#!/usr/bin/env bash
set -o pipefail
set -o errexit
# Script to upgrade ImunifyAV and/or Imunify360
# bypassing gradual rollout
PACKAGES=''
PRODUCT_AV='imunify-antivirus'
PRODUCT_I360='imunify360-firewall'
IMUNIFY_ANTIVIRUS_PACKAGES="imunify-antivirus \
ai-bolit \
alt-php-hyperscan \
imunify-common \
imunify-notifier \
imunify-core \
imunify-ui \
imunify360-venv \
alt-php-internal \
app-version-detector"
IMUNIFY360_FIREWALL_PACKAGES="imunify360-firewall \
ai-bolit \
alt-php-hyperscan \
imunify-common \
imunify-notifier \
imunify-core \
imunify-ui \
imunify360-venv \
imunify-antivirus \
cloudlinux-backup-utils \
imunify-realtime-av \
imunify360-ossec \
imunify360-pam \
imunify360-php-i360 \
imunify360-webshield-bundle \
imunify360-unified-access-logger \
alt-php-internal \
app-version-detector"
IMUNIFY360_FIREWALL_RPM_ONLY_PACKAGES="imunify-auditd-log-reader \
minidaemon"
IMUNIFY_ANTIVIRUS_RPM_ONLY_PACKAGES="minidaemon"
detect_ostype()
{
if [ ! -f /etc/os-release ]
then
OSTYPE=centos
else
source /etc/os-release
if echo $ID $ID_LIKE | grep debian >/dev/null
then
OSTYPE=debian
else
OSTYPE=centos
fi
fi
}
detect_product_debian() {
if dpkg -l "$PRODUCT_AV" 2>/dev/null | grep -E -q "^i\S?\s{2}${PRODUCT_AV}"; then
PACKAGES="$IMUNIFY_ANTIVIRUS_PACKAGES"
fi
if dpkg -l "$PRODUCT_I360" 2>/dev/null | grep -E -q "^i\S?\s{2}${PRODUCT_I360}"; then
PACKAGES="$IMUNIFY360_FIREWALL_PACKAGES"
fi
}
detect_product_centos() {
if rpm -q "${PRODUCT_AV}" >/dev/null; then
PACKAGES="$IMUNIFY_ANTIVIRUS_PACKAGES \
$IMUNIFY_ANTIVIRUS_RPM_ONLY_PACKAGES"
fi
if rpm -q "${PRODUCT_I360}" >/dev/null; then
PACKAGES="$IMUNIFY360_FIREWALL_PACKAGES \
$IMUNIFY360_FIREWALL_RPM_ONLY_PACKAGES"
fi
}
update_centos()
{
yum -y update $PACKAGES --enablerepo="imunify360-rollout-*-bypass"
}
update_debian()
{
PACKAGES="$(dpkg-query -W -f='${binary:Package}\n' $PACKAGES 2>/dev/null || true)"
# first enable rollout bypass repos
APT_REPO_PATH="/etc/apt/sources.list.d/imunify-rollout-bypass.list"
UPDATE_PARAMS=''
cp "${APT_REPO_PATH}.disabled" $APT_REPO_PATH
apt-get update
# for silent mode
# force save old config files. new files will be saved by dpkg
if [ "$DEBIAN_FRONTEND" == "noninteractive" ]; then
# see dpkg options https://man7.org/linux/man-pages/man1/dpkg.1.html
# the same options as in the daily update cronjob
</dev/null apt-get install --only-upgrade -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" $PACKAGES
else # interactive
apt-get install --only-upgrade -y $PACKAGES
fi
rm $APT_REPO_PATH
}
detect_ostype
detect_product_${OSTYPE}
if [ -z "$PACKAGES" ]; then
echo "Neither ImunifyAV nor Imunify360 found installed"
exit 1
fi
update_${OSTYPE}