shell bypass 403

UnknownSec Shell

: /scripts/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : securetmp
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/securetmp                       Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;
use warnings;

use Cpanel::TempFile           ();
use Cpanel::SafeFile           ();
use Cpanel::Filesys::FindParse ();
use Cpanel::DiskLib            ();
use Getopt::Long;
use Cpanel::Logger          ();
use Cpanel::SafeRun::Errors ();
use Cpanel::SafeRun::Simple ();
use Cpanel::Filesys::Mounts ();
my $logger = Cpanel::Logger->new();

$| = 1;    ## no critic qw(RequireLocalizedPunctuationVars)

my $has_loop_device = 0;

my $install   = 0;    # Add securetmp to system startup
my $uninstall = 0;    # Remove from system startup
my $auto      = 0;    # Secure /tmp and /var/tmp
my $daemonize = 1;
my $help      = 0;

# Get command line options
GetOptions( 'auto' => \$auto, 'install' => \$install, 'uninstall' => \$uninstall, 'daemonize!' => \$daemonize, 'help' => \$help );

if ($help) {
    print <<"MANUAL";
$0 - secure /tmp and /var/tmp

Options:
- auto: skip interactive customization questions
- install: install & enable securetmp service
- uninstall: disable & uninstal securetmp service
- daemonize: run securetmp in background ( default true )

Sample usages:
# run in interactive mode
> $0

# disable interactive mode, run in background
> $0 --auto

# disable interactive mode, do not run in background
> $0 --auto --nodaemonize
MANUAL
    exit;
}

if ( -e '/var/cpanel/version/securetmp_disabled' ) {
    print "[securetmp] Disabled per /var/cpanel/version/securetmp_disabled\n";
    exit;
}
elsif ( -e '/var/cpanel/disabled/securetmp' ) {
    print "[securetmp] Disabled per /var/cpanel/disabled/securetmp\n";
    exit;
}
elsif ( -e '/var/cpanel/dev_sandbox' ) {
    print "[securetmp] Disabled on development sandboxes\n";
    exit;
}

# do check for loopback module for Linux based VPS
my @modules = Cpanel::SafeRun::Errors::saferunallerrors('lsmod');
$has_loop_device = check_loop_device();

if ( !grep /loop/, @modules ) {
    print "*** Notice *** No loop module detected\n";    # could be built into kernel, so don't bail out yet
    print "If the loopback block device is built as a module, try running `modprobe loop` as root via ssh and running this script again.\n";
    print "If the loopback block device is built into the kernel itself, you can ignore this message.\n";
}
if ( !$has_loop_device ) {
    print "*** Notice *** No working loopback device files found. Try running `modprobe loop` as root via ssh and running this script again.\n";
    exit(0);
}

# Start interactive setup
if ( !$auto && !$install && !$uninstall && -t STDIN ) {
    print 'Would you like to secure /tmp & /var/tmp at boot time? (y/n) ';
    my $answer;
    chomp( $answer = <STDIN> );
    if ( $answer =~ m/^y/i ) {
        $install = 1;
    }
    else {
        print "securetmp will not be added to system startup at this time.\n";
    }
    undef $answer;

    if ( !$install ) {
        print 'Would you like to disable securetmp from the system startup? (y/n) ';
        chomp( $answer = <STDIN> );
        if ( $answer =~ m/^y/i ) {
            $uninstall = 1;
        }
        else {
            print "securetmp will not be removed from system startup.\n";
        }
        undef $answer;
    }

    print 'Would you like to secure /tmp & /var/tmp now? (y/n) ';
    chomp( $answer = <STDIN> );
    if ( $answer =~ m/^y/i ) {
        $auto = 1;
    }
    else {
        print "/tmp & /var/tmp will not be secured at this time.\n";
    }

    exit if ( !$install && !$auto && !$uninstall );
}
elsif ( !$auto && !$install && !$uninstall ) {
    exit 1;
}

## ADD/REMOVE from startup
#-----------------------------------------------------------------

if ( !-x '/usr/local/cpanel/scripts/cpservice' ) {
    $logger->warn("cpservice is not available. Please check its status.");
}
else {

    # Remove securetmp from system startup
    if ($uninstall) {
        Cpanel::SafeRun::Simple::saferun( '/usr/local/cpanel/scripts/cpservice', 'securetmp', 'stop' );
        Cpanel::SafeRun::Simple::saferun( '/usr/local/cpanel/scripts/cpservice', 'securetmp', 'disable', '2345' );
        Cpanel::SafeRun::Simple::saferun( '/usr/local/cpanel/scripts/cpservice', 'securetmp', 'uninstall' );
    }

    # Add securetmp to system startup
    if ($install) {
        Cpanel::SafeRun::Simple::saferun( '/usr/local/cpanel/scripts/cpservice', 'securetmp', 'install' );
        Cpanel::SafeRun::Simple::saferun( '/usr/local/cpanel/scripts/cpservice', 'securetmp', 'enable', '35' );

        # Do not start securetmp here or it will be run again
    }

}

#-----------------------------------------------------------------

# Fork and secure if not called from console
if ( $auto && !-t STDIN && $daemonize ) {
    $SIG{'CHLD'} = \&reaper;
    print "Setting up /tmp & /var/tmp in the background\n";
    exit if fork;
}
elsif ( !$auto ) {
    exit;
}

print "Securing /tmp & /var/tmp\n";

# Secure PATH
$ENV{'PATH'} .= ":/sbin:/usr/sbin";

# Global Variables
my $brokenvartmp = 0;
my @vnodes       = ();
my $vnodeconfig  = '';
my $vnodesrch    = '';
my $vnodenumber  = 0;
my $tmpmnt       = '';
my $vartmpmnt    = '';
my $tmpopts      = '';
my $vartmpopts   = '';
my $mountkeyword = '';
my $cpflags      = '';
my $tmpdsksize   = 512000;    # Must be larger than 250000

$mountkeyword = 'remount';
$cpflags      = '-af';

if ( open my $mounts_fh, '<', '/proc/mounts' ) {
    while ( my $line = readline $mounts_fh ) {

        # must detect: /dev/sda1 /var/tmp\040(deleted) ext2 rw,nosuid,noexec,usrquota 0 0
        if ( $line =~ m/^(\S+)\s+([^\s\\\(]+)\S*\s+\S+\s+(\S+)/ ) {
            if ( $2 eq '/tmp' ) {
                $tmpmnt  = $1;
                $tmpopts = $3;
            }
            elsif ( $2 eq '/var/tmp' ) {
                $vartmpmnt  = $1;
                $vartmpopts = $3;
            }
            if ( $1 =~ /^\/dev\/vn.*/ ) {
                push @vnodes, $1;
            }
        }

        if ( $line =~ m/\S+\s+\(deleted\)[^\/]*\/var\/tmp\s+/ ) {
            $brokenvartmp = 1;
            $vartmpmnt    = '';
            $vartmpopts   = '';
        }
    }
    close $mounts_fh;
}
else {
    die "Unable to read /proc/mounts: $!";
}

# Begin securetmp actions
if ( !$tmpmnt ) {

    print "Calculating size on /tmp\n";
    my $partition_map = {};
    my $filesys       = Cpanel::DiskLib::get_disk_used_percentage_with_dupedevs();
    foreach my $disk ( @{$filesys} ) {
        $partition_map->{ $disk->{'mount'} } = $disk->{'available'};
    }
    my $mount_point = Cpanel::Filesys::FindParse::find_mount( $filesys, '/usr/tmpDSK' );

    my $available                 = $partition_map->{$mount_point};
    my $five_percent_of_available = ( $available * 0.05 );
    if ( $five_percent_of_available > $tmpdsksize ) {
        $tmpdsksize = $five_percent_of_available;
    }
    my $FOUR_GIG_k = ( 1024 * 1024 * 4 );
    if ( $tmpdsksize > $FOUR_GIG_k ) {
        $tmpdsksize = $FOUR_GIG_k;
    }

    $tmpdsksize = int($tmpdsksize);
    $tmpdsksize = $tmpdsksize - ( $tmpdsksize % 1024 );

    my $tmpdsksize_megs = ( $tmpdsksize / 1024 );
    print "/tmp calculated to be $tmpdsksize_megs M based on available disk space in /usr\n";

    # Check loop dev on Linux
    if ( !$has_loop_device ) {
        print "The system does not support loop devices.\n";
        if ($brokenvartmp) {
            print 'Unmounting orphaned /var/tmp ...';
            system 'umount', '/var/tmp';
            print "Done\n";
        }
        exit;
    }

    if ( -d '/usr/tmpDSK' ) {
        rename( '/usr/tmpDSK', '/usr/tmpDSK.move_away.' . $$ . '.' . time() );
    }

    if ( !-e '/usr/tmpDSK' ) {
        print "No separate partition for tmp!\n";
        createtmpdisk('/usr/tmpDSK');
    }
    elsif ( -d '/usr/tmpDSK' ) {
        die "/usr/tmpDSK exists as a directory. Please remove and rerun /usr/local/cpanel/scripts/securetmp.\n";
    }

    # ensure that /usr/tmpDSK is large enough
    elsif ( ( -s '/usr/tmpDSK' ) < ( $tmpdsksize * 1024 ) ) {
        print "Your /tmp is too small.   Rebuilding it now.\n";
        system 'rm', '-f', '/usr/tmpDSK';
        createtmpdisk('/usr/tmpDSK');
    }
    else {
        print "Everything looks good with your /tmp.  Its the right size and ready to go.\n";
    }
    print 'Setting up /tmp... ';
    if ( -e '/usr/tmp.secure' ) {
        system 'mv', '-f', '/usr/tmp.secure', '/usr/tmp.secure.cpback';
    }
    mkdir '/usr/tmp.secure';
    archivecopy( '/tmp', '/usr/tmp.secure' );
    system 'rm', '-rf', '/tmp';
    mkdir '/tmp';
    chmod( oct(1777), '/tmp' );
    my $mountresult = mounttmpdsk( '/usr/tmpDSK', '/tmp', $tmpopts );
    archivecopy( '/usr/tmp.secure/tmp/.', '/tmp' );
    chmod( oct(1777), '/tmp' );
    system 'rm', '-rf', '/usr/tmp.secure';

    if ($mountresult) {
        die "There was a problem mounting /tmp: $mountresult";
    }
    print "Done\n";
}
elsif ( $tmpmnt && $tmpopts !~ m/noexec/ ) {
    print 'Securing /tmp... ';
    system 'mount', '-o', $mountkeyword . ',noexec,nosuid', $tmpmnt, '/tmp';
    print "Done\n";
}
else {
    print "/tmp is already secure\n";
}

if ( $brokenvartmp || ( $vartmpmnt && $vartmpopts !~ m/noexec/ ) ) {
    print 'Unmounting insecure /var/tmp... ';
    system 'umount', '/var/tmp';
    $vartmpmnt  = '';
    $vartmpopts = '';
    print "Done\n";
}

if ( !$vartmpmnt ) {
    print 'Setting up /var/tmp... ';

    if ( !-e '/var/tmp' ) {
        mkdir '/var/tmp';
    }
    elsif ( !-d '/var/tmp' ) {
        system 'mv', '/var/tmp', '/var/tmp.cpback';
        mkdir '/var/tmp';
    }

    system 'mount', '-o', 'bind,noexec,nosuid', '/tmp', '/var/tmp';
    print "Done\n";
}
else {
    print "/var/tmp is already secure\n";
}

my $usingTMPDSK = 0;
if ( -e '/usr/tmpDSK' ) {
    my $mount = `mount`;
    if ( $mount =~ m/tmpDSK/ ) {
        $usingTMPDSK = 1;
    }
}

print 'Checking fstab for entries ...';
my $hastmpdsk    = 0;
my $hasvartmpdsk = 0;
my $fslock       = Cpanel::SafeFile::safeopen( \*FSTAB, '+<', '/etc/fstab' );
if ($fslock) {
    while (<FSTAB>) {
        if (/^\s*\/usr\/tmpDSK/)      { $hastmpdsk    = 1; }
        if (/^\s*(\S+)\s*\/var\/tmp/) { $hasvartmpdsk = 1; }
    }

    if ( !$hastmpdsk && $usingTMPDSK ) {
        print "Added fstab entry (/tmp)....";
        print FSTAB "/usr/tmpDSK             /tmp                    ext4    defaults,noauto        0 0\n";
    }
    if ( !$hasvartmpdsk && $vartmpmnt ) {
        print "Added fstab entry (/var/tmp)....";
        print FSTAB "/tmp             /var/tmp                    ext4    defaults,bind,noauto        0 0\n";
    }

    Cpanel::SafeFile::safeclose( \*FSTAB, $fslock );
    print "Done\n";
}
else {
    $logger->die("Could not edit /etc/fstab");
}

my $logrotate = '/etc/cron.daily/logrotate';
if ( -e $logrotate ) {
    my @logrotate_contents;
    my $has_tmpdir = 0;
    if ( open my $logrotate_fh, '<', $logrotate ) {
        while ( my $line = readline $logrotate_fh ) {
            if ( $line =~ m/TMPDIR/ && $line !~ m/^\s*#/ ) {
                $has_tmpdir = 1;
                last;
            }
            push @logrotate_contents, $line;
        }
        close $logrotate_fh;

        if ( !$has_tmpdir ) {
            my $updated_logrotate = 0;
            if ( open my $logrotate_fh, '>', $logrotate ) {
                foreach my $line (@logrotate_contents) {
                    if ( $line =~ m/^#!\/(?:usr|bin)/ ) {
                        print "Adding TMPDIR setting to /etc/cron.daily/logrotate\n";
                        print {$logrotate_fh} $line;
                        print {$logrotate_fh} "export TMPDIR=/var/spool/logrotate/tmp\n";
                        $updated_logrotate = 1;
                    }
                    else {
                        print {$logrotate_fh} $line;
                    }
                }
                close $logrotate_fh;
            }
            if ($updated_logrotate) {
                if ( !-e '/var/spool/logrotate/tmp' ) {
                    system 'mkdir', '-p', '/var/spool/logrotate/tmp';
                }
                if ( !-d '/var/spool/logrotate/tmp' ) {
                    print <<'EOM';
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Logrotate detected and TMPDIR setting updated. The TMPDIR
directory (/var/spool/logrotate/tmp) does not exist!

Logrotate will need to use this directory for execution of
its postrotate scripts. This directory is normally /tmp, but
due to /tmp being set as non-executable an alternative
directory must be specified. Please correct this issue.

See /etc/cron.daily/logrotate to adjust the TMPDIR value for your system.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
EOM
                }
            }
            else {
                warn "Failed to update /etc/cron.daily/logrotate! Logrotate may be corrupt.";
            }
        }
        else {
            print "Logrotate TMPDIR already configured\n";
        }
    }
}

print "Process Complete\n";

Cpanel::Filesys::Mounts::clear_mounts_cache();

exit;

################################################################################
# createtmpdisk
################################################################################
sub createtmpdisk {
    my $path      = shift;
    my $disk_size = shift || $tmpdsksize;

    local $ENV{'LC_ALL'} = 'C';    # Force prompt processing to english

    print "Building ${path}...";
    if ( -e $path ) {
        unlink($path);
    }
    my $disk_size_in_m = int( $disk_size / 1024 ) || 1;
    my $bytes          = 1024 * 1024 * $disk_size_in_m;
    open( my $fh, '>', $path ) or die "Failed to open “$path”: $!";
    truncate( $fh, $bytes ) or do {
        die "truncate($path, $bytes): $!";
    };
    close($fh);

    open( my $mkfs, "|-" ) || exec( "/sbin/mkfs", $path );
    print {$mkfs} "yes\r\n";
    close($mkfs);
    if ( -e "/sbin/tune2fs" ) {
        system( "/sbin/tune2fs", "-j", $path );
    }

    chmod 0600, $path;
    print "Done\n";
    return;
}

################################################################################
# archivecopy
################################################################################
sub archivecopy {
    my ( $origin, $dest ) = @_;

    my $cpflags = '-af';
    return system( "cp", $cpflags, $origin, $dest );
}

################################################################################
# mounttmpdsk
################################################################################
sub mounttmpdsk {
    my ( $disk_path, $mount_path, $current_mount_opts ) = @_;

    $current_mount_opts //= '';

    # Try to mount ext4 + discard first; if that fails, let the system detect the filesystem.
    if ( $current_mount_opts !~ m/loop/ ) {
        if ( system( 'mount', '-t', 'ext4', '-o', 'loop,noexec,nosuid,rw,discard', $disk_path, $mount_path ) ) {
            system( 'mount', '-o', 'loop,noexec,nosuid,rw', $disk_path, $mount_path );
        }
    }
    return (0);
}

sub test_loopback_device {
    my $loopback_device = shift;

    system( 'umount', '/usr/testDSK' );

    createtmpdisk( '/usr/testDSK', 10240 );

    my $tmpfile         = Cpanel::TempFile->new();
    my $test_mount_path = $tmpfile->dir();

    mounttmpdsk( '/usr/testDSK', $test_mount_path );

    my $loopback_status = Cpanel::SafeRun::Errors::saferunallerrors( 'losetup', $loopback_device );

    system( 'umount', $test_mount_path );
    unlink( '/usr/testDSK', $test_mount_path );

    return $loopback_status =~ m/\Q$loopback_device\E:.*\/usr\/testDSK/i ? 1 : 0;
}

sub check_loop_device {
    my $loopback_device = Cpanel::SafeRun::Errors::saferunallerrors( 'losetup', '-f' );

    chomp $loopback_device;

    return if !$loopback_device || !test_loopback_device($loopback_device);

    return $loopback_device;
}

################################################################################
# reaper
################################################################################
sub reaper {
    my $thedead;
    while ( ( $thedead = waitpid( -1, 1 ) ) > 0 ) {

        # the dead shall do what ?
    }
    $SIG{CHLD} = \&reaper;
}

© 2025 UnknownSec
Display on the page Footer | Anyleson - Learning Platform
INR (₹)
India Rupee
$
United States Dollar
Your cart is empty
Empty notifications
Login Register

Display on the page Footer

Privacy Policy

Effective Date: 24 August , 2024

At Anyleson, we are committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This Privacy Policy outlines how we collect, use, and safeguard your data when you use our platform.

Information We Collect


  1. Personal Information:

    • Name, email address, phone number, and billing details.

    • Account login credentials (username and password).



  2. Course Usage Data:

    • Progress and activity within courses.

    • Feedback and reviews submitted for courses.



  3. Technical Information:

    • IP address, browser type, device information, and cookies for improving website functionality.



  4. Communication Data:

    • Information from your interactions with our customer support.



How We Use Your Information


  1. To Provide Services:

    • Process course purchases, registrations, and access to content.



  2. To Improve User Experience:

    • Analyze user behavior to enhance course offerings and platform features.



  3. To Communicate:

    • Send updates, notifications, and promotional offers (only if you’ve opted in).



  4. For Legal Compliance:

    • Meet legal or regulatory requirements and prevent fraud.



How We Protect Your Information


  1. Data Encryption: All sensitive data is encrypted during transmission using SSL.

  2. Access Control: Only authorized personnel have access to personal information.

  3. Secure Storage: Data is stored on secure servers with regular security updates.

Sharing Your Information

We do not sell, rent, or trade your personal data. However, we may share your information with:


  1. Service Providers:

    • Payment processors and hosting services that assist in delivering our platform.



  2. Legal Authorities:

    • When required by law or to protect our legal rights.



Your Rights


  1. Access and Update: You can view and update your personal information in your account settings.

  2. Request Deletion: You have the right to request deletion of your data by contacting us.

  3. Opt-Out: You can opt out of receiving promotional emails by clicking the “unsubscribe” link in our emails.

Cookies Policy

We use cookies to enhance your experience by:


  • Remembering your preferences.

  • Analyzing website traffic.
    You can manage your cookie preferences through your browser settings.

Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their privacy policies.

Policy Updates

We may update this Privacy Policy from time to time. Changes will be posted on this page, and the "Effective Date" will be updated. Please review the policy periodically.

Contact Us

If you have any questions or concerns about our Privacy Policy or how your data is handled, please contact us at:

Email: support@anyleson.comThank you for trusting Anyleson with your learning journey!