PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` #!/bin/bash if [[ $1 == "" ]] ; then echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-" echo "Welcome to mail part" echo "Possible options are:" echo "--------------------" echo -e "\e[35m\e[1m--------Mail Part--------\e[0m" echo -e "\e[32mmail\e[0m" show stat for mailq by senders echo -e "\e[31mexample: 112m mail\e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mmailrm \e[0m"- remove all frozem msg echo -e "\e[31mexample: 112m mailrm\e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mmailf \e[0m"- find user in exim log files echo -e "\e[31mexample: 112m mailf user@host.com\e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mmaildel\e[0m" - delete all that match regex echo -e "\e[31mexample: 112m maildel \"(ifpesnet|weedgrow|abddadac)\" \e[0m" echo -e "\e[33m----------\e[0m" #echo -e "\e[32mmaldet\e[0m" - run maldetect scan on - public_html and .cageds/tmp/ #echo -e "\e[31mexample: 112m maldet \e[0m" #echo -e "\e[33m----------\e[0m" #echo -e "\e[32mmailc\e[0m" - check current user sendmail path #echo -e "\e[31mexample: 112m mailc user \e[0m" #echo -e "\e[33m----------\e[0m" #echo -e "\e[32mmaild\e[0m" - disable sendmail path #echo -e "\e[31mexample: 112m maild user \e[0m" #echo -e "\e[33m----------\e[0m" #echo -e "\e[32mmaile\e[0m" - enable sendmail path #echo -e "\e[31mexample: 112m maile user \e[0m" #echo -e "\e[33m----------\e[0m" echo -e "\e[32mexim-fix \e[0m" - tidy exim db WARNING IT COULD TAKE SOME TIME echo -e "\e[31mexample: 112m exim-fix \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mhoneypot \e[0m" - report php file to BitNinja and replace malicious content. echo -e "\e[31mexample: 112m honeypot \e[0m" echo -e "\e[33m----------\e[0m" echo -e "\e[32mbln \e[0m" - add IP in our graylist echo -e "\e[31mexample: 112m bln \e[0m" echo "Have a nice work" echo "" fi #find who make mailq if [[ $1 == "mail" ]] ; then exim -bp | grep "<**..**>" | awk '{print $4}' | sed -e 's/[<>]//g' | sort | uniq -c | sort -n | tail fi #remove all frozen mesages if [[ $1 == "mailrm" ]] ; then exim -bp | grep "<>" | awk '{print $3}' | xargs -i exim -Mrm {} fi #search for string in exim log if [[ $1 == "mailf" ]] ; then grep "$2" /var/log/exim_mainlog | grep -i html | tail fi #delete mail/s from exim mailq by string if [[ $1 == "maildel" ]] ; then exim -bp | egrep $2 | awk '{print $3}' | xargs -i exim -Mrm {} fi #check sendmail via cagefs if [[ $1 == "mailc" ]] ; then PHPV=$(/usr/bin/cl-selector --summary php --user $2 | grep -w s| awk '{print $1}' ) SMPATH=$(selectorctl --print-options --version=$PHPV --user=$2 | grep "TITLE:sendmail_path" -A5 | tail -n1) echo "--------------------------" echo "User = $2 " echo "PHP version = $PHPV" echo "Sendmail patch = $SMPATH" echo "--------------------------" fi #disable sendmail via cagefs if [[ $1 == "maild" ]] ; then PHPV=$(/usr/bin/cl-selector --summary php --user $2 | grep -w s| awk '{print $1}') SMPATH=$(selectorctl --print-options --version=$PHPV --user=$2 | grep "TITLE:sendmail_path" -A5 | tail -n1) SNATIVE=$(selectorctl --summary --user=$2 --show-native-version | grep native | sed 's/[a-z)(]//g') if [[ "$PHPV" == "native" ]] ; then echo "User $2 is using native php $SNATIVE" selectorctl --set-user-current=$SNATIVE --user=$2 /usr/bin/piniset --replace="sendmail_path:/bin/true" --version=$SNATIVE --user=$2 fi echo "User = $2 " echo "PHP version = $PHPV" echo "Sendmail patch = $SMPATH" fi #enable sendmail via cagefs if [[ $1 == "maile" ]] ; then /usr/bin/piniset --replace="sendmail_path:/usr/sbin/sendmail -t -i" --version=$PHPV --user=$2 PHPV=$(/usr/bin/cl-selector --summary php --user $2 | grep -w s| awk '{print $1}' ) SMPATH=$(selectorctl --print-options --version=$PHPV --user=$2 | grep "TITLE:sendmail_path" -A5 | tail -n1) echo "--------------------------" echo "User = $2 " echo "PHP version = $PHPV" echo "Sendmail patch = $SMPATH" echo "--------------------------" fi #tidy exim database if [[ $1 == "exim-fix" ]] ; then /usr/sbin/exim_tidydb -t 1d /var/spool/exim retry /usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-dkim_remote_smtp /usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp_smart_dkim /usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp_smart_regular fi #scan for accounts PATHCHECK=$(pwd | awk -F"/" '{print $2}') if [[ $1 == "maldet" ]] && [[ "$PATHCHECK" == "home" ]] ; then USERNAME=$(pwd | awk -F"/" '{print $3}') PATH1=/home/$USERNAME/.cagefs/tmp/ PATH2=/home/$USERNAME/public_html/ maldet -b -a $PATH1 maldet -b -a $PATH2 else #echo "You are not worthy enough to lift mighty mjolnir outside user folder :) " echo "" fi #report file to bitninja and replace it with non-malicious content. if [[ $1 == "honeypot" ]] ; then cat /usr/local/sbin/Honeypot.txt > $2 fi #add IP in our graylist if [[ $1 == "bln" ]] ; then for i in $(cat $2 | grep POST | grep $3 | awk '{print$1}' | sort -n | uniq); do bitninjacli --greylist --add=$i; done fi