forked from cPanelSSP/SSP
-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathssp
9625 lines (8547 loc) · 377 KB
/
ssp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/usr/bin/perl
# SSP - System Status Probe
# Find and print useful troubleshooting info on cPanel servers
=head1 COPYRIGHT
This software is Copyright 2017 by cPanel, Inc.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THE SOFTWARE LICENSED HEREUNDER IS PROVIDED "AS IS" AND CPANEL HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SOFTWARE, ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, OR THE ACCURACY, TIMELINESS, COMPLETENESS, OR ADEQUACY OF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, INCLUDING THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CPANEL DOES NOT WARRANT THAT THE SOFTWARE OR ITS THIRD PARTY COMPONENTS ARE ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION. IF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, OR ANY DATA ACCESSED THEREFROM IS DEFECTIVE, YOU ASSUME THE SOLE RESPONSIBILITY FOR THE ENTIRE COST OF ALL REPAIR OR INJURY OF ANY KIND, EVEN IF CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DEFECTS OR DAMAGES. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CPANEL, ITS AFFILIATES, LICENSEES, DEALERS, SUB-LICENSORS, AGENTS OR EMPLOYEES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF ANY WARRANTY.
=cut
package SSP;
use 5.006;
use strict;
use warnings;
use File::Find;
use Socket;
use IO::Socket::INET;
use Sys::Hostname;
use Term::ANSIColor qw(:constants);
use Time::Local qw{timelocal timegm};
use IPC::Open3;
use Cwd qw(abs_path);
use Getopt::Long();
# Application version (The project maintainer will bump this, don't modify it.)
our $VERSION = '4.99.214';
# Global variables that alter application runtime
our $OPT_SKIP_NETWORKING; # Disable network calls
our $OPT_TIMEOUT; # How long to wait for system commands to finish executing
# Global variables updated throughout application
our $CRIT_BUFFER; # Critical output to be printed at the end
# Things that are the same but used many places
our $CPANEL_LICENSE_FILE = '/usr/local/cpanel/cpanel.lisc';
our $CPANEL_VERSION_FILE = '/usr/local/cpanel/version';
our $CPANEL_CONFIG_FILE = '/var/cpanel/cpanel.config';
our $MYSQL_CONF_FILE = '/etc/my.cnf';
our $PURE_FTPD_CONF_FILE = '/etc/pure-ftpd.conf';
# Global variables initialized at application initialization
our %CPCONF; # cpanel.config
our $ORIGINAL_PATH;
our %SOCKET; # Dispatcher for optional Socket module usage
our $RUN_STATE;
our $HTTP_GET_HOST_CACHE;
our %MEMOIZE_CACHE;
run(@ARGV) unless caller;
# Initialize application by setting loading all global variables
# (except the RPM variables). That's done within run()
sub init {
if ( $^O ne 'linux' ) {
die "Unknown OS: $^O (only Linux is supported)";
}
if ( $< != 0 ) {
die "SSP must be run as root\n";
}
$ORIGINAL_PATH = $ENV{'PATH'};
## no critic (LocalizedPunctuationVars)
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin';
$| = 1;
## use critic
$Term::ANSIColor::AUTORESET = 1;
# It is only helpful to memoize something that is used at least twice.
# There is some memoize overhead, but it is a safe bet for anything with unpredictable runtimes (network, heavy disk I/O, external processes).
_memoize(
qw (
check_for_non_default_permissions
check_roots_cron_for_certain_commands
find_httpd_bin
get_apache_modules_href
get_apache_version_href
get_clock_skew
get_cpanel_license_file_info_href
get_cpuinfo_href
get_cpupdate_conf
get_ea3_php_conf_href
get_exim_localopts_href
get_external_ip
get_external_license_ip
get_hostinfo_href
get_hostname
get_installed_ea4_php_href
get_ipcs_href
get_license_info
get_local_ipaddrs_aref
get_lsof_port_href
get_lsws_version_aref
get_meminfo
get_mysql_conf_href
get_mysql_full_version
get_mysql_numeric_version
get_new_backup_conf_href
get_old_backup_conf_href
get_phpini_aref
get_process_pid_href
get_rpm_href
get_tiers_file
get_tiers_json_href
)
);
_populate_run_state();
if ( i_am_one_of( 'cpanel', 'dnsonly' ) ) {
%CPCONF = get_cpanel_conf();
}
## no critic (StringyEval)
# This avoids compile-time errors on old Perl where Socket::get(addr|name)info and related constants don't exist.
eval q( # Perl 5.14+
# The import is redundant but guarantees the desirable failure of this eval at run-time if anything is missing.
Socket->import(qw(getaddrinfo getnameinfo NI_NAMEREQD NI_NUMERICHOST NIx_NOSERV SOCK_RAW));
%SOCKET = (
'getaddrinfo' => \&Socket::getaddrinfo,
'getnameinfo' => \&Socket::getnameinfo,
'NI_NAMEREQD' => Socket::NI_NAMEREQD,
'NI_NUMERICHOST' => Socket::NI_NUMERICHOST,
'NIx_NOSERV' => Socket::NIx_NOSERV,
'SOCK_RAW' => Socket::SOCK_RAW,
);
return 1;
);
## use critic
$SIG{'INT'} = sub { ## no critic (LocalizedPunctuationVars)
print "\n\nJust being impatient, or did SSP actually hang? What if it didn't get a chance to check something really important?\n";
print "\nIf you really want out of here and it didn't work the first time then you interrupted a child and not the parent process. Keep hitting CTRL+C.\n";
if ($CRIT_BUFFER) {
print_magenta("\nThere was critical-level output above, here it is again:");
print $CRIT_BUFFER;
}
die;
};
return 1;
}
sub run {
local @ARGV = @_; # Because GetOptionsFromArray available in Getopt::Long 2.36 and later only, Perl 5.8.8 on CentOS 5.11 includes 2.35
Getopt::Long::GetOptions(
'help' => sub { exit print_help(); },
'bugreport' => sub { init(); exit print_bug_report(); },
'csi' => sub { init(); exit csi_checks_only(); },
'docreport' => sub { init(); exit print_doc_bug_report(); },
'no-network' => \$OPT_SKIP_NETWORKING,
'no-speed' => sub { $MEMOIZE_CACHE{'PRECACHE'} = { disabled => 1 }; },
'profiling' => sub {
load_module_with_fallbacks(
'needed_subs' => [qw{tv_interval gettimeofday}],
'modules' => [qw{Time::HiRes}],
'fail_warning' => 'Profiling won\'t work without this',
'fail_fatal' => 1,
);
$MEMOIZE_CACHE{'PROFILING'} = { enabled => 1 };
},
'simulatestate=s@' => sub { _simulate_run_state( $_[1] ); },
'simulatevar=s%' => sub { _simulate_run_var( $_[1], $_[2] ); },
'timeout=i' => \$OPT_TIMEOUT,
);
if ($OPT_TIMEOUT) {
$OPT_TIMEOUT = int $OPT_TIMEOUT;
if ( $OPT_TIMEOUT < 5 ) {
$OPT_TIMEOUT = 5;
}
}
init();
######################
## END GLOBALS ##
######################
print "\n";
for ( 1 .. 3 ) {
print BOLD GREEN ON_RED "\tPlease DO NOT paste output from SSP into tickets unless it is relevant to an issue" . RESET . "\n";
}
if ( i_am('dnsonly') ) {
print_start("\n\t\tDNSONLY: ");
print_warning("/var/cpanel/dnsonly or DNSONLY license detected, assuming DNSONLY operation\n");
}
unless ( i_am_one_of( 'cpanel', 'dnsonly' ) ) {
print_critical("\nCPANEL IS NOT INSTALLED ON THIS SERVER! SOME SSP OUTPUT MAY NOT BE RELEVANT!\n");
}
print "\n";
print_tip();
print_version();
print "\n";
## [CRIT] -- only stuff that we should check as early as possible
check_for_hacked_server_touchfile();
check_for_multiple_tech_logins();
check_for_lve_environment();
check_for_systemd();
check_for_os_release_5();
check_for_os_release_32bit();
check_for_ea3();
find_httpd_bin(); # Cache result now, it is used by get_apache_* below. The following must be memoized in init() first.
_memoize_parallel_populate_cache(
qw(
check_for_non_default_permissions
check_roots_cron_for_certain_commands
get_apache_modules_href
get_apache_version_href
get_clock_skew
get_external_license_ip
get_installed_ea4_php_href
get_license_info
get_local_ipaddrs_aref
get_lsof_port_href
get_process_pid_href
get_rpm_href
get_tiers_file
get_tiers_json_href
)
);
print "\n";
## [INFO]
print_hostname();
print_os();
print_kernel_and_cpu();
print_kernelcare_info();
print_cpanel_info();
check_for_cpanel_update();
check_lts_autofixer();
print_uptime();
print_apache_info();
print_lsws_info();
check_for_lsws_update();
print_ea3_php_configuration();
print_ea4_php_configuration();
check_for_clustering();
check_sysinfo();
check_for_remote_mysql();
print_if_using_other_dns();
print_mysql_version();
print_backups_info();
print_mailserver_info();
print_ftpserver_info();
print_exim_info();
print_roundcube_db();
check_for_custom_webtemplates();
check_for_custom_restoremodules();
check_for_custom_zonetemplates();
check_for_license_info();
check_selinux_status(); # Can also WARN
## [WARN]
check_for_license_error();
check_for_license_creds();
check_var_cpanel_users();
check_port_hash();
check_runlevel();
check_multiuser_target();
check_for_missing_root_cron();
check_for_missing_usr_bin_crontab();
check_if_upcp_is_running();
check_valid_upcp();
check_cpupdate_conf();
check_interface_lo();
check_cpanelconfig_filetype();
check_cpanelsync_exclude_no_chmod();
check_cpanelsync_exclude();
check_for_rawopts();
check_for_rawenv();
check_for_custom_opt_mods();
check_for_local_templates();
check_for_missing_account_suspensions_conf();
check_for_custom_apache_includes();
check_for_tomcatoptions();
check_for_sneaky_htaccess();
check_ea4_paths_conf();
check_ea4_missing_cl_repo();
check_apache_modules();
check_apache_niceness();
check_perl_sanity();
check_for_non_default_permissions();
check_for_non_default_file_capabilities();
check_for_non_default_sysctl();
check_for_stale_lockfiles();
check_root_suspended();
check_limitsconf();
check_disk_space();
check_disk_inodes();
check_mounts();
check_for_hooks_in_scripts_directory();
check_for_huge_logs();
check_easy_skip_cpanelsync();
check_pkgacct_override();
check_for_yunsuo();
check_for_gdm();
check_for_redhat_firewall();
check_easyapache();
check_for_missing_ea3_php();
check_for_ea3_hooks();
check_for_unsupported_nat();
check_for_oracle_linux();
check_for_usr_local_cpanel_hooks();
check_for_sql_safe_mode();
check_for_domain_forwarding();
check_for_empty_apache_templates();
check_for_empty_postgres_config();
check_for_empty_easyapache_profiles();
check_for_missing_timezone_from_phpini();
check_for_proc_mdstat_recovery();
check_usr_local_cpanel_path_for_symlinks();
check_for_system_mem_below_required();
check_yum_conf();
check_yum_plugins();
check_for_cpanel_files();
check_bash_history_for_certain_commands();
check_roots_cron_for_certain_commands();
check_for_missing_or_commented_customlog();
check_for_cpsources_conf();
check_for_apache_rlimits();
check_for_usr_local_lib_libz_so();
check_for_non_default_modsec_rules();
check_etc_hosts_sanity();
check_localhost_resolution();
check_for_apache_listen_host_is_localhost();
check_roundcube_mysql_pass_mismatch();
check_for_hooks_from_manage_hooks();
check_mysqld_warnings_errors();
check_mysql_config();
check_mysql_datadir();
check_for_extra_mysql_config_files();
check_perl_version_less_than_588();
check_for_low_ulimit_for_root();
check_for_fork_bomb_protection();
check_for_harmful_php_mode_600_cron();
check_for_custom_exim_conf_local();
check_for_maxclients_or_maxrequestworkers_reached();
check_for_non_default_umask();
check_for_multiple_imagemagick_installs();
check_eximstats_size();
check_for_broken_mysql_tables();
check_for_clock_skew();
check_for_zlib_h();
check_if_httpdconf_ipaddrs_exist();
check_distcache_and_libapr();
check_for_custom_repos();
check_for_rpm_overrides();
check_var_cpanel_immutable_files();
check_for_noxsave_in_grub_conf();
check_for_rpm_dist_ver_unknown();
check_for_homeloader_php_extension();
check_for_networkmanager();
check_for_dhclient();
check_for_var_cpanel_roundcube_install();
check_for_missing_etc_localtime();
check_cpanel_config();
check_pure_ftpd_conf_for_upload_script_and_dead();
check_for_perl_env_var();
check_for_disabled_services();
check_for_cpbackup_exclude_everything();
check_for_usr_local_include_jpeglib_h();
check_for_bw_module_and_more_than_1024_vhosts();
check_for_uppercase_chars_in_hostname();
check_for_bad_permissions_on_named_ca();
check_for_jailshell_additional_mounts_trailing_slash();
check_for_allow_query_localhost();
check_for_nocloudlinux_touchfile();
check_for_stupid_touchfile();
check_for_phphandler_and_opcode_caching_incompatibility();
check_for_invalid_HOMEDIR();
check_for_unsupported_options_in_phpini(); # FB-75397
check_for_suphp_but_no_fileprotect();
check_if_hostname_missing_from_localdomains();
check_for_eximstats_newline();
check_for_processes_killed_by_lfd();
check_for_processes_killed_by_oom();
check_for_processes_killed_by_prm();
check_for_broken_userdatadomains();
check_ssl_db_perms();
check_for_stray_index_php();
check_for_port_80_not_apache();
check_for_missing_groups();
check_for_noquotafs();
check_for_roundcube_overlay();
check_for_hostname_park_zoneexists();
check_for_pgpass_colon_in_password_field();
check_for_dirs_that_break_ea();
check_for_extra_uid_0_user();
check_for_easyparams_attributes();
check_for_allow_update_in_named_conf();
check_for_broken_mysqldump();
check_exim_log_sanity();
check_exim_localopts();
check_updatelog();
check_for_readonly_filesystems();
check_for_cl_unsupported_memory_limits();
check_for_eblockers();
check_for_php_selector_incompatibilities();
check_cloudlinux_sanity();
check_for_modsec2_stage_files();
check_for_cron_allow();
check_for_dev_sandbox();
check_for_jail_owner();
check_sshd_config();
check_for_saltstack();
check_for_puppet_agent();
check_imunify360_running();
check_for_etc_ubic_dir();
check_for_acls_cpconf();
check_for_port_53_dnsmasq();
check_for_port_21_ftp();
check_root_dns_resolvers();
check_cloudlinux_phphandler_file();
check_ftpusers_file();
check_mylogincnf();
check_themesconf();
check_auto_migrate_ea3_to_ea4();
check_eset_rtp();
check_use_apache_md5_for_htaccess();
# [3RDP]
check_smtp_processes();
check_for_varnish();
check_for_nginx();
check_for_mailscanner();
check_for_apf();
check_for_csf();
check_for_prm();
check_for_les();
check_for_1h();
check_for_webmin();
check_for_symantec();
check_for_newrelic();
check_for_multilevel_reseller();
check_for_cpremote();
check_for_whmxtra();
check_for_usr_local_mis();
check_for_opt_gsi_tools();
check_for_pyxsoft_antimalware();
check_for_magicspam();
# [CRIT] - Anything that requires a pre-defined response to be sent, escalation, or extreme care.
check_cves_vulnerable_versions();
check_for_unsupported_php(); # Extreme care!
check_for_bash_secadv_20140924(); # advisory
all_malware_checks();
check_for_additional_rpms();
check_for_percona_rpms();
check_for_duplicate_rpms();
check_for_kernel_headers_rpm();
check_for_frontpage_rpms();
check_for_broken_rpm();
check_for_ea4_mismatch();
check_mysql_skip_grants();
check_cpanel_upnext_auto_update();
print_info2('Done.');
if ($CRIT_BUFFER) {
print_magenta("\n\nThere was critical-level output above, here it is again:");
print $CRIT_BUFFER;
}
print_profiling_data();
return 0;
}
sub print_help {
print BOLD YELLOW ON_BLACK "System Status Probe $VERSION\n" . RESET;
(
my $message = q{
This software is Copyright 2017 by cPanel, Inc.
Find and print useful troubleshooting info on cPanel servers.
Usage: ssp [option]
--bugreport Provide bug report template along with environment details (intended for cPanel tech use only)
--csi cPanel Security Inspection, run's several security checks
--docreport Provide document bug report template (intended for cPanel tech use only)
--no-network Skip all network related checks
--timeout This overides timeouts of several longer running functions (min: 5s)
}
) =~ s/^ {8}//mg;
print $message;
}
sub csi_checks_only {
check_cves_vulnerable_versions();
check_port_hash();
check_for_bash_secadv_20140924(); # advisory
all_malware_checks();
check_mysql_skip_grants();
print_info2('SSP checks done.');
}
sub all_malware_checks {
check_for_UMBREON_rootkit();
check_for_libms_rootkit();
check_for_jynx2_rootkit();
check_for_cdorked_A();
check_for_cdorked_B();
check_for_libkeyutils_symbols();
check_for_libkeyutils_filenames();
check_sha1_sigs_libkeyutils();
check_sha1_sigs_httpd();
check_sha1_sigs_named();
check_sha1_sigs_ssh();
check_sha1_sigs_ssh_add();
check_sha1_sigs_sshd();
check_for_ebury_ssh_G();
check_for_ebury_ssh_shmem();
check_for_ebury_root_file();
check_for_bg_botnet();
check_for_dragnet();
check_for_xor_ddos();
check_for_shellbot();
check_for_ncom_filenames();
check_for_cpro();
check_for_fkcplisc();
check_for_yoncu();
check_for_cgls();
check_for_ctls();
check_for_xbash();
check_passwd_hiddenwasp_dirtycow();
check_for_malicious_root_cron();
check_for_spoofed_kernel_modules();
check_for_bad_perms_auth_keys();
check_for_strange_setuid_binaries();
check_changepasswd_modules();
}
sub get_phpini_aref {
my $phpini = '/usr/local/lib/php.ini';
my @phpini;
return () if !-f $phpini;
if ( open my $fh, '<', $phpini ) {
while (<$fh>) {
next if (/^(?:;|$|\[)/);
chomp;
push @phpini, $_;
}
close $fh;
}
return \@phpini;
}
sub find_httpd_bin {
if ( i_am('ea4') ) {
return '/usr/sbin/httpd' if -x '/usr/sbin/httpd';
}
elsif ( i_am('ea3') ) {
return '/usr/local/apache/bin/httpd' if -x '/usr/local/apache/bin/httpd';
}
return;
}
sub get_apache_version_href {
return unless my $httpd_bin = find_httpd_bin();
return unless my @output = split /\n/, timed_run( 0, $httpd_bin, '-v' );
my %info;
foreach (@output) {
if (m{ \A Server \s+ version: \s+ Apache/([^\s]+) \s }xms) {
$info{'version'} = $1;
}
if (m{ \A Server \s+ built: \s+ (.*) \z }xms) {
$info{'built'} = $1;
$info{'built'} =~ s/^\s+//g;
}
if (m{ \A Cpanel::Easy::Apache \s+ (.*) \z }xms) {
$info{'ea_version'} = $1;
}
}
if ( i_am('ea4') ) {
chomp( $info{'ea_version'} = timed_run( 0, 'rpm', '-qf', $httpd_bin ) );
$info{'ea_version'} =~ s/\.\w\d{1,3}\D+\d+\n//;
}
return \%info;
}
sub get_apache_version {
return unless my $href = get_apache_version_href();
return unless defined $href->{'version'};
return $href->{'version'};
}
sub get_apache_modules_href {
return unless my $httpd_bin = find_httpd_bin();
my %modules = map { ( split( /\s+/, $_, 3 ) )[1] => 1 } split /\n/, timed_run( 0, $httpd_bin, '-M' );
return \%modules;
}
sub get_cpanel_license_file_info_href {
my %license;
if ( open my $license_fh, '<', $CPANEL_LICENSE_FILE ) {
my @license_text;
while (<$license_fh>) {
last if m{ \A -----BEGIN }xms;
next unless m{ \A \p{IsPrint}+ \Z }xms;
chomp;
push @license_text, $_;
}
close $license_fh;
%license = map { ( split( /:\s+/, $_, 2 ) )[ 0, 1 ] } @license_text;
}
return \%license;
}
sub license_file_is_cloudlinux {
my $href = get_cpanel_license_file_info_href();
return if not exists $href->{products};
return 1 if grep { /cloudlinux/ } $href->{products};
return 0;
}
sub license_file_is_cpanel {
my $href = get_cpanel_license_file_info_href();
return if not exists $href->{products};
return 1 if grep { /cpanel/ } $href->{products};
return 0;
}
sub license_file_is_dnsonly {
my $href = get_cpanel_license_file_info_href();
return if not exists $href->{products};
return 1 if grep { /dnsonly/ } $href->{products};
return 0;
}
sub license_file_is_solo {
# products =~ cpanel and maxusers = 1 indicates Solo.
my $href = get_cpanel_license_file_info_href();
return if not exists $href->{products} or not exists $href->{maxusers};
return 1 if ( grep { /cpanel/ } $href->{products} and $href->{maxusers} == 1 );
return 0;
}
sub get_cpanel_conf {
my %cpconf;
if ( open( my $cpconf_fh, '<', $CPANEL_CONFIG_FILE ) ) {
local $/ = undef;
%cpconf = map { ( split( /=/, $_, 2 ) )[ 0, 1 ] } split( /\n/, readline($cpconf_fh) );
close $cpconf_fh;
return %cpconf;
}
else {
print_crit('cpanel.config: ');
print_critical("$CPANEL_CONFIG_FILE could not be opened.\n");
}
}
sub get_cpanel_version {
my $numeric_version;
my $original_version;
if ( open my $file_fh, '<', $CPANEL_VERSION_FILE ) {
$original_version = readline($file_fh);
close $file_fh;
}
return ( 'UNKNOWN', 'UNKNOWN' ) unless defined $original_version;
chomp $original_version;
# Parse either 1.2.3.4 or 1.2.3-THING_4 to 1.2.3.4
$numeric_version = join( '.', split( /\.|-[a-zA-Z]+_/, $original_version ) );
$numeric_version = 'UNKNOWN' unless $numeric_version =~ /^\d+\.\d+\.\d+\.\d+$/;
return ( $numeric_version, $original_version );
}
sub _version_cmp {
my ( $first, $second ) = @_;
my ( $a1, $b1, $c1, $d1 ) = split /[\._]/, $first;
my ( $a2, $b2, $c2, $d2 ) = split /[\._]/, $second;
for my $ref ( \$a1, \$b1, \$c1, \$d1, \$a2, \$b2, \$c2, \$d2, ) { # Fill empties with 0
$$ref = 0 unless defined $$ref;
}
return $a1 <=> $a2 || $b1 <=> $b2 || $c1 <=> $c2 || $d1 <=> $d2;
}
sub version_compare {
# example: return if version_compare($ver_string, qw( >= 1.2.3.3 ));
# Must be no more than four version numbers separated by periods and/or underscores.
my ( $ver1, $mode, $ver2 ) = @_;
return if ( !defined($ver1) || ( $ver1 =~ /[^\._0-9]/ ) );
return if ( !defined($ver2) || ( $ver2 =~ /[^\._0-9]/ ) );
# Shamelessly copied the comparison logic out of Cpanel::Version::Compare
my %modes = (
'>' => sub {
return if $_[0] eq $_[1];
return _version_cmp(@_) > 0;
},
'<' => sub {
return if $_[0] eq $_[1];
return _version_cmp(@_) < 0;
},
'==' => sub { return $_[0] eq $_[1] || _version_cmp(@_) == 0; },
'!=' => sub { return $_[0] ne $_[1] && _version_cmp(@_) != 0; },
'>=' => sub {
return 1 if $_[0] eq $_[1];
return _version_cmp(@_) >= 0;
},
'<=' => sub {
return 1 if $_[0] eq $_[1];
return _version_cmp(@_) <= 0;
}
);
return if ( !exists $modes{$mode} );
return $modes{$mode}->( $ver1, $ver2 );
}
sub _timedsaferun { # Borrowed from WHM 66 Cpanel::SafeRun::Timed and modified
# We need to be sure to never return undef, return an empty string instead.
my ( $timer, $stderr_to_stdout, @PROGA ) = @_;
return '' if ( substr( $PROGA[0], 0, 1 ) eq '/' && !-x $PROGA[0] );
$timer = $timer ? $timer : 25; # A timer value of 0 means use the default, currently 25.
$timer = $OPT_TIMEOUT ? $OPT_TIMEOUT : $timer;
my $output;
my $complete = 0;
my $pid;
my $fh; # FB-63723: must declare $fh before eval block in order to avoid unwanted implicit waitpid on die
eval {
local $SIG{'__DIE__'} = 'DEFAULT';
local $SIG{'ALRM'} = sub { $output = ''; print RED ON_BLACK 'Timeout while executing: ' . join( ' ', @PROGA ) . "\n"; die; };
alarm($timer);
if ( $pid = open( $fh, '-|' ) ) { ## no critic (BriefOpen)
local $/;
$output = readline($fh);
close($fh);
}
elsif ( defined $pid ) {
open( STDIN, '<', '/dev/null' ); ## no critic (BriefOpen)
if ($stderr_to_stdout) {
open( STDERR, '>&', 'STDOUT' ); ## no critic (BriefOpen)
}
else {
open( STDERR, '>', '/dev/null' ); ## no critic (BriefOpen)
}
exec(@PROGA) or exit 1;
}
else {
print RED ON_BLACK 'Error while executing: [ ' . join( ' ', @PROGA ) . ' ]: ' . $! . "\n";
alarm 0;
die;
}
$complete = 1;
alarm 0;
};
alarm 0;
if ( !$complete && $pid && $pid > 0 ) {
kill( 15, $pid ); #TERM
sleep(2); # Give the process a chance to die 'nicely'
kill( 9, $pid ); #KILL
}
return defined $output ? $output : '';
}
sub timed_run {
my ( $timer, @PROGA ) = @_;
return _timedsaferun( $timer, 0, @PROGA );
}
sub timed_run_trap_stderr {
my ( $timer, @PROGA ) = @_;
return _timedsaferun( $timer, 1, @PROGA );
}
sub get_local_ipaddrs_aref {
my @local_ipaddrs_list;
my @output;
unless ( @output = split /\n/, timed_run( 0, 'ip', 'addr' ) ) {
@output = split /\n/, timed_run( 0, 'ifconfig', '-a' );
}
for my $line (@output) {
if ( $line =~ m{ (\d+\.\d+\.\d+\.\d+) }xms ) {
push @local_ipaddrs_list, $1;
}
}
return \@local_ipaddrs_list;
}
sub print_version {
print BOLD YELLOW ON_BLACK "\tSSP $VERSION\n\n";
}
sub print_tip {
my @tips = (
'[FB-86549] (Fixed in 11.42.1.1) cPHulk may report root logins to Pure-FTPd despite no evidence being found',
'[FB-78617] (By design) sysup always installs bind',
'[FB-75793] (By design) Proxy subdomains are not created for addon domains',
'[FB-73369] Can\'t log into SquirrelMail, but Horde and Roundcube work? Check if webmail pass contains "odd" characters',
'[FB-72801] (By design) File Manager creates new files with 0600 perms, even when saving an existing file as a new one',
'[FB-72733] (By design) File Manager\'s "Compress" feature has a hard coded timeout due to using cPanel\'s form upload logic',
'[FB-63530] When setting up a remote MySQL server, that server must have the openssh-clients package installed',
'[FB-63193] File Manager showing "Out of memory" in cPanel error_log? Try renaming $HOME/$USER/.cpanel/datastore/SYSTEMMIME',
'[FB-62819] "License File Expired: LTD: 1334782495 NOW: 1246416504 FUT!" likely just means the server clock is wrong',
'[FB-62054] (By design) The "Dedicated IP" box can only be modified when creating a package - not when editing',
'[FB-61735] (By design) "/u/l/c/whostmgr/bin/whostmgr2 --updatetweaksettings" destroys custom proxy subdomain records. Use WHM >> Tweak Settings instead.',
'[FB-59450] (By design) Email quotas cannot exceed 2048MB, but they can be unlimited',
'[FB-58625] Apache 2.0.x links to the wrong PCRE libs. This can cause preg_match*() errors, and "PCRE is not compiled with UTF-8 support"',
'[FB-57237] (By design) Per ISO 3166-1, the country code for the UK is GB (not UK). Look for this in WHM >> Generate an SSL Certificate [...]',
'[FB-50745] (By design) The cPanel UI displays differently (more columns than rows) when changing your locale',
'[FB-46853] Customer complaining that they can\'t log into cPanel as root? Update FB-46853',
'[FB-44884] upcp resets Mailman lists\' hostnames. pre/postupcp hooks workaround in ticket 3541643',
'[FB-42027] "Recently Uploaded Cgi Script Mail" scans and sends email alerts about downloaded files too',
'[FB-21774] Pure-FTPd is not linked against libwrap. As such, Host Access Control does nothing for it',
'The cpanel-postgresql* packages are for phpPgAdmin. The postgresql-* packages are for PostgreSQL',
'For a list of obscure issues, see the RareIssues wiki article',
'11.35+: Use /scripts/check_cpanel_rpms to fix problems in /usr/local/cpanel/3rdparty/ - not checkperlmodules',
'php.ini for phpMyAdmin, phpPgAdmin, Horde, and RoundCube can be found in /usr/local/cpanel/3rdparty/etc/',
'If Dovecot/POP/IMAP dies every day around the same time, the server\'s clock could be skewed. Check /var/log/maillog for "moved backwards"',
'"Allowed memory size of x bytes exhausted" when uploading a db via phpMyAdmin may be resolved by increasing max_allowed_packet',
'Need to edit php.ini for Horde, RoundCube, phpMyAdmin, or phpPgAdmin? Edit /u/l/c/3rdparty/etc/php.ini, then run /u/l/c/b/install_php_inis',
'Seeing "domainadmin" errors (e.g. "domainadmin-domainexistsglobal")? Check the Domainadmin-Errors wiki article',
'Transfers showing "sshcmdpermissiondeny"? Check for modified openssh-clients package (see ticket 3664533)',
'Learn how cPanel 11.36+ handles rpms: http://go.cpanel.net/rpmversions',
'Use "rlog <file>" to see a file\'s revision history, and "co -p1.1 <file>" (for example) to see that revision',
'Files under revision control: fstab, localdomains, named.conf, passwd, shadow, trueuserowners, httpd.conf, php.ini (system and cPanel)',
'Imagick install issues on PHP 5.4? You may need to run \'pear config-set preferred_state beta\' (see ticket 3754991)',
'Need to enable ZTS support for PHP? Try \'--enable-maintainer-zts\' (see ticket 3769493)',
'WHM\'s "Apache mod_userdir Tweak" can be toggled via /scripts/userdirctl',
'Issues with MySQL for a single user? Check for /home/${USER}/.my.cnf',
'Services reported as failing while backups are running? chksrvd may be simply timing out due to excessive disk I/O',
'Blank page in File Manager\'s HTML Editor and iconv "illegal input sequence" in cPanel error_log? Try windows-1251 encoding (see ticket 4088633)',
'Older CentOS 5.x and CloudLinux 5.x do not support SNI. See the "SNI" wiki article for more info',
'domlogs are created 0644 by default. cpanellogd changes permissions on them to 0640 a few minutes later',
'cPanel >> Error Log only searches "recent" logs in Apache\'s error_log . Showing as blank? Maybe there are no recent errors',
'Horde showing "server configuration did not allow file to be uploaded"? Check disk/inode usage on /tmp',
'IMAP/webmail showing no email? The cPanel account may have been over its quota. Try renaming dovecot-uidlist, send account an email (see ticket 4314723)',
'ClamAV not scanning emails? Check if /var/clamd is missing. This will be reflected in Exim\'s logs as well',
'Use custom_vhost_template_ap(1|2) in userdata files to make changes for an individual vhost',
'File Manager upload size limits can be adjusted at WHM >> Tweak Settings >> Max HTTP submission size',
'/var/cpanel/conf/apache/local can potentially cause issues. See ticket 3915299 for an example',
'System backups are not uploaded via FTP by default, requires manual config. See http://documentation.cpanel.net/display/1144Docs/System+Backups#SystemBackups-Manualconfigurationmethod',
'$PATH may differ when executing something via cron rather than the command line. See ticket 4419531',
'"failed to open scan directory /var/spool/exim/scan/[...]: Too many links" could mean a directory has reached limit of 32,000 files/dirs',
'If innodb_force_recovery is enabled in the MySQL configuration, this can sometimes prevent mysqldump from working (see ticket 5193581).',
'"Spawned \'ossec-dbd\' with \'/sbin/service restart ossec-hids\'" is from ASL (Atomic Secured Linux). Have customer contact ASL Support if necessary.',
'You can run SSP with the --bugreport option to print a pre-filled template for submitting a WHM/cPanel bug report.',
'The path for the modsec_audit.log changes with Mod Ruid2 or MPM ITK installed to /usr/local/apache/conf/modsec_audit/[user]/YYYYMMDD/YYYYMMDD-HHmm/YYYYMMDD-HHmmSS-[unique-id]',
'LiteSpeed (lsws) does NOT support the Apache web status page - see: http://www.litespeedtech.com/support/forum/threads/solved-cpanel-after-litespeed-installation-whm-server-status-gives-a-404-error.5536/',
'You can submit new ideas or bug reports for SSP by emailing ssp-requests(at)cpanel.net',
'You can format json files for more readability: python -m tool.json < file.json | less',
);
my $num = int rand scalar $#tips;
print BOLD WHITE ON_BLACK "\tDid you know? $tips[$num]" . RESET . "\n\n";
}
sub get_tiers_file { #TODO: Get rid of this in favor of get_tiers_json_href if it works out.
return _http_get( Host => 'httpupdate.cpanel.net', Path => '/cpanelsync/TIERS' );
}
sub get_process_pid_href {
# Tested on CentOS 5 through 7.
# 'ps' is horrible at providing reliably-parseable output. This is probably as close as we can get.
# etimes field doesn't exist until CentOS 7 but can be derived from etime.
my $field_separator = '#^#'; # Any sequence unlikely to occur in normal ps output. ps will also pad everything with spaces.
my $ps_format_opt = join( $field_separator, qw( %p %P %U %t %n %c %a ) ); # like 'pid#^#ppid#^#user#^#etime#^#nice#^#comm#^#args'
my %hash = map {
my ( $pid, $ppid, $user, $etime, $nice, $comm, $args ) = split /\s*\Q$field_separator\E\s*/, $_;
$pid =~ s/^\s+//;
$args =~ s/\s+$//;
my ( $sec, $min, $hou, $day ) = reverse split( /[:-]/, $etime );
$day += 0;
$hou += 0;
$min += 0;
$sec += $day * 86400 + $hou * 3600 + $min * 60;
$pid => {
'PPID' => defined $ppid ? $ppid : '',
'USER' => defined $user ? $user : '',
'ETIME' => defined $etime ? $etime : '',
'NICE' => defined $nice ? $nice : '0',
'COMM' => defined $comm ? $comm : '',
'ARGS' => defined $args ? $args : '',
'ETIMES' => $sec,
}
} split /\n/, timed_run( 0, 'ps', '--no-headers', '--width=1000', '-eo', $ps_format_opt );
return \%hash;
}
sub grep_process_cmd {
# Matches short (COMM) or long (ARGS) command columns
my ( $pattern, $user ) = @_;
my $procs = get_process_pid_href();
my %result;
for my $pid ( keys %{$procs} ) {
next if defined $user ? $procs->{$pid}->{'USER'} ne $user : 0;
$result{$pid} = $procs->{$pid} if grep { /$pattern/ } @{ $procs->{$pid} }{ 'COMM', 'ARGS' };
}
return %result;
}
sub exists_process_cmd {
my ( $pattern, $user ) = @_;
my %procs = grep_process_cmd( $pattern, $user );
return scalar keys %procs ? 1 : 0;
}
sub get_lsof_port_href {
my %hash;
for ( split /\n/, timed_run( 0, 'lsof', '+c15', '-n', '-P', '-i' ) ) {
# cmd will be max 15 characaters due to lsof limitation
# Example from CentOS 6:
# spamd 1781 root 5u IPv4 10887 0t0 TCP 127.0.0.1:783 (LISTEN)
# nc 9468 root 3u IPv6 84415 0t0 TCP [::1]:25 (LISTEN)
# Example from an older CentOS 5 system (note empty SIZE column):
# exim 3066 mailnull 3u IPv6 2566011 TCP *:smtp (LISTEN)
my @lsof = split( /\s+/, $_, 10 );
if ( defined( $lsof[9] ) && $lsof[9] =~ /LISTEN/ ) {
splice( @lsof, 6, 1 ); # Drop the SIZE/OFF column which can sometimes be blank and throw everything off
}
if ( defined( $lsof[8] ) && $lsof[8] =~ /LISTEN/ ) { # SIZE/OFF column is blank, or has been dropped
if ( $lsof[7] =~ /^(.*):(\d+)$/ ) {
my ( $ip, $port ) = ( $1, $2 );
push @{ $hash{$port} },
{
'CMD' => $lsof[0],
'PID' => $lsof[1],
'USER' => $lsof[2],
'IPV' => $lsof[4],
'PROTO' => $lsof[6],
'IP' => $ip
};
}
}
}
return \%hash;
}
sub get_ipcs_href {
my %hash;
my $header = 0;
# For now, all we need is shared memory segment owner and creator-pid, but the data structure is extensible.
# ipcs -m -p
#
#------ Shared Memory Creator/Last-op --------
#shmid owner cpid lpid
#2228224 root 992 992
#2588673 root 1309 1315
#2195458 root 985 985
#2621443 root 1309 1315
for ( split /\n/, timed_run( 0, 'ipcs', '-m', '-p' ) ) {
if ( $header == 0 ) {
$header = 1 if m/^ shmid \s+ owner \s+ cpid \s+ lpid \s* $/ix;
next;
}
my @ipcs = split( /\s+/, $_, 5 );
push @{ $hash{ $ipcs[1] }{mp} }, { # Key by owner, type 'mp' (-m -p output)
'shmid' => $ipcs[0],
'cpid' => $ipcs[2],
'lpid' => $ipcs[3]
};
}
return \%hash;
}
sub get_mysql_conf_href {
return unless open( my $mycnf_fh, '<', $MYSQL_CONF_FILE );
my %conf;
my $section = 'unknown';
while (<$mycnf_fh>) {
chomp;
next if /^(#|$)/;
if (m{ \A \s* \[([^\]]+)] }x) {
$section = lc($1);
$section =~ s/^\s*//g;