403Webshell
Server IP : 103.119.228.120  /  Your IP : 3.145.115.139
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /usr/bin/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/bin/cl-linksafe-reconfigure
#!/bin/bash
# CloudLinux Links Traversal Protection configure utility


set -o pipefail

PARAM_ALLOW_SGID="fs.protected_symlinks_allow_gid"
PARAM_ALLOW_HGID="fs.protected_hardlinks_allow_gid"
PARAM_S_CREATE="fs.protected_symlinks_create"
PARAM_H_CREATE="fs.protected_hardlinks_create"
SYSCTL_FILE="/etc/sysctl.d/cloudlinux-linksafe.conf"
SYSTEM_LINKSAFE_GID="$(getent group linksafe | cut -d: -f3)"
MAIN_SYSCTL_FILE="/etc/sysctl.conf"
CONVERT=""

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 
   exit 1
fi

function fix_linksafe {
    # fix permissions for alt-php packages installed without linksafe group
    find /opt/alt/php* \( -user root -a ! -group root -a ! -group linksafe \) -exec chown -h root:linksafe {} \; &> /dev/null
    # fix permissions for alt-python packages installed without linksafe group
    find /opt/alt/python* \( -user root -a ! -group root -a ! -group linksafe \) -exec chown -h root:linksafe {} \; &> /dev/null
    # fix permissions for alt-ruby packages installed without linksafe group
    find /opt/alt/ruby* \( -user root -a ! -group root -a ! -group linksafe \) -exec chown -h root:linksafe {} \; &> /dev/null
    # fix permissions for native php
    chown root:linksafe /usr/selector.etc/php.ini &> /dev/null
    chown root:linksafe /usr/selector/lsphp &> /dev/null
    chown root:linksafe /usr/selector/php &> /dev/null
    chown root:linksafe /usr/selector/php-cli &> /dev/null
    if [ -e /usr/sbin/cagefsctl ] && [ -e /usr/share/cagefs-skeleton/bin ]; then
        if /usr/sbin/cagefsctl --setup-cl-selector &> /dev/null; then
            if [ -e /usr/share/cagefs/need.remount ]; then
                if /usr/sbin/cagefsctl --remount-all &> /dev/null; then
                    rm -f /usr/share/cagefs/need.remount &> /dev/null
                fi
            fi
        fi
    fi
}

function check_params_in_sysctl_file {
    local ret_code=0
    if ! grep "$PARAM_ALLOW_SGID" "$SYSCTL_FILE" > /dev/null; then
        let ret_code+=1
    fi
    if ! grep "$PARAM_ALLOW_HGID" "$SYSCTL_FILE" > /dev/null; then
        let ret_code+=1
    fi
    if ! grep "$PARAM_S_CREATE" "$SYSCTL_FILE" > /dev/null; then
        let ret_code+=1
    fi
    if ! grep "$PARAM_H_CREATE" "$SYSCTL_FILE" > /dev/null; then
        let ret_code+=1
    fi
    echo ${ret_code}
    return ${ret_code}
}

function migrate_linksafe_params {

    if [ -n "$SYSTEM_LINKSAFE_GID" ]; then
        if ! grep "# SecureLinks Link Traversal" "${SYSCTL_FILE}" > /dev/null; then
            echo "# SecureLinks Link Traversal Protection Section" >> "${SYSCTL_FILE}"
        fi
        if grep "$PARAM_S_CREATE" "$MAIN_SYSCTL_FILE" > /dev/null; then
            migrate_symlink_value=$(grep "$PARAM_S_CREATE" ${MAIN_SYSCTL_FILE} | awk -F "=" '{print $2}' | sed "s/\ //g")
        fi
        if ! grep "$PARAM_S_CREATE" "${SYSCTL_FILE}" > /dev/null; then
            if [[ 1 != "$migrate_symlink_value" ]]; then
                echo "$PARAM_S_CREATE = 0" >> "${SYSCTL_FILE}"
            else
                echo "$PARAM_S_CREATE = 1" >> "${SYSCTL_FILE}"
            fi
        fi
        if grep "$PARAM_H_CREATE" "$MAIN_SYSCTL_FILE" > /dev/null; then
            migrate_hardlink_value=$(grep "$PARAM_H_CREATE" ${MAIN_SYSCTL_FILE} | awk -F "=" '{print $2}' | sed "s/\ //g")
        fi
        if ! grep "$PARAM_H_CREATE" "${SYSCTL_FILE}" > /dev/null; then
            if [[ 1 != "$migrate_hardlink_value" ]]; then
                echo "$PARAM_H_CREATE = 0" >> "${SYSCTL_FILE}"
            else
                echo "$PARAM_H_CREATE = 1" >> "${SYSCTL_FILE}"
            fi
        fi
        if ! grep "$PARAM_ALLOW_SGID" "${SYSCTL_FILE}" > /dev/null; then
            echo "$PARAM_ALLOW_SGID = $SYSTEM_LINKSAFE_GID" >> "${SYSCTL_FILE}"
        fi
        if ! grep "$PARAM_ALLOW_HGID" "${SYSCTL_FILE}" > /dev/null; then
            echo "$PARAM_ALLOW_HGID = $SYSTEM_LINKSAFE_GID" >> "${SYSCTL_FILE}"
        fi
    fi
}

TEMP=$(getopt -o c --long convert -- "$@")
eval set -- "$TEMP"
while true; do
    case "$1" in
        -c | --convert ) CONVERT="true"; shift ;;
        * )  break ;;
    esac
done

if [[ "$SYSTEM_LINKSAFE_GID" == "" ]]; then
    groupadd -r linksafe
    SYSTEM_LINKSAFE_GID="$(getent group linksafe | cut -d: -f3)"
fi

if id mailman &> /dev/null; then
    usermod -a -G linksafe mailman &> /dev/null
fi

if [ ! -e "$SYSCTL_FILE" ] && [ -e /proc/sys/fs/protected_symlinks_allow_gid -o ! -z "$CONVERT"  ]; then
    touch "$SYSCTL_FILE"
fi

if [ -e /proc/sys/fs/protected_symlinks_allow_gid -o ! -z "$CONVERT"  ]; then
    SYSCTL_LINKSAFE_GID=$(grep -F "$PARAM_ALLOW_SGID" "$SYSCTL_FILE" | awk '{print $3}')
    if [[ 0 != "$(check_params_in_sysctl_file)" ]]; then
        migrate_linksafe_params
    fi
    if [[ "$SYSCTL_LINKSAFE_GID" != "$SYSTEM_LINKSAFE_GID" ]]; then
        sed -i -e "s/${PARAM_ALLOW_SGID}\s*=.*/${PARAM_ALLOW_SGID} = ${SYSTEM_LINKSAFE_GID}/" "$SYSCTL_FILE" &> /dev/null
        sed -i -e "s/${PARAM_ALLOW_HGID}\s*=.*/${PARAM_ALLOW_HGID} = ${SYSTEM_LINKSAFE_GID}/" "$SYSCTL_FILE" &> /dev/null
    fi
    fix_linksafe
    /usr/bin/plesk_configure "$CONVERT"
    /usr/share/cloudlinux-linksafe/cpanel/hooks/cpanel-linksafe-install-hooks "$CONVERT"
    sysctl --system &> /dev/null
else
    fix_linksafe
fi

Youez - 2016 - github.com/yon3zu
LinuXploit