read shell-check) != "false" && -n $(echo $(tty) | grep -Eo "pts/[0-9]+") && -n $(logname) ]]; then
local ver_pre_pid=$(ps -au | grep -E "pts/[0-9]+[ ]+S[s]?[ ]+" | sed '/sudo/d' | tail -n 1)
[[ -n $ver_pre_pid ]] && local ver_shell_pid=$(echo $ver_pre_pid | awk '{print $2}')
[[ -n $ver_shell_pid && -f /proc/$ver_shell_pid/cmdline ]] && local ver_shell_current=$(tr -d '\000' < /proc/$ver_shell_pid/cmdline)
[[ -n $ver_shell_pid && -f /proc/$ver_shell_pid/status ]] && local ver_shell_status=$(grep -Eo '^Name:.*bash.*' /proc/$ver_shell_pid/status) # Double check!!!
if [[ -n $ver_shell_current && $ver_shell_current != *"bash"* && -z $ver_shell_status ]]; then
# Should never be displayed because is blocked in general lib, but who knows!
echo "${dim}- [WARNING] Seems like you are using an interactive shell different than BASH! ${dim}($(echo $ver_pre_pid | awk '{print $1}'):${ver_shell_current}) ${end}${red}"
local ver_six_war="1"
elif [[ -z $ver_shell_current ]]; then
echo "${blu}${dim}- [INFO] Shell check fails to retrieve data! ${end}${red}"
fi
fi
# Check if timezone is set
if [[ -z $(conf_read timezone) ]] || ! grep -Fxq $(conf_read timezone) /opt/webinoly/lib/timezone.dat; then
echo "${dim}- [WARNING] Timezone is not set or not valid!${end}${red}"
local ver_six_war="1"
fi
if [[ $ver_six_err == "1" ]]; then
echo "(6) Operating System Verification Test has failed!"
elif [[ $ver_six_war == "1" ]]; then
echo "${dim}(6) Operating System Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(6) Operating System Verification Test successful!${end}${red}"
fi
fi
###########################################
##### Additional Tools Verification #####
###########################################
local ver_seven_err="0"
local ver_seven_war="0"
# Web Tools
if [[ $(conf_read php-tool-redis) == "true" ]]; then
# Check if REDIS command is installed
if ! which redis-cli >/dev/null ; then
echo "- [ERROR] Seems like Redis command is not installed!"
local ver_seven_err="1"
fi
if [[ ! -d /etc/redis ]]; then
echo "- [ERROR] Folder: /etc/redis not found!"
local ver_seven_err="1"
fi
# 18.04 - /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg
# 20.04 - /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg
# 22.04 - /usr/share/keyrings/redis-archive-keyring.gpg
if [[ ( ! -f /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg | grep '[^[:space:]]') ) && ( ! -f /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg | grep '[^[:space:]]') ) && ( ! -f /usr/share/keyrings/redis-archive-keyring.gpg || ! -s /usr/share/keyrings/redis-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/redis-archive-keyring.gpg | grep '[^[:space:]]') ) ]]; then
echo "- [ERROR] Redis Apt Key not found!"
local ver_seven_err="1"
fi
# 18.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list
# 20.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list
# 22.04 - /etc/apt/sources.list.d/redis.list
if [[ ( ! -f /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || ! -s /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || -z $(grep '[^[:space:]]' /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list ) ) && ( ! -f /etc/apt/sources.list.d/redis.list || ! -s /etc/apt/sources.list.d/redis.list || -z $(grep '[^[:space:]]' /etc/apt/sources.list.d/redis.list )) ]]; then
echo "- [ERROR] Redis PPA not found in sources list!"
local ver_seven_err="1"
fi
fi
if [[ $(conf_read mysql-tool-pma) == "true" && ! -d /var/www/$ADMIN_TOOLS_SITE/htdocs/pma ]]; then
echo "- [ERROR] Folder: /var/www/$ADMIN_TOOLS_SITE/htdocs/pma not found!"
local ver_seven_err="1"
fi
if [[ $(conf_read php-tool-memcached) == "true" ]]; then
# Check if MEMCACHED command is installed
if ! which memcached >/dev/null ; then
echo "- [ERROR] Seems like Memcached command is not installed!"
local ver_seven_err="1"
fi
fi
if [[ $(conf_read php-tool-postfix) == "true" && ! -d /etc/postfix ]]; then
echo "- [ERROR] Folder: /etc/postfix not found!"
local ver_seven_err="1"
fi
if [[ $(conf_read php-tool-postfix) == "true" && ! -f /opt/webinoly/templates/source/main.cf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/source/main.cf not found!"
local ver_seven_err="1"
fi
if [[ $(conf_read nginx-tool-ssl) == "true" ]]; then
# Check if CERTBOT command is installed
if ! which certbot >/dev/null ; then
echo "- [ERROR] Seems like Certbot command is not installed!"
local ver_seven_err="1"
fi
fi
if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then
# Check if DUPLY command is installed
if ! which duply >/dev/null ; then
echo "- [ERROR] Seems like Duply command is not installed!"
local ver_seven_err="1"
fi
# Check if DUPLICITY command is installed
if ! which duplicity >/dev/null ; then
echo "- [ERROR] Seems like Duplicity command is not installed!"
local ver_seven_err="1"
fi
fi
if [[ -z $critical_mode ]]; then
# Check for SSL Orphan-Certs
for cert in "/etc/letsencrypt/live"/*
do
domain=$(echo $cert | cut -f 5 -d "/")
if [[ -d $cert && ! -f /etc/nginx/sites-available/$domain ]]; then
echo "${blu}${dim}- [INFO] SSL Orphan-Cert found ($domain)!${end}${red}"
fi
done
# Backups integrity
if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then
if [[ -d $HOME/.duply ]]; then
for f in $HOME/.duply/*
do
if [[ -d $f && ! -f $f/conf ]]; then
echo "${dim}- [WARNING] Backup Configuration corrupted! (Not found: ${f}/conf) ${end}${red}"
local ver_seven_war="1"
elif [[ -d $f && -f $f/conf && ! -d $(grep -E "^SOURCE[ ]?=" $f/conf | cut -f 2 -d "'" ) ]]; then
echo "${dim}- [WARNING] Backup Configuration corrupted! (Invalid source in: ${f}/conf) ${end}${red}"
local ver_seven_war="1"
fi
done
fi
fi
if [[ $ver_seven_err == "1" ]]; then
echo "(7) Additional Tools Verification Test has failed!"
elif [[ $ver_seven_war == "1" ]]; then
echo "${dim}(7) Additional Tools Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(7) Additional Tools Verification Test successful!${end}${red}"
fi
fi
##################################
##### Checking Permissions #####
##################################
local ver_eight_err="0"
local ver_eight_war="0"
if [[ -z $critical_mode ]]; then
# /var/www
if [[ -d /var/www ]]; then
local ver_perm_user=$(find /var/www -path "/var/www/*" ! -path "/var/www/\.*" ! -user www-data | head -10)
local ver_perm_dire=$(find /var/www ! -path "/var/www/\.*" -type d ! -perm 755 | head -10) # Exclude dotted folders
local ver_perm_file=$(find /var/www ! -path "/var/www/\.*/*" -type f ! -perm 644 | head -10) # Exclude files inside dotted folders
if [[ $(conf_read login-www-data) != "true" && -d /var/www && $(stat -c '%U' /var/www) != "www-data" ]]; then
echo "${dim}- [WARNING] Directory owner is not 'www-data' /var/www ${end}${red}"
local ver_eight_war="1"
elif [[ $(conf_read login-www-data) == "true" && -d /var/www && $(stat -c '%U' /var/www) != "root" ]]; then
echo "${dim}- [WARNING] Directory owner is not 'root' /var/www ${end}${red}"
local ver_eight_war="1"
fi
if [[ -n $ver_perm_user ]]; then
echo "$ver_perm_user" | sed "s/^/${dim}- \[WARNING\] File or directory owner is not 'www-data' /" | sed "s/$/${end}${red}/"
local ver_eight_war="1"
fi
if [[ -n $ver_perm_dire ]]; then
echo "$ver_perm_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 755 /" | sed "s/$/${end}${red}/"
local ver_eight_war="1"
fi
if [[ -n $ver_perm_file ]]; then
echo "$ver_perm_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/"
local ver_eight_war="1"
fi
fi
# Check for .ssh folders
while true
do
[[ -z $ver_count_ssh ]] && local ver_count_ssh=0
if [[ $ver_count_ssh == 0 ]]; then
local ver_check_dir=$CURRENT_HOME
local ver_check_user=$CURRENT_USER
local ver_count_ssh=1
elif [[ $ver_count_ssh == 1 ]]; then
local ver_check_dir="/var/www"
local ver_check_user="www-data"
local ver_count_ssh=2
# Always check root when logname user is different!
elif [[ $ver_count_ssh == 2 && $CURRENT_HOME != "/root" ]]; then
local ver_check_dir="/root"
local ver_check_user="root"
local ver_count_ssh=3
else
break
fi
if [[ -d $ver_check_dir/.ssh ]]; then
local ver_ssh_owner=$(find $ver_check_dir/.ssh ! -user $ver_check_user | head -10)
local ver_ssh_dire=$(sudo find $ver_check_dir/.ssh -type d ! -perm 700 | head -10)
local ver_ssh_file=$(sudo find $ver_check_dir/.ssh ! -path "$ver_check_dir/.ssh/*.pub" -type f ! -perm 600 | head -10)
local ver_ssh_fpub=$(sudo find $ver_check_dir/.ssh -path "$ver_check_dir/.ssh/*.pub" -type f ! -perm 644 | head -10)
if [[ -n $ver_ssh_owner ]]; then
echo "$ver_ssh_owner" | sed "s/^/${dim}- \[WARNING\] File owner is not '${ver_check_user}' /" | sed "s/$/${end}${red}/"
local ver_eight_war="1"
fi
if [[ -n $ver_ssh_dire ]]; then
echo "$ver_ssh_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 700 /" | sed "s/$/${end}${red}/"
local ver_eight_war="1"
fi
if [[ -n $ver_ssh_file ]]; then
echo "$ver_ssh_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 600 /" | sed "s/$/${end}${red}/"
local ver_eight_war="1"
fi
if [[ -n $ver_ssh_fpub ]]; then
echo "$ver_ssh_fpub" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/"
local ver_eight_war="1"
fi
fi
done
if [[ $ver_eight_err == "1" ]]; then
echo "(8) Permissions Verification Test has failed!"
elif [[ $ver_eight_war == "1" ]]; then
echo "${dim}(8) Permissions Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(8) Permissions Verification Test successful!${end}${red}"
fi
fi
################################
##### Sites Verification #####
################################
local ver_nine_err="0"
local ver_nine_war="0"
if [[ -z $critical_mode ]]; then
for ver_site in "/etc/nginx/sites-available"/*
do
local ver_domi=$(echo $ver_site | cut -f 5 -d "/")
if [[ $ver_domi != "html" && $ver_domi != $ADMIN_TOOLS_SITE ]]; then
# If WordPress, then check connection!
if [[ $(is_wp $ver_domi) == "true" ]]; then
if [[ ( ! -s /etc/nginx/.htpasswd || -z $(grep '[^[:space:]]' /etc/nginx/.htpasswd )) && ( ! -s /etc/nginx/apps.d/.htpasswd-$ver_domi || -z $(grep '[^[:space:]]' /etc/nginx/apps.d/.htpasswd-$ver_domi )) && $(is_wp_auth $ver_domi) == "true" ]]; then
echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found for $ver_domi${end}${red}"
fi
wp_conf_retrieve $ver_domi false false
if [[ $wp_dbhost_host == "localhost" && ( -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname $mysql_param) != "true" ) ]]; then
echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}"
local ver_nine_war="1"
elif [[ $wp_dbhost_host == "localhost" && -n $wp_dbhost_port ]]; then
echo "${blu}${dim}- [INFO] Localhost with custom port could have a negative impact in performance (Site: $ver_domi | Host: ${wp_dbhost}).${end}${red}"
elif [[ $wp_dbhost_host != "localhost" && ( -z $wp_dbhost_host || -z $wp_dbhost_port || -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass $wp_dbname) != "true" ) ]]; then
echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}"
local ver_nine_war="1"
fi
# If not WP but WP files are found then alert! (people manually installing WP)
elif [[ -f /var/www/$ver_domi/wp-config.php || -f /var/www/$ver_domi/htdocs/wp-config.php ]]; then
echo "${red}${dim}- [WARNING] Seems like $ver_domi is a WordPress site but configured for a different type! ${end}${red}"
local ver_nine_war="1"
fi
fi
done
if [[ $ver_nine_err == "1" ]]; then
echo "(9) Sites Verification Test has failed!"
elif [[ $ver_nine_war == "1" ]]; then
echo "${dim}(9) Sites Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(9) Sites Verification Test successful!${end}${red}"
fi
fi
echo "${end}"
if [[ $ver_one_err != 0 || $ver_two_err != 0 || $ver_three_err != 0 || $ver_four_err != 0 || $ver_five_err != 0 || $ver_six_err != 0 || $ver_seven_err != 0 || $ver_eight_err != 0 || $ver_nine_err != 0 ]]; then
echo "${red}*******************************************************"
echo "******** ${bol}> > > E R R O R < < <${end}${red} ***********"
echo "******** ${bol}System could not work properly${end}${red} ***********"
echo "******************************************************* ${end}"
conf_write stack-build-error-flag true
return 1
elif [[ $ver_one_war != 0 || $ver_two_war != 0 || $ver_three_war != 0 || $ver_four_war != 0 || $ver_five_war != 0 || $ver_six_war != 0 || $ver_seven_war != 0 || $ver_eight_war != 0 || $ver_nine_war != 0 ]]; then
if [[ -z $critical_mode ]]; then
echo "${red}***************************************************************************************************"
echo "******** ${bol}[ W A R N I N G ] There are some messages that should be attended!${end}${red} ***********"
echo "*************************************************************************************************** ${end}"
fi
conf_delete stack-build-error-flag
return 0
else
conf_delete stack-build-error-flag
[[ -z $critical_mode ]] && echo "${bol}${gre}Integrity test successfully passed!!! ${end}"
return 0
fi
}
Reference in a new issue View git blame Copy permalink