├── README.md
└── install_cpanel.sh
/README.md:
--------------------------------------------------------------------------------
1 | Script para configuración de cPanel
2 |
Este script instala y configura cPanel según las buenas prácticas recomendadas por WNPower
Modo de uso: wget https://raw.githubusercontent.com/wnpower/cPanel-config/master/install_cpanel.sh -O ./install_cpanel.sh && bash install_cpanel.sh
NOTA: Instalar sólo en CentOS 7 Minimal
Tareas que realiza:
3 |
4 | - Optimización de configuración de red
5 | - Configura los DNS
6 | - Instala el paquete "Base" y otros más recomendados
7 | - Optimización de configuración de SSH
8 | - Instala cPanel si no lo detecta
9 | - Configura Tweak Settings con los valores recomendados
10 | - Configura AWStats como sistema de estadísticas
11 | - Deshabilita compiladores
12 | - Configura complejidad mínima de passwords
13 | - Habilita php open_basedir protection
14 | - Deshabilita Shell Fork Bomb Protection (genera problemas con los límites en servidores con alto consumo)
15 | - Deshabilita SMTP Restrictions (en pos de utilizar SMTP_BLOCK de CSF)
16 | - Configura Apache con los valores recomendados
17 | - Configura Exim con los valores recomendados
18 | - Configura Pro-FTPd con los valores recomendados
19 | - Configura los features "disabled" y "default" con los valores recomendados
20 | - Instala y configura CSF Firewall con los valores recomendados
21 | - Configura valores recomendados de MySQL
22 | - Configura todos los php.ini con los valores recomendados
23 | - Crea el paquete "default" con los valores recomendados
24 | - Sincroniza la hora del servidor con un servidor NTP
25 |
26 |
--------------------------------------------------------------------------------
/install_cpanel.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
3 | CWD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
4 | HOSTNAME=$(hostname -f)
5 | PASSV_PORT="50000:50100";
6 | PASSV_MIN=$(echo $PASSV_PORT | cut -d':' -f1)
7 | PASSV_MAX=$(echo $PASSV_PORT | cut -d':' -f2)
8 | ISVPS=$(((dmidecode -t system 2>/dev/null | grep "Manufacturer" | grep -i 'VMware\|KVM\|Bochs\|Virtual\|HVM' > /dev/null) || [ -f /proc/vz/veinfo ]) && echo "SI" || echo "NO")
9 |
10 | echo "██╗ ██╗███╗ ██╗██████╗ ██████╗ ██╗ ██╗███████╗██████╗ ██████╗ ██████╗ ███╗ ███╗"
11 | echo "██║ ██║████╗ ██║██╔══██╗██╔═══██╗██║ ██║██╔════╝██╔══██╗ ██╔════╝██╔═══██╗████╗ ████║"
12 | echo "██║ █╗ ██║██╔██╗ ██║██████╔╝██║ ██║██║ █╗ ██║█████╗ ██████╔╝ ██║ ██║ ██║██╔████╔██║"
13 | echo "██║███╗██║██║╚██╗██║██╔═══╝ ██║ ██║██║███╗██║██╔══╝ ██╔══██╗ ██║ ██║ ██║██║╚██╔╝██║"
14 | echo "╚███╔███╔╝██║ ╚████║██║ ╚██████╔╝╚███╔███╔╝███████╗██║ ██║██╗╚██████╗╚██████╔╝██║ ╚═╝ ██║"
15 | echo " ╚══╝╚══╝ ╚═╝ ╚═══╝╚═╝ ╚═════╝ ╚══╝╚══╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝"
16 |
17 | echo ""
18 | echo " ####################### cPanel Configurator ####################### "
19 | echo ""
20 | echo ""
21 |
22 | if [ ! -f /etc/redhat-release ]; then
23 | echo "No se detectó CentOS. Abortando."
24 | exit 0
25 | fi
26 |
27 | echo "Este script instala y pre-configura cPanel sobre un servidor recién instalado"
28 | echo "NO EJECUTAR EN UN SERVIDOR CON cPanel YA FUNCIONANDO (CTRL + C para cancelar)"
29 | sleep 30
30 |
31 | echo "####### CONFIGURANDO CENTOS #######"
32 | wget https://raw.githubusercontent.com/wnpower/Linux-Config/master/configure_linux.sh -O "$CWD/configure_linux.sh" && bash "$CWD/configure_linux.sh"
33 |
34 | echo "####### PRE-CONFIGURACION CPANEL ##########"
35 | echo "Desactivando yum-cron..."
36 | dnf erase yum-cron -y 2>/dev/null # CentOS
37 | dnf erase dnf-automatic -y 2>/dev/null # Almalinux
38 |
39 | echo "######### FIN CONFIGURANDO DNS Y RED ########"
40 |
41 | echo "####### DESACTIVANDO SELINUX #######"
42 |
43 | # PRE-REQUISITOS PARA INSTALAR cPANEL
44 | sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux 2>/dev/null
45 | setenforce 0
46 | dnf remove setroubleshoot* -y
47 | dnf install crontabs cronie cronie-anacron -y
48 | dnf install openldap-compat -y # Lo necesita servicio cpanel_php_fpm AL9
49 |
50 | echo "####### FIN DESACTIVANDO SELINUX #######"
51 |
52 | echo "####### INSTALANDO CPANEL #######"
53 | if [ -f /usr/local/cpanel/cpanel ]; then
54 | echo "cPanel ya detectado, no se instala, sólo se configura (CTRL + C para cancelar)"
55 | sleep 10
56 | else
57 | hostname -f > /root/hostname
58 |
59 | # INSTALAR MARIADB 10.11 POR DEFECTO https://cloudlinux.zendesk.com/hc/en-us/articles/360020599839
60 | mkdir -p /root/cpanel_profile/
61 | echo "mysql-version=10.11" >> /root/cpanel_profile/cpanel.config
62 |
63 | cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest --skip-cloudlinux
64 |
65 | rm -f /root/cpanel_profile/cpanel.config
66 | echo "Esperando 5 minutos a que termine de instalar paquetes remanentes en segundo plano para continuar..."
67 | sleep 300
68 | fi
69 | echo "####### FIN INSTALANDO CPANEL #######"
70 |
71 | PUBLIC_IP=$(curl -m 10 -L checkip.amazonaws.com 2>/dev/null)
72 | echo "####### VERIFICANDO LICENCIA #######"
73 | i=0
74 | while ! (curl -m 10 -L "https://verify.cpanel.net?ip=$PUBLIC_IP" 2>/dev/null | grep -v "active on" | grep "active" > /dev/null); do
75 | if [ $i -gt 30 ]; then
76 | echo "Se reintentó más de $i veces, no se puede seguir. Licenciá la IP y luego ejecutá este script de nuevo."
77 | exit 1
78 | fi
79 |
80 | echo "Licencia de cPanel no detectada, se reintenta en 5 minutos..."
81 | sleep 300
82 | ((i=i+1))
83 | done
84 | /usr/local/cpanel/cpkeyclt
85 |
86 | echo "####### FIN VERIFICANDO LICENCIA #######"
87 |
88 | whmapi1 sethostname hostname=$(cat /root/hostname) # Fix cambio de hostname por cprapid.com cpanel v90 https://docs.cpanel.net/knowledge-base/dns/automatically-issued-hostnames/
89 | hostnamectl set-hostname $(cat /root/hostname)
90 | rm -f /root/hostname
91 |
92 | # Detección y configuración NAT
93 | /usr/local/cpanel/scripts/build_cpnat
94 |
95 | # Forzar MariaDB en vez de MySQL
96 | if ! grep "mysql-version=10.11" /var/cpanel/cpanel.config > /dev/null; then
97 | dnf -y remove mysql-community-*
98 | rm -rf /var/lib/mysql
99 | sed -i 's/mysql-version=.*/mysql-version=10.11/g' /var/cpanel/cpanel.config
100 | whmapi1 start_background_mysql_upgrade version=10.11
101 |
102 | sleep 600
103 | fi
104 |
105 | # SWAP
106 | if ! free | awk '/^Swap:/ {exit (!$2 || ($2<4194300))}'; then
107 | echo "SWAP no detectada o menos de 4GB. Configurando..."
108 | /usr/local/cpanel/bin/create-swap --size 4G -v # Por defecto 4GB
109 | fi
110 |
111 | echo "####### CONFIGURANDO CSF #######"
112 | if [ ! -d /etc/csf ]; then
113 | echo "csf no detectado, descargando!"
114 | touch /etc/sysconfig/iptables
115 | touch /etc/sysconfig/iptables6
116 | systemctl start iptables
117 | systemctl start ip6tables
118 | systemctl enable iptables
119 | systemctl enable ip6tables
120 |
121 | echo "Desactivando Firewalld..."
122 | systemctl disable firewalld
123 | systemctl stop firewalld
124 |
125 | dnf remove firewalld -y
126 | dnf -y install iptables-services wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph
127 |
128 | #cd /root && rm -f ./csf.tgz; wget https://download.configserver.com/csf.tgz && tar xvfz ./csf.tgz && cd ./csf && sh ./install.sh
129 | # Cambio de URL al repo tras deprecación de CSF https://github.com/centminmod/configserver-scripts/blob/main/README-gpl-csf.md
130 | cd /usr/src; wget https://github.com/waytotheweb/scripts/raw/refs/heads/main/csf.tgz; tar -xzf csf.tgz; cd csf; sh install.sh
131 | sed -i 's/AUTO_UPDATES = .*/AUTO_UPDATES = "0"/' /etc/csf/csf.conf # desactivo auto-updates
132 | fi
133 |
134 | echo " Configurando CSF..."
135 | dnf remove firewalld -y
136 | dnf -y install iptables-services wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph
137 |
138 | sed -i 's/^TESTING = .*/TESTING = "0"/g' /etc/csf/csf.conf
139 | sed -i 's/^ICMP_IN = .*/ICMP_IN = "0"/g' /etc/csf/csf.conf
140 | sed -i 's/^IPV6 = .*/IPV6 = "0"/g' /etc/csf/csf.conf
141 | sed -i 's/^DENY_IP_LIMIT = .*/DENY_IP_LIMIT = "400"/g' /etc/csf/csf.conf
142 | sed -i 's/^SAFECHAINUPDATE = .*/SAFECHAINUPDATE = "1"/g' /etc/csf/csf.conf
143 | sed -i 's/^CC_DENY = .*/CC_DENY = ""/g' /etc/csf/csf.conf
144 | sed -i 's/^CC_IGNORE = .*/CC_IGNORE = ""/g' /etc/csf/csf.conf
145 | sed -i 's/^SMTP_BLOCK = .*/SMTP_BLOCK = "1"/g' /etc/csf/csf.conf
146 | sed -i 's/^LF_FTPD = .*/LF_FTPD = "30"/g' /etc/csf/csf.conf
147 | sed -i 's/^LF_SMTPAUTH = .*/LF_SMTPAUTH = "90"/g' /etc/csf/csf.conf
148 | sed -i 's/^LF_EXIMSYNTAX = .*/LF_EXIMSYNTAX = "0"/g' /etc/csf/csf.conf
149 | sed -i 's/^LF_POP3D = .*/LF_POP3D = "100"/g' /etc/csf/csf.conf
150 | sed -i 's/^LF_IMAPD = .*/LF_IMAPD = "100"/g' /etc/csf/csf.conf
151 | sed -i 's/^LF_HTACCESS = .*/LF_HTACCESS = "40"/g' /etc/csf/csf.conf
152 | sed -i 's/^LF_CPANEL = .*/LF_CPANEL = "40"/g' /etc/csf/csf.conf
153 | sed -i 's/^LF_MODSEC = .*/LF_MODSEC = "100"/g' /etc/csf/csf.conf
154 | sed -i 's/^LF_CXS = .*/LF_CXS = "10"/g' /etc/csf/csf.conf
155 | sed -i 's/^LT_POP3D = .*/LT_POP3D = "180"/g' /etc/csf/csf.conf
156 | sed -i 's/^CT_SKIP_TIME_WAIT = .*/CT_SKIP_TIME_WAIT = "1"/g' /etc/csf/csf.conf
157 | sed -i 's/^PT_LIMIT = .*/PT_LIMIT = "0"/g' /etc/csf/csf.conf
158 | sed -i 's/^ST_MYSQL = .*/ST_MYSQL = "1"/g' /etc/csf/csf.conf
159 | sed -i 's/^ST_APACHE = .*/ST_APACHE = "1"/g' /etc/csf/csf.conf
160 | sed -i 's/^CONNLIMIT = .*/CONNLIMIT = "80;70,110;50,993;50,143;50,25;30"/g' /etc/csf/csf.conf
161 | sed -i 's/^LF_PERMBLOCK_INTERVAL = .*/LF_PERMBLOCK_INTERVAL = "14400"/g' /etc/csf/csf.conf
162 | sed -i 's/^LF_INTERVAL = .*/LF_INTERVAL = "900"/g' /etc/csf/csf.conf
163 | sed -i 's/^PS_INTERVAL = .*/PS_INTERVAL = "60"/g' /etc/csf/csf.conf
164 | sed -i 's/^PS_LIMIT = .*/PS_LIMIT = "60"/g' /etc/csf/csf.conf
165 |
166 | echo "Deshabilitando alertas..."
167 |
168 | sed -i 's/^LF_PERMBLOCK_ALERT = .*/LF_PERMBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
169 | sed -i 's/^LF_NETBLOCK_ALERT = .*/LF_NETBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
170 | sed -i 's/^LF_EMAIL_ALERT = .*/LF_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
171 | sed -i 's/^LF_CPANEL_ALERT = .*/LF_CPANEL_ALERT = "0"/g' /etc/csf/csf.conf
172 | sed -i 's/^LF_QUEUE_ALERT = .*/LF_QUEUE_ALERT = "0"/g' /etc/csf/csf.conf
173 | sed -i 's/^LF_DISTFTP_ALERT = .*/LF_DISTFTP_ALERT = "0"/g' /etc/csf/csf.conf
174 | sed -i 's/^LF_DISTSMTP_ALERT = .*/LF_DISTSMTP_ALERT = "0"/g' /etc/csf/csf.conf
175 | sed -i 's/^LT_EMAIL_ALERT = .*/LT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
176 | sed -i 's/^RT_RELAY_ALERT = .*/RT_RELAY_ALERT = "0"/g' /etc/csf/csf.conf
177 | sed -i 's/^RT_AUTHRELAY_ALERT = .*/RT_AUTHRELAY_ALERT = "0"/g' /etc/csf/csf.conf
178 | sed -i 's/^RT_POPRELAY_ALERT = .*/RT_POPRELAY_ALERT = "0"/g' /etc/csf/csf.conf
179 | sed -i 's/^RT_LOCALRELAY_ALERT = .*/RT_LOCALRELAY_ALERT = "0"/g' /etc/csf/csf.conf
180 | sed -i 's/^RT_LOCALHOSTRELAY_ALERT = .*/RT_LOCALHOSTRELAY_ALERT = "0"/g' /etc/csf/csf.conf
181 | sed -i 's/^CT_EMAIL_ALERT = .*/CT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
182 | sed -i 's/^PT_USERKILL_ALERT = .*/PT_USERKILL_ALERT = "0"/g' /etc/csf/csf.conf
183 | sed -i 's/^PS_EMAIL_ALERT = .*/PS_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
184 | sed -i 's/^PT_USERMEM = .*/PT_USERMEM = "0"/g' /etc/csf/csf.conf
185 | sed -i 's/^PT_USERTIME = .*/PT_USERTIME = "0"/g' /etc/csf/csf.conf
186 | sed -i 's/^PT_USERPROC = .*/PT_USERPROC = "0"/g' /etc/csf/csf.conf
187 | sed -i 's/^PT_USERRSS = .*/PT_USERRSS = "0"/g' /etc/csf/csf.conf
188 |
189 | echo "Activando rango pasivo FTP..."
190 | # IPv4
191 | CURR_CSF_IN=$(grep "^TCP_IN" /etc/csf/csf.conf | cut -d'=' -f2 | sed 's/\ //g' | sed 's/\"//g' | sed "s/,$PASSV_PORT,/,/g" | sed "s/,$PASSV_PORT//g" | sed "s/$PASSV_PORT,//g" | sed "s/,,//g")
192 | sed -i "s/^TCP_IN.*/TCP_IN = \"$CURR_CSF_IN,$PASSV_PORT\"/" /etc/csf/csf.conf
193 |
194 | CURR_CSF_OUT=$(grep "^TCP_OUT" /etc/csf/csf.conf | cut -d'=' -f2 | sed 's/\ //g' | sed 's/\"//g' | sed "s/,$PASSV_PORT,/,/g" | sed "s/,$PASSV_PORT//g" | sed "s/$PASSV_PORT,//g" | sed "s/,,//g")
195 | sed -i "s/^TCP_OUT.*/TCP_OUT = \"$CURR_CSF_OUT,$PASSV_PORT\"/" /etc/csf/csf.conf
196 |
197 | # IPv6
198 | CURR_CSF_IN6=$(grep "^TCP6_IN" /etc/csf/csf.conf | cut -d'=' -f2 | sed 's/\ //g' | sed 's/\"//g' | sed "s/,$PASSV_PORT,/,/g" | sed "s/,$PASSV_PORT//g" | sed "s/$PASSV_PORT,//g" | sed "s/,,//g")
199 | sed -i "s/^TCP6_IN.*/TCP6_IN = \"$CURR_CSF_IN6,$PASSV_PORT\"/" /etc/csf/csf.conf
200 |
201 | CURR_CSF_OUT6=$(grep "^TCP6_OUT" /etc/csf/csf.conf | cut -d'=' -f2 | sed 's/\ //g' | sed 's/\"//g' | sed "s/,$PASSV_PORT,/,/g" | sed "s/,$PASSV_PORT//g" | sed "s/$PASSV_PORT,//g" | sed "s/,,//g")
202 | sed -i "s/^TCP6_OUT.*/TCP6_OUT = \"$CURR_CSF_OUT6,$PASSV_PORT\"/" /etc/csf/csf.conf
203 |
204 | echo "Habilitando listas negras..."
205 | sed -i '/^#SPAMDROP/s/^#//' /etc/csf/csf.blocklists
206 | sed -i '/^#SPAMEDROP/s/^#//' /etc/csf/csf.blocklists
207 | sed -i '/^#DSHIELD/s/^#//' /etc/csf/csf.blocklists
208 | sed -i '/^#HONEYPOT/s/^#//' /etc/csf/csf.blocklists
209 | #sed -i '/^#MAXMIND/s/^#//' /etc/csf/csf.blocklists FALSOS POSITIVOS
210 | sed -i '/^#BDE|/s/^#//' /etc/csf/csf.blocklists
211 |
212 | sed -i '/^SPAMDROP/s/|0|/|300|/' /etc/csf/csf.blocklists
213 | sed -i '/^SPAMEDROP/s/|0|/|300|/' /etc/csf/csf.blocklists
214 | sed -i '/^DSHIELD/s/|0|/|300|/' /etc/csf/csf.blocklists
215 | sed -i '/^HONEYPOT/s/|0|/|300|/' /etc/csf/csf.blocklists
216 | #sed -i '/^MAXMIND/s/|0|/|300|/' /etc/csf/csf.blocklists # FALSOS POSITIVOS
217 | sed -i '/^BDE|/s/|0|/|300|/' /etc/csf/csf.blocklists
218 |
219 | sed -i '/^TOR/s/^TOR/#TOR/' /etc/csf/csf.blocklists
220 | sed -i '/^ALTTOR/s/^ALTTOR/#ALTTOR/' /etc/csf/csf.blocklists
221 | sed -i '/^CIARMY/s/^CIARMY/#CIARMY/' /etc/csf/csf.blocklists
222 | sed -i '/^BFB/s/^BFB/#BFB/' /etc/csf/csf.blocklists
223 | sed -i '/^OPENBL/s/^OPENBL/#OPENBL/' /etc/csf/csf.blocklists
224 | sed -i '/^BDEALL/s/^BDEALL/#BDEALL/' /etc/csf/csf.blocklists
225 |
226 | cat > /etc/csf/csf.rignore << EOF
227 | .cpanel.net
228 | .googlebot.com
229 | .crawl.yahoo.net
230 | .search.msn.com
231 | EOF
232 |
233 | echo "Abriendo puertos en CSF para TCP_OUT migraciones cPanel..."
234 | CPANEL_PORTS="2082,2083"
235 | CURR_CSF_OUT=$(grep "^TCP_OUT" /etc/csf/csf.conf | cut -d'=' -f2 | sed 's/\ //g' | sed 's/\"//g' | sed "s/,$CPANEL_PORTS,/,/g" | sed "s/,$CPANEL_PORTS//g" | sed "s/$CPANEL_PORTS,//g" | sed "s/,,//g")
236 | sed -i "s/^TCP_OUT.*/TCP_OUT = \"$CURR_CSF_OUT,$CPANEL_PORTS\"/" /etc/csf/csf.conf
237 |
238 | echo "Activando DYNDNS..."
239 | sed -i 's/^DYNDNS = .*/DYNDNS = "300"/g' /etc/csf/csf.conf
240 | sed -i 's/^DYNDNS_IGNORE = .*/DYNDNS_IGNORE = "1"/g' /etc/csf/csf.conf
241 |
242 | echo "Agregando a csf.dyndns..."
243 | sed -i '/gmail.com/d' /etc/csf/csf.dyndns
244 | sed -i '/public.pyzor.org/d' /etc/csf/csf.dyndns
245 | echo "tcp|out|d=25|d=smtp.gmail.com" >> /etc/csf/csf.dyndns
246 | echo "tcp|out|d=465|d=smtp.gmail.com" >> /etc/csf/csf.dyndns
247 | echo "tcp|out|d=587|d=smtp.gmail.com" >> /etc/csf/csf.dyndns
248 | echo "tcp|out|d=995|d=imap.gmail.com" >> /etc/csf/csf.dyndns
249 | echo "tcp|out|d=993|d=imap.gmail.com" >> /etc/csf/csf.dyndns
250 | echo "tcp|out|d=143|d=imap.gmail.com" >> /etc/csf/csf.dyndns
251 | echo "udp|out|d=24441|d=public.pyzor.org" >> /etc/csf/csf.dyndns
252 |
253 | csf -r
254 | service lfd restart
255 |
256 | echo "####### FIN CONFIGURANDO CSF #######"
257 | echo "####### CONFIGURANDO CPANEL #######"
258 |
259 | if [ ! -d /usr/local/cpanel ]; then
260 | echo "cPanel no detectado. Abortando."
261 | exit 0
262 | fi
263 |
264 | HOSTNAME_LONG=$(hostname -d)
265 |
266 | echo "Bajando TTL de DNS a 15 minutos..."
267 | sed -i 's/^TTL .*/TTL 900/' /etc/wwwacct.conf
268 |
269 | echo "Cambiando mail de contacto..."
270 | sed -i '/^CONTACTEMAIL\ .*/d' /etc/wwwacct.conf
271 | echo "CONTACTEMAIL hostmaster@$HOSTNAME_LONG" >> /etc/wwwacct.conf
272 |
273 | echo "Cambiando default DNSs..."
274 | sed -i '/^NS\ .*/d' /etc/wwwacct.conf
275 | sed -i '/^NS2\ .*/d' /etc/wwwacct.conf
276 | sed -i '/^NS3\ .*/d' /etc/wwwacct.conf
277 | echo "NS ns1.$HOSTNAME_LONG" >> /etc/wwwacct.conf
278 | echo "NS2 ns2.$HOSTNAME_LONG" >> /etc/wwwacct.conf
279 |
280 | echo "Configurando IP default para cuentas..."
281 | sed -i "s/^ADDR .*/ADDR $PUBLIC_IP/" /etc/wwwacct.conf
282 |
283 | echo "Configurando FTP..."
284 | sed -i '/^MaxClientsPerIP:.*/d' /var/cpanel/conf/pureftpd/local > /dev/null; echo "MaxClientsPerIP: 30" >> /var/cpanel/conf/pureftpd/local
285 | sed -i '/^RootPassLogins:.*/d' /var/cpanel/conf/pureftpd/local > /dev/null; echo "RootPassLogins: 'no'" >> /var/cpanel/conf/pureftpd/local
286 | sed -i '/^PassivePortRange:.*/d' /var/cpanel/conf/pureftpd/local > /dev/null; echo "PassivePortRange: $PASSV_MIN $PASSV_MAX" >> /var/cpanel/conf/pureftpd/local
287 | sed -i '/^TLSCipherSuite:.*/d' /var/cpanel/conf/pureftpd/local > /dev/null; echo 'TLSCipherSuite: "HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3"' >> /var/cpanel/conf/pureftpd/local
288 | sed -i '/^LimitRecursion:.*/d' /var/cpanel/conf/pureftpd/local > /dev/null; echo "LimitRecursion: 50000 12" >> /var/cpanel/conf/pureftpd/local
289 |
290 | /usr/local/cpanel/scripts/setupftpserver pure-ftpd --force
291 |
292 | echo "Activando módulo ip_conntrack_ftp..."
293 | modprobe ip_conntrack_ftp
294 | echo "modprobe ip_conntrack_ftp" >> /etc/rc.modules
295 | chmod +x /etc/rc.modules
296 |
297 | echo "Configurando Tweak Settings..."
298 | whmapi1 set_tweaksetting key=allowremotedomains value=1
299 | whmapi1 set_tweaksetting key=allowunregistereddomains value=1
300 | whmapi1 set_tweaksetting key=chkservd_check_interval value=120
301 | whmapi1 set_tweaksetting key=defaultmailaction value=fail
302 | whmapi1 set_tweaksetting key=email_send_limits_max_defer_fail_percentage value=25
303 | whmapi1 set_tweaksetting key=email_send_limits_min_defer_fail_to_trigger_protection value=15
304 | whmapi1 set_tweaksetting key=maxemailsperhour value=200
305 | whmapi1 set_tweaksetting key=permit_unregistered_apps_as_root value=1
306 | whmapi1 set_tweaksetting key=requiressl value=0
307 | whmapi1 set_tweaksetting key=skipanalog value=1
308 | whmapi1 set_tweaksetting key=skipboxtrapper value=1
309 | whmapi1 set_tweaksetting key=skipwebalizer value=1
310 | whmapi1 set_tweaksetting key=smtpmailgidonly value=0
311 | whmapi1 set_tweaksetting key=eximmailtrap value=1
312 | whmapi1 set_tweaksetting key=use_information_schema value=0
313 | whmapi1 set_tweaksetting key=cookieipvalidation value=disabled
314 | whmapi1 set_tweaksetting key=notify_expiring_certificates value=0
315 | whmapi1 set_tweaksetting key=cpaddons_notify_owner value=0
316 | whmapi1 set_tweaksetting key=cpaddons_notify_root value=0
317 | whmapi1 set_tweaksetting key=enable_piped_logs value=1
318 | whmapi1 set_tweaksetting key=email_outbound_spam_detect_action value=block
319 | whmapi1 set_tweaksetting key=email_outbound_spam_detect_enable value=1
320 | whmapi1 set_tweaksetting key=email_outbound_spam_detect_threshold value=120
321 | whmapi1 set_tweaksetting key=skipspambox value=0
322 | whmapi1 set_tweaksetting key=skipmailman value=1
323 | whmapi1 set_tweaksetting key=jaildefaultshell value=1
324 | whmapi1 set_tweaksetting key=php_post_max_size value=100
325 | whmapi1 set_tweaksetting key=php_upload_max_filesize value=100
326 | whmapi1 set_tweaksetting key=empty_trash_days value=30
327 | whmapi1 set_tweaksetting key=publichtmlsubsonly value=0
328 | whmapi1 set_tweaksetting key=proxysubdomainsoverride value=0
329 | whmapi1 set_tweaksetting key=display_cpanel_promotions value=0
330 |
331 | # DESACTIVAR RESET DE PASSWORD POR MAIL
332 | whmapi1 set_tweaksetting key=resetpass value=0
333 | whmapi1 set_tweaksetting key=resetpass_sub value=0
334 |
335 | sed -i 's/^phpopenbasedirhome=.*/phpopenbasedirhome=1/' /var/cpanel/cpanel.config
336 | sed -i 's/^minpwstrength=.*/minpwstrength=70/' /var/cpanel/cpanel.config
337 |
338 | /usr/local/cpanel/etc/init/startcpsrvd
339 |
340 | # CONFIGURACIONES QUE NO SE PUEDEN HACER POR CONSOLA
341 | echo "Configurando lo inconfigurable desde consola..."
342 | dnf install -y curl
343 |
344 | touch $CWD/wpwhmcookie.txt
345 | SESS_CREATE=$(whmapi1 create_user_session user=root service=whostmgrd)
346 | SESS_TOKEN=$(echo "$SESS_CREATE" | grep "cp_security_token:" | cut -d':' -f2- | sed 's/ //')
347 | SESS_QS=$(echo "$SESS_CREATE" | grep "session:" | cut -d':' -f2- | sed 's/ //' | sed 's/ /%20/g;s/!/%21/g;s/"/%22/g;s/#/%23/g;s/\$/%24/g;s/\&/%26/g;s/'\''/%27/g;s/(/%28/g;s/)/%29/g;s/:/%3A/g')
348 |
349 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/login/?session=$SESS_QS" --cookie-jar $CWD/wpwhmcookie.txt > /dev/null
350 |
351 | echo "Deshabilitando compilers..."
352 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/tweakcompilers" --cookie $CWD/wpwhmcookie.txt --data 'action=Disable+Compilers' > /dev/null
353 | echo "Deshabilitando SMTP Restrictions (se usa CSF)..."
354 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/smtpmailgidonly?action=Disable" --cookie $CWD/wpwhmcookie.txt > /dev/null
355 | echo "Deshabilitando Shell Fork Bomb Protection..."
356 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/modlimits?limits=0" --cookie $CWD/wpwhmcookie.txt > /dev/null
357 | echo "Habilitando Background Process Killer..."
358 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/json-api/configurebackgroundprocesskiller" --cookie $CWD/wpwhmcookie.txt --data 'api.version=1&processes_to_kill=BitchX&processes_to_kill=bnc&processes_to_kill=eggdrop&processes_to_kill=generic-sniffers&processes_to_kill=guardservices&processes_to_kill=ircd&processes_to_kill=psyBNC&processes_to_kill=ptlink&processes_to_kill=services&force=1' > /dev/null
359 |
360 | echo "Configurando Apache..."
361 | # CONF BASICA
362 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/saveglobalapachesetup" --cookie $CWD/wpwhmcookie.txt --data 'module=Apache&find=&___original_sslciphersuite=ECDHE-ECDSA-AES256-GCM-SHA384%3AECDHE-RSA-AES256-GCM-SHA384%3AECDHE-ECDSA-CHACHA20-POLY1305%3AECDHE-RSA-CHACHA20-POLY1305%3AECDHE-ECDSA-AES128-GCM-SHA256%3AECDHE-RSA-AES128-GCM-SHA256%3AECDHE-ECDSA-AES256-SHA384%3AECDHE-RSA-AES256-SHA384%3AECDHE-ECDSA-AES128-SHA256%3AECDHE-RSA-AES128-SHA256&sslciphersuite_control=default&___original_sslprotocol=TLSv1.2&sslprotocol_control=default&___original_loglevel=warn&loglevel=warn&___original_traceenable=Off&traceenable=Off&___original_serversignature=Off&serversignature=Off&___original_servertokens=ProductOnly&servertokens=ProductOnly&___original_fileetag=None&fileetag=None&___original_root_options=&root_options=FollowSymLinks&root_options=IncludesNOEXEC&root_options=SymLinksIfOwnerMatch&___original_startservers=5&startservers_control=default&___original_minspareservers=5&minspareservers_control=default&___original_maxspareservers=10&maxspareservers_control=default&___original_optimize_htaccess=search_homedir_below&optimize_htaccess=search_homedir_below&___original_serverlimit=256&serverlimit_control=default&___original_maxclients=150&maxclients_control=other&maxclients_other=100&___original_maxrequestsperchild=10000&maxrequestsperchild_control=default&___original_keepalive=On&keepalive=1&___original_keepalivetimeout=5&keepalivetimeout_control=3&___original_maxkeepaliverequests=100&maxkeepaliverequests_control=20&___original_timeout=300&timeout_control=default&___original_symlink_protect=Off&symlink_protect=0&its_for_real=1' > /dev/null
363 |
364 | # DIRECTORYINDEX
365 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/save_apache_directoryindex" --cookie $CWD/wpwhmcookie.txt --data 'valid_submit=1&dirindex=index.php&dirindex=index.php5&dirindex=index.php4&dirindex=index.php3&dirindex=index.perl&dirindex=index.pl&dirindex=index.plx&dirindex=index.ppl&dirindex=index.cgi&dirindex=index.jsp&dirindex=index.jp&dirindex=index.phtml&dirindex=index.shtml&dirindex=index.xhtml&dirindex=index.html&dirindex=index.htm&dirindex=index.wml&dirindex=Default.html&dirindex=Default.htm&dirindex=default.html&dirindex=default.htm&dirindex=home.html&dirindex=home.htm&dirindex=index.js' > /dev/null
366 |
367 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/save_apache_mem_limits" --cookie $CWD/wpwhmcookie.txt --data 'newRLimitMem=enabled&newRLimitMemValue=1024&restart_apache=on&btnSave=1' > /dev/null
368 |
369 | /scripts/rebuildhttpdconf
370 | service httpd restart
371 |
372 | # DOVECOT
373 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/savedovecotsetup" --cookie $CWD/wpwhmcookie.txt --data 'protocols_enabled_imap=on&protocols_enabled_pop3=on&ipv6=on&enable_plaintext_auth=yes&ssl_cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305%3AECDHE-RSA-CHACHA20-POLY1305%3AECDHE-ECDSA-AES128-GCM-SHA256%3AECDHE-RSA-AES128-GCM-SHA256%3AECDHE-ECDSA-AES256-GCM-SHA384%3AECDHE-RSA-AES256-GCM-SHA384%3ADHE-RSA-AES128-GCM-SHA256%3ADHE-RSA-AES256-GCM-SHA384%3AECDHE-ECDSA-AES128-SHA256%3AECDHE-RSA-AES128-SHA256%3AECDHE-ECDSA-AES128-SHA%3AECDHE-RSA-AES256-SHA384%3AECDHE-RSA-AES128-SHA%3AECDHE-ECDSA-AES256-SHA384%3AECDHE-ECDSA-AES256-SHA%3AECDHE-RSA-AES256-SHA%3ADHE-RSA-AES128-SHA256%3ADHE-RSA-AES128-SHA%3ADHE-RSA-AES256-SHA256%3ADHE-RSA-AES256-SHA%3AECDHE-ECDSA-DES-CBC3-SHA%3AECDHE-RSA-DES-CBC3-SHA%3AEDH-RSA-DES-CBC3-SHA%3AAES128-GCM-SHA256%3AAES256-GCM-SHA384%3AAES128-SHA256%3AAES256-SHA256%3AAES128-SHA%3AAES256-SHA%3ADES-CBC3-SHA%3A%21DSS&ssl_min_protocol=TLSv1&max_mail_processes=512&mail_process_size=512&protocol_imap.mail_max_userip_connections=20&protocol_imap.imap_idle_notify_interval=24&protocol_pop3.mail_max_userip_connections=3&login_processes_count=2&login_max_processes_count=50&login_process_size=128&auth_cache_size=1M&auth_cache_ttl=3600&auth_cache_negative_ttl=3600&login_process_per_connection=no&config_vsz_limit=2048&mailbox_idle_check_interval=30&mdbox_rotate_size=10M&mdbox_rotate_interval=0&incoming_reached_quota=bounce&lmtp_process_min_avail=0&lmtp_process_limit=500&lmtp_user_concurrency_limit=4&expire_trash=1&expire_trash_ttl=30&include_trash_in_quota=1'
374 |
375 | # EXIM
376 | curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/saveeximtweaks" --cookie $COOKIE_FILE --data 'in_tab=1&module=Mail&find=&___original_acl_deny_spam_score_over_int=&___undef_original_acl_deny_spam_score_over_int=1&acl_deny_spam_score_over_int_control=undef&___original_acl_dictionary_attack=1&acl_dictionary_attack=1&___original_acl_primary_hostname_bl=0&acl_primary_hostname_bl=0&___original_acl_spam_scan_secondarymx=1&acl_spam_scan_secondarymx=1&___original_acl_ratelimit=1&acl_ratelimit=1&___original_acl_ratelimit_spam_score_over_int=&___undef_original_acl_ratelimit_spam_score_over_int=1&acl_ratelimit_spam_score_over_int_control=undef&___original_acl_slow_fail_block=1&acl_slow_fail_block=1&___original_acl_requirehelo=1&acl_requirehelo=1&___original_acl_delay_unknown_hosts=1&acl_delay_unknown_hosts=1&___original_acl_dont_delay_greylisting_trusted_hosts=1&acl_dont_delay_greylisting_trusted_hosts=1&___original_acl_dont_delay_greylisting_common_mail_providers=0&acl_dont_delay_greylisting_common_mail_providers=0&___original_acl_requirehelonoforge=1&acl_requirehelonoforge=1&___original_acl_requirehelonold=0&acl_requirehelonold=0&___original_acl_requirehelosyntax=1&acl_requirehelosyntax=1&___original_acl_dkim_disable=1&acl_dkim_disable=1&___original_acl_dkim_bl=0&___original_acl_deny_rcpt_soft_limit=&___undef_original_acl_deny_rcpt_soft_limit=1&acl_deny_rcpt_soft_limit_control=undef&___original_acl_deny_rcpt_hard_limit=&___undef_original_acl_deny_rcpt_hard_limit=1&acl_deny_rcpt_hard_limit_control=undef&___original_spammer_list_ips_button=&___undef_original_spammer_list_ips_button=1&___original_sender_verify_bypass_ips_button=&___undef_original_sender_verify_bypass_ips_button=1&___original_trusted_mail_hosts_ips_button=&___undef_original_trusted_mail_hosts_ips_button=1&___original_skip_smtp_check_ips_button=&___undef_original_skip_smtp_check_ips_button=1&___original_backup_mail_hosts_button=&___undef_original_backup_mail_hosts_button=1&___original_trusted_mail_users_button=&___undef_original_trusted_mail_users_button=1&___original_blocked_domains_button=&___undef_original_blocked_domains_button=1&___original_filter_emails_by_country_button=&___undef_original_filter_emails_by_country_button=1&___original_per_domain_mailips=1&per_domain_mailips=1&___original_custom_mailhelo=0&___original_custom_mailips=0&___original_systemfilter=%2Fetc%2Fcpanel_exim_system_filter&systemfilter_control=default&___original_filter_attachments=1&filter_attachments=1&___original_filter_spam_rewrite=1&filter_spam_rewrite=1&___original_filter_fail_spam_score_over_int=&___undef_original_filter_fail_spam_score_over_int=1&filter_fail_spam_score_over_int_control=undef&___original_spam_header=***SPAM***&spam_header_control=default&___original_acl_0tracksenders=0&acl_0tracksenders=0&___original_callouts=0&callouts=0&___original_smarthost_routelist=&smarthost_routelist_control=default&___original_smarthost_autodiscover_spf_include=1&smarthost_autodiscover_spf_include=1&___original_spf_include_hosts=&spf_include_hosts_control=default&___original_rewrite_from=disable&rewrite_from=disable&___original_hiderecpfailuremessage=0&hiderecpfailuremessage=0&___original_malware_deferok=1&malware_deferok=1&___original_senderverify=1&senderverify=1&___original_setsenderheader=0&setsenderheader=0&___original_spam_deferok=1&spam_deferok=1&___original_srs=0&srs=0&___original_query_apache_for_nobody_senders=1&query_apache_for_nobody_senders=1&___original_trust_x_php_script=1&trust_x_php_script=1&___original_dsn_advertise_hosts=&___undef_original_dsn_advertise_hosts=1&dsn_advertise_hosts_control=undef&___original_smtputf8_advertise_hosts=&___undef_original_smtputf8_advertise_hosts=1&smtputf8_advertise_hosts_control=undef&___original_manage_rbls_button=&___undef_original_manage_rbls_button=1&___original_acl_spamcop_rbl=1&acl_spamcop_rbl=1&___original_acl_spamhaus_rbl=1&acl_spamhaus_rbl=1&___original_rbl_whitelist_neighbor_netblocks=1&rbl_whitelist_neighbor_netblocks=1&___original_rbl_whitelist_greylist_common_mail_providers=1&rbl_whitelist_greylist_common_mail_providers=1&___original_rbl_whitelist_greylist_trusted_netblocks=0&rbl_whitelist_greylist_trusted_netblocks=0&___original_rbl_whitelist=&rbl_whitelist=&___original_allowweakciphers=1&allowweakciphers=1&___original_require_secure_auth=0&require_secure_auth=0&___original_openssl_options=+%2Bno_sslv2+%2Bno_sslv3&openssl_options_control=other&openssl_options_other=+%2Bno_sslv2+%2Bno_sslv3&___original_tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305%3AECDHE-RSA-CHACHA20-POLY1305%3AECDHE-ECDSA-AES128-GCM-SHA256%3AECDHE-RSA-AES128-GCM-SHA256%3AECDHE-ECDSA-AES256-GCM-SHA384%3AECDHE-RSA-AES256-GCM-SHA384%3ADHE-RSA-AES128-GCM-SHA256%3ADHE-RSA-AES256-GCM-SHA384%3AECDHE-ECDSA-AES128-SHA256%3AECDHE-RSA-AES128-SHA256%3AECDHE-ECDSA-AES128-SHA%3AECDHE-RSA-AES256-SHA384%3AECDHE-RSA-AES128-SHA%3AECDHE-ECDSA-AES256-SHA384%3AECDHE-ECDSA-AES256-SHA%3AECDHE-RSA-AES256-SHA%3ADHE-RSA-AES128-SHA256%3ADHE-RSA-AES128-SHA%3ADHE-RSA-AES256-SHA256%3ADHE-RSA-AES256-SHA%3AECDHE-ECDSA-DES-CBC3-SHA%3AECDHE-RSA-DES-CBC3-SHA%3AEDH-RSA-DES-CBC3-SHA%3AAES128-GCM-SHA256%3AAES256-GCM-SHA384%3AAES128-SHA256%3AAES256-SHA256%3AAES128-SHA%3AAES256-SHA%3ADES-CBC3-SHA%3A%21DSS&tls_require_ciphers_control=other&tls_require_ciphers_other=ECDHE-ECDSA-CHACHA20-POLY1305%3AECDHE-RSA-CHACHA20-POLY1305%3AECDHE-ECDSA-AES128-GCM-SHA256%3AECDHE-RSA-AES128-GCM-SHA256%3AECDHE-ECDSA-AES256-GCM-SHA384%3AECDHE-RSA-AES256-GCM-SHA384%3ADHE-RSA-AES128-GCM-SHA256%3ADHE-RSA-AES256-GCM-SHA384%3AECDHE-ECDSA-AES128-SHA256%3AECDHE-RSA-AES128-SHA256%3AECDHE-ECDSA-AES128-SHA%3AECDHE-RSA-AES256-SHA384%3AECDHE-RSA-AES128-SHA%3AECDHE-ECDSA-AES256-SHA384%3AECDHE-ECDSA-AES256-SHA%3AECDHE-RSA-AES256-SHA%3ADHE-RSA-AES128-SHA256%3ADHE-RSA-AES128-SHA%3ADHE-RSA-AES256-SHA256%3ADHE-RSA-AES256-SHA%3AECDHE-ECDSA-DES-CBC3-SHA%3AECDHE-RSA-DES-CBC3-SHA%3AEDH-RSA-DES-CBC3-SHA%3AAES128-GCM-SHA256%3AAES256-GCM-SHA384%3AAES128-SHA256%3AAES256-SHA256%3AAES128-SHA%3AAES256-SHA%3ADES-CBC3-SHA%3A%21DSS&___original_globalspamassassin=0&globalspamassassin=0&___original_max_spam_scan_size=1000&max_spam_scan_size_control=default&___original_acl_outgoing_spam_scan=0&acl_outgoing_spam_scan=0&___original_acl_outgoing_spam_scan_over_int=&___undef_original_acl_outgoing_spam_scan_over_int=1&acl_outgoing_spam_scan_over_int_control=undef&___original_no_forward_outbound_spam=0&no_forward_outbound_spam=0&___original_no_forward_outbound_spam_over_int=&___undef_original_no_forward_outbound_spam_over_int=1&no_forward_outbound_spam_over_int_control=undef&___original_spamassassin_plugin_BAYES_POISON_DEFENSE=1&spamassassin_plugin_BAYES_POISON_DEFENSE=1&___original_spamassassin_plugin_P0f=1&spamassassin_plugin_P0f=1&___original_spamassassin_plugin_KAM=1&spamassassin_plugin_KAM=1&___original_spamassassin_plugin_CPANEL=1&spamassassin_plugin_CPANEL=1'
377 |
378 | # ACTIVAR BIND EN VEZ DE POWERDNS
379 | /scripts/setupnameserver bind --force
380 |
381 | # REMOVE COOKIE
382 | rm -f $CWD/wpwhmcookie.txt
383 |
384 | echo "Configurando exim..."
385 | sed -i 's/^acl_spamhaus_rbl=.*/acl_spamhaus_rbl=1/' /etc/exim.conf.localopts
386 | sed -i 's/^acl_spamcop_rbl=.*/acl_spamcop_rbl=1/' /etc/exim.conf.localopts
387 | sed -i 's/^require_secure_auth=.*/require_secure_auth=0/' /etc/exim.conf.localopts
388 | sed -i 's/^acl_spamcop_rbl=.*/acl_spamcop_rbl=1/' /etc/exim.conf.localopts
389 | sed -i 's/^allowweakciphers=.*/allowweakciphers=1/' /etc/exim.conf.localopts
390 | sed -i 's/^per_domain_mailips=.*/per_domain_mailips=1/' /etc/exim.conf.localopts # AL PARECER TIENE UN BUG, SE CONFIGURA CON LLAMADA CURL
391 | sed -i 's/^max_spam_scan_size=.*/max_spam_scan_size=1000/' /etc/exim.conf.localopts
392 | sed -i 's/^openssl_options=.*/openssl_options= +no_sslv2 +no_sslv3/' /etc/exim.conf.localopts
393 | sed -i 's/^tls_require_ciphers=.*/tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS/' /etc/exim.conf.localopts
394 | sed -i 's/^message_linelength_limit=.*/message_linelength_limit=4096/' /etc/exim.conf.localopts # https://support.cpanel.net/hc/en-us/articles/4420121088919-Exim-4-95-message-has-lines-too-long-for-transport-Error
395 |
396 | # LIMITE DE ATTACHMENTS (SE PONE 40M PARA TENER UN LIMITE DE 25M POR BUG https://support.cpanel.net/hc/en-us/articles/360052199934--SMTP-Error-Message-exceeds-server-limit-when-email-attachment-is-smaller-than-limit)
397 | sed -i '/^message_size_limit.*/d' /etc/exim.conf.local
398 | if grep "@CONFIG@" /etc/exim.conf.local > /dev/null; then
399 | sed -i '/@CONFIG@/ a message_size_limit = 40M' /etc/exim.conf.local
400 | else
401 | echo "@CONFIG@" >> /etc/exim.conf.local
402 | echo "" >> /etc/exim.conf.local
403 | sed -i '/@CONFIG@/ a message_size_limit = 40M' /etc/exim.conf.local
404 | fi
405 |
406 | # Rechazar mails si la cuenta está suspendida https://support.cpanel.net/hc/en-us/articles/4418377416343-How-To-modify-the-Delivery-behavior-for-suspended-cPanel-accounts-from-the-command-Line
407 | +sed -i.bak 's/^suspended_account_deliveries=.*$/suspended_account_deliveries=block/' /etc/exim.conf.localopts
408 | +sed -i.bak 's/^\*.*/\*\: \:fail\: 525 5\.7\.13 Disabled recipient address/' /etc/exim_suspended_list
409 |
410 | # https://support.cpanel.net/hc/en-us/articles/36160643334807-Email-message-headers-X-Ham-Reports-and-X-Spam-Reports-output-is-not-readable
411 | sed -i 's|rfc2047:\${\(.*\)}|\1|' /usr/local/cpanel/etc/exim/acls/ACL_SPAM_SCAN_BLOCK/default_spam_scan
412 | sed -i 's|\${headerwrap_130:\(.*\)}|\1|' /usr/local/cpanel/etc/exim/acls/ACL_SPAM_SCAN_BLOCK/default_spam_scan
413 |
414 | /usr/local/cpanel/libexec/tailwatchd --disable=Cpanel::TailWatch::RecentAuthedMailIpTracker
415 |
416 | /scripts/buildeximconf
417 |
418 | echo "Instalando paquetes PHP EasyApache 4..."
419 | dnf install libsodium libsodium-devel -y
420 |
421 | dnf install -y \
422 | ea-apache24-mod_proxy_fcgi \
423 | libcurl-devel \
424 | openssl-devel \
425 | unixODBC \
426 | ea-apache24-mod_version \
427 | ea-apache24-mod_env \
428 | ea-php73 \
429 | ea-php73-pear \
430 | ea-php73-php-cli \
431 | ea-php73-php-common \
432 | ea-php73-php-curl \
433 | ea-php73-php-devel \
434 | ea-php73-php-exif \
435 | ea-php73-php-fileinfo \
436 | ea-php73-php-ftp \
437 | ea-php73-php-gd \
438 | ea-php73-php-iconv \
439 | ea-php73-php-intl \
440 | ea-php73-php-litespeed \
441 | ea-php73-php-mbstring \
442 | ea-php73-php-mysqlnd \
443 | ea-php73-php-opcache \
444 | ea-php73-php-pdo \
445 | ea-php73-php-posix \
446 | ea-php73-php-soap \
447 | ea-php73-php-zip \
448 | ea-php73-runtime \
449 | ea-php73-php-bcmath \
450 | ea-php73-php-ioncube10 \
451 | ea-php73-php-xmlrpc \
452 | ea-php73-php-gettext \
453 | ea-php73-php-gmp \
454 | ea-php73-php-xml \
455 | ea-php73-php-imap \
456 | ea-php73-php-calendar \
457 | ea-php74 \
458 | ea-php74-pear \
459 | ea-php74-php-cli \
460 | ea-php74-php-common \
461 | ea-php74-php-curl \
462 | ea-php74-php-devel \
463 | ea-php74-php-exif \
464 | ea-php74-php-fileinfo \
465 | ea-php74-php-ftp \
466 | ea-php74-php-gd \
467 | ea-php74-php-iconv \
468 | ea-php74-php-intl \
469 | ea-php74-php-litespeed \
470 | ea-php74-php-mbstring \
471 | ea-php74-php-mysqlnd \
472 | ea-php74-php-opcache \
473 | ea-php74-php-pdo \
474 | ea-php74-php-posix \
475 | ea-php74-php-soap \
476 | ea-php74-php-zip \
477 | ea-php74-runtime \
478 | ea-php74-php-bcmath \
479 | ea-php74-php-ioncube10 \
480 | ea-php74-php-xmlrpc \
481 | ea-php74-php-gettext \
482 | ea-php74-php-gmp \
483 | ea-php74-php-xml \
484 | ea-php74-php-imap \
485 | ea-php74-php-sodium \
486 | ea-php74-php-calendar \
487 | ea-php80 \
488 | ea-php80-pear \
489 | ea-php80-php-cli \
490 | ea-php80-php-common \
491 | ea-php80-php-curl \
492 | ea-php80-php-devel \
493 | ea-php80-php-exif \
494 | ea-php80-php-fileinfo \
495 | ea-php80-php-ftp \
496 | ea-php80-php-gd \
497 | ea-php80-php-iconv \
498 | ea-php80-php-intl \
499 | ea-php80-php-litespeed \
500 | ea-php80-php-mbstring \
501 | ea-php80-php-mysqlnd \
502 | ea-php80-php-opcache \
503 | ea-php80-php-pdo \
504 | ea-php80-php-posix \
505 | ea-php80-php-soap \
506 | ea-php80-php-zip \
507 | ea-php80-runtime \
508 | ea-php80-php-bcmath \
509 | ea-php80-php-gettext \
510 | ea-php80-php-gmp \
511 | ea-php80-php-xml \
512 | ea-php80-php-imap \
513 | ea-php80-php-sodium \
514 | ea-php80-php-calendar \
515 | ea-php81 \
516 | ea-php81-pear \
517 | ea-php81-php-cli \
518 | ea-php81-php-common \
519 | ea-php81-php-curl \
520 | ea-php81-php-devel \
521 | ea-php81-php-exif \
522 | ea-php81-php-fileinfo \
523 | ea-php81-php-ftp \
524 | ea-php81-php-gd \
525 | ea-php81-php-iconv \
526 | ea-php81-php-intl \
527 | ea-php81-php-litespeed \
528 | ea-php81-php-mbstring \
529 | ea-php81-php-mysqlnd \
530 | ea-php81-php-opcache \
531 | ea-php81-php-pdo \
532 | ea-php81-php-posix \
533 | ea-php81-php-soap \
534 | ea-php81-php-zip \
535 | ea-php81-runtime \
536 | ea-php81-php-bcmath \
537 | ea-php81-php-gettext \
538 | ea-php81-php-gmp \
539 | ea-php81-php-xml \
540 | ea-php81-php-imap \
541 | ea-php81-php-sodium \
542 | ea-php81-php-ioncube12 \
543 | ea-php81-php-calendar \
544 | ea-php82 \
545 | ea-php82-pear \
546 | ea-php82-php-cli \
547 | ea-php82-php-common \
548 | ea-php82-php-curl \
549 | ea-php82-php-devel \
550 | ea-php82-php-exif \
551 | ea-php82-php-fileinfo \
552 | ea-php82-php-ftp \
553 | ea-php82-php-gd \
554 | ea-php82-php-iconv \
555 | ea-php82-php-intl \
556 | ea-php82-php-litespeed \
557 | ea-php82-php-mbstring \
558 | ea-php82-php-mysqlnd \
559 | ea-php82-php-opcache \
560 | ea-php82-php-pdo \
561 | ea-php82-php-posix \
562 | ea-php82-php-soap \
563 | ea-php82-php-zip \
564 | ea-php82-runtime \
565 | ea-php82-php-bcmath \
566 | ea-php82-php-gettext \
567 | ea-php82-php-gmp \
568 | ea-php82-php-xml \
569 | ea-php82-php-imap \
570 | ea-php82-php-sodium \
571 | ea-php82-php-ioncube13 \
572 | ea-php82-php-calendar \
573 | ea-php83 \
574 | ea-php83-pear \
575 | ea-php83-php-cli \
576 | ea-php83-php-common \
577 | ea-php83-php-curl \
578 | ea-php83-php-devel \
579 | ea-php83-php-exif \
580 | ea-php83-php-fileinfo \
581 | ea-php83-php-ftp \
582 | ea-php83-php-gd \
583 | ea-php83-php-iconv \
584 | ea-php83-php-intl \
585 | ea-php83-php-litespeed \
586 | ea-php83-php-mbstring \
587 | ea-php83-php-mysqlnd \
588 | ea-php83-php-opcache \
589 | ea-php83-php-pdo \
590 | ea-php83-php-posix \
591 | ea-php83-php-soap \
592 | ea-php83-php-zip \
593 | ea-php83-runtime \
594 | ea-php83-php-bcmath \
595 | ea-php83-php-gettext \
596 | ea-php83-php-gmp \
597 | ea-php83-php-xml \
598 | ea-php83-php-imap \
599 | ea-php83-php-sodium \
600 | ea-php83-php-ioncube14 \
601 | ea-php83-php-calendar \
602 | ea-php84 \
603 | ea-php84-pear \
604 | ea-php84-php-cli \
605 | ea-php84-php-common \
606 | ea-php84-php-curl \
607 | ea-php84-php-devel \
608 | ea-php84-php-exif \
609 | ea-php84-php-fileinfo \
610 | ea-php84-php-ftp \
611 | ea-php84-php-gd \
612 | ea-php84-php-iconv \
613 | ea-php84-php-intl \
614 | ea-php84-php-litespeed \
615 | ea-php84-php-mbstring \
616 | ea-php84-php-mysqlnd \
617 | ea-php84-php-opcache \
618 | ea-php84-php-pdo \
619 | ea-php84-php-posix \
620 | ea-php84-php-soap \
621 | ea-php84-php-zip \
622 | ea-php84-runtime \
623 | ea-php84-php-bcmath \
624 | ea-php84-php-gettext \
625 | ea-php84-php-gmp \
626 | ea-php84-php-xml \
627 | ea-php84-php-sodium \
628 | ea-php84-php-calendar \
629 | --skip-broken
630 |
631 | echo "Configurando PHP EasyApache 4..."
632 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^memory_limit.*/memory_limit = 1024M/g'
633 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^enable_dl.*/enable_dl = Off/g'
634 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^expose_php.*/expose_php = Off/g'
635 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^disable_functions.*/disable_functions = apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,disk_free_space,diskfreespace,dl,exec,highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo,popen,posix_getpwuid,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,symlink,system,eval,debug_zval_dump/g'
636 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^upload_max_filesize.*/upload_max_filesize = 16M/g'
637 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^post_max_size.*/post_max_size = 16M/g'
638 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^date.timezone.*/date.timezone = "America\/Argentina\/Buenos_Aires"/g'
639 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^allow_url_fopen.*/allow_url_fopen = On/g'
640 |
641 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^max_execution_time.*/max_execution_time = 120/g'
642 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^max_input_time.*/max_input_time = 120/g'
643 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^max_input_vars.*/max_input_vars = 2000/g'
644 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^;default_charset = "UTF-8"/default_charset = "UTF-8"/g'
645 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^default_charset.*/default_charset = "UTF-8"/g'
646 |
647 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^display_errors.*/display_errors = On/g'
648 | find /opt/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^error_reporting.*/error_reporting = E_ALL \& \~E_DEPRECATED \& \~E_STRICT/g'
649 |
650 | echo "Configurando valores default PHP-FPM..." # https://documentation.cpanel.net/display/74Docs/Configuration+Values+of+PHP-FPM
651 | mkdir -p /var/cpanel/ApachePHPFPM
652 | cat > /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml << EOF
653 | ---
654 | pm_max_children: 20
655 | pm_max_requests: 40
656 | php_admin_value_disable_functions : { present_ifdefault: 0 }
657 | EOF
658 | /usr/local/cpanel/scripts/php_fpm_config --rebuild
659 | /scripts/restartsrv_apache_php_fpm
660 |
661 | echo "Configurando Handlers..."
662 | whmapi1 php_set_handler version=ea-php73 handler=cgi
663 | whmapi1 php_set_handler version=ea-php74 handler=cgi
664 | whmapi1 php_set_handler version=ea-php80 handler=cgi
665 | whmapi1 php_set_handler version=ea-php81 handler=cgi
666 | whmapi1 php_set_handler version=ea-php82 handler=cgi
667 | whmapi1 php_set_handler version=ea-php83 handler=cgi
668 | whmapi1 php_set_handler version=ea-php84 handler=cgi
669 | whmapi1 php_set_system_default_version version=ea-php84
670 |
671 | echo "Configurando PHP-FPM..."
672 | whmapi1 php_set_default_accounts_to_fpm default_accounts_to_fpm=0
673 |
674 | if [ $ISVPS = "NO" ]; then
675 | echo "Configurando ModSecurity..."
676 | URL="https%3A%2F%2Fwaf.comodo.com%2Fdoc%2Fmeta_comodo_apache.yaml"
677 | whmapi1 modsec_add_vendor url=$URL
678 |
679 | MODSEC_DISABLE_CONF=("00_Init_Initialization.conf" "10_Bruteforce_Bruteforce.conf" "12_HTTP_HTTPDoS.conf")
680 | for CONF in "${MODSEC_DISABLE_CONF[@]}"
681 | do
682 | echo "Deshabilitando conf $CONF..."
683 | whmapi1 modsec_make_config_inactive config=modsec_vendor_configs%2Fcomodo_apache%2F$CONF
684 | done
685 | whmapi1 modsec_enable_vendor vendor_id=comodo_apache
686 |
687 | function disable_rule {
688 | whmapi1 modsec_disable_rule config=$2 id=$1
689 | whmapi1 modsec_deploy_rule_changes config=$2
690 | }
691 |
692 | echo "Deshabilitando reglas conflictivas..."
693 | disable_rule 211050 modsec_vendor_configs/comodo_apache/09_Global_Other.conf
694 | disable_rule 214420 modsec_vendor_configs/comodo_apache/17_Outgoing_FilterPHP.conf
695 | disable_rule 214940 modsec_vendor_configs/comodo_apache/22_Outgoing_FiltersEnd.conf
696 | disable_rule 222390 modsec_vendor_configs/comodo_apache/26_Apps_Joomla.conf
697 | disable_rule 211540 modsec_vendor_configs/comodo_apache/24_SQL_SQLi.conf
698 | disable_rule 210730 modsec_vendor_configs/comodo_apache/11_HTTP_HTTP.conf
699 | disable_rule 221570 modsec_vendor_configs/comodo_apache/32_Apps_OtherApps.conf
700 | disable_rule 212900 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
701 | disable_rule 212000 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
702 | disable_rule 212620 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
703 | disable_rule 212700 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
704 | disable_rule 212740 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
705 | disable_rule 212870 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
706 | disable_rule 212890 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
707 | disable_rule 212640 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
708 | disable_rule 212650 modsec_vendor_configs/comodo_apache/08_XSS_XSS.conf
709 | disable_rule 221560 modsec_vendor_configs/comodo_apache/32_Apps_OtherApps.conf
710 | disable_rule 210831 modsec_vendor_configs/comodo_apache/03_Global_Agents.conf
711 | fi
712 |
713 | echo "Configurando MySQL..."
714 | # I leave cpanel to decide
715 | whmapi1 set_tweaksetting key=mycnf_auto_adjust_maxallowedpacket value=1
716 | whmapi1 set_tweaksetting key=mycnf_auto_adjust_openfiles_limit value=1
717 | whmapi1 set_tweaksetting key=mycnf_auto_adjust_innodb_buffer_pool_size value=1
718 |
719 | sed -i '/^local-infile.*/d' /etc/my.cnf
720 | sed -i '/^sql_mode.*/d' /etc/my.cnf
721 | sed -i '/^# WNPower pre-configured values.*/d' /etc/my.cnf
722 |
723 | sed -i '/\[mysqld\]/a\ ' /etc/my.cnf
724 | sed -i '/\[mysqld\]/a sql_mode = ALLOW_INVALID_DATES,NO_ENGINE_SUBSTITUTION' /etc/my.cnf
725 | sed -i '/\[mysqld\]/a local-infile=0' /etc/my.cnf
726 | sed -i '/\[mysqld\]/a # WNPower pre-configured values' /etc/my.cnf
727 |
728 | /scripts/restartsrv_mysql
729 |
730 | echo "Configurando feature disabled..."
731 | whmapi1 update_featurelist featurelist=disabled api_shell=0 agora=0 analog=0 boxtrapper=0 traceaddy=0 modules-php-pear=0 modules-perl=0 modules-ruby=0 pgp=0 phppgadmin=0 postgres=0 ror=0 serverstatus=0 webalizer=0 clamavconnector_scan=0 lists=0 emailtrace=1
732 |
733 | echo "Configurando feature default..."
734 | whmapi1 update_featurelist featurelist=default modsecurity=1 zoneedit=1 emailtrace=1
735 |
736 | echo "Creando paquete default..."
737 | # SE CALCULA 80% DEL DISCO PARA LA CUENTA DEFAULT
738 | QUOTA=$(df -h /home/ | tail -1 | awk '{ print $2 }' | sed 's/G//' | awk '{ print ($1 * 1000) * 0.8 }')
739 |
740 | whmapi1 addpkg name=default featurelist=default quota=$QUOTA cgi=0 frontpage=0 language=es maxftp=20 maxsql=20 maxpop=unlimited maxlists=0 maxsub=30 maxpark=30 maxaddon=0 hasshell=1 bwlimit=unlimited MAX_EMAIL_PER_HOUR=300 MAX_DEFER_FAIL_PERCENTAGE=30
741 |
742 | echo "Configurando hora del servidor..."
743 |
744 | echo "Instalando Chrony..."
745 | dnf install chrony -y
746 | systemctl enable chronyd
747 |
748 | echo "Seteando Timezone..."
749 | timedatectl set-timezone "America/Argentina/Buenos_Aires"
750 |
751 | echo "Seteando fecha del BIOS..."
752 | hwclock -r
753 |
754 | echo "Deshabilitando cron de mlocate..."
755 | chmod -x /etc/cron.daily/mlocate* 2>&1 > /dev/null
756 |
757 | if [ -f /proc/user_beancounters ]; then
758 | echo "OpenVZ detectado, implementando parche hostname..."
759 | echo "/usr/bin/hostnamectl set-hostname $HOSTNAME" >> /etc/rc.d/rc.local
760 | echo "/bin/systemctl restart exim.service" >> /etc/rc.d/rc.local
761 | chmod +x /etc/rc.d/rc.local
762 | fi
763 |
764 | echo "Configurando AutoSSL..."
765 | whmapi1 set_autossl_metadata_key key=clobber_externally_signed value=1
766 | whmapi1 set_autossl_metadata_key key=notify_autossl_expiry value=0
767 | whmapi1 set_autossl_metadata_key key=notify_autossl_expiry_coverage value=0
768 | whmapi1 set_autossl_metadata_key key=notify_autossl_renewal value=0
769 | whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_coverage value=0
770 | whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_coverage_reduced value=0
771 | whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_uncovered_domains value=0
772 |
773 | echo "Desactivando cPHulk..."
774 | whmapi1 disable_cphulk
775 |
776 | echo "Activando Header Authorization en CGI..."
777 | sed -i '/# INICIO ACTIVAR HEADER AUTHORIZATION CGI/,/# FIN ACTIVAR HEADER AUTHORIZATION CGI/d' /etc/apache2/conf.d/includes/pre_main_global.conf
778 |
779 | cat >> /etc/apache2/conf.d/includes/pre_main_global.conf << 'EOF'
780 | # INICIO ACTIVAR HEADER AUTHORIZATION CGI
781 | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
782 | # FIN ACTIVAR HEADER AUTHORIZATION CGI
783 |
784 | EOF
785 |
786 | /scripts/restartsrv_apache
787 |
788 | echo "Activando 2FA..."
789 | /usr/local/cpanel/bin/whmapi1 twofactorauth_enable_policy
790 |
791 | echo "desactivando mod_userdir (preview viejo con ~usuario)..."
792 | sed -i 's/:.*/:/g' /var/cpanel/moddirdomains
793 |
794 | find /var/cpanel/userdata/ -type f -exec grep -H "userdirprotect: -1" {} \; | while read LINE
795 | do
796 | FILE=$(echo "$LINE" | cut -d':' -f1)
797 | sed -i "s/userdirprotect: -1/userdirprotect: ''/" "$FILE"
798 | done
799 |
800 | /scripts/rebuildhttpdconf
801 | /scripts/restartsrv_httpd
802 |
803 | echo "Configurando JailShell..."
804 | echo "/etc/pki/java" >> /var/cpanel/jailshell-additional-mounts
805 |
806 | echo "Miscelaneas..."
807 | # NO TIENE PERMISOS DE EJECUCION PARA TODOS POR DEFAULT
808 | chmod 755 /usr/bin/wget
809 | chmod 755 /usr/bin/curl
810 |
811 | echo "Instalando PHP ImageMagick..."
812 | dnf -y install ImageMagick-devel ImageMagick-c++-devel ImageMagick-perl
813 |
814 | for phpver in $(ls -1 /opt/cpanel/ |grep ea-php | sed 's/ea-php//g') ; do
815 |
816 | # Desactivo disable_functions
817 | sed -i 's/^disable_functions/;disable_functions/' /opt/cpanel/ea-php$phpver/root/etc/php.ini
818 |
819 | printf "\autodetect" | exec /opt/cpanel/ea-php$phpver/root/usr/bin/php -C \
820 | -d include_path=/usr/share/pear \
821 | -d date.timezone=UTC \
822 | -d output_buffering=1 \
823 | -d variables_order=EGPCS \
824 | -d safe_mode=0 \
825 | -d register_argc_argv="On" \
826 | -d disable_functions="" \
827 | /opt/cpanel/ea-php$phpver/root/usr/share/pear/peclcmd.php install imagick
828 |
829 | # REACTIVO disable_functions
830 | sed -i 's/^;disable_functions/disable_functions/' /opt/cpanel/ea-php$phpver/root/etc/php.ini
831 | done
832 |
833 | /scripts/restartsrv_httpd
834 | /scripts/restartsrv_apache_php_fpm
835 |
836 | echo "Desactivando Greylisting..."
837 | whmapi1 disable_cpgreylist
838 |
839 | echo "Desactivando Welcome Panel..."
840 | # https://support.cpanel.net/hc/en-us/articles/1500003456602-How-to-Disable-the-Welcome-Panel-Server-Wide-for-Newly-Created-Accounts
841 | mkdir -pv /root/cpanel3-skel/.cpanel/nvdata; echo "1" > /root/cpanel3-skel/.cpanel/nvdata/xmainwelcomedismissed
842 |
843 | echo "Desactivando nuevo theme Glass para nuevas cuentas..."
844 | # https://support.cpanel.net/hc/en-us/articles/1500011608461
845 | # https://support.cpanel.net/hc/en-us/articles/4402125595415-How-to-disable-the-Glass-theme-feedback-banner-for-newly-created-accounts
846 | mkdir -pv /root/cpanel3-skel/.cpanel/nvdata/; echo -n "1" > /root/cpanel3-skel/.cpanel/nvdata/xmainNewStyleBannerDismissed
847 | mkdir -pv /root/cpanel3-skel/.cpanel/nvdata/; echo -n "1" > /root/cpanel3-skel/.cpanel/nvdata/xmainSwitchToPreviousBannerDismissed
848 | whmapi1 set_default type='default' name='basic'
849 |
850 | echo "Desactivando cPanel Analytics..."
851 | whmapi1 participate_in_analytics enabled=0
852 |
853 | echo "Corrigiendo RPMs de cPanel..." # A veces queda alguno corrupto
854 | /usr/local/cpanel/scripts/check_cpanel_pkgs --fix
855 |
856 | echo "Seteando versión default de PHP global..."
857 | whmapi1 php_set_system_default_version version=ea-php81
858 |
859 | # Fix bug systemd --user https://support.cpanel.net/hc/en-us/community/posts/19164685550615-Cron-Jobs-and-usr-lib-systemd-systemd-user-in-Almalinux
860 | systemctl mask user@.service
861 | ps axo user:30,pid,comm:100 | grep systemd | grep -v "root\|grep" | awk '{ print $2 }' | xargs kill
862 |
863 | echo "Reescribiendo /etc/resolv.conf..."
864 |
865 | echo "options timeout:5 attempts:2" > /etc/resolv.conf
866 | echo "nameserver 127.0.0.1" >> /etc/resolv.conf # local
867 | echo "nameserver 208.67.222.222" >> /etc/resolv.conf # OpenDNS
868 | echo "nameserver 8.20.247.20" >> /etc/resolv.conf # Comodo
869 | echo "nameserver 8.8.8.8" >> /etc/resolv.conf # Google
870 | echo "nameserver 199.85.126.10" >> /etc/resolv.conf # Norton
871 | echo "nameserver 8.26.56.26" >> /etc/resolv.conf # Comodo
872 | echo "nameserver 209.244.0.3" >> /etc/resolv.conf # Level3
873 | echo "nameserver 8.8.4.4" >> /etc/resolv.conf # Google
874 |
875 | echo "Instalando librerías para jq..."
876 | dnf install oniguruma -y
877 | dnf install libsodium -y
878 | dnf install jq -y
879 |
880 | echo "Instalando locales..."
881 | dnf install glibc-all-langpacks -y
882 |
883 | echo "Instalando otros paquetes..."
884 | dnf install ipcalc -y
885 |
886 | echo "Desactivando Bloatware..."
887 | whmapi1 EcosystemFeatures/local_disable plugin=cpanel-monitoring-plugin # https://support.cpanel.net/hc/en-us/articles/28456122745623-How-to-disable-Server-Monitoring-360-Monitoring
888 |
889 | echo "Varios finales..."
890 | whmapi1 accept_eula
891 |
892 | echo "Limpiando...."
893 |
894 | rm -f /var/cpanel/nocloudlinux > /dev/null
895 |
896 | history -c
897 | echo "" > /root/.bash_history
898 |
899 | echo "#### ¡Terminado!. Si vas a reiniciar hacelo en 10 minutos porque puede estar actualizando MySQL ####"
900 |
--------------------------------------------------------------------------------