#!/bin/sh LOG=/root/asl-uninstall.log DATE=$(date +%Y%m%d-%H:%M) if [ -f /etc/asl/config ]; then source /etc/asl/config fi echo "`date -u`: Uninstall initiated" >> $LOG if [ -d /usr/local/directadmin ] ; then TYPE=directadmin elif [ -d /usr/local/cpanel ]; then TYPE=cpanel else TYPE=normal fi echo "`date -u`: Environment $TYPE detected " >> $LOG echo echo " WARNING: This utility will remove ASL entirely from the system." echo " Are you sure this is what you want to do?" read -p " Type CONTINUE if you are sure you want to do this. (CONTINUE/STOP): " INPUT echo "`date -u`: User selected $INPUT " >> $LOG if [ "$INPUT" != "CONTINUE" ]; then echo echo " Exiting..." echo echo "`date -u`: User did not agree to uninstall " >> $LOG echo "`date -u`: uninstaller exiting " >> $LOG exit else echo "`date -u`: User selected $INPUT " >> $LOG fi # Normal service asl-firewall stop >> $LOG service crond stop >> $LOG service psmon stop >> $LOG if [ -f /var/ossec/bin/ossec-control ]; then /var/ossec/bin/ossec-control stop >> $LOG fi service clamd stop >> $LOG COMMON_LIST="roadsend-php-libs" FULL_LIST="mod_security mod_sed asl mod_evasive ossec-hids psmon rkhunter skdet unhide paxtest clamd clamav-db clamav asl-web gradm asl-web tortixd asl-php* aum aqueduct* asl-stream* tortix-release asl-php* rblcheck bigloo-libs chkrootkit inotify-tools" EXCLUDED="^psa-*|^GeoIP|^geoipupdate|sqlite|yum|libmnl" UPDATED_LIST="$(/usr/bin/yum list installed |egrep -v $EXCLUDED | grep asl-4.0 | awk '{ print $1}' )" echo "`date -u`: starting yum remove " >> $LOG /usr/bin/yum remove $FULL_LIST $COMMON_LIST $UPDATED_LIST if [ $? -ge 1 ]; then echo "There was an error in yum, should the uninstall continue?" read -p " Type CONTINUE if you want to continue the uninstall. (CONTINUE/STOP): " INPUT2 if [ "$INPUT2" != "CONTINUE" ]; then echo echo " Exiting..." echo echo "`date -u`: User stopped after yum error " >> $LOG echo "`date -u`: uninstaller exiting " >> $LOG exit else echo "`date -u`: User selected $INPUT2 " >> $LOG fi fi echo "`date -u`: yum remove complete (exit $?) " >> $LOG # Cpanel if [ -f /scripts/posteasyapache ]; then rm -f /scripts/posteasyapache fi if [ -f /scripts/preeasyapache ]; then rm -f /scripts/preeasyapache fi # killall -9 psmon >/dev/null 2>&1 if [ -f /var/lock/subsys/psmon ]; then rm -f /var/lock/subsys/psmon fi # Remove users userdel tortix | tee -a $LOG userdel asl-web | tee -a $LOG # Sometimes there's an error here saying the group no longer exists, so check it first if grep -q ^tortix: /etc/passwd ; then groupdel tortix | tee -a $LOG fi # Recurse through modsecurity directory and subdirectories (it would previously catch "advanced" as a directory so we need -r to remove it) if [ -d /etc/httpd/modsecurity.d/ ]; then rm -rf /etc/httpd/modsecurity.d/* fi if [ ! -f /var/asl/bin/asl ]; then echo "Clearing the /var/asl tree. This could take a few minutes, please be patient" echo -n " Removing /var/asl :" rm -rf /var/asl echo "Complete" echo "`date -u` removed /var/asl" >> $LOG else echo "Error: /var/asl/bin/asl was still detected, not removing /var/asl" fi service crond start >> $LOG if [ "$TYPE" == "cpanel" ]; then if [ -f /etc/httpd/modsecurity.d/00_mod_security.conf ]; then rm -f /etc/httpd/modsecurity.d/00_mod_security.conf fi if [ -f /etc/apache2/conf.d/zz_mod_security.conf ]; then rm -f /etc/apache2/conf.d/zz_mod_security.conf fi touch /usr/local/apache/conf/modsec2.conf touch /usr/local/apache/modsecurity.d/tortix_waf.conf echo "`date -u` removed /etc/httpd/modsecurity.d/00_mod_security.conf" >> $LOG service httpd restart >> $LOG fi # Drop database if [ $OSSEC_DATABASE ]; then /usr/bin/mysqladmin drop $OSSEC_DATABASE | tee -a $LOG fi # clear geodb if [ -d /usr/share/xt_geoip/ ]; then rm -rf /usr/share/xt_geoip/ fi rm -rf /etc/asl rm -rf /var/ossec rm -f /etc/yum.repos.d/asl.repo rm -f /etc/yum.repos.d/tortix-common.repo >> $LOG # final kernel check if ! rpm -qa |grep ^kernel- ; then echo echo "WARNING****WARNING****WARNING" echo echo "No kernels were detected after uninstallation. This could mean that your system is now" echo "unbootable" echo echo "If this is anything other than an openvz or virtuozzo system you need to fix this." echo "WARNING****WARNING****WARNING" echo echo echo "`date -u` WARNING: no kernels detected" >> $LOG fi echo "`date -u`: uninstall complete" >> $LOG