brendanbbbb · November 24, 2020 23:25
diff --git a/cloudlinux_lsapi.sh b/cloudlinux_lsapi.sh
 #!/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 CWD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

 echo ""
 echo "         ####################### CloudLinux (cPanel) Installer #######################      "
 echo ""
 echo ""

 if [ ! -d /usr/local/cpanel ]; then
 	echo "cPanel not detected"
 	exit 0
 fi

 if [ ! -f /etc/redhat-release ]; then
        echo "CentOS not detected, aborting."
        exit 0
 fi

 echo "Welcome to CloudLinux CPANEL installer (CTRL + C to abort within 10 seconds)"

 sleep 10

 #echo "Updating a MariaDB 10.2..."
 #whmapi1 start_background_mysql_upgrade version=10.2

 echo "Installing general requirements"
 yum -y install iptables-services wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph

 echo "Deactivating Shell Fork Bomb Protection..."
 /usr/local/cpanel/bin/install-login-profile --uninstall limits

 echo "Installing CageFS..."
 yum clean all -y
 yum install cagefs -y
 cagefsctl --init

 if [ -d /etc/sssd/ ]; then
 	echo "Stopping SSSD ..."
 	service sssd stop
 fi

 cagefsctl --enable-all

 if [ -d /etc/sssd/ ]; then
 	echo "Starting SSSD..."
 	service sssd start
 	sleep 10
 fi

 if [ -d /etc/sssd/ ]; then
 	echo "Stopping SSSD ..."
 	service sssd stop
 fi

 cagefsctl --update
 cagefsctl --force-update

 if [ -d /etc/sssd/ ]; then
 	echo "Starting SSSD..."
 	service sssd start
 fi

 echo ""
 echo "CageFS configured ..."
 sleep 2

 echo ""
 echo "Configure Apache/PHP with mod_lsapi..."
 whmapi1 php_set_default_accounts_to_fpm default_accounts_to_fpm=0 # Deactivate FPM
 yum erase ea-apache24-mod_ruid2 -y
 yum install liblsapi liblsapi-devel ea-apache24-mod_lsapi ea-apache24-mod_suexec -y
 /usr/bin/switch_mod_lsapi --setup
 /usr/bin/switch_mod_lsapi --enable-global

 # LVE install
 yum install lve-stats -y

 # php selector
 yum groupinstall alt-php -y
 yum update cagefs lvemanager

 echo "Config php.inis..."
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^;memory_limit.*/memory_limit = 1024M/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^memory_limit.*/memory_limit = 1024M/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^enable_dl.*/enable_dl = Off/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^expose_php.*/expose_php = Off/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^disable_functions.*/disable_functions = apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,disk_free_space,diskfreespace,dl,exec,highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo,popen,posix_getpwuid,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,symlink,system,eval,debug_zval_dump/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^upload_max_filesize.*/upload_max_filesize = 64M/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^post_max_size.*/post_max_size = 64M/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^date.timezone.*/date.timezone = "Australia\/Sydney"/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^allow_url_fopen.*/allow_url_fopen = On/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^;max_execution_time.*/max_execution_time = 120/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^max_execution_time.*/max_execution_time = 120/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^;max_input_time.*/max_input_time = 120/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^max_input_time.*/max_input_time = 120/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^max_input_vars.*/max_input_vars = 2000/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^;default_charset = "UTF-8"/default_charset = "UTF-8"/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^default_charset = "UTF-8"/default_charset = "UTF-8"/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^error_reporting.*/error_reporting = E_ALL \& \~E_DEPRECATED \& \~E_STRICT/g'
 find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) | xargs sed -i 's/^display_errors.*/display_errors = On/g'

 echo "Configure mod_lsapi..." 
 sed -i 's/.*lsapi_enable_user_ini.*/lsapi_enable_user_ini\ On/' /etc/apache2/conf.d/lsapi.conf
 sed -i 's/.*lsapi_user_ini_homedir.*/lsapi_user_ini_homedir\ On/' /etc/apache2/conf.d/lsapi.conf

 service httpd restart

 echo ""
 echo "Apache/PHP configured!"
 sleep 2

 echo ""
 echo "Configure SecureLink..."
 sed -i '/^fs\.enforce_symlinksifowner.*/d' /etc/sysctl.conf
 sed -i '/^fs\.protected_symlinks_create.*/d' /etc/sysctl.conf
 sed -i '/^fs\.protected_hardlinks_create.*/d' /etc/sysctl.conf

 echo "# CloudLinux SecureLink" >> /etc/sysctl.conf
 echo "fs.enforce_symlinksifowner=1" >> /etc/sysctl.conf
 echo "fs.protected_symlinks_create=1" >> /etc/sysctl.conf
 echo "fs.protected_hardlinks_create=1" >> /etc/sysctl.conf

 sysctl -p

 echo ""
 echo "SecureLink configured!"
 sleep 2

 echo ""
 echo "Installed MySQL Governor..."
 yum install governor-mysql -y
 sed -i '/^fs\.suid_dumpable.*/d' /etc/sysctl.conf
 echo "fs.suid_dumpable=1 # CloudLinux MySQL Governor" >> /etc/sysctl.conf
 sysctl -p

 MYSQLVER=$(grep "mysql-version" /var/cpanel/cpanel.config | cut -d'=' -f2 | sed 's/\.//')
 MYSQLVENDOR=$(echo $MYSQLVER | grep "^5.*" > /dev/null && echo mysql || echo mariadb)

 /usr/share/lve/dbgovernor/mysqlgovernor.py --mysql-version "$MYSQLVENDOR$MYSQLVER"
 /usr/share/lve/dbgovernor/mysqlgovernor.py --install
 sed -i 's/<lve\ use=.*/<lve\ use=\"all\"\/>/' /etc/container/mysql-governor.xml
 service db_governor restart

 mv /usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/mysqld.service.bak # BUG https://forums.cpanel.net/threads/multiple-mysql-processes.572331/
 mv /usr/lib/systemd/system/mariadb.service /usr/lib/systemd/system/mariadb.service.bak # BUG https://forums.cpanel.net/threads/multiple-mysql-processes.572331/

 systemctl daemon-reload

 /scripts/restartsrv_mysql

 echo ""
 echo "MySQL Governor configured!"
 sleep 2

 echo ""
 echo "Installing CSF"
 if [ ! -d /etc/csf ]; then
        echo "csf not detected, downloading!"
 	touch /etc/sysconfig/iptables
 	touch /etc/sysconfig/iptables6
 	systemctl start iptables
 	systemctl start ip6tables
 	systemctl enable iptables
 	systemctl enable ip6tables
 	cd /usr/src/ && rm -f ./csf.tgz; wget https://download.configserver.com/csf.tgz && tar xvfz ./csf.tgz && cd ./csf && sh ./install.sh
 fi
 if [ -d /etc/csf ]; then
 	echo "Configuring CSF..."
 sed -i 's/^TESTING = .*/TESTING = "0"/g' /etc/csf/csf.conf
 sed -i 's/^ICMP_IN = .*/ICMP_IN = "0"/g' /etc/csf/csf.conf
 sed -i 's/^IPV6 = .*/IPV6 = "0"/g' /etc/csf/csf.conf
 sed -i 's/^DENY_IP_LIMIT = .*/DENY_IP_LIMIT = "400"/g' /etc/csf/csf.conf
 sed -i 's/^SAFECHAINUPDATE = .*/SAFECHAINUPDATE = "1"/g' /etc/csf/csf.conf
 sed -i 's/^CC_DENY = .*/CC_DENY = ""/g' /etc/csf/csf.conf
 sed -i 's/^CC_IGNORE = .*/CC_IGNORE = ""/g' /etc/csf/csf.conf
 sed -i 's/^SMTP_BLOCK = .*/SMTP_BLOCK = "1"/g' /etc/csf/csf.conf
 sed -i 's/^LF_FTPD = .*/LF_FTPD = "30"/g' /etc/csf/csf.conf
 sed -i 's/^LF_SMTPAUTH = .*/LF_SMTPAUTH = "90"/g' /etc/csf/csf.conf
 sed -i 's/^LF_EXIMSYNTAX = .*/LF_EXIMSYNTAX = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LF_POP3D = .*/LF_POP3D = "100"/g' /etc/csf/csf.conf
 sed -i 's/^LF_IMAPD = .*/LF_IMAPD = "100"/g' /etc/csf/csf.conf
 sed -i 's/^LF_HTACCESS = .*/LF_HTACCESS = "40"/g' /etc/csf/csf.conf
 sed -i 's/^LF_CPANEL = .*/LF_CPANEL = "40"/g' /etc/csf/csf.conf
 sed -i 's/^LF_MODSEC = .*/LF_MODSEC = "100"/g' /etc/csf/csf.conf
 sed -i 's/^LF_CXS = .*/LF_CXS = "10"/g' /etc/csf/csf.conf
 sed -i 's/^LT_POP3D =  .*/LT_POP3D = "180"/g' /etc/csf/csf.conf
 sed -i 's/^CT_SKIP_TIME_WAIT = .*/CT_SKIP_TIME_WAIT = "1"/g' /etc/csf/csf.conf
 sed -i 's/^PT_LIMIT = .*/PT_LIMIT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^ST_MYSQL = .*/ST_MYSQL = "1"/g' /etc/csf/csf.conf
 sed -i 's/^ST_APACHE = .*/ST_APACHE = "1"/g' /etc/csf/csf.conf
 sed -i 's/^CONNLIMIT = .*/CONNLIMIT = "80;70,110;50,993;50,143;50,25;30"/g' /etc/csf/csf.conf
 sed -i 's/^LF_PERMBLOCK_INTERVAL = .*/LF_PERMBLOCK_INTERVAL = "14400"/g' /etc/csf/csf.conf
 sed -i 's/^LF_INTERVAL = .*/LF_INTERVAL = "900"/g' /etc/csf/csf.conf
 sed -i 's/^PS_INTERVAL = .*/PS_INTERVAL = "60"/g' /etc/csf/csf.conf
 sed -i 's/^PS_LIMIT = .*/PS_LIMIT = "20"/g' /etc/csf/csf.conf
 echo "Disabling alerts..."
 sed -i 's/^LF_PERMBLOCK_ALERT = .*/LF_PERMBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LF_NETBLOCK_ALERT = .*/LF_NETBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LF_EMAIL_ALERT = .*/LF_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LF_CPANEL_ALERT = .*/LF_CPANEL_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LF_QUEUE_ALERT = .*/LF_QUEUE_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LF_DISTFTP_ALERT = .*/LF_DISTFTP_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LF_DISTSMTP_ALERT = .*/LF_DISTSMTP_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^LT_EMAIL_ALERT = .*/LT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^RT_RELAY_ALERT = .*/RT_RELAY_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^RT_AUTHRELAY_ALERT = .*/RT_AUTHRELAY_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^RT_POPRELAY_ALERT = .*/RT_POPRELAY_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^RT_LOCALRELAY_ALERT = .*/RT_LOCALRELAY_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^RT_LOCALHOSTRELAY_ALERT = .*/RT_LOCALHOSTRELAY_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^CT_EMAIL_ALERT = .*/CT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^PT_USERKILL_ALERT = .*/PT_USERKILL_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^PS_EMAIL_ALERT = .*/PS_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
 sed -i 's/^PT_USERMEM = .*/PT_USERMEM = "0"/g' /etc/csf/csf.conf
 sed -i 's/^PT_USERTIME = .*/PT_USERTIME = "0"/g' /etc/csf/csf.conf
 sed -i 's/^PT_USERPROC = .*/PT_USERPROC = "0"/g' /etc/csf/csf.conf
 sed -i 's/^PT_USERRSS = .*/PT_USERRSS = "0"/g' /etc/csf/csf.conf
 	csf -r

 	echo "CSF configured!"
 	sleep 2
 fi

 whmapi1 update_featurelist featurelist=disabled lvephpsel=0 lvepythonsel=0 lverubysel=0

 echo "Configuring limits for DEFAULT..."
 lvectl set default --speed=100% --io=1024 --nproc=60 --pmem=1024M --iops=1024 --maxEntryProcs=20

 echo "Setting up Apache..."
 touch $CWD/wpwhmcookie.txt
 SESS_CREATE=$(whmapi1 create_user_session user=root service=whostmgrd)
 SESS_TOKEN=$(echo "$SESS_CREATE" | grep "cp_security_token:" | cut -d':' -f2- | sed 's/ //')
 SESS_QS=$(echo "$SESS_CREATE" | grep "session:" | cut -d':' -f2- | sed 's/ //' | sed 's/ /%20/g;s/!/%21/g;s/"/%22/g;s/#/%23/g;s/\$/%24/g;s/\&/%26/g;s/'\''/%27/g;s/(/%28/g;s/)/%29/g;s/:/%3A/g')

 curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/login/?session=$SESS_QS" --cookie-jar $CWD/wpwhmcookie.txt > /dev/null
 curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/save_apache_mem_limits" --cookie $CWD/wpwhmcookie.txt --data 'newRLimitMem=disabled&restart_apache=on&btnSave=1' > /dev/null

 echo "Configing the LVE Manager..."
 sed -i '/^lve_enablepythonapp/d' /var/cpanel/cpanel.config
 sed -i '/^lve_enablerubyapp/d' /var/cpanel/cpanel.config
 sed -i '/^lve_hideextensions/d' /var/cpanel/cpanel.config
 sed -i '/^lve_hideuserstat/d' /var/cpanel/cpanel.config
 sed -i '/^lve_showinodeusage/d' /var/cpanel/cpanel.config

 echo "lve_enablepythonapp=0" >> /var/cpanel/cpanel.config
 echo "lve_enablerubyapp=0" >> /var/cpanel/cpanel.config
 echo "lve_hideextensions=1" >> /var/cpanel/cpanel.config
 echo "lve_hideuserstat=0" >> /var/cpanel/cpanel.config
 echo "lve_showinodeusage=1" >> /var/cpanel/cpanel.config

 echo "Configuring AutoSSL..."
 whmapi1 set_autossl_metadata_key key=clobber_externally_signed value=1
 whmapi1 set_autossl_metadata_key key=notify_autossl_expiry value=0
 whmapi1 set_autossl_metadata_key key=notify_autossl_expiry_coverage value=0
 whmapi1 set_autossl_metadata_key key=notify_autossl_renewal value=0
 whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_coverage value=0
 whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_coverage_reduced value=0
 whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_uncovered_domains value=0

 echo ""
 echo "###### ALL COMPLETE ######"
	#!/bin/bash
	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	CWD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

	echo ""
	echo " ####################### CloudLinux (cPanel) Installer ####################### "
	echo ""
	echo ""

	if [ ! -d /usr/local/cpanel ]; then
	echo "cPanel not detected"
	exit 0
	fi

	if [ ! -f /etc/redhat-release ]; then
	echo "CentOS not detected, aborting."
	exit 0
	fi

	echo "Welcome to CloudLinux CPANEL installer (CTRL + C to abort within 10 seconds)"

	sleep 10

	#echo "Updating a MariaDB 10.2..."
	#whmapi1 start_background_mysql_upgrade version=10.2

	echo "Installing general requirements"
	yum -y install iptables-services wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph

	echo "Deactivating Shell Fork Bomb Protection..."
	/usr/local/cpanel/bin/install-login-profile --uninstall limits

	echo "Installing CageFS..."
	yum clean all -y
	yum install cagefs -y
	cagefsctl --init

	if [ -d /etc/sssd/ ]; then
	echo "Stopping SSSD ..."
	service sssd stop
	fi

	cagefsctl --enable-all

	if [ -d /etc/sssd/ ]; then
	echo "Starting SSSD..."
	service sssd start
	sleep 10
	fi

	if [ -d /etc/sssd/ ]; then
	echo "Stopping SSSD ..."
	service sssd stop
	fi

	cagefsctl --update
	cagefsctl --force-update

	if [ -d /etc/sssd/ ]; then
	echo "Starting SSSD..."
	service sssd start
	fi

	echo ""
	echo "CageFS configured ..."
	sleep 2

	echo ""
	echo "Configure Apache/PHP with mod_lsapi..."
	whmapi1 php_set_default_accounts_to_fpm default_accounts_to_fpm=0 # Deactivate FPM
	yum erase ea-apache24-mod_ruid2 -y
	yum install liblsapi liblsapi-devel ea-apache24-mod_lsapi ea-apache24-mod_suexec -y
	/usr/bin/switch_mod_lsapi --setup
	/usr/bin/switch_mod_lsapi --enable-global

	# LVE install
	yum install lve-stats -y

	# php selector
	yum groupinstall alt-php -y
	yum update cagefs lvemanager

	echo "Config php.inis..."
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^;memory_limit.*/memory_limit = 1024M/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^memory_limit.*/memory_limit = 1024M/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^enable_dl.*/enable_dl = Off/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^expose_php.*/expose_php = Off/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^disable_functions.*/disable_functions = apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,disk_free_space,diskfreespace,dl,exec,highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo,popen,posix_getpwuid,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,symlink,system,eval,debug_zval_dump/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^upload_max_filesize.*/upload_max_filesize = 64M/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^post_max_size.*/post_max_size = 64M/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^date.timezone.*/date.timezone = "Australia\/Sydney"/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^allow_url_fopen.*/allow_url_fopen = On/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^;max_execution_time.*/max_execution_time = 120/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^max_execution_time.*/max_execution_time = 120/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^;max_input_time.*/max_input_time = 120/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^max_input_time.*/max_input_time = 120/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^max_input_vars.*/max_input_vars = 2000/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^;default_charset = "UTF-8"/default_charset = "UTF-8"/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^default_charset = "UTF-8"/default_charset = "UTF-8"/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^error_reporting.*/error_reporting = E_ALL \& \~E_DEPRECATED \& \~E_STRICT/g'
	find /opt/ /etc/ \( -name "php.ini" -o -name "local.ini" \) \| xargs sed -i 's/^display_errors.*/display_errors = On/g'

	echo "Configure mod_lsapi..."
	sed -i 's/.lsapi_enable_user_ini./lsapi_enable_user_ini\ On/' /etc/apache2/conf.d/lsapi.conf
	sed -i 's/.lsapi_user_ini_homedir./lsapi_user_ini_homedir\ On/' /etc/apache2/conf.d/lsapi.conf

	service httpd restart

	echo ""
	echo "Apache/PHP configured!"
	sleep 2

	echo ""
	echo "Configure SecureLink..."
	sed -i '/^fs\.enforce_symlinksifowner.*/d' /etc/sysctl.conf
	sed -i '/^fs\.protected_symlinks_create.*/d' /etc/sysctl.conf
	sed -i '/^fs\.protected_hardlinks_create.*/d' /etc/sysctl.conf

	echo "# CloudLinux SecureLink" >> /etc/sysctl.conf
	echo "fs.enforce_symlinksifowner=1" >> /etc/sysctl.conf
	echo "fs.protected_symlinks_create=1" >> /etc/sysctl.conf
	echo "fs.protected_hardlinks_create=1" >> /etc/sysctl.conf

	sysctl -p

	echo ""
	echo "SecureLink configured!"
	sleep 2

	echo ""
	echo "Installed MySQL Governor..."
	yum install governor-mysql -y
	sed -i '/^fs\.suid_dumpable.*/d' /etc/sysctl.conf
	echo "fs.suid_dumpable=1 # CloudLinux MySQL Governor" >> /etc/sysctl.conf
	sysctl -p

	MYSQLVER=$(grep "mysql-version" /var/cpanel/cpanel.config \| cut -d'=' -f2 \| sed 's/\.//')
	MYSQLVENDOR=$(echo $MYSQLVER \| grep "^5.*" > /dev/null && echo mysql \|\| echo mariadb)

	/usr/share/lve/dbgovernor/mysqlgovernor.py --mysql-version "$MYSQLVENDOR$MYSQLVER"
	/usr/share/lve/dbgovernor/mysqlgovernor.py --install
	sed -i 's/<lve\ use=.*/<lve\ use=\"all\"\/>/' /etc/container/mysql-governor.xml
	service db_governor restart

	mv /usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/mysqld.service.bak # BUG https://forums.cpanel.net/threads/multiple-mysql-processes.572331/
	mv /usr/lib/systemd/system/mariadb.service /usr/lib/systemd/system/mariadb.service.bak # BUG https://forums.cpanel.net/threads/multiple-mysql-processes.572331/

	systemctl daemon-reload

	/scripts/restartsrv_mysql

	echo ""
	echo "MySQL Governor configured!"
	sleep 2

	echo ""
	echo "Installing CSF"
	if [ ! -d /etc/csf ]; then
	echo "csf not detected, downloading!"
	touch /etc/sysconfig/iptables
	touch /etc/sysconfig/iptables6
	systemctl start iptables
	systemctl start ip6tables
	systemctl enable iptables
	systemctl enable ip6tables
	cd /usr/src/ && rm -f ./csf.tgz; wget https://download.configserver.com/csf.tgz && tar xvfz ./csf.tgz && cd ./csf && sh ./install.sh
	fi
	if [ -d /etc/csf ]; then
	echo "Configuring CSF..."
	sed -i 's/^TESTING = .*/TESTING = "0"/g' /etc/csf/csf.conf
	sed -i 's/^ICMP_IN = .*/ICMP_IN = "0"/g' /etc/csf/csf.conf
	sed -i 's/^IPV6 = .*/IPV6 = "0"/g' /etc/csf/csf.conf
	sed -i 's/^DENY_IP_LIMIT = .*/DENY_IP_LIMIT = "400"/g' /etc/csf/csf.conf
	sed -i 's/^SAFECHAINUPDATE = .*/SAFECHAINUPDATE = "1"/g' /etc/csf/csf.conf
	sed -i 's/^CC_DENY = .*/CC_DENY = ""/g' /etc/csf/csf.conf
	sed -i 's/^CC_IGNORE = .*/CC_IGNORE = ""/g' /etc/csf/csf.conf
	sed -i 's/^SMTP_BLOCK = .*/SMTP_BLOCK = "1"/g' /etc/csf/csf.conf
	sed -i 's/^LF_FTPD = .*/LF_FTPD = "30"/g' /etc/csf/csf.conf
	sed -i 's/^LF_SMTPAUTH = .*/LF_SMTPAUTH = "90"/g' /etc/csf/csf.conf
	sed -i 's/^LF_EXIMSYNTAX = .*/LF_EXIMSYNTAX = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LF_POP3D = .*/LF_POP3D = "100"/g' /etc/csf/csf.conf
	sed -i 's/^LF_IMAPD = .*/LF_IMAPD = "100"/g' /etc/csf/csf.conf
	sed -i 's/^LF_HTACCESS = .*/LF_HTACCESS = "40"/g' /etc/csf/csf.conf
	sed -i 's/^LF_CPANEL = .*/LF_CPANEL = "40"/g' /etc/csf/csf.conf
	sed -i 's/^LF_MODSEC = .*/LF_MODSEC = "100"/g' /etc/csf/csf.conf
	sed -i 's/^LF_CXS = .*/LF_CXS = "10"/g' /etc/csf/csf.conf
	sed -i 's/^LT_POP3D = .*/LT_POP3D = "180"/g' /etc/csf/csf.conf
	sed -i 's/^CT_SKIP_TIME_WAIT = .*/CT_SKIP_TIME_WAIT = "1"/g' /etc/csf/csf.conf
	sed -i 's/^PT_LIMIT = .*/PT_LIMIT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^ST_MYSQL = .*/ST_MYSQL = "1"/g' /etc/csf/csf.conf
	sed -i 's/^ST_APACHE = .*/ST_APACHE = "1"/g' /etc/csf/csf.conf
	sed -i 's/^CONNLIMIT = .*/CONNLIMIT = "80;70,110;50,993;50,143;50,25;30"/g' /etc/csf/csf.conf
	sed -i 's/^LF_PERMBLOCK_INTERVAL = .*/LF_PERMBLOCK_INTERVAL = "14400"/g' /etc/csf/csf.conf
	sed -i 's/^LF_INTERVAL = .*/LF_INTERVAL = "900"/g' /etc/csf/csf.conf
	sed -i 's/^PS_INTERVAL = .*/PS_INTERVAL = "60"/g' /etc/csf/csf.conf
	sed -i 's/^PS_LIMIT = .*/PS_LIMIT = "20"/g' /etc/csf/csf.conf
	echo "Disabling alerts..."
	sed -i 's/^LF_PERMBLOCK_ALERT = .*/LF_PERMBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LF_NETBLOCK_ALERT = .*/LF_NETBLOCK_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LF_EMAIL_ALERT = .*/LF_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LF_CPANEL_ALERT = .*/LF_CPANEL_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LF_QUEUE_ALERT = .*/LF_QUEUE_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LF_DISTFTP_ALERT = .*/LF_DISTFTP_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LF_DISTSMTP_ALERT = .*/LF_DISTSMTP_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^LT_EMAIL_ALERT = .*/LT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^RT_RELAY_ALERT = .*/RT_RELAY_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^RT_AUTHRELAY_ALERT = .*/RT_AUTHRELAY_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^RT_POPRELAY_ALERT = .*/RT_POPRELAY_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^RT_LOCALRELAY_ALERT = .*/RT_LOCALRELAY_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^RT_LOCALHOSTRELAY_ALERT = .*/RT_LOCALHOSTRELAY_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^CT_EMAIL_ALERT = .*/CT_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^PT_USERKILL_ALERT = .*/PT_USERKILL_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^PS_EMAIL_ALERT = .*/PS_EMAIL_ALERT = "0"/g' /etc/csf/csf.conf
	sed -i 's/^PT_USERMEM = .*/PT_USERMEM = "0"/g' /etc/csf/csf.conf
	sed -i 's/^PT_USERTIME = .*/PT_USERTIME = "0"/g' /etc/csf/csf.conf
	sed -i 's/^PT_USERPROC = .*/PT_USERPROC = "0"/g' /etc/csf/csf.conf
	sed -i 's/^PT_USERRSS = .*/PT_USERRSS = "0"/g' /etc/csf/csf.conf
	csf -r

	echo "CSF configured!"
	sleep 2
	fi

	whmapi1 update_featurelist featurelist=disabled lvephpsel=0 lvepythonsel=0 lverubysel=0

	echo "Configuring limits for DEFAULT..."
	lvectl set default --speed=100% --io=1024 --nproc=60 --pmem=1024M --iops=1024 --maxEntryProcs=20

	echo "Setting up Apache..."
	touch $CWD/wpwhmcookie.txt
	SESS_CREATE=$(whmapi1 create_user_session user=root service=whostmgrd)
	SESS_TOKEN=$(echo "$SESS_CREATE" \| grep "cp_security_token:" \| cut -d':' -f2- \| sed 's/ //')
	SESS_QS=$(echo "$SESS_CREATE" \| grep "session:" \| cut -d':' -f2- \| sed 's/ //' \| sed 's/ /%20/g;s/!/%21/g;s/"/%22/g;s/#/%23/g;s/\$/%24/g;s/\&/%26/g;s/'\''/%27/g;s/(/%28/g;s/)/%29/g;s/:/%3A/g')

	curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/login/?session=$SESS_QS" --cookie-jar $CWD/wpwhmcookie.txt > /dev/null
	curl -sk "https://127.0.0.1:2087/$SESS_TOKEN/scripts2/save_apache_mem_limits" --cookie $CWD/wpwhmcookie.txt --data 'newRLimitMem=disabled&restart_apache=on&btnSave=1' > /dev/null

	echo "Configing the LVE Manager..."
	sed -i '/^lve_enablepythonapp/d' /var/cpanel/cpanel.config
	sed -i '/^lve_enablerubyapp/d' /var/cpanel/cpanel.config
	sed -i '/^lve_hideextensions/d' /var/cpanel/cpanel.config
	sed -i '/^lve_hideuserstat/d' /var/cpanel/cpanel.config
	sed -i '/^lve_showinodeusage/d' /var/cpanel/cpanel.config

	echo "lve_enablepythonapp=0" >> /var/cpanel/cpanel.config
	echo "lve_enablerubyapp=0" >> /var/cpanel/cpanel.config
	echo "lve_hideextensions=1" >> /var/cpanel/cpanel.config
	echo "lve_hideuserstat=0" >> /var/cpanel/cpanel.config
	echo "lve_showinodeusage=1" >> /var/cpanel/cpanel.config

	echo "Configuring AutoSSL..."
	whmapi1 set_autossl_metadata_key key=clobber_externally_signed value=1
	whmapi1 set_autossl_metadata_key key=notify_autossl_expiry value=0
	whmapi1 set_autossl_metadata_key key=notify_autossl_expiry_coverage value=0
	whmapi1 set_autossl_metadata_key key=notify_autossl_renewal value=0
	whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_coverage value=0
	whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_coverage_reduced value=0
	whmapi1 set_autossl_metadata_key key=notify_autossl_renewal_uncovered_domains value=0

	echo ""
	echo "###### ALL COMPLETE ######"