Linux server.edchosting.com 4.18.0-553.79.1.lve.el7h.x86_64 #1 SMP Wed Oct 15 16:34:46 UTC 2025 x86_64
LiteSpeed
Server IP : 75.98.162.185 & Your IP : 216.73.216.163
Domains :
Cant Read [ /etc/named.conf ]
User : goons4good
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
opt /
bin /
cron /
Delete
Unzip
Name
Size
Permission
Date
Action
a2cop.sh
5.28
KB
-rwxr-xr-x
2023-07-05 13:07
a2cop.sh.bak
5.22
KB
-rwxr-xr-x
2023-07-05 13:07
apache_up.sh
199
B
-rwxr-xr-x
2022-10-27 11:41
auto_fsck_off
81
B
-rwxr-xr-x
2022-10-27 11:41
backup_storage_config.sh
1.53
KB
-rwxr-xr-x
2022-08-15 03:10
cdns_check.sh
1.39
KB
-rwxr-xr-x
2022-10-27 11:41
check_autossl_domains.py
4.58
KB
-rwxr-xr-x
2023-07-04 02:48
check_autossl_excluded.sh
6.88
KB
-rwxr-xr-x
2023-05-22 11:59
check_clnrepos.sh
1.33
KB
-rwxr-xr-x
2024-10-14 15:57
check_rpmdb.sh
670
B
-rwxr-xr-x
2024-06-20 10:20
clean_authorized_keys.sh
2.24
KB
-rwxr-xr-x
2025-09-25 05:08
clean_htdocs.sh
1.13
KB
-rwxr-xr-x
2022-10-27 11:41
clean_temp.sh
301
B
-rwxr-xr-x
2022-10-27 11:41
cleanup-modsec-logs.sh
269
B
-rwxr-xr-x
2022-10-27 11:41
cpanel-config.sh
4.54
KB
-rwxr-xr-x
2025-01-10 04:36
cpanel.config.template
8.87
KB
-rwxr-xr-x
2025-01-09 03:02
cron_frequency.sh
145
B
-rwxr-xr-x
2022-10-27 11:41
dbgovernor_check.sh
92
B
-rwxr-xr-x
2022-10-27 11:41
disable_cpupdate_mdedi.sh
658
B
-rwx------
2024-02-06 02:56
enable_process_accounting.sh
130
B
-rwxr-xr-x
2022-10-27 11:41
fsck_no.sh
209
B
-rwxr-xr-x
2022-10-27 11:41
grubinst7.sh
1.43
KB
-rwxr-xr-x
2024-12-16 13:25
io_nice.sh
125
B
-rwxr-xr-x
2022-10-27 11:41
kill_php.sh
1.57
KB
-rwxr-xr-x
2022-10-27 11:41
litespeed_mailer.sh
2.18
KB
-rwxr-x---
2024-05-14 05:54
lsup_wrap.sh
2.72
KB
-rwx------
2024-09-19 15:53
mailperm_random.sh
117
B
-rwxr-xr-x
2022-10-27 11:41
mdedi_disk_monitoring.sh
6.76
KB
-rwx------
2024-04-18 04:49
mysql_dumpdbs_all.sh
5.81
KB
-rwxr-xr-x
2023-04-18 13:21
patchman-check.sh
106
B
-rwxr-xr-x
2022-10-27 11:41
php_handler_fix.sh
571
B
-rwxr-xr-x
2023-12-06 02:25
pull_disk_locator.sh
813
B
-rwxr-xr-x
2022-10-27 15:28
ramcheck.py
2.75
KB
-rwxr-xr-x
2023-03-21 12:53
randomize_litespeed_server_admin_password.sh
935
B
-rwxr-xr-x
2023-04-24 13:27
randomize_root_password.sh
265
B
-rwxr-xr-x
2022-10-27 11:41
randomize_sqlroot_password.sh
2.1
KB
-rwxr-xr-x
2023-06-19 01:28
referee
2.52
KB
-rwxr-xr-x
2022-10-27 11:41
salt_deployment_cleaner.sh
637
B
-rwxr-xr-x
2023-03-06 04:07
salt_minion_restart.sh
1.68
KB
-rwxr-xr-x
2022-12-19 04:12
upcp-major-at-scheduler.sh
621
B
-rwxr-xr-x
2022-09-29 15:30
upcp-major.sh
2.33
KB
-rwxr-xr-x
2022-10-12 13:41
update_localdomains.sh
60
B
-rwxr-xr-x
2022-10-27 11:41
updatecfips.sh
1.62
KB
-rwxr-xr-x
2023-05-22 11:59
Save
Rename
#!/bin/bash -E # # a2cop.sh exploit scanner script, for all managed servers # - runs every 12 hours # Use /etc/a2cop_whitelist to whitelist a process locally. # Update - a2cop/gl_proc_whitelist - on m5 to whitelist a process globally. # Update - a2cop/gl_user_whitelist - on m5 to whitelist a user. # # Ref. JIRA OPS-861 # # v.2 - Update to send notifications to Slack #a2cop room # v.3 - Expanding malicious command visibility # v.4 - Implementing malicious cron job detection | OPSPROJ-59 # v.5 - Whitelisting improvements | SYSENG-1602 # v.6 - Updated to remove slack hook from script | SYSENG-16892 SLACKHOOK=CHANGE_MY_HOOK qarg=$1 cache_dir="/var/cache/a2cop" gl_user_whitelist="${cache_dir}/gl_user_whitelist" gl_proc_whitelist="${cache_dir}/gl_proc_whitelist" local_proc_whitelist="/etc/a2cop_whitelist" # Create some files/folders _prerun() { # Create cache dir if doesn't exit if [ ! -d ${cache_dir} ]; then mkdir -p ${cache_dir} chmod 700 ${cache_dir} fi # Create local process whitelist file if [ ! -f ${local_proc_whitelist} ]; then touch ${local_proc_whitelist} chmod 600 ${local_proc_whitelist} fi } trap _exit EXIT ERR _prerun # Temp files ps_snap=$(mktemp -p ${cache_dir}) cron_snap=$(mktemp -p ${cache_dir}) cron_tmp_user=$(mktemp -p ${cache_dir}) report=$(mktemp -p ${cache_dir}) # Exit/error handler _exit() { # Clean-up temp files rm -f ${ps_snap}{,.tmp} ${cron_snap} ${report} ${cron_tmp_user} } # Notifications to Slack #monitoring _slack_SA_curl() { yellow="#EBB424" red="#D40E0D" green="#49C39E" local _message=$1 local _color=$2 _url_hook="$SLACKHOOK" _json="{\"attachments\": [{\"text\": \"${_message}\",\"color\": \"${_color}\" }]}" curl -X POST -H 'Content-type: application/json' -d "${_json}" "${_url_hook}" } # Download updated whitelists from armory _download_whitelist() { local base_url="https://m5.a2hosting.com/a2cop" local list="$1" local tmp_list="${list}.tmp" local list_url="${base_url}/$(echo ${list} | cut -f5 -d/)" http_status=$(curl --retry 5 --retry-delay 60 -s -o "${tmp_list}" -w '%{http_code}' "${list_url}") if [ ${http_status} -eq 200 ]; then if ! cmp -s ${tmp_list} ${list}; then install -m 644 ${tmp_list} ${list} fi else echo "ERROR: Downloading from ${list_url}" >> ${report} echo "-----------------------------------" >> ${report} fi rm -f ${tmp_list} } # Get list of processes running from users _get_processlist() { # Get process list with UID > 499 and CPU higher than 5%, exclude zombie process running less than 60 second ps -eo uid,user:20,pid,cmd:50,pcpu,etimes,stat | awk '$(NF-2) > 5 && $1 > 499 && !( $8=="Z+" && $7 < 60 ) {printf $1" "$2" "$3" "; for(i=4;i<=(NF-1);++i) printf "%s ", $i; print $NF; printf ""}' >${ps_snap} } # Exclude users in gl_user_whitelist (Global whitelisted users) _exclude_whitelisted_users() { _download_whitelist ${gl_user_whitelist} while read -r user; do if id -u ${user} > /dev/null 2>&1; then user_id=$(id -u ${user}) awk -v UID=${user_id} '$1 !~ UID {printf $1" "$2" "$3" "; for(i=4;i<=(NF-1);++i) printf "%s ", $i; print $NF; printf ""}' ${ps_snap} > ${ps_snap}.tmp mv ${ps_snap}.tmp ${ps_snap} fi done < ${gl_user_whitelist} } # Exclude process in gl_proc_whitelist (Global whitelisted processes) _exclude_whitelisted_process() { _download_whitelist ${gl_proc_whitelist} cat ${gl_proc_whitelist} ${local_proc_whitelist} | while read -r proc; do awk -v PROC="${proc}" '$4 !~ PROC {printf $1" "$2" "$3" "; for(i=4;i<=(NF-1);++i) printf "%s ", $i; print $NF; printf ""}' ${ps_snap} > ${ps_snap}.tmp awk -v PROC="${proc}" '$5 !~ PROC {printf $1" "$2" "$3" "; for(i=4;i<=(NF-1);++i) printf "%s ", $i; print $NF; printf ""}' ${ps_snap}.tmp > ${ps_snap} done } # Find, detect malicious cron jobs _detect_malicious_cronjobs() { grep tmp /var/spool/cron/* | grep -v ":#" > ${cron_snap} grep -v UID ${report} | awk '{print $2}' | sort | stdbuf -oL -eL uniq > ${cron_tmp_user} if [ -s ${cron_tmp_user} ]; then cat ${cron_tmp_user} | while read -r cronuser; do if [ -s /var/spool/cron/${cronuser} ]; then grep -H . /var/spool/cron/${cronuser} | grep -Ev "MAILTO|SHELL|tmp" >> ${cron_snap} fi done fi } _exclude_whitelisted_crons() { cat ${gl_proc_whitelist} ${local_proc_whitelist} | while read -r cronproc; do awk -v CPROC="${cronproc}" '$6 !~ CPROC {printf $1" "$2" "$3" "; for(i=4;i<=(NF-1);++i) printf "%s ", $i; print $NF; printf ""}' ${cron_snap} > ${cron_snap}.tmp awk -v CPROC="${cronproc}" '$7 !~ CPROC {printf $1" "$2" "$3" "; for(i=4;i<=(NF-1);++i) printf "%s ", $i; print $NF; printf ""}' ${cron_snap}.tmp > ${cron_snap} done if [ -s ${cron_snap} ]; then echo " - Potential malicious cron jobs identified: " cat ${cron_snap} | tee -a ${report} fi } # Report _slack_report() { if [ -s ${report} ] && [ $(grep -wvc UID ${report}) -gt 0 ]; then if [[ "${qarg}" == "--quiet" ]] || [[ "${qarg}" == "-q" ]] ; then exit else _slack_SA_curl "$(echo -e "*$HOSTNAME*:\n"; echo "\`\`\`"; cat "${report}" ; echo "\`\`\`")" "${red}" fi fi } # Exec _get_processlist _exclude_whitelisted_users _exclude_whitelisted_process cat ${ps_snap} | tee -a ${report} _detect_malicious_cronjobs _exclude_whitelisted_crons _slack_report