Hello,
update script not part from directadmin.com
update.script homepage http://tools.supernamechange.com/
**** USE IT YOUR OWN RISKS ****
*****
*****
*****
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.3
Release Date: 1 / 9 / 2006
*****
*****
*****
If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.
donate via 2checkout.com & paypal accepted
update.script Version: 1.3
update script tested in this OS 32bit & 64bit.
- RedHat Linux 7.2, 7.3, 8.0, 9.0
- RedHat Fedora 1.0, 2.0, 3.0, 4.0, 5.0, 6.0, 7.0
- RedHat Enterprise 3.x, 4.x, 5.x
- CentOS 3.x, 4.x, 5.x
- Debian 3.1, 4.0 (some upgrade work)
- FreeBSD 6.x (some upgrade work)
- Please report about other OS to add here
and update to
- OpenSSL 0.9.8g (You need to build ssh, apache, php, etc after upgrade)
- Exim 4.69 (did not work with Debian & FreeBSD)
- OpenSSH 4.7p1
- ProFTP 1.3.1
- phpMyAdmin 2.11.5
- MySQL 5.0.51a (You need to build php after upgrade)
- MySQL 5.1.23 (You need to build php after upgrade)
- ClamAV 0.92.1
- AVG 7.5 r51-a1243
- MRTG 2.16.1
- SquirrelMail 1.4.13
- SquirrelMail full language pack
- SpamAssassin 3.2.4
- IMAP 2004c1 (You need to build php after upgrade)
- MODsecurity 2.5.0 Apache 2.x Only
- MODsecurity 2.5.0 Rules (update 14/3/2008)
- MODsecurity 2.1.6 Apache 2.2.8 & custombuild ONLY
- MODsecurity 2.1.6 Rules (update 5/1/2008)
- MODsecurity 1.9.5 Apache 1.x 2.0.x 2.2.x
- MODsecurity 1.9.5 Rules (update 26/11/2007)
- MODevasive 1.10.1
- KISS My Firewall 2.1
- eAccelerator 0.9.5.2
- Freetype 2.3.5
- Webmin control panel 1.400 (You need to open one port 10000 in your firewall)
- Nobody Check Security Tool 1.03
Just download/chmod
كود:
mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.supernamechange.com/update.script
chmod 755 update.script
Run this to read how to use.
Run this to update update.script
كود:
./update.script UPDATEME
Run this to see release date and version
كود:
./update.script DATE
Run this to clean update script folder
كود:
./update.script CLEAN
Note:-
1- Run this to clean or update update script before you use
2- Select best mirror for your server mirror.conf , if you want new mirror.conf file just delete old one in update script folder.
*****
*****
*****
ClamAV
كود:
nano -w /etc/exim.conf
before
add
كود:
av_scanner = clamd:/tmp/clamd
after
add
كود:
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
save then restart exim
كود:
/sbin/service exim restart
*****
*****
*****
MODsecurity 2.1.x & 2.5.x
كود:
nano -w /etc/httpd/conf/httpd.conf
after
كود:
LoadModule php5_module /usr/lib/apache/libphp5.so
add
كود:
LoadFile /usr/lib/libxml2.so
LoadModule security2_module /usr/lib/apache/mod_security2.so
and add this down in httpd.conf
كود:
<IfModule mod_security2.c>
# ModSecurity2 ONLY
# Do not change anything in included files
#
Include /etc/modsecurity2/*.conf
</IfModule>
كود:
/sbin/service httpd restart
*****
*****
*****
MODsecurity 1.x
كود:
nano -w /etc/httpd/conf/httpd.conf
add
كود:
<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly
SecFilterEngine On
# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"
# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1
#SecServerResponseToken Off
#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"
# Accept almost all byte values
SecFilterForceByteRange 1 255
# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"
#SecUploadDir /tmp
#SecUploadKeepFiles Off
# Only record the interesting stuff
SecAuditEngine RelevantOnly
#SecAuditLog logs/audit_log
# You normally won't need debug logging
#SecFilterDebugLevel 0
#SecFilterDebugLog logs/modsec_debug_log
# Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2.conf
# Mini Rules
Include /etc/modsecurity/mini.conf
</IfModule>
كود:
/sbin/service httpd restart
*****
*****
*****
MODevasive
Apache 1
كود:
nano -w /etc/httpd/conf/httpd.conf
add
كود:
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSWhitelist 127.0.0.1
DOSEmailNotify your-email@your-domain.tld
</IfModule>
كود:
/sbin/service httpd restart
if did not work try
كود:
/usr/local/directadmin/customapache/
then edit httpd.conf
كود:
nano -w /etc/httpd/conf/httpd.conf
after this
كود:
LoadModule perl_module /usr/lib/apache/libperl.so
add
كود:
LoadModule evasive_module /usr/lib/apache/mod_evasive.so
after this
كود:
<IfDefine HAVE_PYTHON>
AddModule mod_python.c
</IfDefine>
add
كود:
AddModule mod_evasive.c
كود:
/sbin/service httpd restart
Apache 2
كود:
nano -w /etc/httpd/conf/httpd.conf
add
كود:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSWhitelist 127.0.0.1
DOSEmailNotify your-email@your-domain.tld
</IfModule>
كود:
/sbin/service httpd restart
if you want do test you need to remove (DOSWhitelist) from httpd.conf
كود:
wget http://tools.supernamechange.com/modevasive/test.txt
mv test.txt test.pl
chmod 755 test.pl
./test.pl
*****
*****
*****
KISS My Firewall
Ready for Direct Admin & Plesk & Webmin & cPanel.
if you want use other SSH port just add in TCP_IN & TCP_OUT
Running anywhere on the command line, you simply type:
To stop the firewall, type:
To get status information, type:
If you want to block an offenders IP address/subnet, simply edit the BLOCK_LIST variable in the /usr/bin/kiss file. You can separate IP addresses and subnet's with a space. Once you are finished, simply restart KISS by typing:
Last, but not least, it is recommended that you configure the firewall to allow only for needed ports. Using trusted IP addresses/subnets is also recommended. These variables are located near the beginning of the /usr/bin/kiss file and are self-explanatory. Once you make changes, you should always restart KISS for the changes to take effect:
kiss restart
edit kiss and set what os you use
# Enabled this for Pre Fedora Core 2 or Red Hat
# Enabled this for Fedore Core 2 or later
like CentOS use EXTN="ko" just remove # before EXTN="ko" then kiss start
*****
*****
*****
eAccelerator
when done you see link look like
/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so
copy your like to add in php.ini
edit php.ini
كود:
nano -w /usr/local/lib/php.ini
add this after Windows Extensions , in the list down.
كود:
zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
save and restart apache
كود:
/sbin/service httpd restart
*****
*****
*****
Freetype
Note: no need to use if if you use custombuild, only how use customapache.
كود:
cd /usr/local/directadmin/customapache/
Apache 1
كود:
nano -w configure.php
Apache 2
كود:
nano -w configure2.php
replace
كود:
--with-gd \
--with-gd-dir=/usr/local \
by
كود:
--with-gd \
--with-gd-dir=/usr/local/lib \
--with-freetype \
--with-freetype-dir=/usr/local/lib \
save then run
كود:
./build clean
./build gd
Apache 1
كود:
./build clean
./build gd
./build php d
service httpd restart
Apache 2
كود:
./build clean
./build gd
./build php_ap2 d
service httpd restart
*****
*****
*****
IMAP
Apache 1
كود:
nano -w configure.php
Apache 2
كود:
nano -w configure2.php
add
كود:
--with-imap=/usr/local/imap-2004c1 \
after
save then build php and restart apache
كود:
service httpd restart
*****
*****
*****
AVG Anti-Virus
Clean folder HOME (full)
كود:
avgscan -clean -ext=* -rt -arc /home
clean folder HOME (without archives)
كود:
avgscan -clean -ext=* -rt /home
Update AVG DB
كود:
avgupdate --online /opt/grisoft/avg7/data
ill add more soon.
*****
*****
*****
Nobody Check Security Tool
The Nobody Check tool is a new and unique security tool that can detect malicious processes that are running on your Linux server and report them to you in real time or by email. The tool can be configured to run at selected times and doesn’t eat up resources or interfere with server operations.
edit and set your email then save
كود:
nano -w /usr/local/nobody_check/nc.conf
edit
كود:
nano -w /etc/crontab
add
كود:
# nobody_check
*/15 * * * * root /usr/local/nobody_check/nobody_check >/dev/null 2>&1
save
*****
*****
*****
Best Regards,
Wael Isa