Current File : //proc/self/root/opt/imunify360/venv/share/imunify360/scripts/imunify-force-update.sh
#!/usr/bin/bash

set -o pipefail
set -o errexit

# Script to upgrade ImunifyAV and/or Imunify360
# bypassing gradual rollout

PACKAGES=''

PRODUCT_AV='imunify-antivirus'
PRODUCT_I360='imunify360-firewall'

IMUNIFY_ANTIVIRUS_PACKAGES="imunify-antivirus \
    ai-bolit \
    alt-php-hyperscan \
    imunify-common \
    imunify-notifier \
    imunify-core \
    imunify-ui \
    imunify360-venv \
    alt-php-internal \
    app-version-detector"

IMUNIFY360_FIREWALL_PACKAGES="imunify360-firewall \
    ai-bolit \
    alt-php-hyperscan \
    imunify-common \
    imunify-notifier \
    imunify-core \
    imunify-ui \
    imunify360-venv \
    imunify-antivirus \
    cloudlinux-backup-utils \
    imunify-realtime-av \
    imunify360-ossec \
    imunify360-pam \
    imunify360-php-i360 \
    imunify360-webshield-bundle \
    imunify360-unified-access-logger \
    alt-php-internal \
    app-version-detector"

IMUNIFY360_FIREWALL_RPM_ONLY_PACKAGES="imunify-auditd-log-reader \
    minidaemon"

IMUNIFY_ANTIVIRUS_RPM_ONLY_PACKAGES="minidaemon"

detect_ostype()
{
    if [ ! -f /etc/os-release ]
    then
        OSTYPE=centos
    else
        source /etc/os-release
        if echo $ID $ID_LIKE | grep debian >/dev/null
        then
            OSTYPE=debian
        else
            OSTYPE=centos
        fi
    fi
}

detect_product_debian() {
    if dpkg -l "$PRODUCT_AV" 2>/dev/null | grep -E -q "^i\S?\s{2}${PRODUCT_AV}"; then
        PACKAGES="$IMUNIFY_ANTIVIRUS_PACKAGES"
    fi
    if dpkg -l "$PRODUCT_I360" 2>/dev/null | grep -E -q "^i\S?\s{2}${PRODUCT_I360}"; then
        PACKAGES="$IMUNIFY360_FIREWALL_PACKAGES"
    fi
}

detect_product_centos() {
    if rpm -q "${PRODUCT_AV}" >/dev/null; then
        PACKAGES="$IMUNIFY_ANTIVIRUS_PACKAGES \
            $IMUNIFY_ANTIVIRUS_RPM_ONLY_PACKAGES"
    fi
    if rpm -q "${PRODUCT_I360}" >/dev/null; then
        PACKAGES="$IMUNIFY360_FIREWALL_PACKAGES \
                 $IMUNIFY360_FIREWALL_RPM_ONLY_PACKAGES"
    fi
}

update_centos()
{
    yum -y update $PACKAGES --enablerepo="imunify360-rollout-*-bypass"
}

update_debian()
{
    PACKAGES="$(dpkg-query -W -f='${binary:Package}\n' $PACKAGES 2>/dev/null || true)"
    # first enable rollout bypass repos
    APT_REPO_PATH="/etc/apt/sources.list.d/imunify-rollout-bypass.list"
    UPDATE_PARAMS=''
    cp "${APT_REPO_PATH}.disabled" $APT_REPO_PATH
    apt-get update
    # for silent mode
    # force save old config files. new files will be saved by dpkg
    if [ "$DEBIAN_FRONTEND" == "noninteractive" ]; then
       # see dpkg options https://man7.org/linux/man-pages/man1/dpkg.1.html
       # the same options as in the daily update cronjob
       </dev/null apt-get install --only-upgrade -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" $PACKAGES
    else  # interactive
       apt-get install --only-upgrade -y $PACKAGES
    fi
    rm $APT_REPO_PATH
}

detect_ostype
detect_product_${OSTYPE}

if [ -z "$PACKAGES" ]; then
    echo "Neither ImunifyAV nor Imunify360 found installed"
    exit 1
fi

update_${OSTYPE}