D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
2
/
root
/
opt
/
dedrads
/
Filename :
dedcheck
back
Copy
#!/usr/bin/env bash # By # Corey Stewart # Zeb Walker zebw@inmotionhosting.com # Jeff Shepherd jeffsh@inmotionhosting.com # # Purpose: # To display common variables in a VPS/Dedi server's configuration which # helps identify common issues, and otherwise to quicky understand what # kind of server that we are getting ourselves into # we need root if [[ $EUID -ne 0 ]]; then echo "This script must be run as root." exit 1 fi readonly VERSION="2.0.3" # term colors and formatting readonly BAD='\e[1;31m |!| ' readonly ALERT='\e[1;31m' readonly WARN='\e[33m' readonly GOOD='\e[1;32m' readonly INFO='\e[96m' readonly BOLD='\e[1m' readonly DEF='\e[0m' # Reset to standard terminal styles # repeatedly used constants TRUE_NPROC="$(nproc)" if [[ -d /proc/vz ]]; then VPS_CTID="$(awk '{print $1}' /proc/vz/veinfo)" MAIN_IP="$(awk '{print $NF}' /proc/vz/veinfo)" else MAIN_IP="$(hostname -i)" fi # Print each section title in bold function SECTION_TITLE() { echo -e "\n${BOLD}------$1------${DEF}" } function CHECK_FTP_SERVICE() { SERVICE_CHK=$1 if [[ ${SERVICE_CHK_CMD} == "service" ]]; then if [[ ${SERVICE_CHK} == "pure-ftpd" ]]; then # The default FTP server, Pure-FTP, is not running, but was it changed # to Pro-FTPD? pgrep proftpd > /dev/null case $? in 0) ;; # Do nothing. PID found. 1) echo -e "${BAD}FTP Server is DOWN${DEF}" ;; *) echo -e "${WARN}FTP Server: Unknown Status or Disabled${DEF}" ;; esac else echo -e "${BAD}${SERVICE_CHK}${DEF}" fi else if [[ ${SERVICE_CHK} == "pure-ftpd" ]]; then # The default FTP server, Pure-FTP, is not running, but was it changed # to Pro-FTPD? systemctl is-active proftpd --quiet case $? in 0) ;; # Do nothing. Service is active. 1) echo -e "${BAD}FTP Server is DOWN${DEF}" ;; *) echo -e "${WARN}FTP Server: Unknown Status or Disabled${DEF}" ;; esac else echo -e "${BAD}${SERVICE_CHK}${DEF}" fi fi } echo "DedCheck Version: ${VERSION}" # Server details SECTION_TITLE "System Info" # Flag CentOS 5, 6, and 8 (EOL 2021-12-31) and set 'service' vs 'systemctl'. # Why? Some units can be active even though nothing is running to provide # the service (which means 'pgrep' will then fail). Such as units marked as # "RemainAfterExit" are considered active if they exit successfully, the idea # being that they provide a service which doesn’t need a daemon (e.g. they # configure some aspect of the system). Units involving daemons will however # only be active if the daemon is still running. OS="$(cat /etc/redhat-release)" if [[ ${OS} =~ 5.([0-9]{1,2}) ]]; then OS="${BAD}${OS}${DEF}" SERVICE_CHK_CMD="service" elif [[ ${OS} =~ 6.([0-9]{1,2}) ]]; then OS="${BAD}${OS}${DEF}" SERVICE_CHK_CMD="service" elif [[ ${OS} =~ 8.([0-9]) ]]; then OS="${WARN}${OS}${DEF}" fi echo -e "OS: ${OS}" echo "Hostname: ${HOSTNAME}" if [[ -n "${VPS_CTID}" ]]; then echo "VPS CTID: vps${VPS_CTID}" fi echo "Main IP: ${MAIN_IP}" # Number of IPs in use. echo "IPs: $(/scripts/ipusage | wc -l)" # What firewall is is installed? firewall=() FIREWALL_LIST=(csf firewalld fail2ban-client imunify360-agent apf) for FIREWALL in "${FIREWALL_LIST[@]}"; do command -v ${FIREWALL} > /dev/null 2>&1 case $? in 0) # Command found, firewall installed if [[ $FIREWALL == "imunify360-agent" ]]; then # Make sure it's the paid version, which is the only one with firewall features IM_TYPE=$(imunify-antivirus rstatus --json -v | grep -m 1 license_type | awk '{ gsub(/[",]/,""); print $2}') if [[ ! ${IM_TYPE} == "imunifyAV" ]]; then # This is not the free version. Report the firewall. firewalls+="${FIREWALL^^} " fi elif [[ $FIREWALL == "firewalld" ]] || [[ $FIREWALL == "csf" ]] || [[ $FIREWALL == "fail2ban-client" ]]; then # If it's FirewallD, CSF or Fail2ban, check for the others. They're installed with CSF by MH # for extra WordPress Brute Force protection and FirewallD is installed with Fail2ban, which # makes it a false-positive to report. Attempting to remove FirewallD in these cases due to # a false report will remove Fail2ban as well, thus removing the protection requested by the # customer. if [ ! $(command -v csf > /dev/null 2>&1) ] && [ ! $(command -v fail2ban-client > /dev/null 2>&1) ] && [ ! $(command -v firewall-cmd > /dev/null 2>&1) ]; then # All 3 are found, so the real, primary, firewall in these cases is CSF. firewalls="CSF " else firewalls+="${FIREWALL^^} " fi else firewalls+="${FIREWALL^^} " fi ;; *) ;; # Not found/installed. Continue. esac done fw_length=$(echo ${firewalls} | wc -w) if [ $fw_length == 0 ]; then fws="${BAD}WARNING! NO FIREWALL!${DEF}" elif [ $fw_length -gt 1 ]; then fws="${BAD}${firewalls}${DEF}" else fws="${INFO}${firewalls}${DEF}" fi echo -e "Firewall: ${fws}" SECTION_TITLE "System Health" # CPU load and count echo "# CPU Cores: ${TRUE_NPROC}" # Give the load avg echo -e "Load Avg: $(awk '{print $1" "$2" "$3}' /proc/loadavg)" #RAM and SWAP if freem="$(free -mw 2>/dev/null)"; then ramavail="$(awk '/^Mem/ {print $NF}' <<< "${freem}")" else # CentOS 6- free doesn't support --wide, # it also puts avail ram on 2nd table row freem="$(free -m)" ramavail="$(awk '/buffers\/cache/ {print $NF}' <<< "${freem}")" fi ramtotal="$(awk '/^Mem/ {print $2}' <<< "${freem}")" if (( ${ramavail} < 50 )); then ramavail="${BAD}${ramavail}" elif (( ${ramavail} < 250 )); then ramavail="${WARN}${ramavail}" fi echo -e "RAM: ${ramavail} MiB Avail${DEF} / ${ramtotal} MiB Total" if [[ -n "${VPS_CTID}" ]]; then swap_stats="No Swap on VPS" else swaptotal="$(awk '/^Swap/ {print $2}' <<< "${freem}")" swapfree="$(awk '/^Swap/ {print $NF}' <<< "${freem}")" if (( ${swapfree} < 50 )); then swapfree="${BAD}${swapfree}" elif (( ${swapfree} < 250 )); then swapfree="${WARN}${swapfree}" fi swap_stats="${swapfree} MiB${DEF} Free / ${swaptotal} MiB Total" fi echo -e "SWAP: ${swap_stats}" SECTION_TITLE "cPanel" cp_ver_prim="$(awk -F. '{ print $2 }' /usr/local/cpanel/version)" cp_ver_sec="$(awk -F. '{ print $4 }' /usr/local/cpanel/version)" cp_ver="${cp_ver_prim}.0.${cp_ver_sec}" # cPanel v86 is the current LTS, flag if under it if [[ ${cp_ver_prim} -lt 86 ]]; then cp_ver="${BAD}${cp_ver}${DEF}" fi echo -e "cPanel Version: ${cp_ver}" # Check cPanel license cpanel_license_test="$( /usr/local/cpanel/cpkeyclt )" if [[ ${cpanel_license_test} = *"Update succeeded"* ]]; then cpanellicensestatus="Active" else cpanellicensestatus="${BAD}Invalid${DEF}" fi echo -e "License: ${cpanellicensestatus}" # cPanel users and reseller counts accounts="$(wc -l < /etc/trueuserdomains)" if (( ${accounts} == 0 )); then ${accounts}="${WARN}${accounts}${DEF}" fi echo -e "Accounts: ${accounts}" resellers="$(wc -l < /var/cpanel/resellers)" if (( ${resellers} == 0 )); then resellers="${WARN}${resellers}${DEF}" fi echo -e "Resellers: ${resellers}" # check autossl provider # couldn't find a faster way, whmapi can be super slow autossl="$(whmapi1 get_autossl_providers | tac | awk ' BEGIN {found=0} /enabled: 1/ {found=1} {if (found) if ($1 ~ "display_name:") { $1=""; print; exit }}')" if [[ -z ${autossl} ]]; then autossl=" ${WARN}Disabled${DEF}" fi echo -e "AutoSSL:${autossl}" # Find out whether or not cPanel backups are enabled backup_enabled=$(whmapi1 backup_config_get \ | awk '{if ($1 ~ "backupenable:") print $2}') if [[ ${backup_enabled} == "1" ]]; then backup_status="Enabled" else backup_status="${WARN}Disabled${DEF}" fi echo -e "WHM AutoBackups: ${backup_status}" # Are custom nameservers configured? nameservers="$(awk ' BEGIN {ORS=" "} $2 ~ /[a-z]+/ && /^NS/ {print $2}' \ /etc/wwwacct.conf)" echo -e "Name Servers: ${nameservers}" # Check if BIND or PowerDNS is running. No others are supported. grep -Ei "inmotionhosting.com|servconfig.com" <<< "$nameservers" > /dev/null 2>&1 if [ $? -eq 1 ]; then NS_SERVICE=() NS_SERVICES=(named pdns) for NS in "${NS_SERVICES[@]}"; do if [[ $SERVICE_CHK_CMD == "service" ]]; then pgrep ${NS} > /dev/null else systemctl is-active ${NS} --quiet fi if [[ "$?" == 0 ]]; then case "${NS}" in pdns | named) # PowerDNS and BIND NS_SERVICE+="${NS^^} " ;; *) # Continue ;; esac fi done NS_LENGTH=$(echo ${NS_SERVICE} | wc -w) if [ ${NS}_length == 0 ]; then NS_STATUS="${WARN}WARNING! NO DNS Server Running!${DEF} Are these vanity?" elif [ $NS_LENGTH -gt 1 ]; then NS_STATUS=" ${BAD}${NS_SERVICE}${DEF}" else NS_STATUS="${INFO}${NS_SERVICE}${DEF}" fi echo -e "Name Server Service: ${NS_STATUS}" fi SECTION_TITLE "LAMP" # EasyApache 3 versus 4 if [[ -f /etc/cpanel/ea4/is_ea4 ]]; then EA_VERSION="EasyApache 4" else EA_VERSION="${BAD}EasyApache 3${DEF}" fi echo -e "EA: ${EA_VERSION}" # Apache version APACHE_VER="$(httpd -v | \ awk '/^Server version/ {gsub("Apache/","",$3); print $3}')" APACHE_VER_SEC="$(awk -F. '{print $2}' <<< ${APACHE_VER})" # if it ain't 2.4.x, we flag as bad case ${APACHE_VER_SEC} in 4) # It's 2.4+. We're good! ;; *) APACHE_VER="${BAD}${APACHE_VER}${DEF}" ;; esac echo -e "Apache: ${APACHE_VER}" # MySQL or MariaDB version MYSQL_VER="$(mysql -V | awk '{gsub(/,/,""); print $5}')" MYSQL_VER_PRI="$(awk -F. '{print $1}' <<< ${MYSQL_VER})" MYSQL_VER_SEC="$(awk -F. '{print $2}' <<< ${MYSQL_VER})" # flag near-EOL as warn, and EOL as bad case ${MYSQL_VER_PRI} in 10) case ${MYSQL_VER_SEC} in 6) MYSQL_VER="${BAD}${MYSQL_VER} DEVELOPMENT${DEF}" ;; # In Development 5) MYSQL_VER="${GOOD}${MYSQL_VER}${DEF} EOL: 2025-06-24" ;; 4) MYSQL_VER="${BAD}${MYSQL_VER} SKIPPED BY CPANEL!!${DEF}\n\tSee: https://features.cpanel.net/topic/maria-10-4-support" ;; # cPanel is skipping MariaDB 10.4. How'd this get installed?? 3) MYSQL_VER="${GOOD}${MYSQL_VER}${DEF} EOL: 2023-05-25" ;; 2) MYSQL_VER="${WARN}${MYSQL_VER}${DEF} EOL: 2022-05-23" ;; [0-1]) MYSQL_VER="${BAD}${MYSQL_VER} EOL in 2020!${DEF}" ;; # 10.0 EOL: 2020-04-11 // 10.1 EOL: 2020-10-17 esac ;; 8) case ${MYSQL_VER_SEC} in 0) MYSQL_VER="${GOOD}${MYSQL_VER}${DEF} EOL: 2026-04" ;; esac ;; 5) case ${MYSQL_VER_SEC} in 7) MYSQL_VER="${WARN}${MYSQL_VER}${DEF} EOL: 2023-10-21" ;; 6) MYSQL_VER="${WARN}${MYSQL_VER}${DEF} EOL: 2021-02-05" ;; 5) MYSQL_VER="${WARN}${MYSQL_VER}${DEF} EOL: 2018-12-03" ;; [0-4]) MYSQL_VER="${BAD}${MYSQL_VER} EOL Prior 2018!${DEF}" ;; esac ;; esac echo -e "MySQL: ${MYSQL_VER}" # Default PHP version PHP_VER="$(awk '{print $2}' <<< $(php -v))" PHP_VER_PRI="$(awk -F. '{print $1}' <<< ${PHP_VER})" PHP_VER_SEC="$(awk -F. '{print $2}' <<< ${PHP_VER})" # flag EOL as warn, and non-EA4 as bad case ${PHP_VER_PRI} in 8) case ${PHP_VER_SEC} in 1) PHP_VER="${BAD}${PHP_VER} DEVELOPMENT${DEF}" ;; 0) PHP_VER="${GOOD}${PHP_VER}${DEF} EOL: 2023-11-26" ;; esac ;; 7) case ${PHP_VER_SEC} in 4) PHP_VER="${GOOD}${PHP_VER}${DEF} EOL: 2022-11-28" ;; 3) PHP_VER="${WARN}${PHP_VER} EOL: 2021-12-06${DEF}" ;; 2) PHP_VER="${BAD}${PHP_VER} EOL: 2020-11-30${DEF}" ;; 1) PHP_VER="${BAD}${PHP_VER} EOL: 2019-12-01${DEF}" ;; 0) PHP_VER="${BAD}${PHP_VER} EOL: 2019-01-10${DEF}" ;; esac ;; 5) case ${PHP_VER_SEC} in 6) PHP_VER="${BAD}${PHP_VER} EOL: 2018-12-31${DEF}" ;; 5) PHP_VER="${BAD}${PHP_VER} EOL: 2016-07-21${DEF}" ;; 4) PHP_VER="${BAD}${PHP_VER} EOL: 2015-09-03${DEF}" ;; [0-3]) PHP_VER="${BAD}${PHP_VER} EOL: Prior 2014${DEF}" ;; esac ;; esac echo -e "Default PHP: ${PHP_VER}" SECTION_TITLE "Exim" # Figure out what the mail ip is # If the mailips file is not empty, # then whatever has been set up for *: is the main mail IP. if [[ -s /etc/mailips ]]; then MAILIP="$(grep "*:" /etc/mailips | awk '{print $2}')" else MAILIP="${MAIN_IP}" fi echo -e "Main Mail IP: ${INFO}${MAILIP}${DEF}" # PTR of the mail ip # This will turn red if the PTR of the mail IP # does not match the hostname, which should concern you. PTR="$(dig @ns2.inmotionhosting.com -x ${MAILIP} +short)" if ! [[ "$(hostname)." == "$PTR" ]]; then PTR=${BAD}${PTR}${DEF} fi echo -e "PTR: ${PTR}" # Exim queue # This will turn red if the queue is greater than 100 QUEUE="$(exim -bpc)" if [[ ${QUEUE} -gt 50 ]]; then QUEUE=${WARN}${QUEUE}${DEF} elif [[ ${QUEUE} -gt 100 ]]; then QUEUE=${BAD}${QUEUE}${DEF} elif [[ ${QUEUE} -gt 500 ]]; then QUEUE=${QUEUE}${DEF} fi echo -e "Queue Size: ${QUEUE}" SECTION_TITLE "Disk" # We need some red color when disk space is higher than 90%. # This is going to be a little tricky. IFS=$'\n' # Disk space df_result="$(df -h --type ext4 | grep -v /home/virtfs)" # Separate headers from results to parse dfhead="$(head -n1 <<< "${df_result}")" devdisks="$(tail -n+2 <<< "${df_result}")" echo -e ${dfhead} for devdisk in ${devdisks}; do devdisk_percent="$( { awk '{print $5}' <<< "${devdisk}" } | tr -d '%' )" if [[ ${devdisk_percent} -gt '80' ]] && [[ ${devdisk_percent} -lt '90' ]]; then devdisk="${WARN}${devdisk}${DEF}" elif [[ ${devdisk_percent} -gt '90' ]]; then devdisk="${BAD}${devdisk}${DEF}" fi echo -e "${devdisk}" done echo -ne "\n" # Inodes idf="$(df -hi --type ext4 | grep -v /home/virtfs)" # Separate headers from results to parse idfhead="$(head -n1 <<< "${idf}")" idevdisks="$(tail -n+2 <<< "${idf}")" echo ${idfhead} for idevdisk in ${idevdisks}; do idevdisk_percent="$( awk '{print $5}' <<< ${idevdisk} | tr -d '%')" if [[ ${idevdisk_percent} -gt '80' ]] && [[ ${idevdisk_percent} -lt '90' ]]; then devdisk="${WARN}${devdisk}${DEF}" elif [[ ${idevdisk_percent} -gt '90' ]]; then devdisk="${BAD}${devdisk}${DEF}" fi echo -e "${idevdisk}" done echo -ne "\n" unset IFS SECTION_TITLE "Failed Services Check" ### Service checks # Service check, warn if these are NOT running DEFAULT_SERVICES=(httpd exim mysql dovecot dnsadmin pure-ftpd) for SERVICE_CHK in "${DEFAULT_SERVICES[@]}"; do if [[ ${SERVICE_CHK_CMD} == "service" ]]; then pgrep ${SERVICE_CHK} > /dev/null case $? in 0) ;; # Do nothing. PID found. [1-3]) CHECK_FTP_SERVICE $SERVICE_CHK ;; esac else systemctl is-active ${SERVICE_CHK} --quiet case $? in 0) ;; # Do nothing. Service is active. [1-3]) CHECK_FTP_SERVICE $SERVICE_CHK ;; esac fi done echo -e "Complete!" SECTION_TITLE "Extra Services Check" # Custom Services - Warn if these are running CUSTOM_SERVICES=(cpanel_php_fpm ea-php54-php-fpm ea-php55-php-fpm ea-php56-php-fpm) CUSTOM_SERVICES+=(ea-php70-php-fpm ea-php71-php-fpm ea-php72-php-fpm ea-php73-php-fpm) CUSTOM_SERVICES+=(ea-php74-php-fpm ea-php80-php-fpm varnish redis memcached) CUSTOM_SERVICES+=(tomcat java searchd node postgres mongo elasticsearch cphulkd) CUSTOM_SERVICES+=(postgresql-10 nginx) for SERVICE_CHK in "${CUSTOM_SERVICES[@]}"; do if [[ $SERVICE_CHK_CMD == "service" ]]; then pgrep -f ${SERVICE_CHK} > /dev/null if [[ "$?" == 0 ]]; then echo -e "${INFO}(i) ${SERVICE_CHK} is RUNNING${DEF}" fi else systemctl is-active ${SERVICE_CHK} --quiet if [[ "$?" == 0 ]]; then # If it's NGINX, since customers can install EasyApache NGINX via EasyApache, # report which NGINX it is. This can alert the tech to know what they're dealing # with and prevent a delay in support since there's a difference in IMH NGINX, # EasyApache NGINX and Engintron. if [[ "${SERVICE_CHK}" == "nginx" ]]; then NGINX_LIST=(imh-nginx ea-nginx nginx) for NGX in "${NGINX_LIST[@]}"; do RESP=$(rpm -qa $NGX) if [[ ! -z $RESP ]]; then if [[ $NGX == "nginx" ]]; then # Check if Engintron. If so, then /usr/local/src/engintron exists. if [ -d "/usr/local/src/engintron" ]; then NGINX_TYPE+="engintron " else NGINX_TYPE+="${NGX} " fi else NGINX_TYPE+="${NGX} " fi fi done # Now, make sure it's not some crazy thing where more than one NGINX is installed. # After all, it's possible. NGX_LENGTH=$(echo ${NGINX_TYPE} | wc -w) if [ $NGX_LENGTH -gt 1 ]; then echo "${WARN}More than one varient of NGINX is installed. Found RPMs: $NGINX_TYPE${DEF}" else SERVICE_CHK=$(echo ${NGINX_TYPE}) fi fi echo -e "${INFO}(i) ${SERVICE_CHK} is RUNNING${DEF}" fi fi done echo -e "Complete!" echo -e "\n" exit 0