#!/bin/sh
###############################################################################
# Copyright 2014-2020, Tijeers Softwares
# URL: http://www.tijeers.com
# Email: info@tijeers.com
###############################################################################
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

if [ ! `id -u` = 0 ]; then
    echo
    echo -e "ERROR: You must be looged in as root to install/update cPMalScan"
    exit 1
fi


if [ "$1" == "--update" ]; then
    echo "Updating cPMalScan"
else
    echo "cPMalscan Installer"
fi

if ( [ `uname -i` == x86_64 ] || [ `uname -m` == x86_64 ] ); then
    echo -e "Found 64 bit operating system. Continuing ..."
else
    echo -e "ERROR: This is a 32 system. cPMalScan only works on 64 bit system."
    exit 1
fi

if [ ! -e "install.sh" ]; then
    echo "ERROR: You must run this script from installation folder."
    exit 1
fi

if [ -e "/etc/cPMalScan" ]; then
    echo "cPMalScan 1.x installation found"
    echo "Uninstalling older version"
    curl -s http://downloads.tijeers.com/cpmalscan/uninstall.sh | bash
fi


if [ -e "/opt/tijeers/cpmalscan/daemon" ]; then
    echo "cPMalScan 2.7 installation found"
    echo "Uninstalling older version"
    bash uninstall-v2.sh
fi

if [ "$1" = "--update" ]; then
    
    if test `cat /proc/1/comm` = "systemd"
    then
        
        systemctl stop cpmalscan-monitor
        systemctl stop cpmalscan-waflogs
        
    else
        
        /etc/init.d/cpmalscan-monitor stop
        /etc/init.d/cpmalscan-waflogs stop
        
    fi

    echo "Killing all running scans"
    killall -9 cpmalscan
    
fi



YUM_CMD=$(which yum)
APT_GET_CMD=$(which apt-get)

if [[ ! -z $YUM_CMD ]]
then
    yum -y --skip-broken install epel-release
    yum -y --skip-broken install clamav grep gawk sed inotify-tools bind-utils coreutils bash-completion lsb-release rsync curl wget
elif [[ ! -z $APT_GET_CMD ]]
then
    apt-get -y install clamav
    apt-get -y install grep
    apt-get -y install gawk
    apt-get -y install sed
    apt-get -y install inotify-tools
    apt-get -y install dnsutils
    apt-get -y install coreutils
    apt-get -y install bash-completion
    apt-get -y install lsb-release
    apt-get -y install rsync
    apt-get -y install curl
else
    echo "ERROR: Neither YUM nor APT-GET found."
    exit 1;
fi

echo "Checking required binaries ..."



if [ -e "/etc/redhat-release" ]
then
    
    CLAMSCAN=$(which --skip-alias --skip-functions clamscan)
    GREP=$(which --skip-alias --skip-functions grep)
    AWK=$(which --skip-alias --skip-functions awk)
    SED=$(which --skip-alias --skip-functions sed)
    CUT=$(which --skip-alias --skip-functions cut)
    CAT=$(which --skip-alias --skip-functions cat)
    FIND=$(which --skip-alias --skip-functions find)
    RSYNC=$(which --skip-alias --skip-functions rsync)
    
else
    
    CLAMSCAN=$(which clamscan)
    GREP=$(which grep)
    AWK=$(which awk)
    SED=$(which sed)
    CUT=$(which cut)
    CAT=$(which cat)
    FIND=$(which find)
    RSYNC=$(which rsync)
    
fi

if [[ -z $CLAMSCAN ]]; then
    if [ -e "/usr/local/cpanel/3rdparty/bin/clamscan" ]; then
        ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
        ln -s /usr/local/cpanel/3rdparty/bin/sigtool /usr/local/bin/sigtool
        CLAMSCAN=$(which --skip-alias --skip-functions clamscan)
    fi
fi

if [[ -z $CLAMSCAN ]]; then
    echo -e "ERROR: Clamscan binary not found. Install ClamAV and try again."
    exit 1
fi


if [[ -z $GREP ]]; then
    echo -e "ERROR: grep binary not found"
    exit 1
fi


if [[ -z $AWK ]]; then
    echo -e "ERROR: awk binary not found"
    exit 1
fi


if [[ -z $SED ]]; then
    echo -e "ERROR: sed binary not found"
    exit 1
fi

if [[ -z $CUT ]]; then
    echo -e "ERROR: cut binary not found"
    exit 1
fi

if [[ -z $CAT ]]; then
    echo -e "ERROR: cat binary not found"
    exit 1
fi

if [[ -z $FIND ]]; then
    echo -e "ERROR: find binary not found"
    exit 1
fi

if [[ -z $RSYNC ]]; then
    echo -e "ERROR: rsync binary not found"
    exit 1
fi


echo "Done"


mkdir -p /home/.quarantine/scans
mkdir -p /home/.quarantine/ftp
mkdir -p /home/.quarantine/http
mkdir -p /opt/tijeers/cpmalscan
mkdir -p /var/log/cpmalscan/fileupload

rm -f ./cpmalscan/rbl/ips.txt
rm -f ./cpmalscan/tmp/*
rm -f ./cpmalscan/etc/license.key
rm -f ./cpmalscan/etc/license.data


rsync -avz --exclude="config.json" ./cpmalscan/ /opt/tijeers/cpmalscan/

if [ ! -f  /opt/tijeers/cpmalscan/etc/config.json ]; then
    rsync -avz  ./cpmalscan/etc/config.json /opt/tijeers/cpmalscan/etc/config.json
fi

find /opt/tijeers/cpmalscan/ -type d -exec chmod 755 {} \;
find /opt/tijeers/cpmalscan/ -type f -exec chmod 644 {} \;
chown -R root:root /opt/tijeers/cpmalscan/
chmod -R 777 /opt/tijeers/cpmalscan/tmp
chmod 755 /opt/tijeers/cpmalscan/bin/cpmalscan
chmod 755 /opt/tijeers/cpmalscan/modsec/pages/*.cgi

if [ -f "/etc/redhat-release" ]; then
    CENTOSVER=$(grep -oP '(?<= )[0-9]+(?=\.)' /etc/redhat-release)
    if [[ $CENTOSVER == "6" ]]; then
        rsync /opt/tijeers/cpmalscan/bin/cpmalscan.centos6 /opt/tijeers/cpmalscan/bin/cpmalscan
    fi
fi

rm -vf /usr/bin/cpmalscan
ln -s /opt/tijeers/cpmalscan/bin/cpmalscan /usr/bin/cpmalscan
/opt/tijeers/cpmalscan/bin/cpmalscan reinit

#Bash Completion
/opt/tijeers/cpmalscan/bin/cpmalscan completion bash > /etc/bash_completion.d/cpmalscan.bash

#Installing Cron
rsync -av /opt/tijeers/cpmalscan/cron/cpmalscan /etc/cron.d/cpmalscan


#Updating modsec
if [ -f /opt/tijeers/cpmalscan/modsec/conf/waf.conf.disabled ]; then
    rsync /opt/tijeers/cpmalscan/modsec/conf/waf.conf /opt/tijeers/cpmalscan/modsec/conf/waf.conf.disabled
    rm -vf /opt/tijeers/cpmalscan/modsec/conf/waf.conf
fi

if [ -f /opt/tijeers/cpmalscan/modsec/conf/badbots.conf.disabled ]; then
    rsync /opt/tijeers/cpmalscan/modsec/conf/badbots.conf /opt/tijeers/cpmalscan/modsec/conf/badbots.conf.disabled
    rm -vf  /opt/tijeers/cpmalscan/modsec/conf/badbots.conf
fi

if [ -f /opt/tijeers/cpmalscan/modsec/conf/scanfile.conf.disabled ]; then
    rsync /opt/tijeers/cpmalscan/modsec/conf/scanfile.conf /opt/tijeers/cpmalscan/modsec/conf/scanfile.conf.disabled
    rm -vf /opt/tijeers/cpmalscan/modsec/conf/scanfile.conf
fi

if [ -f /opt/tijeers/cpmalscan/modsec/conf/ip-blacklist.conf.disabled ]; then
    rsync /opt/tijeers/cpmalscan/modsec/conf/ip-blacklist.conf /opt/tijeers/cpmalscan/modsec/conf/ip-blacklist.conf.disabled
    rm -vf /opt/tijeers/cpmalscan/modsec/conf/ip-blacklist.conf
fi


#update max_user_watches
sed -n -i.cpmalscan -e '/^fs.inotify.max_user_watches=/!p'   -e "\$afs.inotify.max_user_watches=999999"  /etc/sysctl.conf
sysctl -p

if test `cat /proc/1/comm` = "systemd"
then
    rsync /opt/tijeers/cpmalscan/service/cpmalscan-monitor.service /usr/lib/systemd/system/
    systemctl daemon-reload
    systemctl enable cpmalscan-monitor
    systemctl restart cpmalscan-monitor &
    
    rsync /opt/tijeers/cpmalscan/service/cpmalscan-waflogs.service /usr/lib/systemd/system/
    systemctl daemon-reload
    systemctl enable cpmalscan-waflogs
    systemctl restart cpmalscan-waflogs &
    
else
    
    rsync /opt/tijeers/cpmalscan/service/cpmalscan-monitor.init /etc/init.d/cpmalscan-monitor
    chmod 755 /etc/init.d/cpmalscan-monitor
    chkconfig cpmalscan-monitor on
    /etc/init.d/cpmalscan-monitor restart &
    
    
    rsync /opt/tijeers/cpmalscan/service/cpmalscan-waflogs.init /etc/init.d/cpmalscan-waflogs
    chmod 755 /etc/init.d/cpmalscan-waflogs
    chkconfig cpmalscan-waflogs on
    /etc/init.d/cpmalscan-waflogs restart &
    
fi

if [ -f /etc/cagefs/cagefs.mp ]; then
    
    echo "CloudLinux CageFS detected ..."
    echo "Adding to cageFS"
    
    cp -a /etc/cagefs/cagefs.mp /etc/cagefs/cagefs.mp.cpmalscan.`date +%F__%H-%M-%S`
    grep -iv "cpmalscan" /etc/cagefs/cagefs.mp > /root/cpms.cagefs.tmp
    cat /root/cpms.cagefs.tmp > /etc/cagefs/cagefs.mp
    echo "/opt/tijeers/cpmalscan" >> /etc/cagefs/cagefs.mp
    rm -f /root/cpms.cagefs.tmp
    
    if rpm -q cpanel-clamav ; then
        cagefsctl --addrpm cpanel-clamav
    fi
    
    if rpm -q  clamav; then
        cagefsctl --addrpm clamav
    fi
    
    if rpm -q clamav-filesystem ; then
        cagefsctl --addrpm clamav-filesystem
    fi
    
    if rpm -q  clamav-lib; then
        cagefsctl --addrpm clamav-lib
    fi
    
    cagefsctl --update
    cagefsctl --remount-all
    
fi

if [ -e "/usr/local/cpanel/version" ]; then
    echo "Installing cPanel Modules"
    echo
    bash install.cpanel.sh
    
    elif [ -e "/usr/local/directadmin/directadmin" ]; then
    echo "Installing DirectAdmin Modules"
    echo
    bash install.directadmin.sh
    
    # elif [ -e "/usr/local/interworx" ]; then
    # echo "Installing interworx Modules"
    # echo
    # bash install.interworx.sh
    
    # elif [ -e "/usr/local/psa/version" ]; then
    # echo "Installing Plesk Modules"
    # echo
    # bash install.plesk.sh
    
    # elif [ -e "/usr/local/vesta" ]; then
    # echo "Installing VestaCP Modules"
    # echo
    # bash install.vestacp.sh
    
    # elif [ -e "/usr/local/cwpsrv" ]; then
    # echo "Installing CWP Modules"
    # echo
    # bash install.cwp.sh
    
    
    # elif [ -e "/usr/local/CyberCP" ]; then
    # echo "Installing CyberCP Modules"
    # bash install.cyberpanel.sh
    
else
    echo "Installing Generic Modules"
    echo
    sh install.generic.sh
fi

if [ "$1" == "--update" ]; then
    /opt/tijeers/cpmalscan/bin/cpmalscan license update
    echo "Update Complete"
else
    /opt/tijeers/cpmalscan/bin/cpmalscan license changekey trial
    /opt/tijeers/cpmalscan/bin/cpmalscan license update
    echo -e "Installation Complete"
fi