Update directadmin webserver and add some security

autoupdate_da.sh

#!/usr/bin/env bash
wget -O /usr/local/directadmin/scripts/getDA.sh https://gist.github.com/bouroo/6ffbb5afe99acdf975d0664f2e6970f6/raw/a7028ed7fb57da830b0e5d7b2678cc18527d0cf0/getDA.sh && \
/usr/local/directadmin/scripts/getDA.sh stable && \
sleep 5 && \
/usr/local/directadmin/directadmin set update_channel stable && \
/usr/local/directadmin/directadmin config-set autoupdate 1 && \
/usr/local/directadmin/scripts/getLicense.sh auto && \
service directadmin restart
exit 0

getDA.sh

#!/bin/sh

if [ $# -lt 1 ]; then
        echo "Usage:";
        echo "    $0 alpha"
        echo "    $0 beta"
        echo "    $0 current"
        echo "    $0 stable"
        echo "    $0 [commit-hash]"
        exit 0;
fi

if [ $# -gt 1 ]; then
        shift
fi

CHANNEL=$1
OS_SLUG=linux_amd64
if [ "$(uname)" = "FreeBSD" ]; then
        OS_SLUG=freebsd_amd64
fi

if [ "$(echo -n "${CHANNEL}" | wc -c)" -eq "40" ]; then
        COMMIT="${CHANNEL}"
else
        COMMIT=$(dig +short -t txt "$CHANNEL-version.directadmin.com" | sed 's|.*commit=\([0-9a-f]*\).*|\1|')
fi

if [ -z "${COMMIT}" ]; then
        echo "Error detecting latest DA release"
        exit 1
fi

set -e

FILE="directadmin_${COMMIT}_${OS_SLUG}.tar.gz"
DOWNLOAD_URL="https://download.directadmin.com/${FILE}"
DISTDIR=$(mktemp -d)
cleanup() {
        rm -rf ${DISTDIR}
}
trap cleanup EXIT

curl --location --progress-bar --connect-timeout 10 "${DOWNLOAD_URL}" --output "${DISTDIR}/${FILE}"
tar xzf "${DISTDIR}/${FILE}" -C /usr/local/directadmin
/usr/local/directadmin/directadmin p || true
/usr/local/directadmin/scripts/update.sh
echo 'action=directadmin&value=restart' >> /usr/local/directadmin/data/task.queue

echo "Update Successful."

openlitespeed.sh

#!/usr/bin/env bash
cd /usr/local/directadmin/custombuild && \
./build set modsecurity yes && \
./build set modsecurity_ruleset comodo && \
./build set webserver openlitespeed && \
./build set mod_ruid2 no && \
./build set php1_mode lsphp && \
./build set php2_mode lsphp && \
./build set php3_mode lsphp && \
./build set php4_mode lsphp && \
./build set pureftpd_uploadscan yes && \
./build update && \
./build openlitespeed && \
./build modsecurity && \
./build php n && \
./build pureftpd && \
mkdir -p custom/openlitespeed/conf && \
cp -p configure/openlitespeed/conf/httpd-modsecurity.conf custom/openlitespeed/conf/ && \
perl -pi -e 's/SecRequestBodyAccess .*/SecRequestBodyAccess On/' custom/openlitespeed/conf/httpd-modsecurity.conf && \
perl -pi -e 's/^SecDefaultAction /#SecDefaultAction /' custom/openlitespeed/conf/httpd-modsecurity.conf && \
./build rewrite_confs

echo "plz add cronjob htaccess scan"
echo "*/3 * * * * root if ! find /home/*/domains/*/*_html/ -maxdepth 2 -type f -newer /usr/local/lsws/cgid -name '.htaccess' -exec false {} +; then /usr/local/lsws/bin/lswsctrl restart; fi"

exit 0

rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# workaround for pure-ftpd not accept login
/usr/local/directadmin/custombuild/build pureftpd > /dev/null 2>&1

exit 0

transient_centos6.sh

#!/usr/bin/env bash
majversion=$(rpm --eval '%{centos_ver}')

if [ ${majversion} == 6 ]; then
chattr -i -a /usr/local/directadmin/directadmin
chattr -i -a /usr/local/directadmin/conf/license.key
wget -O directadmin_rhel6_amd64.tar.gz https://download.directadmin.com/directadmin_3eb92b2bee482dadfcfec4ee9916bf06283e4134_rhel6_amd64.tar.gz
cp -a /usr/local/directadmin /usr/local/directadmin_$(date +%Y%m%d)
tar xzf directadmin_rhel6_amd64.tar.gz -C /usr/local/directadmin
/usr/local/directadmin/directadmin permissions || true
/usr/local/directadmin/scripts/update.sh
service directadmin restart
fi

/usr/local/directadmin/custombuild/build update
/usr/local/directadmin/directadmin set update_channel stable
/usr/local/directadmin/directadmin config-set autoupdate 1
/usr/local/directadmin/custombuild/build update_da

exit 0

update-apache-da.sh

#!/usr/bin/env bash
cd /usr/local/directadmin/custombuild
./build set webserver apache
./build set php1_release 8.2
./build set php2_release 7.4
./build set php3_release 5.6
./build set php1_mode php-fpm
./build set php2_mode php-fpm
./build set php3_mode php-fpm
./build set php4_mode php-fpm
./build set mod_ruid2 no
./build set secure_php yes
#./build set mysql_inst mariadb
#./build set mariadb 10.6
./build update
./build update_da
#./build update_versions
#./build mariadb
./build php n
./build apache
./build secure_php
./build rewrite_confs
httpd -v
chgrp apache /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
chmod 705 /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
exit 0

update-nginx-da.sh

#!/usr/bin/env bash
cd /usr/local/directadmin/custombuild
./build set webserver nginx_apache
./build set php1_release 8.2
./build set php2_release 7.4
./build set php3_release 5.6
./build set php1_mode php-fpm
./build set php2_mode php-fpm
./build set php3_mode php-fpm
./build set php4_mode php-fpm
./build set mod_ruid2 no
./build set secure_php yes
#./build set mysql_inst mariadb
#./build set mariadb 10.6
./build update
./build update_da
#./build update_versions
#./build mariadb
./build php n
./build nginx_apache
./build secure_php
./build rewrite_confs
httpd -v
nginx -v
chgrp apache /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
chmod 705 /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
exit 0

update-openlitespeed-da.sh

#!/usr/bin/env bash
cd /usr/local/directadmin/custombuild
./build set webserver openlitespeed
./build set php1_release 8.2
./build set php2_release 7.4
./build set php3_release 5.6
./build set php1_mode lsphp
./build set php2_mode lsphp
./build set php3_mode lsphp
./build set php4_mode lsphp
./build set secure_php yes
#./build set mysql_inst mariadb
#./build set mariadb 10.6
./build update
./build update_da
#./build update_versions
#./build mariadb
./build php n
./build openlitespeed
./build secure_php
./build rewrite_confs
httpd -v
chgrp apache /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
chmod 705 /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
exit 0

update-phpmyadmin.sh

#!/usr/bin/env bash
yum install -y epel-release open-vm-tools bash-completion ncdu tmux htop glances
service vmtoolsd restart
yum update -y
/usr/local/directadmin/custombuild/build set_fastest && \
/usr/local/directadmin/custombuild/build update && \
/usr/local/directadmin/custombuild/build update_da && \
/usr/local/directadmin/custombuild/build set phpmyadmin_public no && \
/usr/local/directadmin/custombuild/build set custombuild_plugin yes && \
/usr/local/directadmin/custombuild/build custombuild_plugin && \
/usr/local/directadmin/custombuild/build phpmyadmin && \
/usr/local/directadmin/directadmin set one_click_webmail_login 1 && \
/usr/local/directadmin/directadmin set one_click_pma_login 1 && \
/usr/local/directadmin/custombuild/build rewrite_confs && \
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue && \
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue && \
echo "action=rewrite&value=openlitespeed" >> /usr/local/directadmin/data/task.queue && \
/usr/local/directadmin/custombuild/build phpmyadmin && \
service directadmin restart && \
/usr/local/directadmin/custombuild/build update_versions
exit 0