#!/bin/bash
# functions.sh
# Logger functions for all toolkits postinstalls
#
# Globals
##########################################################
RAM_SIZE=$(awk '/^DirectMap.*kB/ { sum+=$2} END {memMb=sum / 1024; printf "%.0f\n", memMb}' /proc/meminfo)
RAM_FUDGE=200
KCARE_CONTACT='kernelcare-issues@liquidweb.com'
#
# functions
##########################################################
function set_firewalld_backend() {
sed -i 's/FirewallBackend=.*/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf
systemctl restart firewalld.service
}
function firewalld_allow_http() {
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https
}
function set_update_cron_debuntu() {
logger "START" "Install daily apt-get update/upgrade cron"
local MINUTE=$((( RANDOM % 60 )))
local HOUR=$((( RANDOM % 24 )))
cat << EOFUPDATES > /etc/cron.d/liquidweb_pkg_updates
$MINUTE $HOUR * * * root export DEBIAN_FRONTEND='noninteractive'; apt-get update; apt-get -y upgrade
EOFUPDATES
chmod 755 /etc/cron.d/liquidweb_pkg_updates
logger "END" "Install daily apt-get update/upgrade cron"
}
function set_update_cron_centos() {
logger "START" "Install daily yum update/upgrade cron"
local MINUTE=$((( RANDOM % 60 )))
local HOUR=$((( RANDOM % 24 )))
cat << EOFUPDATES > /etc/cron.d/liquidweb_pkg_updates
$MINUTE $HOUR * * * root yum clean all > /dev/null 2>&1; yum update -y > /dev/null 2>&1
EOFUPDATES
chmod 644 /etc/cron.d/liquidweb_pkg_updates
logger "END" "Install daily yum update/upgrade cron"
}
function set_csf_update_cron_centos() {
logger "START" "Install daily csf update/upgrade cron"
local MINUTE=$((( RANDOM % 60 )))
local HOUR=$((( RANDOM % 24 )))
cat << EOFUPDATES > /etc/cron.d/csf_update
$MINUTE $HOUR * * * root /usr/sbin/csf -u > /dev/null 2>&1
EOFUPDATES
chmod 644 /etc/cron.d/csf_update
logger "END" "Install daily csf update/upgrade cron"
}
function logger() {
LOGDIR='/usr/local/lp/logs'
LOGFILE="${LOGDIR}/postinstall.log"
[[ ! -d ${LOGDIR} ]] && mkdir -p ${LOGDIR}
[ -z "$1" ] || [ -z "$2" ] && {
echo "FATAL: logger called with invalid arguments" >> ${LOGFILE}
exit 1
}
echo "[$1 STEP:] $2" >> ${LOGFILE}
shopt -s nocasematch
[[ $1 = "END" ]] && echo -e "...\n..." >> ${LOGFILE}
shopt -u nocasematch
}
function run_and_log() {
[ -z "$1" ] && {
echo "run_and_log() missing an argument"
exit 1
}
logger "START" "[$1]"
((time $1 1>&3 >> ${LOGFILE} ) 2>&1 | awk '/^real[\t]+[0-9]+m[0-9]+\.[0-9]+s/ {print "[END STEP:] " $2}' 1>&2 >> ${LOGFILE} ) 3>&1
echo -e "...\n..." >> ${LOGFILE}
}
function fetch_domainname_from_fqdn() {
# So this isn't ideal; but probably good enough for our use case
# here. What im doing is just returning everything after the first
# dot as the domain name. If this ends up not meeting our use case
# someday, then I suggest we parse something like this:
#
# https://publicsuffix.org/list/effective_tld_names.dat
#
echo $(echo ${1} | sed 's/[^.]*.//')
}
function wait_for_mysql_pid() {
local -i loop_pass_mysql_pid
local -i timeout
if [ -z "$1" ]; then
timeout=600 # 10 minutes, default
else
timeout=$1
fi
if which pgrep > /dev/null 2>&1 ; then
loop_pass_mysql_pid=0
while ! pgrep mysqld > /dev/null 2>&1 ; do
if [[ ${loop_pass_mysql_pid} -ge ${timeout} ]]; then
logger "ERROR" "Timeout of [${timeout}] seconds; MySQL PID"
# Met timeout, return indicating failure.
return 1
fi
sleep 1
loop_pass_mysql_pid=$((loop_pass_mysql_pid + 1))
done
# If we got this far, MySQL is running. Indicate this.
return 0
else
logger "ERROR" "Unable to determine if mysql is running. Is pgrep installed?"
return 1
fi
}
function fetch_mysql_pw() {
mysql_pw_raw=$(awk '/^password=/ { print substr($0,10) }' /root/.my.cnf)
mysql_pw=$(strip_string_ini ${mysql_pw_raw})
echo "${mysql_pw}"
}
function fetch_mysql_user() {
mysql_user_raw=$(awk '/^user=/ { print substr($0,6) }' /root/.my.cnf)
mysql_user=$(strip_string_ini ${mysql_user_raw})
echo "${mysql_user}"
}
function strip_string_ini() {
str=$1
# *If* the string is between "s OR 's, remove them.
[[ ${str:0:1}${str: -1} == '""' ]] || [[ ${str:0:1}${str: -1} == "''" ]] && {
# Remove first char
str=$(echo "${str/${str:0:1}/}")
# Remove last char
str=$(echo ${str%?})
}
echo "${str}"
}
function verify_root_my_cnf() {
[ -e '/root/.my.cnf' ] && {
return 0
} || {
logger "ERROR" "[/root/.my.cnf] does not exist"
return 1
}
}
function wait_for_mysql() {
local -i loop_pass_mysql_conn
local -i timeout
if [ -z "$1" ]; then
timeout=600 # 10 minutes, default
else
timeout=$1
fi
wait_for_mysql_pid ${timeout}
if [ $? -eq 0 ]; then
# mysql is running, verify its accepting connections.
if which mysqladmin > /dev/null 2>&1 ; then
mysqladmin=$(fetch_mysqladmin_prefix)
[[ -z $mysqladmin ]] && return 1
while ! $mysqladmin proc > /dev/null 2>&1 ; do
if [[ ${loop_pass_mysql_conn} -ge ${timeout} ]]; then
logger "ERROR" "Timeout of [${timeout}] seconds; MySQL connection"
# Met timeout, return indicating failure.
return 1
fi
sleep 1
loop_pass_mysql_conn=$((loop_pass_mysql_conn + 1))
done
# If we made it here, mysql is running; and accepting connections.
# Give the all clear.
return 0
else
logger "ERROR" "mysqladmin is not in the PATH"
return 1
fi
else
return 1
fi
}
function fetch_mysqladmin_prefix() {
# When postinstall is ran from ttyS0 (serial console) /root/.my.cnf i
# not read by mysqladmin automatically like it is through a normal SSH
# connection. Remedy this by parsing it manually and always invoking
# mysqladmin with user/pw flags.
[ verify_root_my_cnf ] || {
return 1
}
mysql_pass=$(fetch_mysql_pw)
mysql_user=$(fetch_mysql_user)
echo "mysqladmin --password=${mysql_pass} --user=${mysql_user}"
}
function randomize_mysql_root_pw() {
local -i timeout
local MYSQL_ROOT_PASS
if [ -z "$1" ]; then
timeout=600 # 10 minutes, default
else
timeout=$1
fi
if [ -f '/root/TEMPLATE_DEF_CHANGE_ME' ]; then
wait_for_mysql ${timeout}
if [ $? -eq 0 ]; then
logger "START" "Randomize template default MySQL root password"
MYSQL_ROOT_PASS=`cat /dev/urandom| tr -dc 'a-zA-Z0-9' | head -c 13`
mysqladmin=$(fetch_mysqladmin_prefix)
[[ -z $mysqladmin ]] && return 1
$mysqladmin password ${MYSQL_ROOT_PASS} &>/dev/null
# Place /root/.my.cnf for later postinstall modification.
cat << EOF > /root/.my.cnf
[client]
password=${MYSQL_ROOT_PASS}
user=root
EOF
chmod 600 /root/.my.cnf
logger "END" "Randomize template default MySQL root password"
else
logger "ERROR" "MySQL not responding, unable to randomize MySQL root pw."
fi
# Remove it, so we only run on fresh create.
rm -f /root/TEMPLATE_DEF_CHANGE_ME
fi
}
# Installation instructions provided per rt#162949.
# Per above, this needs to be installed here because
# we need to have the assigned FQDN and IP(s) at time
# of installation.
function install_kcare_el() {
logger "START" "Install kernelcare (EL)"
[[ -e '/root/KCARE_TEMPLATE_IS_BUILDING' ]] && rm -f /root/KCARE_TEMPLATE_IS_BUILDING
export KCARE_PATCH_SERVER=https://kernelcare.liquidweb.com/
export KCARE_REGISTRATION_URL=https://kernelcare.liquidweb.com/admin/api/kcare
export KCARE_MAILTO=${KCARE_CONTACT}
run_and_log "wget -O /root/kernelcare-latest.x86_64.rpm http://patches.kernelcare.com/kernelcare-latest.x86_64.rpm"
run_and_log "yum -y localinstall /root/kernelcare-latest.x86_64.rpm --nogpgcheck"
run_and_log "rm -f /root/kernelcare-latest.x86_64.rpm"
run_and_log "yum -y update kernelcare"
# Bypass logger so the key isnt logged.
kcarectl --register Y6n1V956wKGTv46u --register-autoretry
run_and_log "kcarectl -u"
logger "END" "Install kernelcare (EL)"
}
function install_kcare_ubuntu() {
logger "START" "Install kernelcare (Ubuntu)"
export KCARE_PATCH_SERVER=https://kernelcare.liquidweb.com/
export KCARE_REGISTRATION_URL=https://kernelcare.liquidweb.com/admin/api/kcare
export KCARE_MAILTO=${KCARE_CONTACT}
run_and_log "wget -O /root/kernelcare-latest.deb http://patches.kernelcare.com/kernelcare-latest.deb"
run_and_log "dpkg -i /root/kernelcare-latest.deb"
run_and_log "rm -f /root/kernelcare-latest.deb"
run_and_log "apt-get -y install --only-upgrade kernelcare"
# Bypass logger so the key isnt logged.
kcarectl --register Y6n1V956wKGTv46u --register-autoretry
run_and_log "kcarectl -u"
logger "END" "Install kernelcare (Ubuntu)"
}
# Replace the given string in the given file.
function replace_string_in_file() {
local file=$1
local match_string=$2
local string_to_insert=$3
[[ -e ${file} ]] && {
logger "START" "Replace match of [${match_string}] with [${string_to_insert}] in [${file}]"
local file_orig=$(<${file})
local file_new=''
while read -r line; do
[[ ${line} =~ ${match_string} ]] && {
file_new+="${string_to_insert}
"
} || {
file_new+="${line}
"
}
done <<< "${file_orig}"
echo "${file_new}" > ${file}
logger "END" "Replace match of [${match_string}] with [${string_to_insert}] in [${file}]"
} || {
logger "WARNING" "Instructed to modify [${file}] but it doesn't exist"
}
}
# This refreshes the softaculous license
function refresh_softaculous_license {
logger "START" "Refresh Softaculous license"
run_and_log "timeout 180s /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php"
logger "END" "Refresh Softaculous license"
}
# This disables all emails softaculous sends to an end user.
function set_softaculous_enduser_emails_off() {
replace_string_in_file '/usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php' 'off_email_link' "\$globals['off_email_link'] = 1;"
}
# Set softaculous from_email. Prevents emails from (unknown sender) when installing apps
# via Softaculous.
function set_softaculous_from_email() {
replace_string_in_file '/usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php' 'from_email' "\$globals['from_email'] = 'root@${HOSTNAME}';"
}
function place_randomized_upcp_cron() {
logger "START" "Place randomized upcp cron"
[[ -z $(crontab -l|grep 'scripts/upcp --cron') ]] && {
hour=$(awk -v seed=${RANDOM} 'BEGIN{srand(seed);print int(rand()*(23-0)) }')
min=$(awk -v seed=${RANDOM} 'BEGIN{srand(seed);print int(rand()*(59-0)) }')
{ crontab -l -u root; echo "${min} ${hour} * * * /usr/local/cpanel/scripts/upcp --cron > /dev/null 2>&1"; } | crontab -u root -
} || {
logger "ERROR" "upcp --cron entry already exists!"
}
logger "END" "Place randomized upcp cron"
}
function install_cloudlinux {
logger "START" "CloudLinux Registration"
run_and_log "wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy -O /root/cldeploy"
run_and_log "/bin/sh /root/cldeploy -i"
run_and_log "/usr/local/lp/temp/lw-cloudlinux-build-request"
logger "END" "CloudLinux Registration"
}
function fix_passive_ftp {
logger "START" "Fix passive FTP"
if [ -f '/etc/pure-ftpd.conf' ]; then
sed -i '/ForcePassiveIP/ s/^/#/' /etc/pure-ftpd.conf
sed -i '/ForcePassiveIP/d' /var/cpanel/conf/pureftpd/main
run_and_log "/scripts/restartsrv_pureftpd"
else
logger "WARNING" "pure-ftpd.conf not present, this is likely not a cPanel template"
fi
logger "END" "Fix passive FTP"
}
function enable_submission_plesk() {
logger "START" "Enable submission port for postfix"
run_and_log "/usr/local/psa/bin/mailserver --set-message-submission true"
logger "END" "Enable submission port for postfix"
}
function remove_fail2ban() {
logger "START" "Remove fail2ban"
run_and_log "yum -y remove fail2ban"
logger "END" "Remove fail2ban"
}
function lwadmin_reconcile {
logger "START" "Running lwadmin_reconcile script"
if [ -f "/usr/local/lp/bin/lwadmin_reconcile" ]; then
run_and_log "/usr/local/lp/bin/lwadmin_reconcile"
else
logger "WARNING" "/usr/local/lp/bin/lwadmin_reconcile not present. lwauth package is likely not installed"
fi
logger "END" "Running lwadmin_reconcile script"
}
function prom_exporters_setup_mysql_user {
logger "START" "PromExporters: Setting up MySQL user"
if [[ -x /usr/local/lp/opt/exporters/scripts/setup_mysql_user.sh ]]; then
if [[ -z ${HOME} ]]; then
export HOME=/root
fi
run_and_log "/usr/local/lp/opt/exporters/scripts/setup_mysql_user.sh --force"
fi
logger "END" "PromExporters: Setting up MySQL user"
}
function install_lw-ef-cpanel {
logger "START" "Installing lw-ef-cpanel"
yum clean all && yum -y install lw-ef-cpanel
logger "END" "Installing lw-ef-cpanel"
}
function set_memcached_conf {
local dist=${1}
local redhat_memcached_conf='/etc/sysconfig/memcached'
[[ -z ${RAM_SIZE} ]] && {
logger "WARNING" "set_memcached_conf() unable to determine RAM size; unable to tweak memcached configs"
return
}
[[ ${dist} == 'wpopt' ]] && {
[[ -f ${redhat_memcached_conf} ]] || {
logger "WARNING" "set_memcached_conf() [${redhat_memcached_conf}] doesn't exist, cannot tweak memcached configs"
return
}
local ram_configs=('4000' '8000')
for ram_config in "${ram_configs[@]}"
do
local ram_lowest=$(( ${RAM_SIZE} - ${RAM_FUDGE} ))
local ram_highest=$(( ${RAM_SIZE} + ${RAM_FUDGE} ))
if [[ ${ram_config} -eq '4000' ]] ; then
if [[ ${ram_config} -le ${ram_highest} ]] && [[ ${ram_config} -ge ${ram_lowest} ]]; then
logger "START" "Apply memcached configs for 4GB"
sed -i 's/CACHESIZE=.*/CACHESIZE="512"/g' ${redhat_memcached_conf}
logger "END" "Apply memcached configs for 4GB"
break
fi
elif [[ ${ram_config} -eq '8000' ]] ; then
if [[ ${ram_config} -le ${ram_highest} ]] && [[ ${ram_config} -ge ${ram_lowest} ]]; then
logger "START" "Apply memcached configs for 8GB"
sed -i 's/CACHESIZE=.*/CACHESIZE="1024"/g' ${redhat_memcached_conf}
logger "END" "Apply memcached configs for 8GB"
break
fi
fi
done
}
}
function enable_exim_rbls {
local changes=0
[[ -n $(grep 'acl_spamhaus_rbl=0' /etc/exim.conf.localopts) ]] && {
logger "START" "enable spamhaus exim RBL"
run_and_log "sed -i 's/acl_spamhaus_rbl=0/acl_spamhaus_rbl=1/g' /etc/exim.conf.localopts"
logger "END" "enable spamhaus exim RBL"
local changes=1
}
[[ -n $(grep 'acl_spamcop_rbl=0' /etc/exim.conf.localopts) ]] && {
logger "START" "enable spamcop exim RBL"
run_and_log "sed -i 's/acl_spamcop_rbl=0/acl_spamcop_rbl=1/g' /etc/exim.conf.localopts"
logger "END" "enable spamcop exim RBL"
local changes=1
}
[[ ${changes} == 1 ]] && run_and_log "/scripts/buildeximconf"
}
function iw_set_php_upload_max() {
sed -e 's|upload_max_filesize = 2M|upload_max_filesize = 40M|g' -i /etc/php.ini
sed -e 's|upload_max_filesize = 2M|upload_max_filesize = 40M|g' -i /etc/opt/remi/php*/php.ini
}
function iw_set_php_post_max() {
sed -e 's|post_max_size = 8M|post_max_size = 40M|g' -i /etc/php.ini
sed -e 's|post_max_size = 8M|post_max_size = 40M|g' -i /etc/opt/remi/php*/php.ini
}
function cpanel_set_email() {
sed -e "s/CONTACTEMAIL.*/CONTACTEMAIL ${EMAIL}/g" -i /etc/wwwacct.conf
}
function cpanel_set_nameservers() {
sed -e '/^NS/d' -i /etc/wwwacct.conf
echo "NS ns1.${DOMAIN_NAME}" >> /etc/wwwacct.conf
echo "NS2 ns2.${DOMAIN_NAME}" >> /etc/wwwacct.conf
echo "NSTTL 86400" >> /etc/wwwacct.conf
}
function cpanel_set_addr() {
INST_IP=$(ifconfig eth0| awk '/^\s+inet\s+/ {print $2}')
sed -e '/^ADDR/d' -i /etc/wwwacct.conf
echo "ADDR ${INST_IP}" >> /etc/wwwacct.conf
}
function cpanel_set_ethdev() {
sed -e 's/ETHDEV.*/ETHDEV eth0/g' -i /etc/wwwacct.conf
}
function PSSI-365_tweaks() {
whmapi1 --output=jsonpretty set_tweaksetting key='autodiscover_proxy_subdomains' value=1
whmapi1 --output=jsonpretty set_tweaksetting key='conserve_memory' value=1
}
function set_fcgi_conf {
PHP_INI=/usr/local/lib/php.ini
PRE_VHOST2_CONF=/usr/local/apache/conf/includes/pre_virtualhost_2.conf
logger "START" "Checking for ${PHP_INI} and ${PRE_VHOST2_CONF}"
if [ -f "${PHP_INI}" ] && [ -f "${PRE_VHOST2_CONF}" ]; then
logger "Notice" "${PHP_INI} & ${PRE_VHOST2_CONF} exist"
else
logger "ERROR" "${PHP_INI} & ${PRE_VHOST2_CONF} Not Found No Fcgid config to apply"
return 1
fi
logger "END" "Checking for ${PHP_INI} and ${PRE_VHOST2_CONF}"
[[ -z ${RAM_SIZE} ]] && {
logger "WARNING" "set_fcgi_conf() unable to determine RAM size; unable to tweak fcgid configs"
return
}
KNOWN_RAM_CONFIGS=('2000' '4000' '8000' '16000')
for RAM_CONFIG in "${KNOWN_RAM_CONFIGS[@]}"
do
:
RAM_LOWEST=$(( ${RAM_SIZE} - ${RAM_FUDGE} ))
RAM_HIGHEST=$(( ${RAM_SIZE} + ${RAM_FUDGE} ))
if [[ ${RAM_CONFIG} -eq '2000' ]] ; then
if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then
logger "START" "Apply Fcgid configs for 2GB"
run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 40/g' ${PRE_VHOST2_CONF}"
run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 20/g' ${PRE_VHOST2_CONF}"
logger "END" "Apply Fcgid configs for 2GB"
logger "START" "Apply Zend OPcache configs for 2GB"
run_and_log "sed -i 's/opcache.memory_consumption=.*/opcache.memory_consumption=64/g' ${PHP_INI}"
logger "END" "Apply Zend OPcache configs for 2GB"
break
fi
elif [[ ${RAM_CONFIG} -eq '4000' ]] ; then
if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then
logger "START" "Apply Fcgid configs for 4GB"
run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 80/g' ${PRE_VHOST2_CONF}"
run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 40/g' ${PRE_VHOST2_CONF}"
logger "END" "Apply Fcgid configs for 4GB"
logger "START" "Apply Zend OPcache configs for 4GB"
run_and_log "sed -i 's/opcache.memory_consumption=.*/opcache.memory_consumption=64/g' ${PHP_INI}"
logger "END" "Apply Zend OPcache configs for 4GB"
break
fi
elif [[ ${RAM_CONFIG} -eq '8000' ]] ; then
if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then
logger "START" "Apply Fcgid configs for 8GB"
run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 160/g' ${PRE_VHOST2_CONF}"
run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 80/g' ${PRE_VHOST2_CONF}"
logger "END" "Apply Fcgid configs for 8GB"
logger "START" "Apply Zend OPcache configs for 8GB"
run_and_log "sed -i 's/opcache.memory_consumption=.*/opcache.memory_consumption=64/g' ${PHP_INI}"
logger "END" "Apply Zend OPcache configs for 8GB"
break
fi
elif [[ ${RAM_CONFIG} -eq '16000' ]] ; then
if [[ ${RAM_CONFIG} -le ${RAM_HIGHEST} ]] && [[ ${RAM_CONFIG} -ge ${RAM_LOWEST} ]]; then
logger "START" "Apply Fcgid configs for 16GB"
run_and_log "sed -i 's/FcgidMaxProcesses.*/FcgidMaxProcesses 320/g' ${PRE_VHOST2_CONF}"
run_and_log "sed -i 's/FcgidMaxProcessesPerClass.*/FcgidMaxProcessesPerClass 160/g' ${PRE_VHOST2_CONF}"
logger "END" "Apply Fcgid configs for 16GB"
logger "START" "Apply Zend OPcache configs for 16GB"
run_and_log "sed -i 's/opcache.memory_consumption=*./opcache.memory_consumption=64/g' ${PHP_INI}"
logger "END" "Apply Zend OPcache configs for 16GB"
break
fi
else
logger "NOTICE" "No specific memcached/Fcgid config to apply for this RAM size [${RAM_SIZE}]mib. Known RAM sizes: [${KNOWN_RAM_CONFIGS[*]}]mib"
break
fi
done
}
function install_lw-telegraf() {
if [[ -f /etc/redhat-release ]]; then
yum -y install lw-telegraf
elif [[ -f /etc/debian_version ]]; then
apt -y install lw-telegraf
fi
}
function cpanel_apache_ssl_ciphers() {
sed -e 's/"sslciphersuite" : ".*/"sslciphersuite" : "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",/g' -i /etc/cpanel/ea4/ea4.conf
}
function disable_clamav() {
FREEMEM=$(free |grep Mem:|awk '{print $2}')
if [[ ${FREEMEM} -le 4000000 ]]; then
whmapi1 configureservice service=clamd enabled=0 monitored=0 && systemctl disable clamd --now
else
echo "Greater than 4GB of RAM. Not disabling clamd."
fi
}
function install_insight_el() {
if [[ -f /etc/redhat-release ]]; then
logger "START" "Install lw-insight (EL)"
run_and_log "yum -y install lw-insight"
logger "END" "Install lw-insight (EL)"
fi
} |