HEX
Server: nginx/1.29.3
System: Linux 11979.bigscoots-wpo.com 6.8.0-88-generic #89-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct 11 01:02:46 UTC 2025 x86_64
User: nginx (1068)
PHP: 7.4.33
Disabled: exec,system,passthru,shell_exec,proc_open,proc_close,popen,show_source,cmd# Do not modify this line # 1684243876
$ pwd: /proc/1284357/root/bigscoots/
Upload Files
File: //proc/1284357/root/bigscoots/bs_cpanel_install_centos7.sh
#!/bin/bash

exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/bigscootsinstall.log 2>&1

clear

source /bigscoots/includes/common.sh

function SLACK() {
  local message="$1"
  bash /bigscoots/general/slack.sh "#team-chat" ":cpanel: *Hostname:* $(hostname)\n *Server IP:* ${serverip}\n *Message:* ${message}"
}

echo
echo "#####################################"
echo "#             BigScoots             #"
echo "# Fully Managed cPanel Server Setup #"
echo "#####################################"

sleep 2

echo
echo "######################################################"
echo "Make sure to set a valid hostname.(ex. server.domain.com)"
echo "Make sure to set the rDNS for the hostname"
echo "######################################################"
sleep 3


DOMAIN=$(hostname | awk -F. '{print $2"."$3}')
EMAIL="admin@$DOMAIN"

echo
echo "######################################################"
echo "Disable initial setup screen and configure it."
echo "######################################################"
sleep 1

touch /etc/.whostmgrft
touch /etc/fstab 

{
  echo ADDR "$serverip"
  echo NSTTL 86400
  echo TTL 14400
  echo SCRIPTALIAS y
  echo NS2 ns2."$DOMAIN"
  echo ETHDEV eth0
  echo HOST "$HOSTNAME"
  echo MINUID 500
  echo CONTACTEMAIL "$EMAIL"
  echo HOMEMATCH home
  echo NS ns1."$DOMAIN"
  echo NS4
  echo HOMEDIR /home
  echo NS3
  echo LOGSTYLE combined
  echo DEFMOD jupiter
  echo DEFWEBMAILTHEME jupiter
} > /etc/wwwacct.conf

sed -i '/^$/d' /etc/wwwacct.conf

echo "$EMAIL" > /root/.forward

mkdir -p /root/cpanel_profile
cp -rf /bigscoots/cpanel.config /root/cpanel_profile/cpanel.config
cp -rf /bigscoots/cpanel/EA4/EasyApache_latest.json /etc/cpanel_initial_install_ea4_profile.json

echo
echo "######################################################"
echo "Disable iptables, update the server and set the timezone(Chicago)"
echo "######################################################"
sleep 3

rm -f /etc/localtime
ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime


echo
echo "######################################################"
echo "Install Perl and Screen if its not already, and start cPanel installation."
echo "######################################################"
sleep 3

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

echo
echo "#####################################"
echo "#             BigScoots             #"
echo "# Fully Managed cPanel Server Setup #"
echo "#####################################"

sleep 1

echo
echo "######################################################"
echo "Disable cphulk"
echo "######################################################"
sleep 1

rm -f /var/cpanel/hulkd/enabled
/usr/local/cpanel/etc/init/stopcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl --disable

echo
echo "######################################################"
echo "Install addons"
echo "######################################################"
sleep 1

mkdir /home/installtmp
cd /home/installtmp
bash <(wget -qO - https://get.configserver.dev)
tar -xzf csf.tgz
cd csf ; sh install.cpanel.sh ; cd ..

/scripts/setupftpserver pure-ftpd --force

echo
echo "######################################################"
echo "Install and configure CSF + PureFTPD"
echo "######################################################"
sleep 1

sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
sed -i '/TCP_IN = "/c\TCP_IN = "20,21,22,25,26,53,80,110,143,443,465,587,993,995,111,2049,2077,2078,2082,2083,2086,2087,2095,2096,2222,49152:65534"' /etc/csf/csf.conf
sed -i '/TCP_OUT = "/c\TCP_OUT = "20,21,22,25,26,37,43,53,80,110,113,443,587,873,111,2049,2086,2087,2089,2703"' /etc/csf/csf.conf
sed -i '/UDP_OUT = "/c\UDP_OUT = "20,21,53,111,113,123,873,2049,6277"' /etc/csf/csf.conf
sed -i '/UDP_IN = "/c\UDP_IN = "20,21,53,111,2049"' /etc/csf/csf.conf
sed -i 's/LF_SCRIPT_ALERT = "1"/LF_SCRIPT_ALERT = "0"/g' /etc/csf/csf.conf
sed -i '/PT_USERPROC = /c\PT_USERPROC = "0"' /etc/csf/csf.conf
sed -i '/PT_INTERVAL = /c\PT_INTERVAL = "0"' /etc/csf/csf.conf
sed -i '/PT_USERTIME = /c\PT_USERTIME = "0"' /etc/csf/csf.conf
sed -i '/LF_INTEGRITY = /c\LF_INTEGRITY = "0"' /etc/csf/csf.conf
sed -i '/PT_USERMEM = /c\PT_USERMEM = "0"' /etc/csf/csf.conf

# UDPFLOOD has to be disbaled in virtuozzo7 https://bugs.openvz.org/browse/OVZ-6659
sed -i '/UDPFLOOD = /c\UDPFLOOD = "0"' /etc/csf/csf.conf
sed -i '/LF_DIRWATCH = /c\LF_DIRWATCH = "0"' /etc/csf/csf.conf
sed -i 's/LF_EMAIL_ALERT = "1"/LF_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/LF_TRIGGER = "0"/LF_TRIGGER = "20"/g' /etc/csf/csf.conf
sed -i 's/LF_TRIGGER_PERM = "1"/LF_TRIGGER_PERM = "900"/g' /etc/csf/csf.conf
sed -i 's/CT_EMAIL_ALERT = "1"/CT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/PT_USERKILL_ALERT = "1"/PT_USERKILL_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/PS_EMAIL_ALERT = "1"/PS_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/PORTKNOCKING_ALERT = "1"/PORTKNOCKING_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/LT_EMAIL_ALERT = "1"/LT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "2"/g' /etc/csf/csf.conf
sed -i 's/LF_PERMBLOCK_ALERT = "1"/LF_PERMBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/LF_NETBLOCK_ALERT = "1"/LF_NETBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/RT_RELAY_ALERT = "1"/RT_RELAY_ALERT = "0"/g' /etc/csf/csf.conf
sed -i 's/LF_ALERT_TO = ""/LF_ALERT_TO = "[email protected]"/g' /etc/csf/csf.conf
sed -i 's/X_ARF_TO = ""/X_ARF_TO = "[email protected]"/g' /etc/csf/csf.conf

sed -i '/PassivePortRange/c\PassivePortRange          49152 65534' /etc/pure-ftpd.conf


echo
echo "######################################################"
echo "Disable IPv6"
echo "######################################################"
sleep 1

/sbin/sysctl -w net.ipv6.conf.default.disable_ipv6=1
/sbin/sysctl -w net.ipv6.conf.all.disable_ipv6=1

echo
echo "######################################################"
echo "mysqltuner easy access"
echo "######################################################"
sleep 1

cd / || exit ; wget https://raw.github.com/major/MySQLTuner-perl/master/mysqltuner.pl --no-check-certificate; chmod +x mysqltuner.pl ; mv mysqltuner.pl /usr/sbin

echo
echo "######################################################"
echo "PHP config + harden functions + Passive FTP ports for pureftpd"
echo "######################################################"
sleep 1

sed -i '/allow_url_fopen = /c\allow_url_fopen = On' /opt/cpanel/ea-*/root/etc/php.ini
sed -i '/max_execution_time = /c\max_execution_time = 120' /opt/cpanel/ea-*/root/etc/php.ini
sed -i '/max_input_time = /c\max_input_time = -1' /opt/cpanel/ea-*/root/etc/php.ini
sed -i '/memory_limit = /c\memory_limit = 256M' /opt/cpanel/ea-*/root/etc/php.ini
sed -i '/upload_max_filesize = /c\upload_max_filesize = 128M' /opt/cpanel/ea-*/root/etc/php.ini
sed -i '/post_max_size = /c\post_max_size = 128M' /opt/cpanel/ea-*/root/etc/php.ini

sed -ie 's/#Port.*[0-9]$/Port 2222/gI' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
# sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
# sed -i 's/ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config

echo
echo "######################################################"
echo "Restart some services that need changes to take effect."
echo "######################################################"
sleep 1

/sbin/service httpd restart
/usr/sbin/csf -r
/sbin/service pure-ftpd restart
/sbin/service mysql restart
/sbin/service sshd restart

echo
echo "######################################################"
echo "Stop uneceesary services"
echo "######################################################"
sleep 1

# Stop the service and the socket that triggers it
systemctl stop rpcbind.service rpcbind.socket

# Disable it from starting on boot
systemctl disable rpcbind.service rpcbind.socket

# 'Mask' it so no other service can accidentally start it
systemctl mask rpcbind.service

echo
echo "######################################################"
echo "Rando"
echo "######################################################"
sleep 1

/usr/sbin/whmapi1 setminimumpasswordstrengths default=50
/usr/sbin/whmapi1 set_tweaksetting key=smtpmailgidonly value=0

/scripts/install_lets_encrypt_autossl_provider

wget -O /usr/local/sbin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar ; chmod +x /usr/local/sbin/wp
ln -s /usr/local/sbin/wp /usr/sbin/wp
echo "alias wp='/opt/cpanel/ea-php83/root/usr/bin/php /usr/local/sbin/wp --allow-root'" >> /root/.bashrc
crontab -l | { cat; echo "*/15 * * * * /bigscoots/mon_disk.sh"; } | crontab -
sed -i 's/export PATH/export PATH\nexport EDITOR=nano/g' /root/.bash_profile

sleep 3

/bigscoots/includes/keymebatman.sh

SLACK "Install has been completed! :kiss:"

sleep 1
/usr/sbin/exim -qf

echo
echo "######################################################"
echo "Completed"
echo "######################################################"
@ Telegram