#!/bin/sh LOG=/root/asl-uninstall.log DATE=$(date +%Y%m%d-%H:%M) source /etc/asl/config echo "`date -u`: Uninstall initiated" >> $LOG if [ -d /usr/local/directadmin ] ; then TYPE=directadmin elif [ -d /usr/local/cpanel ]; then TYPE=cpanel else TYPE=normal fi echo "`date -u`: Environment $TYPE detected " >> $LOG echo echo " WARNING: This utility will remove ASL entirely from the system." read -p " Are you sure this is what you want to do? Type CONTINUE if you are sure you want to do this. (CONTINUE/STOP): " INPUT < /dev/tty echo "`date -u`: User selected $INPUT " >> $LOG if [ "$INPUT" != "CONTINUE" ]; then echo echo " Exiting..." echo echo "`date -u`: User did not agree to uninstall " >> $LOG echo "`date -u`: uninstaller exiting " >> $LOG exit else echo "`date -u`: User selected $INPUT " >> $LOG fi # Normal /etc/init.d/asl-firewall stop >> $LOG /etc/init.d/crond stop >> $LOG /etc/init.d/psmon stop >> $LOG /etc/init.d/ossec-hids stop >> $LOG /etc/init.d/clamd stop >> $LOG # TODO: database drop event COMMON_LIST="roadsend-php-libs" FULL_LIST="mod_security mod_sed asl mod_evasive ossec-hids psmon rkhunter skdet unhide paxtest clamd clamav-db clamav asl-web gradm asl-web tortixd asl-php* aum aqueduct* asl-stream* tortix-release asl-php* rblcheck bigloo-libs chkrootkit inotify-tools" echo "`date -u`: starting yum remove " >> $LOG /usr/bin/yum remove $FULL_LIST $COMMON_LIST echo "`date -u`: yum remove complete (exit $?) " >> $LOG # Cpanel if [ -f /scripts/posteasyapache ]; then rm -f /scripts/posteasyapache fi if [ -f /scripts/preeasyapache ]; then rm -f /scripts/preeasyapache fi # killall -9 psmon >/dev/null 2>&1 if [ -f /var/lock/subsys/psmon ]; then rm -f /var/lock/subsys/psmon fi # Remove users userdel tortix | tee -a $LOG userdel asl-web | tee -a $LOG groupdel tortix | tee -a $LOG if [ -d /etc/httpd/modsecurity.d/ ]; then rm -f /etc/httpd/modsecurity.d/* fi echo "Clearing the /var/asl tree. This could take a few minutes, please be patient" echo -n " Removing /var/asl :" rm -rf /var/asl echo "Complete" echo "`date -u` removed /var/asl" >> $LOG /etc/init.d/crond start >> $LOG if [ "$TYPE" == "cpanel" ]; then rm -f /etc/httpd/modsecurity.d/00_mod_security.conf touch /usr/local/apache/conf/modsec2.conf touch /usr/local/apache/modsecurity.d/tortix_waf.conf echo "`date -u` removed /etc/httpd/modsecurity.d/00_mod_security.conf" >> $LOG /etc/init.d/httpd restart >> $LOG fi # Drop database /usr/bin/mysqladmin drop $OSSEC_DATABASE | tee -a $LOG rm -rf /etc/asl rm -rf /var/ossec rm -f /etc/yum.repos.d/asl.repo rm -f /etc/yum.repos.d/tortix-common.repo >> $LOG # final kernel check if ! rpm -qa |grep ^kernel- ; then echo echo "WARNING****WARNING****WARNING" echo echo "No kernels were detected after uninstallation. This could mean that your system is now" echo "unbootable" echo echo "If this is anything other than an openvz or virtuozzo system you need to fix this." echo "WARNING****WARNING****WARNING" echo echo echo "`date -u` WARNING: no kernels detected" >> $LOG fi echo "`date -u`: unisnstall complete" >> $LOG