PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` #!/bin/bash if [[ $1 == "" ]] ; then echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-" echo "Welcome to the admin part of the script." echo "Possible options are:" echo "--------------------" echo -e "\e[35m\e[1m--------IP Part--------\e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32msshch \e[0m" - This will search if username have enabled shel and wich one of it echo -e "\e[31mexample: 112a sshch weixlerd \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32msshen \e[0m" - Will change current shell to BASH and copy current passwd with date and time echo -e "\e[31mexample: 112a sshen weixlerd \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32msshdis \e[0m" - remove bash shel to noshell echo -e "\e[31mexample: 112a sshdis weixlerd \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mdetect \e[0m" - show only strange proccesses echo -e "\e[31mexample: 112a detect \e[0m" echo -e "\e[32mtop \e[0m" - show sorted users by app echo -e "\e[31mexample: 112a top lsphp \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[33m-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-\e[0m" echo -e "\e[33m----------------D A N G E R------------\e[0m" echo -e "\e[33m-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\e[0m" echo -e "\e[32mdq \e[0m" - user disk Quotas echo -e "\e[31mexample: 112a dq \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mdqs \e[0m" - user disk Quotas only suspended users echo -e "\e[31mexample: 112a dqs \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mdqc \e[0m" - user disk Quotas only canceled users echo -e "\e[31mexample: 112a dqc \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mcpn \e[0m" - show or delete cpanel failed uploads or old pkgs echo -e "\e[31mexample: 112a cpn \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mtrash \e[0m" - show or delete the .trash folder echo -e "\e[31mexample: 112a trash \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32merrs \e[0m" - show or delete the error_logs or log files echo -e "\e[31mexample: 112a errs \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32merrs-f \e[0m" - find error_logs or log files echo -e "\e[31mexample: 112a errs-f \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32msoft \e[0m" - show softaculs backups echo -e "\e[31mexample: 112a soft \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mpublic \e[0m" - show old-tmd public_html folders echo -e "\e[31mexample: 112a public \e[0m" echo -e "\e[33m-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-\e[0m" echo -e "\e[33m----------------D A N G E R------------\e[0m" echo -e "\e[33m-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32muserstat \e[0m" - show how many users are in the server echo -e "\e[31mexample: 112a userstat \e[0m" echo -e "\e[33m----------\e[0m" echo "Have a nice work" echo "" fi #enable or disable shell of user #===ssh enable part ==== #=====check part====== if [[ $1 == "sshch" ]] && [[ `grep -c $2 /etc/passwd` -gt "0" ]] ; then if [[ `grep $2 /etc/passwd | grep false -c ` -ge "1" ]] ; then USERSHELL=FALSE echo "shell of $2 is now $USERSHELL" elif [[ `grep $2 /etc/passwd | grep noshell -c ` -ge "1" ]] ; then USERSHELL=NOSHELL echo "shell of $2 is now $USERSHELL" elif [[ `grep $2 /etc/passwd | grep bash -c ` -ge "1" ]] ; then USERSHELL=BASH echo -e "shell of $2 is now \e[31m$USERSHELL\e[0m" fi #echo $USERSHELL fi #==========change part======= if [[ $1 == "sshen" ]] && [[ `grep -c $2 /etc/passwd` -gt "0" ]] ; then echo -e "==================\e[34m\e[1mW A R N I N G\e[0m==================" echo "This script will copy your current passwd and added current date and time" echo "" echo -e "Like this: cp /etc/passwd \e[31m/etc/passwd_$(date +%Y-%m-%d-%H-%M) \e[0m" echo "" cp /etc/passwd /etc/passwd_`date +%Y-%m-%d-%H-%M` if [[ `grep $2 /etc/passwd | grep false -c ` -ge "1" ]] ; then USERSHELL=FALSE echo "shell of $2 was $USERSHELL" echo -e"It will change to \e[31mBASH\e[0m" sed -e "s/\/home\/"$2":\/bin\/false/\/home\/"$2":\/usr\/bin\/bash/" /etc/passwd -i elif [[ `grep $2 /etc/passwd | grep noshell -c ` -ge "1" ]] ; then USERSHELL=NOSHELL echo "shell of $2 was $USERSHELL" echo -e "It will change to \e[31mBASH\e[0m" sed -e "s/\/home\/"$2":\/usr\/local\/cpanel\/bin\/noshell/\/home\/"$2":\/bin\/bash/" /etc/passwd -i fi fi #====disable part ======== if [[ $1 == "sshdis" ]] && [[ `grep -c $2 /etc/passwd` -gt "0" ]] ; then if [[ `grep $2 /etc/passwd | grep bash -c ` -ge "1" ]] ; then USERSHELL=BASH echo -e "shell of $2 was \e[31m$USERSHELL\e[0m" echo "It will change to noshell" sed -e "s/\/home\/"$2":\/bin\/bash/\/home\/"$2":\/usr\/local\/cpanel\/bin\/noshell/" /etc/passwd -i fi fi #find exclude all proccesses that run by root and show others if [[ $1 == "detect" ]] ; then echo "Show netstat info" netstat -laptenu | egrep -v "(cpsrvd|cupsd|dovecot|exim|httpd|lfd|mysqld|nrpe|php|pure-ftpd|rpcbind|snmpd|spamdchild|sshd|webmaild|named|grep|spam|:80|:443)" echo "==============" echo "Show ps aux info" ps aufx | egrep -vi "(cpsrvd|cupsd|dovecot|exim|httpd|lfd|mysqld|nrpe|php|pure-ftpd|rpcbind|snmpd|spamdchild|sshd|webmaild|named|grep|spam|:80|:443|crond|screen|flush|rar|gtar|gzip|zip|find|snmpd|cage|root|dbus)" fi #report file to bitninja and replace it with non-malicious content. if [[ $1 == "honeypot" ]] ; then cat /usr/local/sbin/Honeypot.txt > $2 fi ##add IP in our graylist #if [[ $1 == "bln" ]] ; then #for i in $(cat $2 | grep POST | grep $3 | awk '{print$1}' | sort -n | uniq); do bitninjacli --greylist --add=$i; done #fi #add IP in our graylist if [[ $1 == "bln" ]] ; then for i in $(cat $2 | grep POST | grep $3 | egrep -v "(cron|admin-ajax.php)" | awk '{print$1}' | sort -n | uniq); do bitninjacli --greylist --add=$i; done fi #Disk quota if [[ $1 == "dq" ]] ; then DQUOTAS=`lsblk | grep home -c` if [[ $DQUOTAS -gt "0" ]]; then repquota /home| awk '{print $3/1024/1024,$1}' | sort -h echo "========" echo "Disk quotas are on /home" else repquota / | awk '{print $3/1024/1024,$1}' | sort -h echo "========" echo "Disk quotas are on /" fi fi #Disk quota suspended if [[ $1 == "dqs" ]] ; then DQUOTAS=`lsblk | grep home -c` if [[ $DQUOTAS -gt "0" ]]; then cd /root/pavlin/ repquota /home| awk '{print $3/1024/1024,$1}' | sort -h > /root/pavlin/quota.suspended ls /var/cpanel/suspended/ | xargs -i grep {} /root/pavlin/quota.suspended | sort -h ls /var/cpanel/suspended/ | xargs -i grep {} /root/pavlin/quota.suspended | sort -h | awk -F "." '{print $1}' | awk '{ sum+=$1} END {print sum}' echo "========" echo "Disk quotas are on /home" else cd /root/pavlin/ repquota / | awk '{print $3/1024/1024,$1}' > /root/pavlin/quota.suspended ls /var/cpanel/suspended/ | xargs -i grep {} /root/pavlin/quota.suspended | sort -h ls /var/cpanel/suspended/ | xargs -i grep {} /root/pavlin/quota.suspended | sort -h | awk -F "." '{print $1}' | awk '{ sum+=$1} END {print sum}' echo "========" echo "Disk quotas are on /" fi fi #Disk quota suspended if [[ $1 == "dqc" ]] ; then DQUOTAS=`lsblk | grep home -c` if [[ $DQUOTAS -gt "0" ]]; then cd /root/pavlin egrep -i "(mov|ransf|canc)" /var/cpanel/suspended/* -l | awk -F"/" '{print $5}' > /root/pavlin/quota.canceled repquota /home| awk '{print $3/1024/1024,$1}' | sort -h > /root/pavlin/qqqq cat /root/pavlin/quota.canceled | xargs -i grep -w {} /root/pavlin/qqqq | sort -h cat /root/pavlin/quota.canceled | xargs -i grep -w {} /root/pavlin/qqqq | sort -h | awk -F " " '{print $1}' | awk '{ sum+=$1} END {print sum}' echo "========" echo "Disk quotas are on /home" else cd /root/pavlin egrep -i "(mov|ransf|canc)" /var/cpanel/suspended/* -l | awk -F"/" '{print $5}' > /root/pavlin/quota.canceled repquota /| awk '{print $3/1024/1024,$1}' | sort -h > /root/pavlin/qqqq cat /root/pavlin/quota.canceled | xargs -i grep -w {} /root/pavlin/qqqq | sort -h cat /root/pavlin/quota.canceled | xargs -i grep -w {} /root/pavlin/qqqq | sort -h | awk -F " " '{print $1}' | awk '{ sum+=$1} END {print sum}' echo "========" echo "Disk quotas are on /" fi fi #error logs if [[ $1 == "errs" ]] ; then cd /root/pavlin/ cat /root/pavlin/error_logs | xargs -i du -sh {} | sort -h echo "Do you want to delete it ? y/N" read erdel if [ "${erdel}" = "y" ]; then cat /root/pavlin/error_logs | xargs -i rm -fv {} else echo "Please start all over again :)" exit fi fi #error logs if [[ $1 == "errs-f" ]] ; then echo "Do you want to search for log files bigger than 100MB ? y/N" read errsearch if [ "${errsearch}" = "y" ]; then find /home/*/public_html/ -maxdepth 3 -type f -name "*log" -size +100M else echo "Please start all over again :)" exit fi fi #cpanel and pkgs old if [[ $1 == "cpn" ]] ; then du -sh /home/*/tmp/Cpanel_* | sort -h du -sh /home/*.gz echo "Do you want to delete it ? y/N" read erdel if [ "${erdel}" = "y" ]; then rm -fv /home/*/tmp/Cpanel_* rm /home/*.gz -fv else echo "Please start all over again :)" exit fi fi #trash if [[ $1 == "trash" ]] ; then echo "Do you want to delete trash without showing it ? y/N" read erdel if [ "${erdel}" = "y" ]; then rm /home/*/.trash/* -rf else echo "Please wait a moment..." find /home/*/ -maxdepth 1 -type d -name ".trash" | xargs -i du -sh {} | sort -h echo "you can delete all by type" echo "rm /home/*/.trash/* -rfv " fi fi #softacs if [[ $1 == "soft" ]] ; then echo "Show all softacs (S)" echo "Show failed softacs (F)" read softdel if [ "${softdel}" = "S" ]; then find /home/*/ -maxdepth 1 -type d -name "softaculous*" | xargs -i du -sh {} | sort -h fi if [ "${softdel}" = "F" ]; then find /home/*/softaculous_backups/ -maxdepth 1 -type f -name ".*" |xargs -i du -sh {} echo "Do you want to delete this files ? y/N" read delsoft if [ "${softdel}" = "y" ]; then find /home/*/softaculous_backups/ -maxdepth 1 -type f -name ".*" |xargs -i rm -fv {} else exit fi fi fi #softacs if [[ $1 == "public" ]] ; then find /home/*/ -maxdepth 1 -type d -name "public_html-*" | xargs -i du -sh {} find /home/*/ -maxdepth 1 -type d -name "public_html_*" | xargs -i du -sh {} fi #top php if [[ $1 == "top" ]] ; then ps aufx | grep -i $2 | awk '{print $1}' | sort -n | uniq -c | sort -n | tail fi #userstat if [[ $1 == "userstat" ]] ; then echo "Allusers `ls /var/cpanel/users | wc -l ` " ; echo "Suspended `ls /var/cpanel/suspended | wc -l `" ;echo "Active users `/etc/scripts/backup/userscalc.sh | wc -l` " fi