ზ3በંવવხްុլRxስសلçໂH℅૩/usr/local/bin/|
|
| Current File : //usr/local/bin/restrict |
#!/bin/bash
#1.CONSTANTS FOR COLORS:
RED_COLOR=$'\033[31;1m'
GREEN_COLOR=$'\033[32;1m'
YELLOW_COLOR=$'\033[33;1m'
DEFAULT_COLOR=$'\033[0m'
#2.INPUT DOMAIN NAME:
printf "%sTYPE THE DOMAIN NAME THAT YOU WISH TO BE RESTICTED.%s\\n" "$GREEN_COLOR" "$DEFAULT_COLOR"
#2.1.CHECK IF INPUT DOMAIN EXISTS AND ASK FOR INPUT UNTIL EXISTING DOMAIN IS PROVIDED:
current_user=$(whoami)
counter=0
while [ -z "$doc_root" ]; do
if [ "$counter" != 0 ]; then
printf "%sINVALID DOMAIN! TYPE THE DOMAIN AGAIN:%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"
fi
read -e -r -p $'\e[36mDomain/Subdomain:\e[0m ' input_domain;
#2.1.1.CONVERT INPUT TO LOWERCASE:
input_domain="${input_domain,,}"
#2.1.2.REMOVE ANY '/' AT THE END OF THE INPUT:
last_char="${input_domain: -1}"
while [ "$last_char" = '/' ]; do
input_domain=${input_domain%?};
last_char="${input_domain: -1}"
done
sub_folder=$( echo "${input_domain}" | cut -d '/' -s -f 2- )
domain_name=$( echo "$input_domain" | cut -d '/' -f 1 )
if [ "$current_user" = 'root' ]; then
cpanel_user=$( /scripts/whoowns "$domain_name" )
if [ -n "$cpanel_user" ]; then
doc_root=$( uapi --user="$cpanel_user" DomainInfo single_domain_data domain="$domain_name" | grep 'documentroot:' | cut -d ' ' -f 6 )
fi
else
doc_root=$( uapi DomainInfo single_domain_data domain="$domain_name" | grep 'documentroot:' | cut -d ' ' -f 6 )
fi
if [ -n "$doc_root" ]; then
if [ -n "$sub_folder" ]; then
doc_root=${doc_root}/${sub_folder}
fi
fi
((counter++))
done
#3.NAVIGATE TO DOCUMENT ROOT OF THE DOMAIN AND DENY ACCESS
cd "$doc_root" 2> /dev/null || ( printf "%sDOCUMENT ROOT DOES NOT EXIST! EXITING ...%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"; exit; )
if [[ -f .htaccess && -s .htaccess ]]; then
if [[ "$current_user" = 'root' && -n $(lsattr .htaccess | grep 'a\|i' | awk '{print$1}') ]]; then
chattr -ai .htaccess
fi
sed -i '1s/^/ErrorDocument 403 default\nDeny from All\n/' .htaccess
else
printf 'ErrorDocument 403 default\nDeny from All' > .htaccess
if [ "$current_user" = 'root' ]; then
chown "$cpanel_user": .htaccess
fi
fi
counter=0
#4.CHECK RECURSIVLY FOR .HTACCESS FILES WITH ALLOW FROM ALL RULES
read -r -a files <<< "$(find "$doc_root" -type f -name '.htaccess' -exec grep -w -l -i 'allow from all' {} \; | grep -v 'akismet' | tr '\n' ' ')"
number_of_files=${#files[@]}
if [ "$number_of_files" -gt 0 ]; then
printf "%sAllow From All FOUND IN THE FOLLOWING FILES:%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"
printf "%s\\n" "${files[@]}"
#5.REMOVE ALL ENTRIES OF ALLOW FROM ALL
read -e -r -p $'\e[36mWould you like to remove the rule from all files?(y/n):\e[0m ' remove;
if [ "$remove" = 'y' ]; then
for file in "${files[@]}"; do
sed -i '/Allow From All/Id' "$file"
line_removed=$(grep -w -l -i 'allow from all' "$file")
if [ -z "$line_removed" ]; then
printf "%sRule removed from "$file"%s\\n" "$GREEN_COLOR" "$DEFAULT_COLOR"
else
printf "%sRule NOT removed from "$file"%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"
fi
done
else
printf "%sRule NOT removed from the files.%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"
fi
fi
#6.CHATTR .HTACCESS IF POSSIBLE
if [ "$current_user" = 'root' ]; then
chattr +ai .htaccess
if [ -n $(lsattr .htaccess | grep 'ia' | awk '{print$1}') ]; then
printf "%sChattr added to "$doc_root"/.htaccess.%s\\n" "$GREEN_COLOR" "$DEFAULT_COLOR"
fi
fi