D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
dedrads
/
extras
/
Filename :
secureperms.sh
back
Copy
#!/bin/bash # Script to fix common security issues on shared servers userlist=$(/bin/ls -A /var/cpanel/users) # Fix valiases permissions # shellcheck disable=SC2063,SC2013 for domain in $(cat /etc/userdomains |awk '{print $1}' | grep -v "*" | cut -d: -f1); do if ! [ -f "/etc/valiases/$domain" ]; then touch "/etc/valiases/$domain" fi user=$(/scripts/whoowns "$domain") if [ ! -z "$user" ];then chown "$user:mail" "/etc/valiases/$domain" chown "$user:mail" "/etc/vdomainaliases/$domain" chown "$user:mail" "/etc/vfilters/$domain" chmod 640 "/etc/valiases/$domain" chmod 640 "/etc/vdomainaliases/$domain" chmod 640 "/etc/vfilters/$domain" fi done # Fix named.conf chown named:named /etc/named.conf chmod 640 /etc/named.conf # Set /home to 711 chmod 711 /home conflist="config.php configuration.php wp-config.php" # Remove shell access for user in $userlist; do if [ "$user" != "root" ];then if [ "$(cat /etc/passwd |grep "^${user}:" |awk -F: '{print $7}')" != "/usr/local/cpanel/bin/noshell" ]; then echo "Returning $user's shell to noshell" chsh "$user" -s /usr/local/cpanel/bin/noshell >/dev/null fi fi done # Set user home and public_html folders if [ -f /etc/cpanel/ea4/is_ea4 ]; then test -f /etc/apache2/conf.modules.d/90-suphp.conf IS_SUPHP=$? else PHPVER=$(cat /usr/local/apache/conf/php.version |cut -d. -f1) /usr/local/cpanel/bin/rebuild_phpconf --current |grep "PHP$PHPVER" | awk '{print $3}' | grep -q suphp IS_SUPHP=$? fi if [ $IS_SUPHP -eq 0 ];then for user in $userlist do homedir=$(/scripts/gethomedir "$user") [ "$(/usr/bin/stat --format=%a "$homedir")" == "711" ] || echo "Fixing permissions of $homedir" && chmod 711 "$homedir" [ "$(/usr/bin/stat --format=%a "$homedir"/public_html)" == "750" ] || echo "Fixing permissions of $homedir/public_html" && chmod 750 "$homedir/public_html" chown "$user:nobody" "$homedir/public_html" for file in $conflist do if [ -e "$homedir/public_html/$file" ]; then [ "$(/usr/bin/stat --format=%a "$homedir/public_html/$file")" == "640" ] || echo "Fixing $homedir/public_html/$file" && chmod 640 "$homedir/public_html/$file" fi done done fi