PK œqhYî¶J‚ßF ßF ) nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/
Dir : /usr/bin/ |
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
Dir : //usr/bin/cldiag |
#!/opt/cloudlinux/venv/bin/python3 -bb # coding=utf-8 # # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENCE.TXT # import datetime import getopt import socket import sys import os import stat import tempfile import subprocess import urllib.request from email import message_from_string from email.mime.text import MIMEText from typing import AnyStr # NOQA from clcommon.utils import is_root_or_exit from clcommon.mail_helper import MailHelper, MailSendFailed import cldetectlib as detect from cldiaglib import ( runner, fake_cagefs_checker, check_cp_diag, check_symlinksifowner, check_suexec, check_suphp, check_use_pam, check_symlinkowngid, check_existence_of_all_users_packages, check_da_resellers_packages_files, check_phpselector, check_php_conf, check_defaults_cfg, check_lve_limits, check_cagefs_partition_disk_quota, is_email_notification_enabled, check_domains_compatibility, check_hidepid, get_list_of_disabled_cron_checkers, set_list_of_disabled_cron_checkers, cron_cldiag_checkers_param_name, check_jwt_token, check_cl_plus_sender_service, check_node_exporter_service, check_cmt_packages, check_lvestats_service, check_low_pmem_limits ) CAGEFS_SOURCES = '/usr/share/cagefs' CAGEFS_INSTALLED = detect.is_cagefs_installed() if CAGEFS_INSTALLED: sys.path.append(CAGEFS_SOURCES) try: from sanity_check import ( check_cagefs_mount_points_exists, check_cagefs_enabled_users_isdir, check_cagefs_disabled_users_isdir, check_cagefs_disabled_etcfs_exists, check_users_can_enter_cagefs, check_proxy_commands_configs_are_parsable, check_all_virt_mp_files_syntax, ) except ImportError: check_cagefs_mount_points_exists = None check_cagefs_enabled_users_isdir = None check_cagefs_disabled_users_isdir = None check_cagefs_disabled_etcfs_exists = None check_users_can_enter_cagefs = None check_proxy_commands_configs_are_parsable = None check_all_virt_mp_files_syntax = None cron_checkers = { check_symlinksifowner: 'check-symlinksifowner', check_use_pam: 'check-usepam', check_symlinkowngid: 'check-symlinkowngid', check_existence_of_all_users_packages: 'check-cpanel-packages', check_da_resellers_packages_files: 'check-da-packages-lists', check_lve_limits: 'check-lve-limits', check_cagefs_mount_points_exists: 'check-cagefs-mount-points-exist', check_cagefs_enabled_users_isdir: 'check-cagefs-enabled-users-is-dir', check_cagefs_disabled_users_isdir: 'check-cagefs-disabled-users-is-dir', check_cagefs_disabled_etcfs_exists: 'check-cagefs-disabled-etc-fs-exists', check_users_can_enter_cagefs: 'check-users-can-enter-cagefs', check_proxy_commands_configs_are_parsable: 'check-proxy-commands-configs-are-parsable', check_all_virt_mp_files_syntax: 'check-all-virtmp-files-syntax', check_hidepid: 'check-hidepid', check_jwt_token: 'check-jwt-token', check_cl_plus_sender_service: 'check-cl-plus-sender-service', check_node_exporter_service: 'check-node-exporter-service', check_cmt_packages: 'check-cmt-packages', check_lvestats_service: 'check-lvestats-service', check_cagefs_partition_disk_quota: 'check_cagefs_partition_disk_quota', check_low_pmem_limits: 'check_low_pmem_limits', } RUN_BY_CRON_SCOPE = 'run_by_cron' CAGEFS_SCOPE = 'cagefs' CMT_SCOPE = 'cmt' ALL_SCOPE = 'all' # TODO: we should consider about changing "FROM" field # now chances that this mail will go to spam are almost 100% EMAIL_TPL = """\ Subject: Your CloudLinux Server has issues: [{host}] - {date} From: noreply@{host} To: {to} <html> <head></head> <body> <p> We have detected several CloudLinux configuration issues on your system. </p> <ul> <li>You may ignore some or all issues if you know that they don't cause you any troubles or they are expected or already scheduled to be fixed </li> <li>You may contact <a target="_blank" href="https://cloudlinux.zendesk.com/">CloudLinux support</a> to help to resolve issues that are hard to resolve yourself </li> <li>You may disable this cron checks permanently See <a target="_blank" href="https://docs.cloudlinux.com/cldiag.html">docs</a> for steps </li> </ul> <p> See report below. </p> <pre> {content} </pre> </body> </html> """ # Show help def print_usage(): print('-h | --help shows this message') print('--json prints output as json') print('-a | --all prints all diag') print(" --diag-cp prints control panel and its version (CP_NAME, CP_VERSION)") print(" --doctor runs the cldoctor script and displays its output") print(' --symlinksifowner prints fs.enforce_symlinksifowner from sysctl conf') print(' --check-cm-all runs all of checkers for Centralized Monitoring') print(' --check-jwt-token prints warnings if JWT token has any error') print(' --check-suexec prints warning if suexec binary without CageFS') print(' --check-suphp prints warning if suphp binary without CageFS') print(' --check-usepam prints warnings if SSHd UsePAM from /etc/ssh/sshd_config') print(' --check-phpselector prints warnings if current PHP engine is not supported by CloudLinux PHP Selector') print(' --check-multi-php prints warnings if current system version is alt-php') print(' --check-domains-compatibility prints warnings if domains are not compatible') print(" --check-cagefs runs same checks as cagefsctl --sanity-check and print it's result") print(" --check-symlinkowngid prints warning if Apache user is not protected with fs.enforce_symlinksifowner") print(' --check-cpanel-packages prints packages from /var/cpanel/users that do not exist in /var/cpanel/packages') print(' --check-da-packages-lists check packages files encoding from /usr/local/directadmin/data/users/') print(' --check-php-conf prints warnings if /etc/cl.selector/php.conf has wrong format') print(' --check-defaults-cfg prints warnings if /etc/cl.selector/defaults.cfg has wrong format') print(' --check-lve-limits prints warnings if lve limits isn\'t valid on the server') print(' --check-hidepid prints warning if hidepid protection is disabled on the server') print(' --check-cagefs-quota prints warning if /var/cagefs is located on partition with disk quota disabled') print(' --check-low-pmem-limits prints warning if low PMEM limits present') print(' --generate-email will run most of the checks, generate HTML report and send it via email to admin.') print(' Default recipient email is root@localhost.localdomain (Can be affected by mail server settings).') print(' To change default email add/edit control panel getemail script from /etc/sysconfig/cloudlinux.') print(' --cron-check Do the same as --generate-email but taking into account /etc/sysconfig/cloudlinux ENABLE_CLDIAG setting') print(' --disable-cron-checkers [c1,c2] You can disable a few cron checkers passing on list of checkers separated by comma.') print(' Full list of cron checkers: {}'.format(', '.join(cron_checkers.values()))) print(' If you want to enable all checkers - call without args') print('') def _filter_checkers_list(checkers): """ Remove from list checkers which was disabled by client """ disabled_checkers = get_list_of_disabled_cron_checkers() enabled_checkers = [checker for checker in checkers if checker.public_name not in disabled_checkers] return enabled_checkers def check_and_send_notification(cron_mode: bool, scope: AnyStr=ALL_SCOPE) -> None: """ Run checkers that are present in given scope. Also send email to servers administrator if some of checkers fail. :param cron_mode: True - started by cron, False - started manually :param scope: the param defines set of checkers """ checkers = prepare_checkers(scope=scope, cron_mode=cron_mode) if cron_mode: checkers = _filter_checkers_list(checkers) errors, output = runner(checkers, do_exit=False) if not errors: return mail_helper = MailHelper() message = EMAIL_TPL.format( host=socket.gethostname(), date=datetime.date.today(), to=detect.getCPAdminEmail(), content=''.join(output), cldiag_param=cron_cldiag_checkers_param_name, cl_config=detect.CL_CONFIG_FILE, ) headers = message_from_string(message) msg = MIMEText(headers.get_payload(), 'html') msg['Subject'] = headers['Subject'] msg['From'] = headers['From'] msg['To'] = headers['To'] # TODO: probably we can change sendmail signature to just msg argument try: mail_helper.sendmail(msg['From'], msg['To'], msg=msg) except MailSendFailed as e: error_msg = "cldiag is unable to send email notification " \ "about server issues; the error is '%s'\n" \ "Check your mail server settings or contact " \ "CloudLinux support for help" % e if scope == RUN_BY_CRON_SCOPE: error_msg += "\nAlso you can disable automatic notifications. See " \ "https://docs.cloudlinux.com/cldiag.html for steps." print(error_msg) def _add_public_name_to_cron_checkers(checkers): """ Write additional field with public name to each cron checker. """ for checker in checkers: checker.public_name = cron_checkers[checker] def prepare_checkers(scope=ALL_SCOPE, cron_mode=False): all_scopes = ( ALL_SCOPE, CAGEFS_SCOPE, RUN_BY_CRON_SCOPE, CMT_SCOPE, ) if scope not in all_scopes: raise ValueError('Unknown checkers scope') cmt_checkers = ( check_jwt_token, check_cl_plus_sender_service, check_node_exporter_service, check_cmt_packages, check_lvestats_service, ) all_checkers = ( check_cp_diag, check_symlinksifowner, check_suexec, check_suphp, check_use_pam, check_symlinkowngid, check_existence_of_all_users_packages, check_da_resellers_packages_files, check_phpselector, check_defaults_cfg, check_php_conf, check_lve_limits, check_hidepid, check_cagefs_partition_disk_quota, check_low_pmem_limits, ) cagefs_checkers = ( fake_cagefs_checker, ) checkers_run_by_cron = ( check_symlinksifowner, check_use_pam, check_symlinkowngid, check_existence_of_all_users_packages, check_da_resellers_packages_files, check_lve_limits, check_hidepid, check_cagefs_partition_disk_quota, check_low_pmem_limits, *cmt_checkers, ) if CAGEFS_INSTALLED: try: from sanity_check import CAGEFS_CHECKERS cagefs_checkers = tuple(CAGEFS_CHECKERS) except ImportError: pass all_checkers = all_checkers + cagefs_checkers if scope == ALL_SCOPE: return all_checkers if scope == CAGEFS_SCOPE and CAGEFS_INSTALLED: return cagefs_checkers if scope == RUN_BY_CRON_SCOPE: if CAGEFS_INSTALLED: try: from sanity_check import ( check_multiphp_system_default, ) checkers_run_by_cron += tuple( checker for checker in cagefs_checkers # LU-919; We exclude cagefs multiphp checker for checkers which run by cron if checker != check_multiphp_system_default ) except ImportError: pass if cron_mode: _add_public_name_to_cron_checkers(checkers_run_by_cron) return checkers_run_by_cron if scope == CMT_SCOPE: return cmt_checkers return [] def run_cldoctor(): """ Downloads the cldoctor script from the fixed URL to a temp file and runs it. Prints the output. :raises CalledProcessError: When the script returns a non-zero return code. """ doctor_url = r"https://repo.cloudlinux.com/cloudlinux/cldoctor/cldoctor.sh" doctor_filename = os.path.join("/root/", "tmp_cldoctor.sh") print(f"Downloading cldoctor script from {doctor_url}") urllib.request.urlretrieve(doctor_url, doctor_filename) # `check` will raise an exception if the script exited with a non-zero code. subprocess.run(["/bin/bash", doctor_filename], shell=False, text=True, check=True, cwd="/root") # Wipe the script after execution, don't wait for tempdir cleanup. os.remove(doctor_filename) def main(): is_root_or_exit() try: opts, args = getopt.getopt(sys.argv[1:], 'ha', [ 'help', 'all', 'diag-cp', 'symlinksifowner', 'check-suexec', 'check-suphp', 'check-usepam', 'generate-email', 'cron-check', 'check-cagefs', 'check-symlinkowngid', 'check-cpanel-packages', 'check-da-packages-lists', 'check-phpselector', 'check-multi-php', 'check-domains-compatibility', 'check-hidepid', 'check-cagefs-quota', 'check-low-pmem-limits', 'json', 'check-php-conf', 'check-defaults-cfg', 'check-lve-limits', 'add-comment-to-config-about-cron-checkers', 'disable-cron-checkers', 'check-cm-all', 'check-jwt-token', 'doctor', ]) except getopt.GetoptError: print('error: unknown command') print_usage() sys.exit(1) executed = False to_json = False if ('--json', '') in opts: to_json = True scheduled_checkers = [] for o, a in opts: if o in ('--help', '-h'): executed = True print_usage() elif o in('--check-cm-all',): executed = True checkers = prepare_checkers(scope=CMT_SCOPE) for checker in checkers: scheduled_checkers.append(checker) elif o in ('--all', '-a'): executed = True checkers = prepare_checkers() runner(checkers, to_json) elif o in ('--diag-cp', ): scheduled_checkers.append(check_cp_diag) elif o in ('--symlinksifowner', ): scheduled_checkers.append(check_symlinksifowner) elif o in ('--check-suexec', ): scheduled_checkers.append(check_suexec) elif o in ('--check-suphp', ): scheduled_checkers.append(check_suphp) elif o in ('--check-usepam',): scheduled_checkers.append(check_use_pam) elif o in ('--generate-email', ): executed = True check_and_send_notification(scope=ALL_SCOPE, cron_mode=False) elif o in ('--check-cagefs',): if not CAGEFS_INSTALLED: print('Cagefs is not installed. Skipping check') exit(0) checkers = prepare_checkers(CAGEFS_SCOPE) for checker in checkers: scheduled_checkers.append(checker) elif o in ('--check-low-pmem-limits',): scheduled_checkers.append(check_low_pmem_limits) elif o in ('--check-symlinkowngid',): scheduled_checkers.append(check_symlinkowngid) elif o in ('--cron-check',): executed = True if is_email_notification_enabled(): check_and_send_notification(cron_mode=True, scope=RUN_BY_CRON_SCOPE) elif o in ('--check-phpselector',): scheduled_checkers.append(check_phpselector) elif o in ('--check-multi-php',): executed = True if CAGEFS_INSTALLED: from sanity_check import check_multiphp_system_default scheduled_checkers.append(check_multiphp_system_default) elif o in ('--check-domains-compatibility',): scheduled_checkers.append(check_domains_compatibility) elif o in ('--check-cpanel-packages',): scheduled_checkers.append(check_existence_of_all_users_packages) elif o in ('--check-da-packages-lists',): scheduled_checkers.append(check_da_resellers_packages_files) elif o in ('--check-php-conf',): scheduled_checkers.append(check_php_conf) elif o in ('--check-defaults-cfg',): scheduled_checkers.append(check_defaults_cfg) elif o in ('--check-lve-limits',): scheduled_checkers.append(check_lve_limits) elif o in ('--disable-cron-checkers',): if args: disabled_cron_checkers = [item.strip() for item in str(args[0]).strip().split(',')] else: disabled_cron_checkers = [] for checker in disabled_cron_checkers: if checker not in list(cron_checkers.values()): print(f'error: wrong name of the checker: {checker}') print(f'Full list of existing checkers: ' f'{", ".join(cron_checkers.values())}') sys.exit(1) set_list_of_disabled_cron_checkers(disabled_cron_checkers) executed = True elif o in ('--check-hidepid',): scheduled_checkers.append(check_hidepid) elif o in ('--check-jwt-token',): scheduled_checkers.append(check_jwt_token) elif o in ('--check-cagefs-quota',): scheduled_checkers.append(check_cagefs_partition_disk_quota) elif o in ('--doctor',): executed = True run_cldoctor() if scheduled_checkers or to_json: executed = True runner(scheduled_checkers, to_json) if not executed: print('error: argument required') print_usage() sys.exit(1) if __name__ == "__main__": main()