SCDNG PELER
Server IP : 162.241.126.129  /  Your IP : 18.189.192.214
Web Server : Apache
System : Linux 162-241-126-129.cprapid.com 4.18.0-477.27.2.el8_8.x86_64 #1 SMP Fri Sep 29 08:21:01 EDT 2023 x86_64
User : rvway5nu4 ( 1018)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /proc/thread-self/root/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME ]     

Current File : /proc/thread-self/root/scripts//fixtlsversions
#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/fixtlsversions                    Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

package scripts::fixtlsversions;

# This script is related to CPANEL-33512 and is expected to be
# of limited usefulness outside of the one-time task to ensure
# that TLSv1.2 is active for cpsrvd and other services.

use strict;
use warnings;
use Cpanel::LoadModule     ();
use Cpanel::SSL::Protocols ();
use Cpanel::ServerTasks    ();
use Cpanel::Imports;

use Getopt::Long 'GetOptionsFromArray';

exit run(@ARGV) unless caller;

sub run {
    my @args = @_;
    my ( $help, $dry_run, $update );
    GetOptionsFromArray(
        \@args,
        'help'    => \$help,
        'dry-run' => \$dry_run,
        'update'  => \$update,
    ) || return _usage(1);
    return _usage(0) if $help;
    return _usage(1) unless $dry_run xor $update;

    my $obj = __PACKAGE__->new( update => $update );

    $obj->logmsg('Ensuring that web-accessible services have TLSv1.2 active …');

    for my $try ( 1, 2 ) {
        $obj->adjust_cpsrvd_and_cpdavd();
        $obj->adjust_apache();

        if ( $obj->{failed} ) {
            $obj->logmsg( sprintf( '%d error(s) occurred.', $obj->{failed} ) );
            if ( $try == 1 ) {
                $obj->logmsg('Trying again …');
                delete $obj->{failed};
                sleep 2;
            }
        }
        else {
            $obj->logmsg('Done.');
            last;
        }
    }

    return $obj->{failed} ? 1 : 0;
}

sub new {
    my ( $package, %opts ) = @_;
    return bless {%opts}, $package;
}

sub adjust_cpsrvd_and_cpdavd {
    my ($self) = @_;

    for my $service (qw(cpsrvd cpdavd)) {
        my $module = "Cpanel::ServiceConfig::$service";
        Cpanel::LoadModule::load_perl_module($module);

        my $conf_obj    = $module->new();
        my $settings_hr = $conf_obj->get_config(1);

        my $old_string = $settings_hr->{SSLVersion};
        my $new_string = Cpanel::SSL::Protocols::upgrade_version_string_for_tls_1_2( $settings_hr->{SSLVersion}, '_' );
        $settings_hr->{SSLVersion} = $new_string;

        if ( $new_string ne $old_string ) {
            if ( $self->{update} ) {
                eval {
                    $conf_obj->validate($settings_hr) or die "Failed to validate configuration\n";
                    my ( $save_ok, $save_msg ) = $conf_obj->save_datastore($settings_hr);
                    $conf_obj->update_config($settings_hr);
                    Cpanel::ServerTasks::queue_task( ['CpServicesTasks'], "restartsrv $service" );
                };
                if ( my $exception = $@ ) {
                    $self->logmsg("'$service' failed to update TLS protocols: $exception");
                    ++$self->{failed};
                }
                else {
                    $self->logmsg("'$service' switched $old_string to $new_string");
                }
            }
        }
        else {
            $self->logmsg("'$service' left $old_string unchanged");
        }
    }
    return;
}

sub adjust_apache {
    my ($self) = @_;

    require Cpanel::EA4::Conf;
    my $conf       = Cpanel::EA4::Conf->instance();
    my $old_string = $conf->sslprotocol;
    my $new_string = Cpanel::SSL::Protocols::upgrade_version_string_for_tls_1_2_apache($old_string);
    my $current    = $conf->sslprotocol($new_string);
    if ( $new_string ne $old_string ) {
        if ( $self->{update} ) {
            eval {
                $conf->save;
                Cpanel::ServerTasks::queue_task( ['ApacheTasks'], 'build_apache_conf' );
            };
            if ( my $exception = $@ ) {
                $self->logmsg("'httpd' failed to update TLS protocols: $exception");
                ++$self->{failed};

                # rebuild conf but save restart for the next time it's necessary
            }
            else {
                $self->logmsg("'httpd' switched $old_string to $new_string");
            }
        }
    }
    else {
        $self->logmsg("'httpd' left $old_string unchanged");
    }
    return;
}

sub logmsg {
    my ( $self, $msg ) = @_;
    return logger()->info( sprintf( '%s%s', $self->{update} ? '' : '(dry run) ', $msg ) );
}

sub _usage {
    my ($error) = @_;
    my $usage = <<EOU;
usage: $0 --dry-run | --update

You must specify one or the other, and you may not specify both.

--dry-run: Do everything (including log messages) except make the actual changes

--update: Make the changes
EOU

    if ($error) {
        print STDERR $usage;
        return 1;
    }
    print $usage;
    return 0;
}

Anon7 - 2022
SCDN GOK