#!/bin/bash #################################################################################################### #### author: SlickStack ############################################################################ #### link: https://slickstack.io ################################################################### #### mirror: https://mirrors.slickstack.io/crons/11-cron-half-monthly.txt ########################## #### path: /var/www/crons/11-cron-half-monthly ##################################################### #### destination: n/a (not a boilerplate) ########################################################## #### purpose: SlickStack cron job *half-monthly* (11/13) will run every ~2 weeks ################### #### module version: Ubuntu 22.04 LTS ############################################################## #### sourced by: root crontab ###################################################################### #### bash aliases: ss cron 11, ss cron [half-monthly|half monthly] ################################# #################################################################################################### ## NEVER MODIFY ROOT CRONTAB OR SLICKSTACK CRON JOBS OR YOUR STACK WILL STOP WORKING ## ## INSTEAD ADJUST INTERVAL_SS SETTINGS IN SS-CONFIG OR EDIT CUSTOM CRON FILES ## #################################################################################################### #### TABLE OF CONTENTS (11-Cron-Half-Monthly) ###################################################### #################################################################################################### ## this is a brief summary of the different code snippets you will find in this script ## ## each section should be commented so you understand what is being accomplished ## ## A. Validate (Restore) SS-Config ## B. Validate (Restore) SS-Functions ## C. Validate (Restore) SS-Check + SS-Worker ## D. Source SS-Config + SS-Functions (After Validated) ## E. Touch Timestamp File ## F. Run Custom Tasks (EDIT SOURCED FILES) ## G. Run Scheduled Tasks (DO NOT EDIT) ## H. Reset Permissions (SlickStack Core Scripts) ## I. Delete Lock File #################################################################################################### #### A. 11-Cron-Half-Monthly: Validate (Restore) SS-Config ######################################### #################################################################################################### ## THIS SNIPPET DOES NOT RELY ON SS-CONFIG OR SS-FUNCTIONS ## SNIPPET: ss core cron jobs ## this attempts to restore missing or damaged ss-config using a recent intact backup ## ## however it is not fool-proof since there is no way to verify all settings ## ## validate ss-config ## VALIDATE_SS_CONFIG=$(grep 'SS_BUILD' /var/www/ss-config) if [[ -z "$VALIDATE_SS_CONFIG" ]]; then SS_CONFIG_RECENT_BACKUPS=$(ls -1rta /var/www/backups/config/ss-config.bak* | tail -n1) SS_CONFIG_BEST_MATCH=$(grep -il 'SS_BUILD' "$SS_CONFIG_RECENT_BACKUPS") rm -rf /tmp/ss-config mv -f "$SS_CONFIG_BEST_MATCH" /tmp/ss-config VALIDATE_TMP_SS_CONFIG=$(grep 'SS_BUILD' /tmp/ss-config) if [[ -n "$VALIDATE_TMP_SS_CONFIG" ]]; then mv -f /tmp/ss-config /var/www/ss-config chown root:root /var/www/ss-config ## must be root:root chmod 0700 /var/www/ss-config ## 0700 means only root can execute fi rm -rf /tmp/ss-config fi #################################################################################################### #### B. 11-Cron-Half-Monthly: Validate (Restore) SS-Functions ###################################### #################################################################################################### ## THIS SNIPPET DOES NOT RELY ON SS-CONFIG OR SS-FUNCTIONS ## SNIPPET: ss-install, ss cron jobs ## UPDATED: 03APR2022 ## this attempts to restore missing or outdated ss-functions from our public mirrors ## ## we perform this check before ss-install runs and before any cron job tasks ## ## validate ss-functions ## VALIDATE_SS_FUNCTIONS=$(grep 'SS_EOF' /var/www/ss-functions 2> /dev/null) OUTDATED_SS_FUNCTIONS=$(find "/var/www/ss-functions" -mtime 2> /dev/null) if [[ -z "${VALIDATE_SS_FUNCTIONS}" ]] || [[ -n "${OUTDATED_SS_FUNCTIONS}" ]]; then rm -rf /tmp/ss-functions wget --no-check-certificate --no-cache --no-cookies --quiet --inet4-only --tries=3 --timeout=15 --waitretry=5 -O /tmp/ss-functions https://raw.githubusercontent.com/littlebizzy/slickstack/master/bash/ss-functions.txt VALIDATE_TMP_SS_FUNCTIONS=$(grep 'SS_EOF' /tmp/ss-functions 2> /dev/null) if [[ -n "${VALIDATE_TMP_SS_FUNCTIONS}" ]]; then mkdir -p /var/www > /dev/null 2>&1 mv -f /tmp/ss-functions /var/www/ss-functions chown root:root /var/www/ss-functions ## must be root:root chmod 0700 /var/www/ss-functions ## 0700 means only root can execute else wget --no-check-certificate --no-cache --no-cookies --quiet --inet4-only --tries=3 --timeout=15 --waitretry=5 -O /tmp/ss-functions https://gitlab.com/littlebizzy/slickstack/-/raw/master/bash/ss-functions.txt VALIDATE_TMP_SS_FUNCTIONS=$(grep 'SS_EOF' /tmp/ss-functions 2> /dev/null) if [[ -n "${VALIDATE_TMP_SS_FUNCTIONS}" ]]; then mkdir -p /var/www > /dev/null 2>&1 mv -f /tmp/ss-functions /var/www/ss-functions chown root:root /var/www/ss-functions ## must be root:root chmod 0700 /var/www/ss-functions ## 0700 means only root can execute else wget --no-check-certificate --no-cache --no-cookies --quiet --inet4-only --tries=3 --timeout=15 --waitretry=5 -O /tmp/ss-functions https://sourceforge.net/p/slickstack/code/ci/master/tree/bash/ss-functions.txt?format=raw mkdir -p /var/www > /dev/null 2>&1 mv -f /tmp/ss-functions /var/www/ss-functions chown root:root /var/www/ss-functions ## must be root:root chmod 0700 /var/www/ss-functions ## 0700 means only root can execute fi fi rm -rf /tmp/ss-functions fi #################################################################################################### #### C. 11-Cron-Half-Monthly: Validate (Restore) SS-Check + SS-Worker ############################## #################################################################################################### ## THIS SNIPPET DOES NOT RELY ON SS-CONFIG OR SS-FUNCTIONS ## SNIPPET: ss core cron jobs ## this attempts to restore damaged or outdated ss-check and ss-worker bash scripts ## ## they are critical to maintenance tasks and keeping ss core files updated ## ## validate ss-check ## VALIDATE_SS_CHECK=$(grep 'SS_EOF' /var/www/ss-check) OUTDATED_SS_CHECK=$(find "/var/www/ss-check" -mtime +1) if [[ -z "$VALIDATE_SS_CHECK" ]] || [[ -n "$OUTDATED_SS_CHECK" ]]; then rm -rf /tmp/ss-check wget --no-check-certificate -q -4 -t 1 -T 15 -O /tmp/ss-check https://raw.githubusercontent.com/littlebizzy/slickstack/master/bash/ss-check.txt VALIDATE_TMP_SS_CHECK=$(grep 'SS_EOF' /tmp/ss-check) if [[ -n "$VALIDATE_TMP_SS_CHECK" ]]; then mv -f /tmp/ss-check /var/www/ss-check chown root:root /var/www/ss-check ## must be root:root chmod 0700 /var/www/ss-check ## 0700 means only root can execute else wget --no-check-certificate -q -4 -t 3 -T 30 -O /tmp/ss-check https://gitlab.com/littlebizzy/slickstack/-/raw/master/bash/ss-check.txt mv -f /tmp/ss-check /var/www/ss-check chown root:root /var/www/ss-check ## must be root:root chmod 0700 /var/www/ss-check ## 0700 means only root can execute fi rm -rf /tmp/ss-check fi ## validate ss-worker ## VALIDATE_SS_WORKER=$(grep 'SS_EOF' /var/www/ss-worker) OUTDATED_SS_WORKER=$(find "/var/www/ss-worker" -mtime +1) if [[ -z "$VALIDATE_SS_WORKER" ]] || [[ -n "$OUTDATED_SS_WORKER" ]]; then rm -rf /tmp/ss-worker wget --no-check-certificate -q -4 -t 1 -T 15 -O /tmp/ss-worker https://raw.githubusercontent.com/littlebizzy/slickstack/master/bash/ss-worker.txt VALIDATE_TMP_SS_WORKER=$(grep 'SS_EOF' /tmp/ss-worker) if [[ -n "$VALIDATE_TMP_SS_WORKER" ]]; then mv -f /tmp/ss-worker /var/www/ss-worker chown root:root /var/www/ss-worker ## must be root:root chmod 0700 /var/www/ss-worker ## 0700 means only root can execute else wget --no-check-certificate -q -4 -t 3 -T 30 -O /tmp/ss-worker https://gitlab.com/littlebizzy/slickstack/-/raw/master/bash/ss-worker.txt mv -f /tmp/ss-worker /var/www/ss-worker chown root:root /var/www/ss-worker ## must be root:root chmod 0700 /var/www/ss-worker ## 0700 means only root can execute fi rm -rf /tmp/ss-worker fi #################################################################################################### #### D. 11-Cron-Half-Monthly: Source SS-Config + SS-Functions (After Validated) #################### #################################################################################################### ## at this point we know that ss-config and ss-functions exist or have been restored ## ## so we source them now to carry on with custom and scheduled cron job tasks ## ## source ss-config ## source /var/www/ss-config ## source ss-functions ## source /var/www/ss-functions ## BELOW THIS RELIES ON SS-CONFIG AND SS-FUNCTIONS #################################################################################################### #### E. 11-Cron-Half-Monthly: Touch Timestamp File ################################################# #################################################################################################### ## this is a dummy timestamp file that will remember the last time this script was run ## ## it can be useful for developer reference and is sometimes used by SlickStack ## ## script timestamp ## ss_touch "${TIMESTAMP_11_CRON_HALF_MONTHLY}" #################################################################################################### #### F. 11-Cron-Half-Monthly: Run Custom Tasks (EDIT SOURCED FILES) ################################ #################################################################################################### ## this will run custom shell commands that you can save in a reserved filename below ## ## carefully consider server resources and best practices before customizing ## ## run 11-cron-half-monthly-custom ## source "${PATH_11_CRON_HALF_MONTHLY_CUSTOM}" #################################################################################################### #### G. 11-Cron-Half-Monthly: Run Scheduled Tasks (DO NOT EDIT) #################################### #################################################################################################### ## the below tasks will be called if configured to run at this interval in ss-config ## ## certain tasks are automatically called if the relevant interval is missing ## ## run ss-update-config if set to half-monthly ## if [[ "${INTERVAL_SS_UPDATE_CONFIG}" == "half-monthly" ]]; then source "${PATH_SS_UPDATE_CONFIG}" fi ## run ss-optimize-database if set to half-monthly ## if [[ "${INTERVAL_SS_OPTIMIZE_DATABASE}" == "half-monthly" ]]; then source "${PATH_SS_OPTIMIZE_DATABASE}" fi ## run ss-optimize-files if set to half-monthly ## if [[ "${INTERVAL_SS_OPTIMIZE_FILES}" == "half-monthly" ]]; then source "${PATH_SS_OPTIMIZE_FILES}" fi ## run ss-install-wordpress-config if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_WORDPRESS_CONFIG}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_WORDPRESS_CONFIG}" fi ## run ss-install-wordpress-core if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_WORDPRESS_CORE}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_WORDPRESS_CORE}" fi ## run ss-install-wordpress-cli if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_WORDPRESS_CLI}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_WORDPRESS_CLI}" fi ## run ss-scan-malware if set to half-monthly ## if [[ "${INTERVAL_SS_SCAN_MALWARE}" == "half-monthly" ]]; then source "${PATH_SS_SCAN_MALWARE}" fi ## run ss-install-php-packages if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_PHP_PACKAGES}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_PHP_PACKAGES}" fi ## run ss-install-php-config if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_PHP_CONFIG}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_PHP_CONFIG}" fi ## run ss-install-redis-packages if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_REDIS_PACKAGES}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_REDIS_PAKAGES}" fi ## run ss-install-redis-config if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_REDIS_CONFIG}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_REDIS_CONFIG}" fi ## run ss-install-mysql-packages if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_MYSQL_PACKAGES}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_MYSQL_PACKAGES}" fi ## run ss-install-mysql-config if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_MYSQL_CONFIG}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_MYSQL_CONFIG}" fi ## run ss-install-nginx-packages if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_NGINX_PACKAGES}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_NGINX_PACKAGES}" fi ## run ss-install-nginx-config if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_NGINX_CONFIG}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_NGINX_CONFIG}" fi ## run ss-encrypt-openssl if set to half-monthly ## if [[ "${INTERVAL_SS_ENCRYPT_OPENSSL}" == "half-monthly" ]]; then source "${PATH_SS_ENCRYPT_OPENSSL}" fi ## run ss-encrypt-certbot if set to half-monthly or if not defined (default) ## if [[ "${INTERVAL_SS_ENCRYPT_CERTBOT}" == "half-monthly" ]] || [[ -z "${INTERVAL_SS_ENCRYPT_CERTBOT}" ]]; then source "${PATH_SS_ENCRYPT_CERTBOT}" fi ## run ss-install-adminer if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_ADMINER}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_ADMINER}" fi ## run ss-install-clamav if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_CLAMAV}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_CLAMAV}" fi ## run ss-purge-nginx if set to half-monthly ## if [[ "${INTERVAL_SS_PURGE_NGINX}" == "half-monthly" ]]; then source "${PATH_SS_PURGE_NGINX}" fi ## run ss-purge-opcache if set to half-monthly ## if [[ "${INTERVAL_SS_PURGE_OPCACHE}" == "half-monthly" ]]; then source "${PATH_SS_PURGE_OPCACHE}" fi ## run ss-purge-redis if set to half-monthly ## if [[ "${INTERVAL_SS_PURGE_REDIS}" == "half-monthly" ]]; then source "${PATH_SS_PURGE_REDIS}" fi ## run ss-purge-transients if set to half-monthly ## if [[ "${INTERVAL_SS_PURGE_TRANSIENTS}" == "half-monthly" ]]; then source "${PATH_SS_PURGE_TRANSIENTS}" fi ## run ss-reset-password-sftp if set to half-monthly ## if [[ "${INTERVAL_SS_RESET_PASSWORD_SFTP}" == "half-monthly" ]]; then source "${PATH_SS_RESET_PASSWORD_SFTP}" fi ## run ss-install-ubuntu-users if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_UBUNTU_USERS}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_UBUNTU_USERS}" fi ## run ss-install-ubuntu-bash if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_UBUNTU_BASH}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_UBUNTU_BASH}" fi ## run ss-install-ubuntu-ssh if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_UBUNTU_SSH}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_UBUNTU_SSH}" fi ## run ss-install-ubuntu-kernel if set to half-monthly ## if [[ "${INTERVAL_SS_INSTALL_UBUNTU_KERNEL}" == "half-monthly" ]]; then source "${PATH_SS_INSTALL_UBUNTU_KERNEL}" fi ## run ss-restart-mysql if set to half-monthly ## if [[ "${INTERVAL_SS_RESTART_MYSQL}" == "half-monthly" ]]; then source "${PATH_SS_RESTART_MYSQL}" fi ## run ss-restart-nginx if set to half-monthly ## if [[ "${INTERVAL_SS_RESTART_NGINX}" == "half-monthly" ]]; then source "${PATH_SS_RESTART_NGINX}" fi ## run ss-restart-php if set to half-monthly ## if [[ "${INTERVAL_SS_RESTART_PHP}" == "half-monthly" ]]; then source "${PATH_SS_RESTART_PHP}" fi ## run ss-restart-redis if set to half-monthly ## if [[ "${INTERVAL_SS_RESTART_REDIS}" == "half-monthly" ]]; then source "${PATH_SS_RESTART_REDIS}" fi ## run ss-restart-ufw if set to half-monthly ## if [[ "${INTERVAL_SS_RESTART_UFW}" == "half-monthly" ]]; then source "${PATH_SS_RESTART_UFW}" fi ## run ss-reboot-machine if set to half-monthly ## if [[ "${INTERVAL_SS_REBOOT_MACHINE}" == "half-monthly" ]]; then source "${PATH_SS_REBOOT_MACHINE}" fi #################################################################################################### #### H. 11-Cron-Half-Monthly: Reset Permissions (SlickStack Scripts) ############################### #################################################################################################### ## we include this permissions reset in all cron jobs and bash scripts for redundancy ## ## chmod 0700 means only the root/sudo users can execute any SlickStack scripts ## ## THIS SNIPPET DOES NOT RELY ON SS-CONFIG OR SS-FUNCTIONS ## SNIPPET: ss bash scripts, ss cron jobs ## UPDATED: 02JUL2022 chown root:root /var/www/ss* ## must be root:root chown root:root /var/www/crons/*cron* ## must be root:root chown root:root /var/www/crons/custom/*cron* ## must be root:root chmod 0700 /var/www/ss* ## 0700 means only root/sudo can execute chmod 0700 /var/www/crons/*cron* ## 0700 means only root/sudo can execute chmod 0700 /var/www/crons/custom/*cron* ## 0700 means only root/sudo can execute #################################################################################################### #### I. 11-Cron-Half-Monthly: Delete Lock File ##################################################### #################################################################################################### ## here we delete the lock file associated with this cron job to clear the cron queue ## ## this is technically not necessary but we do it anyway for extra security ## ## delete lock ## ss_rm "${LOCK_11_CRON_HALF_MONTHLY}" #################################################################################################### #### SlickStack: External References Used To Improve This Script (Thanks, Interwebz) ############### #################################################################################################### ## Ref: https://bash.cyberciti.biz/guide/Setting_up_permissions_on_a_script ## Ref: https://stackoverflow.com/questions/22861580/bash-script-check-if-a-file-contains-a-specific-line ## Ref: https://stackoverflow.com/questions/4749330/how-to-test-if-string-exists-in-file-with-bash/14201583 ## Ref: https://stackoverflow.com/questions/11287861/how-to-check-if-a-file-contains-a-specific-string-using-bash ## Ref: https://stackoverflow.com/questions/4749330/how-to-test-if-string-exists-in-file-with-bash- ## Ref: https://stackoverflow.com/questions/42377739/while-file-doesnt-contain-string-bash ## SS_EOF