File: //ispp_scan
#!/usr/bin/env sh
#################################
# ISPProtect Web Scanner #
# (c) 2015-2021 by ISPConfig UG #
# all rights reserved #
#################################
CDIR="$PWD" ;
SELF=$(readlink $0);
if [ "$SELF" = "" ] ; then
SELF="$0" ;
fi
SYSTYPE=$(uname) ;
if [ "$SYSTYPE" = "FreeBSD" ] ; then
DIR=$(realpath $(dirname ${SELF})) ;
else
DIR=$(readlink -e $(dirname ${SELF})) ;
fi
ARCH=$(uname -m) ;
if [ "$ARCH" = "amd64" ] ; then
ARCH="x86_64" ;
fi
FIRSTARG="$1"
NO_MALWARE_SCAN="0"
USE_THREADS="0"
NO_ROOT="0"
NO_OUT="0"
NO_IONCUBE="0"
for tmpv in "$@" ; do
if [ "$tmpv" = "--update" ] || [ "$tmpv" = "--version" ] || [ "$tmpv" = "--json-out" ] ; then
NO_OUT="1" ;
elif [ "$tmpv" = "--no-root" ] ; then
NO_ROOT="1" ;
elif [ "$tmpv" = "--no-malware-scan" ] ; then
NO_MALWARE_SCAN="1" ;
elif [ "$tmpv" = "--threads" ] ; then
USE_THREADS="1" ;
fi
done
ISPPVER="2.1.21"
if [ "$NO_OUT" != "1" ] ; then
echo " _____ _____ _____ _____ _ _ " ;
echo " |_ _|/ ____| __ \| __ \ | | | | " ;
echo " | | | (___ | |__) | |__) | __ ___ | |_ ___ ___| |_ " ;
echo " | | \___ \| ___/| ___/ '__/ _ \| __/ _ \/ __| __| " ;
echo " _| |_ ____) | | | | | | | (_) | || __/ (__| |_ " ;
echo " |_____|_____/|_| |_| |_| \___/ \__\___|\___|\__| " ;
echo " __ __ _ _____ " ;
echo " \ \ / / | | / ____| " ;
echo " \ \ /\ / /__| |__ | (___ ___ __ _ _ __ _ __ ___ _ __ " ;
echo " \ \/ \/ / _ \ '_ \ \___ \ / __/ _\` | '_ \| '_ \ / _ \ '__|" ;
echo " \ /\ / __/ |_) | ____) | (_| (_| | | | | | | | __/ | " ;
echo " \/ \/ \___|_.__/ |_____/ \___\__,_|_| |_|_| |_|\___|_| " ;
echo " " ;
echo " Version ${ISPPVER} " ;
echo "" ;
echo " (c) 2015-$(date +%Y) by ISPConfig UG " ;
echo " all rights reserved " ;
echo "" ;
echo "" ;
fi
if [ "$PHP" = "" ] ; then
PHP=$(which php);
if [ "$PHP" = "" ] ; then
if [ "$NO_OUT" != "1" ] ; then
echo "Missing PHP binary!" ;
fi
exit 1;
fi
fi
CLAM=$(which clamscan);
if [ "$CLAM" != "" ] || [ "$NO_MALWARE_SCAN" = "1" ] ; then
if [ "$NO_OUT" != "1" ] ; then
:
fi
else
if [ "$NO_OUT" != "1" ] ; then
echo "Please install clamav (clamscan binary)!" ;
fi
exit 1;
fi
if [ "$NO_ROOT" != "1" ] && [ "$(id -u)" != "0" ] ; then
if [ "$NO_OUT" != "1" ] ; then
echo "Please run ISPProtect Web Scanner as root.";
fi
exit 1;
fi
PHPVERSION=$($PHP -v 2>/dev/null | head -n 1 | awk '{print $2}' | awk -F'.' '{print $1"."$2}');
if [ "$PHPVERSION" = "" ] ; then
if [ "$NO_OUT" != "1" ] ; then
echo "Could not get PHP version.";
fi
exit 1;
fi
rm -f ${DIR}/ispp_php.ini ;
rm -f ${DIR}/ispp_php.ini.tmp ;
SSLCHK=$($PHP -i 2>&1 | grep -E -i 'OpenSSL[[:space:]]+support.+enabled');
echo "disable_functions=" >> ${DIR}/ispp_php.ini.tmp
echo "max_execution_time=0" >> ${DIR}/ispp_php.ini.tmp
echo "memory_limit=2048M" >> ${DIR}/ispp_php.ini.tmp
if [ "$SSLCHK" != "" ] ; then
SSLCHK=$($PHP -n -c ${DIR}/ispp_php.ini.tmp -i 2>&1 | grep -E -i 'OpenSSL[[:space:]]+support.+enabled');
if [ "$SSLCHK" = "" ] ; then
echo "extension=openssl.so" >> ${DIR}/ispp_php.ini.tmp
fi
fi
for M in "curl" "json" "mcrypt" "mysqlnd" "mysqli" "simplexml" "mbstring" "zlib" "tokenizer" ; do
SUPP="" ;
if [ "$M" = "mbstring" ] ; then
SUPP="${M}[[:space:]]+extension" ;
elif [ "$M" != "mysqlnd" ] ; then
SUPP="${M}[[:space:]]+support.+enabled" ;
else
SUPP="${M}[[:space:]]+.+enabled" ;
fi
MODCHK=$($PHP -i 2>&1 | grep -E -i "${SUPP}");
if [ "$MODCHK" != "" ] ; then
MODCHK=$($PHP -n -c ${DIR}/ispp_php.ini.tmp -i 2>&1 | grep -E -i "${SUPP}");
if [ "$MODCHK" = "" ] ; then
echo "extension=${M}.so" >> ${DIR}/ispp_php.ini.tmp
fi
fi
done
if [ "$USE_THREADS" = "1" ] ; then
SWLCHK=$($PHP -i 2>&1 | grep -E -i '^swoole');
if [ "$SWLCHK" != "" ] ; then
SWLCHK=$($PHP -n -c ${DIR}/ispp_php.ini.tmp -i 2>&1 | grep -E -i '^swoole');
if [ "$SWLCHK" = "" ] ; then
echo "extension=sockets.so" >> ${DIR}/ispp_php.ini.tmp ;
echo "extension=swoole.so" >> ${DIR}/ispp_php.ini.tmp ;
fi
fi
CLAMD=$(which clamd) ;
if [ "$CLAMD" != "" ] || [ "$NO_MALWARE_SCAN" = "1" ] ; then
if [ "$NO_OUT" != "1" ] ; then
:
fi
else
if [ "$NO_OUT" != "1" ] ; then
echo "Please install clamav daemon (clamd binary)!" ;
fi
exit 1;
fi
CLAMD=$(which clamdscan);
if [ "$CLAMD" != "" ] || [ "$NO_MALWARE_SCAN" = "1" ] ; then
if [ "$NO_OUT" != "1" ] ; then
:
fi
else
if [ "$NO_OUT" != "1" ] ; then
echo "Please install clamav daemon client (clamdscan binary)!" ;
fi
exit 1;
fi
fi
SYSVER="" ;
SGCHECK=$($PHP -n -c ${DIR}/ispp_php.ini.tmp -q ${DIR}/ispp_loader.php 2>&1);
if [ "${SGCHECK}" = "ERR" ] ; then
echo "Failed downloading SafeGuard Loader. Please install manually." ;
rm -f ${DIR}/ispp_php.ini.tmp ;
exit 1;
elif [ "${SGCHECK}" != "" ] ; then
# Validate that SGCHECK contains only a valid file path (no warnings)
if echo "${SGCHECK}" | grep -q "^/.*\.so$" && [ ! -n "$(echo "${SGCHECK}" | grep -E '(Warning|Error|Notice)')" ] ; then
echo "extension=${SGCHECK}" >> ${DIR}/ispp_php.ini.tmp ;
fi
fi
if [ -e "${DIR}/ispp_php.ini.local" ] ; then
echo "" >> ${DIR}/ispp_php.ini.tmp
cat "${DIR}/ispp_php.ini.local" >> ${DIR}/ispp_php.ini.tmp
fi
# Move temp file to final location only if it was created successfully
if [ -e "${DIR}/ispp_php.ini.tmp" ] ; then
mv ${DIR}/ispp_php.ini.tmp ${DIR}/ispp_php.ini
fi
if [ "$COLUMNS" = "" ] && [ -e "/usr/bin/tput" ] && [ "$TERM" != "" ] ; then
COLUMNS=$(tput cols 2>/dev/null);
fi
export COLUMNS ;
if [ "$FIRSTARG" = "--system-report" ] ; then
REPFILE="${DIR}/system_report.txt" ;
echo "[ispprotect]" > $REPFILE ;
echo "install.path = ${DIR}" >> $REPFILE ;
echo "install.version = ${ISPPVER}" >> $REPFILE ;
echo "[system]" >> $REPFILE ;
echo "system.kernel = $(uname -a)" >> $REPFILE ;
echo "system.architecture = ${ARCH}" >> $REPFILE ;
echo "[php]" >> $REPFILE ;
echo "php.binary = ${PHP}" >> $REPFILE ;
echo "[ioncube]" >> $REPFILE ;
$PHP -n -c ${DIR}/ispp_php.ini -q -v 2>&1 | grep -E -i 'ionCube.+Loader' >> $REPFILE ;
echo "[phpinfo]" >> $REPFILE ;
$PHP -n -c ${DIR}/ispp_php.ini -q -i 2>&1 >> $REPFILE ;
echo "Report dumped to $REPFILE";
exit 0;
fi
if [ "$COLUMNS" = "" ] && [ -e "/bin/stty" ] ; then COLUMNS=$(stty size 2>/dev/null | awk '{print $2}' 2>/dev/null) ; fi
export COLUMNS ;
$PHP -n -c ${DIR}/ispp_php.ini -q ${DIR}/ispp_scan.php "$@";
RET=$? ;
cd $CDIR ;
exit $RET ;