Web for host

Hello,
update script not part from directadmin.com
**** USE IT YOUR OWN RISKS ****

*****
*****
*****

GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.6
Release Date: 1 / 9 / 2006

*****
*****
*****

If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.
You can support update.script by paypal - CLICK HERE

update.script Version: 1.6
update script tested in this OS 32bit and 64bit.

RedHat Linux

RedHat Fedora

RedHat Enterprise

CentOS

Debian

and update to

OpenSSL (You need to build ssh, apache, php, etc after upgrade)

Exim

OpenSSH

ProFTP

ProFTP with mod_clamav

phpMyAdmin

AVG

ClamAV

MODclamAV

MRTG

SquirrelMail

SquirrelMail full language pack

SpamAssassin

IMAP (You need to build php after upgrade)

MODsecurity 2.x (Apache 2.x Only)

MODsecurity 2.x Rules

KISS My Firewall

Freetype

ImageMagick

GraphicsMagick

eAccelerator

FFMPEG-php

PHP Clamav

Webmin control panel (You need to open one port 10000 in your firewall)

MailScanner

Suhosin

NoBody Check

Just download/chmod
mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run this to read how to use.
./update.script
Run this to update update.script
./update.script UPDATEME
Run this to see release date and version
./update.script DATE
Run this to clean update script folder
./update.script CLEAN
Note:-
1- Run this to clean or update update script before you use
2- Select best mirror for your server mirror.conf , if you want new mirror.conf file just delete old one in update script folder.

*****
*****
*****

ClamAV
nano -w /etc/exim.conf
before
primary_hostname =
add
av_scanner = clamd:127.0.0.1 3310
after
check_message:
add
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
save then restart exim
/sbin/service exim restart
*****
*****
*****

ProFTP with mod_clamav
Edit
nano /etc/proftpd.conf
add this before </Global>
<IfModule mod_clamav.c>
   ClamAV on
   ClamServer 127.0.0.1
   ClamPort 3310
</IfModule>
save and restart proftp
/sbin/service proftpd restart
*****
*****
*****

MODsecurity 2.x
nano -w /etc/httpd/conf/extra/httpd-includes.conf
and add this
32bit
LoadFile /usr/lib/libxml2.so
LoadModule security2_module     /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
# ModSecurity2 ONLY
# Do not change anything in included files
#
Include /etc/modsecurity2/*.conf
</IfModule>
64bit
# Use This
LoadFile /usr/lib64/libxml2.so
# If you dont have libxml2.so use
#LoadFile /usr/lib64/libxml2.so.2
LoadModule security2_module     /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
# ModSecurity2 ONLY
# Do not change anything in included files
#
Include /etc/modsecurity2/*.conf
</IfModule>
 
/sbin/service httpd restart
*****
*****
*****

KISS My Firewall
Ready for Direct Admin & Plesk & Webmin & cPanel.
if you want use other SSH port just add in TCP_IN & TCP_OUT
Running anywhere on the command line, you simply type:
kiss start
To stop the firewall, type:
kiss stop
To get status information, type:
kiss status
If you want to block an offenders IP address/subnet, simply edit the BLOCK_LIST variable in the /usr/bin/kiss file. You can separate IP addresses and subnet's with a space. Once you are finished, simply restart KISS by typing:
kiss restart
Last, but not least, it is recommended that you configure the firewall to allow only for needed ports. Using trusted IP addresses/subnets is also recommended. These variables are located near the beginning of the /usr/bin/kiss file and are self-explanatory. Once you make changes, you should always restart KISS for the changes to take effect:
kiss restart

edit kiss and set what os you use
# Enabled this for Pre Fedora Core 2 or Red Hat
EXTN="o"
# Enabled this for Fedore Core 2 or later
EXTN="ko"
like CentOS use EXTN="ko" just remove # before EXTN="ko" then kiss start

*****
*****
*****

FFMPEG-php
when done you will see link look like
/usr/local/lib/php/extensions/no-debug-non-zts-20060613/
edit php.ini and add
extension="/usr/local/lib/php/extensions/no-debug-non-zts-20060613/ffmpeg.so"
save and restart apache
/sbin/service httpd restart
*****
*****
*****
eAccelerator
when done you will see link look like
/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so
edit php.ini and add after Windows Extensions
zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
save and restart apache
/sbin/service httpd restart
*****
*****
*****

Freetype
custombuild
Update Freetype then run
cd /usr/local/directadmin/custombuild
./build clean
./build php n
customapache
cd /usr/local/directadmin/customapache/
Apache 1
nano -w  configure.php
Apache 2
nano -w  configure2.php
replace
--with-gd \
--with-gd-dir=/usr/local \
by
--with-gd \
--with-gd-dir=/usr/local/lib \
--with-freetype \
--with-freetype-dir=/usr/local/lib \
save then run
./build clean
./build gd
Apache 1
./build clean
./build gd
./build php n
service httpd restart
Apache 2
./build clean
./build gd
./build php_ap2 n
service httpd restart
*****
*****
*****

ImageMagick
Install ImageMagick then run
cd /usr/local/directadmin/custombuild
./build clean
if you use PHP 5 edit configure.php5, other PHP configure.php4 and configure.php6
Apache 1
nano -w /usr/local/directadmin/custombuild/configure/ap1/configure.php5
Apache 2
nano -w /usr/local/directadmin/custombuild/configure/ap2/configure.php5
add
--with-imagick=/usr/local \
after
--with-freetype-dir=/usr/local/lib \
save then run
./build php n
*****
*****
*****

GraphicsMagick
Install GraphicsMagick then run
cd /usr/local/directadmin/custombuild
./build clean
if you use PHP 5 edit configure.php5, other PHP configure.php4 and configure.php6
Apache 1
nano -w /usr/local/directadmin/custombuild/configure/ap1/configure.php5
Apache 2
nano -w /usr/local/directadmin/custombuild/configure/ap2/configure.php5
add
--with-gmagick=/usr/local \
after
--with-freetype-dir=/usr/local/lib \
save then run
./build php n
*****
*****
*****

IMAP
Apache 1
nano -w  configure.php
Apache 2
nano -w  configure2.php
add
--with-imap=/usr/local/imap-2004c1 \
after
--with-zip \
save then build php and restart apache
service httpd restart
*****
*****
*****

AVG Anti-Virus
Clean folder HOME (full)
avgscan -clean -ext=* -rt -arc /home
clean folder HOME (without archives)
avgscan -clean -ext=* -rt /home
Update AVG DB
avgupdate --path="/opt/avg/avg8/update/download"
ill add more soon.

*****
*****
*****

Nobody Check Security Tool
The Nobody Check tool is a new and unique security tool that can detect malicious processes that are running on your Linux server and report them to you in real time or by email. The tool can be configured to run at selected times and doesnt eat up resources or interfere with server operations.

*****
*****
*****

MailScanner
Edit
nano -w  /etc/exim.conf
find
primary_hostname
add before
spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
EDIT
nano -w /etc/init.d/exim
find
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"
replace to
QUEUE="15m"
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -C /etc/exim_outgoing.conf"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"
EDIT
nano -w /opt/MailScanner/etc/MailScanner.conf
and update this to your information
%org-name% = yoursite
%org-long-name% = Your Organisation Name Here
%web-site% = www.your-organisation.com
Search & set this
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf
Virus Scanners = none
Use SpamAssassin = yes
Always Include SpamAssassin Report = yes
now MailScanner work without anti virus,
you can scan all mail using AVG, ClamAV or BOTH same time,
just install AVG and ClamAV then edit
nano -w /opt/MailScanner/etc/MailScanner.conf
find
Virus Scanners = none
replace to
Virus Scanners = avg
and restart MailScanner
killall -9 MailScanner
/opt/MailScanner/bin/check_mailscanner
Edit
nano -w /etc/crontab
Add
37      5 * * * /opt/MailScanner/bin/update_phishing_sites
07      * * * * /opt/MailScanner/bin/update_bad_phishing_sites
58     23 * * * /opt/MailScanner/bin/clean.quarantine
3,23,43 * * * * /opt/MailScanner/bin/check_mailscanner
# Remove # if you want MailScanner to update anti virus
#42      * * * * /opt/MailScanner/bin/update_virus_scanners
now MailScanner use AVG to scan all mail and exim (exim.conf) scan all mail use ClamAV

*****
*****
*****

MODclamAV
nano -w /etc/httpd/conf/extra/httpd-includes.conf
and add this
# mod ClamAV
Include conf/extra/mod_clamav.conf
save then restart apache
/sbin/service httpd restart
*****
*****
*****

Suhosin
nano -w /usr/local/lib/php.ini
and add this at then end
;************************************************************************
;                           suhosin Parameters
;       For a full list of parameters and their documentation go to:
;         (http://www.hardened-php.net/suhosin/configuration.html)
;************************************************************************
[suhosin]
extension="/usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so"
; Logging Configuration 
# Use your link in place of web4host.net
suhosin.filter.action = [302,]http://www.web4host.net/index.php
suhosin.log.syslog.facility = 9
suhosin.log.syslog.priority = 1
suhosin.log.use-x-forwarded-for = Off

; Executor Options 
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 4
suhosin.executor.include.whitelist =
#suhosin.executor.include.blacklist = "php://, http://, ftp://, gzip://,https://, ftps://, compress.zlib://"
suhosin.executor.include.blacklist = "php://, http://, ftp://, gzip://,https://, ftps://"
suhosin.executor.func.whitelist =
suhosin.executor.func.blacklist = system, shell_exec, exec, passthru, php_uname, popen, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_uname, proc_close, proc_nice, proc_open, proc_terminate
#suhosin.executor.func.blacklist = dl, system, passthru, pclose, proc_nice, proc_terminate, posix_getpwuid, posix_uname, pfosckopen, leak, posix_setuid, escapeshellcmd, escapeshellarg, hypot, pg_host, pos, posix_access, posix_getcwd, posix_getgid, posix_getservbyname,myshellexec,getpid, posix_getsid,  posix_isatty, posix_kill, posix_mkfifo, posix_mknod, posix_setgid, posix_setsid, posix_setuid, posix_times, posix_uname, ps_fill, posix_getpwuid, ini_restore, symlink, ini_get_all, zip_open, zip_read, rar_open, bzopen, bzread, bzwrite, shellcode, backtick, cmd, virtual, pcntl_exec, ini_alter, show_source, apache_get_modules, apache_get_version, apache_note, openlog, tmpfile, crack_check, crack_closedict, php_ini_scanned_files, inurl, apache_setenv, closelog, debugger_off, debugger_on, define_syslog_variables, syslog, ftp_exec, posix_setpgid, posix_setsid, posix_setuid, get_current_user, getmyuid, getmygid, listen, netscript, ini_restore, php.ini, id, popen, shell_exec, php_uname, getPath, dir_writeable, read_dir, execute_command, diskfreespace, disk_total_space, proc_open, switch, mkdir
suhosin.executor.eval.whitelist =
suhosin.executor.eval.blacklist =
suhosin.executor.allow_symlink = Off
suhosin.executor.disable_emodifier = Off
suhosin.executor.disable_eval = Off

; Misc Options 
suhosin.apc_bug_workaround = Off
suhosin.sql.bailout_on_error = Off
suhosin.sql.comment = 0
suhosin.sql.multiselect = 0
suhosin.sql.opencomment = 0
suhosin.sql.union = 0
suhosin.sql.user_postfix =
suhosin.sql.user_prefix =
suhosin.multiheader = Off
suhosin.memory_limit = 128
suhosin.mail.protect = 1

; Transparent Encryption Options 
suhosin.session.encrypt = On
suhosin.session.cryptkey =
suhosin.session.cryptua = On
suhosin.session.cryptdocroot = On
suhosin.session.cryptraddr = 0
suhosin.session.checkraddr = 0
suhosin.session.max_id_length = 128
suhosin.cookie.checkraddr = 0
suhosin.cookie.cryptdocroot = On
suhosin.cookie.cryptkey =
suhosin.cookie.cryptlist =
suhosin.cookie.cryptraddr = 0
suhosin.cookie.cryptua = On
suhosin.cookie.disallow_nul = 1
suhosin.cookie.disallow_ws = 0
suhosin.cookie.encrypt = On
suhosin.cookie.plainlist =

; Filtering Optionins
suhosin.cookie.max_array_depth = 100
suhosin.cookie.max_array_index_length = 64
suhosin.cookie.max_name_length = 64
suhosin.cookie.max_totalname_length = 256
suhosin.cookie.max_value_length = 10000
suhosin.cookie.max_vars = 2048
suhosin.get.disallow_nul = On
suhosin.get.disallow_ws = 0
suhosin.get.max_array_depth = 50
suhosin.get.max_array_index_length = 64
suhosin.get.max_name_length = 64
suhosin.get.max_totalname_length = 256
suhosin.get.max_value_length = 512
suhosin.get.max_vars = 2048
suhosin.perdir = 0
suhosin.coredump = Off
suhosin.post.disallow_nul = On
suhosin.post.disallow_ws = 0
suhosin.post.max_array_depth = 100
suhosin.post.max_array_index_length = 64
suhosin.post.max_name_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 2048
suhosin.protectkey = On
suhosin.request.disallow_nul = On
suhosin.request.disallow_ws = 0
suhosin.request.max_array_depth = 100
suhosin.request.max_array_index_length = 64
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_varname_length = 64
suhosin.request.max_vars = 2048
suhosin.stealth = On
suhosin.upload.max_uploads = 25
suhosin.upload.disallow_elf = 1
suhosin.upload.disallow_binary = Off
suhosin.upload.remove_binary =
suhosin.upload.verification_script =
suhosin.session.max_id_length = 128
suhosin.simulation = Off
    ;************************************************************************
    ;                       End suhosin Parameters
    ;************************************************************************
save then restart apache
/sbin/service httpd restart
*****
*****
*****

PHP Clamav
when done you see link look like
/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so
edit php.ini and add this at the end
extension=/usr/local/lib/php/extensions/no-debug-non-zts-20060613/clamav.so
[clamav]
clamav.dbpath=/var/lib/clamav
clamav.maxreclevel=0
clamav.maxfiles=0
clamav.archivememlim=0
clamav.maxfilesize=0
clamav.maxratio=0
save and restart apache
/sbin/service httpd restart
*****
*****
*****

Best Regards,
Wael Isa