#!/bin/bash # setup some stuff to use LOG=/root/awp-uninstall.log DATE=$(date +%Y%m%d-%H:%M) export LANG=en_US.UTF-8 if [ -f /var/awp/etc/config ]; then source /var/awp/etc/config &>/dev/null fi function isV5Installed { return `rpm -q --quiet asl` } # exit function app_exit { echo rm -f /awp-uninstaller.lock exit $1 } # make sure no instance of the installer is running if [ ! -e /awp-uninstaller.lock ]; then touch /awp-uninstaller.lock else echo "Another uninstaller is already running." app_exit 1 fi # exit if awp isn't installed if ! rpm -q awp ; then echo "AWP installation not detected" echo "`date -u`: AWP Installation not detected " >> $LOG app_exit 1 fi # exit if yum is set to always say yes if grep -q "^assumeyes=1" "/etc/yum.conf"; then echo "Not supported: assumeyes=1 was detected in yum.conf, the uninstaller will not run" echo "`date -u`: Not Supported: assumeyes=1 was detected in yum.conf" >> $LOG app_exit 1 fi # if [ ! $SSH_TTY ]; then UNINSTALL_TTY="/dev/$(ps -p$$ --no-heading | awk '{print $2}')" else UNINSTALL_TTY=$SSH_TTY fi # determine uninstall type echo "`date -u`: Uninstall initiated" >> $LOG if [ -d /usr/local/directadmin ] ; then TYPE=directadmin elif [ -d /usr/local/cpanel ]; then TYPE=cpanel elif [ -d /usr/local/psa ]; then TYPE=plesk else TYPE=normal fi echo "`date -u`: Environment $TYPE detected " >> $LOG echo echo " WARNING: This utility will remove AWP entirely from the system." read -p " Are you sure this is what you want to do? Type CONTINUE if you are sure you want to do this. (CONTINUE/STOP): " INPUT < $UNINSTALL_TTY # continue with uninstall or quit echo "`date -u`: User selected $INPUT " >> $LOG if [ "$INPUT" != "CONTINUE" ]; then echo echo " Exiting..." echo echo "`date -u`: User did not agree to uninstall " >> $LOG echo "`date -u`: uninstaller exiting " >> $LOG app_exit 1 else echo "`date -u`: User selected $INPUT " >> $LOG fi service awpwebd stop >> $LOG service awpd stop >> $LOG service crond stop >> $LOG service ossec-hids stop >> $LOG service clamd stop >> $LOG # kill awp stuff with fire if it's still running somehow for pid in `ps auxwww | grep awp | grep -v grep | awk '{print $2}'` ; do kill -9 $pid done # remove relevant yum packages FULL_LIST="" if isV5Installed; then FULL_LIST="awp awp-web" else FULL_LIST="mod_security mod_sed awp awp-web mod_evasive ossec-hids paxtest clamd clamav-db clamav gradm tortixd aum tortix-release chkrootkit inotify-tools" fi echo "`date -u`: starting yum remove " >> $LOG /usr/bin/yum remove $FULL_LIST if [ $? -ge 1 ]; then echo "No packages removed, exiting" app_exit 1 fi echo "`date -u`: yum remove complete (exit $?) " >> $LOG userdel awpweb | tee -a $LOG # cleanup awp tree echo "Clearing the /var/awp tree. This could take a few minutes, please be patient" echo -n " Removing /var/awp :" rm -rf /var/awp echo "Complete" echo "`date -u` removed /var/awp" >> $LOG # if v5 isn't installed as well, nuke additional things if ! isV5Installed; then # Cpanel if [ -f /scripts/preeasyapache ]; then rm -f /scripts/preeasyapache fi if [ -f /scripts/posteasyapache ]; then rm -f /scripts/posteasyapache fi userdel tortix | tee -a $LOG groupdel tortix | tee -a $LOG if [ -d /etc/httpd/modsecurity.d/ ]; then rm -rf /etc/httpd/modsecurity.d/* fi if [ "$TYPE" == "cpanel" ]; then if [ -f /etc/httpd/modsecurity.d/00_mod_security.conf ]; then rm -f /etc/httpd/modsecurity.d/00_mod_security.conf echo "`date -u` removed /etc/httpd/modsecurity.d/00_mod_security.conf" >> $LOG fi touch /usr/local/apache/conf/modsec2.conf touch /usr/local/apache/modsecurity.d/tortix_waf.conf service httpd restart >> $LOG elif [ "$TYPE" == "plesk" ]; then if [ -f /usr/local/psa/admin/conf/panel.ini ]; then rm -f /usr/local/psa/admin/conf/panel.ini echo "`date -u` removed /usr/local/psa/admin/conf/panel.ini" >> $LOG fi if [ -f /usr/local/psa/var/log ] && [ -L /usr/local/psa/var/log ]; then rm -f /usr/local/psa/var/log fi if [ -f /usr/local/psa/admin/logs ] && [ -L /usr/local/psa/admin/logs ]; then rm -f /usr/local/psa/admin/logs fi if [ -f /var/qmail/control/tlsserverciphers ]; then sed -i "s/ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM//g" /var/qmail/control/tlsserverciphers fi if [ -f /var/qmail/control/tlsclientciphers ]; then sed -i "s/ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM//g" /var/qmail/control/tlsclientciphers fi fi # Drop database if [ $OSSEC_DATABASE ]; then /usr/bin/mysqladmin drop $OSSEC_DATABASE | tee -a $LOG fi # clear some directories and remove .repo files rm -rf /var/ossec rm -f /etc/yum.repos.d/asl.repo >> $LOG rm -f /etc/yum.repos.d/tortix-kernel.repo >> $LOG rm -f /etc/yum.repos.d/tortix-common.repo >> $LOG sed -i "s/=kernel-asl/=kernel/g" /etc/sysconfig/kernel # final kernel check if ! rpm -qa |grep ^kernel- ; then echo echo "WARNING****WARNING****WARNING" echo echo "No kernels were detected after uninstallation. This could mean that your system is now" echo "unbootable" echo echo "If this is anything other than an openvz or virtuozzo system you need to fix this." echo "WARNING****WARNING****WARNING" echo echo echo "`date -u` WARNING: no kernels detected" >> $LOG fi echo "`date -u`: uninstall complete" >> $LOG fi service crond start >> $LOG app_exit 0