#!/bin/bash # Short Description :Deploy imunify360/ImunifyAV # Description :Installs imunify360/ImunifyAV repository # Copyright :Cloud Linux Zug GmbH # License :Cloud Linux Commercial License # Do not edit/move/reformat this line except for actual version bump # it is used by old versions of deploy scripts to check for update version="2.134" readonly package="imunify-antivirus" readonly imunify360="imunify360-firewall" readonly imunify_av="imunify-antivirus" if [[ "$package" != "$imunify360" ]] && [[ "$package" != "$imunify_av" ]]; then exit 1 fi if [[ "$package" = "$imunify_av" ]]; then PRODUCT="ImunifyAV" UI_PACKAGE="imunify-ui-antivirus" COMMAND="imunify-antivirus" STAND_ALONE_URL="https://docs.imunifyav.com/stand_alone_mode" LOG_FILE="/var/log/imav-deploy.log" LOCK="/var/lock/imav-deploy.lck" PREMIUM_REVISIUM_EXTENSION="/var/imunify360/premium_revisium_license.flag" # packages mentioned in the update command in the daily cron job readonly additional_packages_to_remove="ai-bolit\ alt-php-hyperscan\ imunify-release\ imunify-common\ imunify-notifier\ imunify-core\ imunify-realtime-av\ imunify-ui\ imunify360-venv\ imunify-patchman" readonly additional_packages_to_remove_cl="alt-php-internal\ app-version-detector" readonly additional_packages_to_remove_centos="minidaemon" readonly additional_packages_to_remove_debian="" fi readonly YUM_DISABLED_PHP_REPOS_OPTION="--disablerepo=imunify360-alt-php,imunify360-ea-php-hardened" OS_RELEASE_INFO=/etc/os-release set -o pipefail # fail if any error: will not #set -e # error for unbound variable: not for now #set -eu # $1 = Message prompt # Returns ans=0 for yes, ans=1 for no yesno() { local YES=0 local NO=1 local PENDING=2 if [ $dry_run -eq 1 ]; then echo "Would be asked here if you wanted to" echo "$1 (y/n - y is assumed)" local ans=$YES elif [ "$assumeyes" = "true" ]; then local ans=$YES else local ans=$PENDING fi while [ $ans -eq $PENDING ]; do echo "Do you want to $1 (y/n) ?" ; read -r reply case "$reply" in Y*|y*) ans=$YES ;; N*|n*) ans=$NO ;; *) echo "Please answer y or n" ;; esac done return "$ans" } prepend_timestamp() { # Prepend current time to each line # # Usage: source-program | prepend_timestamp # # Note: it may fail if the input contains \0 bytes while IFS= read -r line do printf '[%s] %s\n' "$(date '+%Y-%m-%d %H:%M:%S')" "$line" done } log() { # Run given command and append its duplicated stdout/stderr to # $LOG_FILE. # # Usage: log [...] # "$@" |& prepend_timestamp | tee -a "$LOG_FILE" return "${PIPESTATUS[0]}" } exit_with_error() { log echo -e "$@" rm -rf "$lock" exit 1 } print_debug_info() { if [ "$DEBUG" == "true" ]; then echo "$@" fi } # Only for imunify360-firewall set_low_resource_usage_mode_if_necessary() { local _package=$1 local _package_version=$2 imunify360_low_mem_limit=2147483648 imunify360_python38_datadir=$venv_path/share/imunify360 # total usable memory in bytes mem_total=$(/dev/null || true unlink /etc/sysconfig/imunify360/imunify360.config.d/10_on_first_install_core.config 2>/dev/null || true unlink /etc/sysconfig/imunify360/imunify360.config.d/10_on_first_install_av.config 2>/dev/null || true unlink /etc/sysconfig/imunify360/imunify360.config.d/10_on_first_install_ids.config 2>/dev/null || true } init_vars() { wget="/usr/bin/wget" wget_options="-q --retry-connrefused --waitretry=15 --read-timeout=20 --timeout=15 -t 15" uninstall=false conversion=false beta=false install_vendors=false freemium=false downgrade=false compatibility_check_script="compatibility-check.sh" # get full path to the current script script="$1" case "$script" in ./*) script="$(pwd)/${script#*/}" ;; /*) script="$script" ;; *) script="$(pwd)/$script" ;; esac scriptname=$(basename "$script") script_run_args="$2" # Update checker URL checksite="https://repo.imunify360.cloudlinux.com/defense360/" upgradeurl="$checksite$scriptname" dry_run="0" assumeyes=false modifying_call=false yum_beta_option="" yum_beta_repo_enable=0 apt_force="" apt_allow_unauthenticated="" if [[ "$package" = "$imunify360" ]]; then # Virtuozzo 7 with kernel 3.10.0 or later has support for ipset in Container VZ_VERSION_LONG=3.10.0-327.10.1.vz7.12.8 # Inside VZ version is provided without release VZ_VERSION_BRIEF=3.10.0 readonly imunify360_python35_datadir=/opt/alt/python35/share/imunify360 fi imunify360_python38_datadir=/opt/alt/python38/share/imunify360 venv_path=/opt/imunify360/venv } version() { local lhs=$1 local op=$2 local rhs=$3 case $op in -lt) test "$(echo -e "$lhs\\n$rhs" | sort --version-sort | head -1)" = "$lhs" && \ test "$lhs" != "$rhs" return $? ;; *) echo "function version(): operator $op is not supported." return 2 ;; esac } check_package_version() { version="$1" if [ -z "$version" ]; then echo "No available package detected" return 1 else echo "$version" fi } get_available_debian_package_version() { version=$(apt-cache policy "$1" 2>/dev/null | sed -n '3p' | awk '{split($0, candidate); print candidate[2]}') check_package_version "$version" return $? } get_available_centos_package_version() { version=$(yum $yum_beta_option $YUM_DISABLED_PHP_REPOS_OPTION list available "$1" 2>/dev/null | grep -E "$1.x86_64|$1.noarch" | awk '{split($0, candidate); print candidate[2]}' | sort --version-sort | tail -n 1) check_package_version "$version" return $? } install_plugin() { local plugin_package=$1 local panel=$2 echo "Installing $PRODUCT $panel plugin..." install_${ostype}_pkgs "$plugin_package-$panel" check_exit_code 0 "Failed to install $PRODUCT $panel plugin." } install_ui_part() { local ui_package=$1 local panel=$2 echo "Installing UI part of $PRODUCT $panel plugin..." install_${ostype}_pkgs "$ui_package-$panel" check_exit_code 0 "Failed to install UI part of $PRODUCT $panel plugin." } check_and_install() { local package_to_install=$1 local package_version=$2 local ui_package=$3 local panel=$4 if version "$package_version" -lt "7.3"; then install_plugin "$package_to_install" "$panel" else if [[ "$package_to_install" = "$imunify360" ]]; then install_plugin $package_to_install $panel fi install_ui_part "$ui_package" "$panel" fi } check_hardened_php_status() { local agent_bin='/usr/bin/imunify360-agent' local python_bin='/opt/imunify360/venv/bin/python' local status=$(\ ${agent_bin} features status hardened-php --json |\ ${python_bin} -c 'import json; print(json.loads(input()).get("items", {}).get("status"))'\ ) echo ${status} } remove_hardened_php_feature() { local agent_bin='/usr/bin/imunify360-agent' local python_bin='/opt/imunify360/venv/bin/python' # sometimes it takes a long time to remove hardened-php # especially in the Plesk environment local timeout=1500 if [ ! -f ${agent_bin} ] || [ ! -f ${python_bin} ]; then return fi if [ "$(check_hardened_php_status)" != "installed" ]; then return fi echo "Warning: Hardened PHP packages will be removed"\ "and replaced with the default ones if possible."\ "Some sites may stop working" echo -n "Starting removal, this may take a couple of minutes" local logfile="$(${agent_bin} features remove hardened-php)" local start_ts=$(date +%s) while true; do removal_status="$(check_hardened_php_status)" [ "${removal_status}" = "not_installed" ] && echo OK && break local current_ts=$(date +%s) if [ $((current_ts - start_ts)) -gt ${timeout} ]; then echo TIMEOUT exit_with_error "Error occured while trying to remove Hardened PHP packages."\ "See log: ${logfile}" fi echo -n "." sleep 5 done } install_vendors_in_cw_environment() { # log output but hide it from stdout log echo "Run vendor installation in background for Cloudways" file_path="/var/imunify360/files/modsec/v2/description.json" while [ ! -f "$file_path" ]; do log echo "Waiting for $file_path to appear" sleep 5 done log echo "Installing vendors" log /usr/bin/imunify360-agent --console-log-level=WARNING install-vendors } do_migrate_patchman() { log echo "Run patchman migration..." log imunify-antivirus patchman migrate check_exit_code 0 "Failed to migrate patchman service." } install_imunify_release() { if [[ $ostype = debian ]]; then suffix="$ID.$VERSION_ID.deb" if test -f /etc/apt/sources.list.d/imunify360.list ; then log echo "repo is already present, skip installation of imunify-release" return 0 fi else if test -f /etc/yum.repos.d/imunify360.repo ; then log echo "repo is already present, skip installation of imunify-release" return 0 fi suffix="el${VERSION_ID%%.*}.rpm" fi local pkg_name="imunify-release-latest.$suffix" log echo "Downloading imunify-release package: $pkg_name" log wget "https://repo.imunify360.cloudlinux.com/defence360/$pkg_name" -O $pkg_name if [[ $ostype = debian ]]; then # since for debian/ubuntu gpg key is added to common location (/etc/apt/trusted.gpg.d/) - # allow overwriting config files to avoid conflicts if gpg key was added manually log dpkg -i --force-confnew ./$pkg_name else log yum install -y ./$pkg_name fi if [[ $ostype = debian ]]; then if [ "$beta" = "true" ]; then log cp /etc/apt/sources.list.d/imunify360-testing.list.example /etc/apt/sources.list.d/imunify360-testing.list fi if ! log run_with_retries "apt-get update" ""; then test "$dev_install" = true if [ $? -ne 0 ]; then log echo "apt-get update error." exit 1 fi fi else if [ "$beta" = "true" ]; then log yum-config-manager --enable imunify360-testing fi fi } remove_imunify_release() { log remove_${ostype}_pkgs imunify-release if [[ $ostype = debian && $beta = true ]]; then # imunify360-testing repo is added by imunify-release as imunify360-testing.list.example. # then in case of `$beta = true` it is enabled by copying it to imunify360-testing.list. # so, in case of $beta imunify360-testing.list must be removed manually. log rm /etc/apt/sources.list.d/imunify360-testing.list fi } run_with_retries() { cmd=$1 expected_error_text=$2 ignore_res=$3 min_timeout=2 max_timeout=30 nattempts=10 for ((i=1;i<=nattempts;i++)); do output=$( { $cmd ; } 2>&1 ) res=$? if [ $res -eq 0 ] && [[ "$ignore_res" != "true" ]]; then echo "$output" break else if echo "$output" | grep -q "$expected_error_text"; then echo "$output" echo "Attempt #$i/$nattempts: to run $cmd." timeout=$(($RANDOM%($max_timeout-$min_timeout+1)+$min_timeout)) [ $i -ne $nattempts ] && echo "Retrying in $timeout seconds.." sleep $timeout else echo "$output" break fi fi done return $res } reopen_log() { echo "-- $(date -R): $script $script_run_args --" >> "$LOG_FILE" chmod 0600 "$LOG_FILE" } check_debian_pkg_presence() { test "$(dpkg-query --show --showformat='${db:Status-Status}\n' "$1" 2>/dev/null)" = "installed" } check_centos_pkg_presence() { rpm --query "$1" >/dev/null } should_perform_downgrade() { if [[ "$package" = "$imunify_av" ]]; then downgrade=false return 1 # https://cloudlinux.atlassian.net/browse/DEF-33180 Decided to postpone having this as default action for plesk/cpanel # elif [ "$downgrade" = "true" ] || [ "$PANEL" = "plesk" ] || [ "$PANEL" = "cpanel" ]; then elif [ "$downgrade" = "true" ]; then # downgrade=true return 0 else return 1 fi } verify_imunify_av() { log echo "Verifying ImunifyAV installation..." # Get the list of packages to verify from additional_packages_to_remove_av # and remove imunify-realtime-av from the list local packages_to_verify="" for _package in $additional_packages_to_remove_av; do if [ "$_package" != "imunify-realtime-av" ] && [ "$_package" != "imunify-patchman" ]; then packages_to_verify="$packages_to_verify $_package" fi done packages_to_verify="$packages_to_verify imunify-antivirus-$PANEL" packages_to_verify="$packages_to_verify imunify-antivirus-$PANEL" # UI package if panel is detected if [ "$PANEL" = generic ]; then packages_to_verify="$packages_to_verify imunify-ui-$PANEL" else packages_to_verify="$packages_to_verify imunify-ui-antivirus-$PANEL" fi # Flag to track if any package is missing local missing_packages=0 # Check each package for _package in $packages_to_verify; do if ! check_${ostype}_pkg_presence "$_package"; then log echo "WARNING: Package $_package is missing." missing_packages=1 fi done # Return status based on missing packages if [ $missing_packages -eq 0 ]; then log echo "All ImunifyAV packages are properly installed." return 0 else log echo "ERROR: Some ImunifyAV packages are missing. Manual intervention may be required." exit 1 fi } # Function to mark ImunifyAV packages as manually installed for Debian mark_debian_av_manual() { echo "Marking ImunifyAV as manually installed to preserve it and its dependencies..." # Check if ImunifyAV is installed before marking if check_debian_pkg_presence "imunify-antivirus"; then apt-mark manual imunify-antivirus-$PANEL if [ "$PANEL" = "generic" ]; then apt-mark manual imunify-ui-generic else apt-mark manual imunify-ui-antivirus-$PANEL fi fi } # Function to mark ImunifyAV packages as user-installed for CentOS mark_centos_av_manual() { echo "Marking ImunifyAV as user-installed to preserve it and its dependencies..." # Check if ImunifyAV is installed before marking if ! rpm -q imunify-antivirus &>/dev/null; then return fi local ui_package="imunify-ui-${PANEL}" [[ "$PANEL" != "generic" ]] && ui_package="imunify-ui-antivirus-${PANEL}" if [[ "$VERSION_ID" == 7* ]]; then yumdb set reason user "imunify-antivirus-${PANEL}" yumdb set reason user "${ui_package}" else yum mark install "imunify-antivirus-${PANEL}" yum mark install "${ui_package}" fi } remove_debian_imunify() { local pkgs_to_remove="$package $additional_packages_to_remove $additional_packages_to_remove_debian" if [ "$downgrade" = "false" ]; then pkgs_to_remove="$pkgs_to_remove $additional_packages_to_remove_av" fi # shellcheck disable=SC2086 apt-get remove --autoremove --ignore-missing --dry-run $pkgs_to_remove yesno "apt-get --AUTOREMOVE to remove $pkgs_to_remove plus \ aforementioned packages [y] or just $pkgs_to_remove [n]" local res=$? if [ $res = 0 ]; then local autoremove="--autoremove" else local autoremove="" fi # --ignore-missing doesn't work if apt doesn't know about package # shellcheck disable=SC2086 apt-get remove $autoremove -y --ignore-missing $(dpkg-query -W -f='${binary:Package}\n' $pkgs_to_remove 2>/dev/null) } remove_centos_imunify() { local pkgs_to_remove="$package $additional_packages_to_remove $additional_packages_to_remove_centos" if [ "$downgrade" = "false" ]; then if rpm -q cloudlinux-release &>/dev/null; then # if it is CLOS leave "alt-php-internal" and "app-version-detector" as is local pkgs_to_remove="$pkgs_to_remove $additional_packages_to_remove_av" else # Otherwise the also could be removed local pkgs_to_remove="$pkgs_to_remove $additional_packages_to_remove_av $additional_packages_to_remove_cl" fi fi yum remove -y $yum_beta_option $YUM_DISABLED_PHP_REPOS_OPTION \ $pkgs_to_remove --setopt=clean_requirements_on_remove=1 } remove_freemium_flag() { if [ ! -f "/var/imunify360/myimunify-freemium.flag" ]; then return fi rm -f "/var/imunify360/myimunify-freemium.flag" } get_debian_pkgs_manager() { pkgs_manager="apt-get" } get_centos_pkgs_manager() { pkgs_manager="yum" } remove_debian_pkgs() { run_with_retries "apt-get remove -y $*" "Could not get lock" } remove_centos_pkgs() { yum remove -y "$@" } install_debian_pkgs() { local pkgs=$* run_with_retries "apt-get $apt_opts install -y $apt_allow_unauthenticated $apt_force $pkgs" "" } install_centos_pkgs() { local pkgs=$* yum install -y $yum_beta_option $YUM_DISABLED_PHP_REPOS_OPTION $pkgs } install_debian_ipset() { install_debian_pkgs ipset } install_centos_ipset() { yum install -y ipset } detect_first_install() { if check_${ostype}_pkg_presence "$package" >/dev/null then first_install=false else first_install=true fi } is_systemctl_avail() { command -v systemctl >/dev/null 2>&1 } # $1 = Full URL to download # $2 = Optional basename to save to (if omitted, then = basename $1) # Also allow download to fail without exit if $2 is set download_file() { if [ "$2" = "" ]; then dlbase="$(basename "$1")" else dlbase="$2" fi if [ $dry_run -eq 1 ]; then echo "Would download this URL to $dlbase :" echo "$1" ; echo return fi old_dlbase="$dlbase.old" if [ -f "$dlbase" ]; then rm -f "$old_dlbase" mv -f "$dlbase" "$old_dlbase" fi echo "Downloading $dlbase (please wait)" $wget $wget_options -O "$dlbase" "$1" if [ ! -s "$dlbase" ]; then if [ -f "$old_dlbase" ]; then mv -f "$old_dlbase" "$dlbase" fi if [ "$2" = "" ]; then echo "Failed to download $dlbase" exit 1 fi fi } # Make sure that we are running the latest version # $* = Params passed to script check_version() { echo "Checking for an update to $scriptname" script_from_repo="$scriptname.repo_version" download_file "$upgradeurl" "$script_from_repo" newversion=$(grep "^version=" "$script_from_repo" | sed 's/[^0-9.]*//g') if [ -z "$newversion" ]; then newversion=$version fi if [ $dry_run -eq 1 ]; then echo -e "Would check if this running script (version $version) is out of date. \n" \ "If it's been superseded, the new version would be downloaded and you'd be asked \n" \ "if you want to upgrade to it and run the new version. \n" return fi local latest_version latest_version=$(echo -e "$version\\n$newversion" | sort --reverse --version-sort | head -1) if [ "$latest_version" = "$version" ]; then echo "$scriptname is already the latest version ($version) - continuing" rm -f "$script_from_repo" else echo "New version ($newversion) of $scriptname detected" if yesno "run $scriptname $newversion now" then echo "OK, executing $script_from_repo $*" # replace the current script with a new one mv -f "$script_from_repo" "$script" chmod u+x "$script" echo "Download of $scriptname $newversion successful" rm "$LOCK" echo "Run $script $script_run_args" # use $script_run_args without quotes to avoid error # `getopt: unrecognized option` if there are more than 1 arguments # shellcheck disable=SC2086 exec "$script" --skip-version-check $script_run_args error "Failed to run $script $script_run_args" else echo -e "New version of script is available: $upgradeurl \n" \ "It was downloaded to $script_from_repo \n" \ "If you prefer to use current version, run it with \"--skip-version-check\" key. \n" exit 1 fi fi } remove_debian_repo() { rm /etc/apt/sources.list.d/imunify360-alt-php.list 2>/dev/null } remove_centos_repo() { rm /etc/yum.repos.d/imunify360-ea-php-hardened \ /etc/yum.repos.d/imunify360-alt-php 2>/dev/null } remove_acronis_agent() { [ ! -e /usr/bin/restore_infected ] && return if /usr/bin/restore_infected acronis extra is_installed 2> /dev/null; then # If Acronis installation logs are present in restore_infected folder, # then remove Acronis and the logs if ls /var/restore_infected/acronis_installation*.log; then /usr/bin/restore_infected acronis extra uninstall > /dev/null || : rm -f /var/restore_infected/acronis_installation*.log fi fi } terminate_detached_scans () { for file in /var/imunify360/aibolit/run/*/pid; do test -e "$file" && kill -9 "$(cat "$file")" done rm -rf /var/imunify360/aibolit/run/ rm -rf /var/imunify360/aibolit/scans.pickle } # Only for imunify360-firewall remove_hardened_php_repos() { if [[ $ostype = centos ]]; then ALT_PHP=imunify360-alt-php.repo EA_PHP=imunify360-ea-php-hardened.repo REPOS_DIR=/etc/yum.repos.d # fix permissions for REPO in $ALT_PHP $EA_PHP; do test -f $REPOS_DIR/$REPO || continue chattr -i $REPOS_DIR/$REPO chmod 644 $REPOS_DIR/$REPO done # remove unconditionally rm -f $REPOS_DIR/$ALT_PHP rm -f $REPOS_DIR/$EA_PHP fi } print_help () { cat << EOF >&2 Usage: -h, --help Print this message --version Print script's version and exit -k, --key Deploy $PRODUCT with activation key -c, --uninstall Uninstall $PRODUCT --skip-version-check Do not check for script updates --skip-registration Do not register, just install (the default) --dev-install Turn off software defect reporting --beta Install packages from 'testing' repo --check Check if imunify360 Agent can be installed and exit --downgrade Preserve ImunifyAV when uninstalling Imunify360 -y, --yes Assume "yes" as answer to all prompts and run non-interactively EOF } print_version() { echo "$scriptname $version" } check_centos_iptables_compatibility() { # dummy function that does nothing : } check_debian_iptables_compatibility() { if is_debian && [ "$VERSION_ID" == "10" ] then local apt_opts="-t buster-backports" log install_debian_pkgs iptables check_exit_code 0 "iptables >= 1.8.5 required on Debian 10. \n\ Please, turn on buster-backports repository and run the script/installation again. \n\ Buster-backports repository may be turned on by following command: \n\ echo "deb http://ftp.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/buster-backports.list \n\ Then run: \n\ apt-get update \n" fi } setup_imunify360_dir() { if [ ! -d "/var/imunify360/" ]; then mkdir -m 2755 -p /var/imunify360 fi } install_revisium_premium_marker () { local key_directory="/etc/sw/keys/keys" local imunify_keytype="ImunifyAV+" if [ -d "$key_directory" ]; then # Search for the specified keytype in the keys if grep -q "$imunify_keytype" "$key_directory"/*; then # Create the flag setup_imunify360_dir touch "$PREMIUM_REVISIUM_EXTENSION" echo "AV+ license is detected in Revisium extension, creating marker file $PREMIUM_REVISIUM_EXTENSION" fi fi } remove_revisium_premium_marker () { if [ -f "$PREMIUM_REVISIUM_EXTENSION" ]; then rm -f "$PREMIUM_REVISIUM_EXTENSION" fi } cleanup() { rm -f "$LOCK" } rapid_scan_basedir_override() { touch /var/imunify360/rapid_scan_basedir_override } uninstall_plesk_extension() { if [ "$PANEL" = "plesk" ] && [ "$I360_FROM_PLESK_EXTENSION" != "1" ]; then if [ -x /usr/local/psa/bin/extension ]; then log echo "Uninstalling Plesk extension for $PRODUCT..." SKIP_PREUNINSTALL_CHECK=true log /usr/local/psa/bin/extension --uninstall imunify360 || true fi fi } # Lets start # if environment has umask=0000 (if called from plesk extension), all created files have -rw-rw-rw- permission umask 0022 init_vars "$0" "$*" reopen_log if [ -f "$LOCK" ] ; then if [ -d "/proc/$(cat "$LOCK")" ] ; then exit_with_error "$scriptname is already running" fi fi echo $$ > "$LOCK" check_exit_code 0 "Please run $scriptname as root" trap cleanup SIGTERM SIGINT SIGHUP EXIT options=$(getopt -o ychk: -l yes,uninstall,help,version,check,skip-version-check,skip-registration,beta,dev-install,force,apt-force,freemium,migrate-patchman,downgrade,key: -- "$@") res=$? if [ "$res" != 0 ]; then print_help exit 1 fi eval set -- "$options" while true; do case "$1" in -h|--help) print_help exit 0 ;; --version) print_version exit 0 ;; -y|--yes) assumeyes=true shift ;; -c|--uninstall) uninstall=true shift ;; -k|--key) conversion=true activationkey="$2" shift 2 ;; --skip-version-check) skipversioncheck=true shift ;; --skip-registration) registration=false shift ;; --beta) beta=true yum_beta_option="--enablerepo=imunify360-testing" yum_beta_repo_enable=1 shift ;; --freemium) freemium=true shift ;; --dev-install) dev_install=true apt_allow_unauthenticated=--allow-unauthenticated shift ;; --force|--apt-force) # used for Plesk extension installation export DEBIAN_FRONTEND=noninteractive apt_force='-o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew' shift ;; --check) $wget -qO- "$checksite$compatibility_check_script" | bash -s -- --$package EXIT_CODE=$? exit $EXIT_CODE ;; --migrate-patchman) migrate_patchman=true shift ;; --) shift break ;; -*) echo "$0: error - unrecognized option $1" 1>&2 print_help exit 1 ;; *) exit_with_error "Internal error!" ;; esac done RESULT=$($wget -qO- "$checksite$compatibility_check_script" | bash -s -- --$package) check_exit_code 0 "Compatibility check failed with exit code\nCompatiblity check output:\n$RESULT" log echo -e "Compatiblity check output:\n$RESULT" # Parse and set the variables from the output eval $(echo "$RESULT" | grep -E "^(ostype|is_cloudways|INTEGRATION_CONF_PATH|PANEL)=") populate_os_release_vars if [ "$skipversioncheck" = "true" ]; then log echo "Skipping check version" else log check_version "$*" fi detect_first_install if [ "$conversion" = "true" ] && [ "$uninstall" = "true" ] ; then exit_with_error "invalid combination"; fi if [ "$conversion" = "false" ] && [ "$registration" != "false" ] ; then # Register by IP is the default now conversion=true activationkey=false fi if [ "$uninstall" = "true" ]; then remove_acronis_agent remove_hardened_php_feature remove_freemium_flag # Check if we need to downgrade if should_perform_downgrade; then log echo "Starting downgrade from Imunify360 to ImunifyAV..." # Mark ImunifyAV packages as manually installed log mark_${ostype}_av_manual fi log remove_${ostype}_imunify if should_perform_downgrade; then # Don't remove the repository as ImunifyAV uses the same one # Verify ImunifyAV is still installed verify_imunify_av log echo "Downgrade to ImunifyAV complete." else remove_${ostype}_repo log remove_${ostype}_pkgs alt-common-release remove_imunify_release terminate_detached_scans log remove_first_install_default_overrides uninstall_plesk_extension log echo "Uninstall complete." fi exit 0 fi if [[ "$package" = "$imunify_av" ]]; then if check_${ostype}_pkg_presence imunify360-firewall; then log echo "You are trying to install ImunifyAV over Imunify360 that already includes it. You can open Malware Scanner via UI Imunify360 -> Malware Scanner." exit 1 fi if [[ "$PANEL" = "plesk" ]]; then install_revisium_premium_marker fi fi if [ "$first_install" = "true" ]; then log echo "In a few moments the script will install latest $package" \ "package (w/dependencies)... (Ctrl-C to cancel)" sleep 4 install_imunify_release log install_${ostype}_pkgs alt-common-release if [[ $ostype = debian ]]; then if ! log run_with_retries "apt-get update" ""; then test "$dev_install" = true check_exit_code 0 "apt-get update error." fi fi package_version=$(get_available_${ostype}_package_version "$package") check_exit_code 0 "Failed to get package version" log install_${ostype}_pkgs $package rc=$? # try installing the config overrides regardless of the installation success log install_first_install_default_overrides "$package" "$package_version" # fail if [ $rc -ne 0 ]; then exit_with_error "Package $package $package_version was not installed." fi if [ "$is_cloudways" = "true" ]; then rapid_scan_basedir_override fi modifying_call=true fi log echo "Installing ui packages..." case "$PANEL" in cpanel) log check_and_install "$package" "$package_version" "$UI_PACKAGE" "$PANEL" check_exit_code 0 "Failed to install $PRODUCT $PANEL plugin." modifying_call=true ;; directadmin) log check_and_install "$package" "$package_version" "$UI_PACKAGE" "$PANEL" check_exit_code 0 "Failed to install $PRODUCT $PANEL plugin." modifying_call=true ;; generic) log check_and_install "$package" "$package_version" "imunify-ui" "$PANEL" check_exit_code 0 "Failed to install $PRODUCT $PANEL plugin." modifying_call=true ;; plesk) log check_and_install "$package" "$package_version" "$UI_PACKAGE" "$PANEL" check_exit_code 0 "Failed to install $PRODUCT $PANEL plugin." if is_debian_like; then plugin_path="/var/imunify360/plesk/imunify-plugin.zip" else SYS_CONF_DIR="$(rpm --eval '%{_sysconfdir}')" plugin_path="$SYS_CONF_DIR/sysconfig/imunify360/plesk/imunify-plugin.zip" fi if [ -f "$plugin_path" ] && [ "$I360_FROM_PLESK_EXTENSION" != "1" ]; then log echo "Trying to install/upgrade Imunify360 Plesk extension..." SKIP_PREINSTALL_HOOK=true log /usr/local/psa/bin/extension --upgrade "$plugin_path" || true fi modifying_call=true ;; *) log echo "UI plugin is not installed." log echo "No supported hosted panel detected and $INTEGRATION_CONF_PATH file is missing." install_vendors=false ;; esac if [ "$conversion" = "true" ] ; then if [[ "$package" = "$imunify_av" ]]; then # try to migrate the old patchman agent if [[ "$migrate_patchman" = "true" ]] ; then do_migrate_patchman fi if imunify-antivirus rstatus --paid >/dev/null 2>&1; then if [ "$activationkey" == false ]; then log echo "Already registered" exit 0 fi imunify-antivirus unregister >/dev/null 2>&1 fi if [ "$activationkey" != false ] && imunify-antivirus register "$activationkey" >/dev/null 2>&1; then log echo "Registered by key" else log echo "Not registered" fi imunify-antivirus rstatus >/dev/null 2>&1 if is_systemctl_avail; then log systemctl start "$package" else log /sbin/service minidaemon start fi if [[ "$PANEL" = "plesk" ]]; then remove_revisium_premium_marker fi fi check_exit_code 0 "Failed to start $package service." agent_start_success=false if [ "$is_cloudways" != "true" ]; then log echo "Waiting for $PRODUCT to start..." for i in {1..10}; do if log $COMMAND version then log echo "$PRODUCT is started" agent_start_success=true break else sleep 60 fi done if ! $agent_start_success; then log echo "Something went wrong during $PRODUCT start up" exit_with_error "See /var/log/imunify360/error.log for details" fi fi elif ! $COMMAND rstatus >/dev/null 2>&1 then log echo "You have to register this software with registration key:" log echo " $script --key " fi if $modifying_call; then log echo "Success" log echo "You can find complete log in $LOG_FILE" fi exit 0