Updated Security Tools

PDowney · PDowney · commit ce3a33d72b89 · 2023-09-28T02:32:39.000-04:00
diff --git a/enginescript-variables.txt b/enginescript-variables.txt
@@ -7,7 +7,7 @@
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
 
 # EngineScript Version
-VARIABLES_DATE="SEPTEMBER 20 2023"
+VARIABLES_DATE="SEPTEMBER 28 2023"
 
 # Software Versions
 MARIADB_VER="10.11"
@@ -19,7 +19,7 @@ PCRE2_VER="10.42"
 PHP_VER="8.1"
 PHPMYADMIN_VER="5.2.1"
 PNGOUT_VER="20200115"
-WORDFENCE_CLI_VER="1.0.1"
+WORDFENCE_CLI_VER="1.1.0"
 ZLIB_VER="1.3"
 
 # Old Software Versions
diff --git a/scripts/functions/security/10up-vuln-scanner.sh b/scripts/functions/security/10up-vuln-scanner.sh
@@ -26,8 +26,8 @@ fi
 
 cd /var/www/sites
 printf "Please select the site you want to scan for vulnerabilities:\n"
-select d in */; do test -n "$d" && break; echo ">>> Invalid Selection"; done
-cd "$d"html && echo "10up Vulnerability Scanner is running. Scan may take a bit, standby for results."
+select d in *; do test -n "$d" && break; echo ">>> Invalid Selection"; done
+cd "$d"/html && echo "10up Vulnerability Scanner is running. Scan may take a bit, standby for results."
 wp vuln status --allow-root
 
 # Ask user to acknowledge that the scan has completed before moving on
diff --git a/scripts/functions/security/php-malware-finder.sh b/scripts/functions/security/php-malware-finder.sh
@@ -26,8 +26,8 @@ fi
 
 cd /var/www/sites
 printf "Please select the site you want to scan for vulnerabilities:\n"
-select d in */; do test -n "$d" && break; echo ">>> Invalid Selection"; done
-cd "$d"html && echo "PHP Malware Finder is running. Scan may take a bit, standby for results."
+select d in *; do test -n "$d" && break; echo ">>> Invalid Selection"; done
+cd "$d"/html && echo "PHP Malware Finder is running. Scan may take a bit, standby for results."
 yara -r /usr/local/bin/php-malware-finder/php-malware-finder/php.yar ./wp-content
 
 # Ask user to acknowledge that the scan has completed before moving on
diff --git a/scripts/functions/security/wordfence-cli.sh b/scripts/functions/security/wordfence-cli.sh
@@ -25,12 +25,19 @@ fi
 # Start Main Script
 
 cd /var/www/sites
-/usr/local/src/wordfence scan --output-path /home/EngineScript/wordfence-scan-results/wordfence-cli-scan-results.csv /usr/src
+printf "Please select the site you want to scan for vulnerabilities:\n"
+select d in *; do test -n "$d" && break; echo ">>> Invalid Selection"; done
+cd "$d"/html && echo "WordPress CLI is running. This scan may take a bit, standby for results."
+echo "When completed, the scan results will be located at:"
+echo "/home/EngineScript/wordfence-scan-results/wordfence-cli-scan-results.csv"
+
+# Scan
+/usr/local/src/Wordfence-CLI/wordfence scan --progress --images --output-path /home/EngineScript/wordfence-scan-results/wordfence-cli-scan-results.csv /var/www/sites
 
 # Ask user to acknowledge that the scan has completed before moving on
 echo ""
 echo ""
-echo "scan results will be located at:"
+echo "The scan results will be located at:"
 echo "/home/EngineScript/wordfence-scan-results/wordfence-cli-scan-results.csv"
 echo ""
 read -n 1 -s -r -p "Press any key to continue"
diff --git a/scripts/functions/server-tools/wp-cli-doctor.sh b/scripts/functions/server-tools/wp-cli-doctor.sh
@@ -26,8 +26,8 @@ fi
 
 cd /var/www/sites
 printf "Please select the site you want to scan for issues\n"
-select d in */; do test -n "$d" && break; echo ">>> Invalid Selection"; done
-cd "$d"html && echo "WP-CLI Doctor is running. Scan may take a bit, standby for results."
+select d in *; do test -n "$d" && break; echo ">>> Invalid Selection"; done
+cd "$d"/html && echo "WP-CLI Doctor is running. Scan may take a bit, standby for results."
 wp doctor check --allow-root
 
 # Ask user to acknowledge that the scan has completed before moving on
diff --git a/scripts/install/cron/cron-install.sh b/scripts/install/cron/cron-install.sh
@@ -75,7 +75,10 @@ fi
 (crontab -l 2>/dev/null; echo "51 5 1 * * cd /usr/local/bin/enginescript/scripts/functions/cron; bash ufw-cloudflare-cron.sh >/dev/null 2>&1") | crontab -
 
 # Update WP-CLI & Packages (daily)
-(crontab -l 2>/dev/null; echo "52 5 * * * cd /usr/local/bin/enginescript/scripts/functions/cron; bash wp-cli-update.sh >/dev/null 2>&1") | crontab -
+(crontab -l 2>/dev/null; echo "52 5 * * * cd /usr/local/bin/enginescript/scripts/update; bash wp-cli-update.sh >/dev/null 2>&1") | crontab -
+
+# Update Wordfence CLI (daily)
+(crontab -l 2>/dev/null; echo "53 5 * * * cd /usr/local/bin/enginescript/scripts/update; bash wordfence-cli-update.sh >/dev/null 2>&1") | crontab -
 
 # Reset Ownership & Permissions for WordPress and EngineScript (daily)
 (crontab -l 2>/dev/null; echo "54 5 * * * cd /usr/local/bin/enginescript/scripts/functions/cron; bash permissions.sh >/dev/null 2>&1") | crontab -
diff --git a/scripts/install/tools/security/wordfence-cli.sh b/scripts/install/tools/security/wordfence-cli.sh
@@ -27,17 +27,23 @@ fi
 # Wordfence CLI Malware scanner
 
 # Install
-cd /usr/local/src
-wget https://github.com/wordfence/wordfence-cli/releases/download/v${WORDFENCE_CLI_VER}/wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz --no-check-certificate
-tar xvzf wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz
+mkdir -p /usr/local/src/Wordfence-CLI/
+rm -rf /usr/local/src/Wordfence-CLI/wordfence
+wget -O /usr/src/wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz https://github.com/wordfence/wordfence-cli/releases/download/v${WORDFENCE_CLI_VER}/wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz --no-check-certificate
+tar -xvf /usr/src/wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz
+mv /usr/src/wordfence /usr/local/src/Wordfence-CLI/wordfence
+
+# Make Results Directory
 mkdir -p /home/EngineScript/wordfence-scan-results
+
+# Make Cache Directory
 mkdir -p ~/.cache/wordfence
-mkdir -p ~/.config/wordfence
 chmod 775 ~/.cache/wordfence
-touch ~/.config/wordfence/wordfence-cli.ini
 
 # Configuration
 # Create your token at https://www.wordfence.com/products/wordfence-cli/
+mkdir -p ~/.config/wordfence
+touch ~/.config/wordfence/wordfence-cli.ini
 cat >>~/.config/wordfence/wordfence-cli.ini <<EOL
 [SCAN]
 license = ${WORDFENCE_CLI_TOKEN}
diff --git a/scripts/menu/security-tools-menu.sh b/scripts/menu/security-tools-menu.sh
@@ -32,7 +32,7 @@ while true
     echo ""
     echo ""
     PS3='Please enter your choice: '
-    secoptions=("10up WP-CLI Vulnerability Scanner" "PHP Malware Finder" "Wordfence CLI Malware Scan" "WPScan Vulnerability Scan" "Exit Security Tools")
+    secoptions=("10up WP-CLI Vulnerability Scan" "PHP Malware Finder" "Wordfence CLI Malware Scan" "WPScan Vulnerability Scan" "Exit Security Tools")
     select secopt in "${secoptions[@]}"
     do
       case $secopt in
diff --git a/scripts/update/wordfence-cli-update.sh b/scripts/update/wordfence-cli-update.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+#----------------------------------------------------------------------------
+# EngineScript - A High-Performance WordPress Server Built on Ubuntu and Cloudflare
+#----------------------------------------------------------------------------
+# Website:      https://EngineScript.com
+# GitHub:       https://github.com/Enginescript/EngineScript
+# Company:      VisiStruct / EngineScript
+# License:      GPL v3.0
+# OS:           Ubuntu 22.04 (jammy)
+#----------------------------------------------------------------------------
+
+# EngineScript Variables
+source /usr/local/bin/enginescript/enginescript-variables.txt
+source /home/EngineScript/enginescript-install-options.txt
+
+# Check current user's ID. If user is not 0 (root), exit.
+if [ "${EUID}" != 0 ];
+  then
+    echo "${BOLD}ALERT:${NORMAL}"
+    echo "EngineScript should be executed as the root user."
+    exit
+fi
+
+#----------------------------------------------------------------------------
+# Start Main Script
+
+#----------------------------------------------------------------------------
+
+# Update Wordfence CLI
+rm -rf /usr/local/src/Wordfence-CLI/wordfence
+wget -O /usr/src/wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz https://github.com/wordfence/wordfence-cli/releases/download/v${WORDFENCE_CLI_VER}/wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz --no-check-certificate
+tar -xvf /usr/src/wordfence_${WORDFENCE_CLI_VER}_amd64_linux_exec.tar.gz
+mv /usr/src/wordfence /usr/local/src/Wordfence-CLI/wordfence
diff --git a/scripts/update/wp-cli-update.sh b/scripts/update/wp-cli-update.sh
diff --git a/var/www/wordpress/wp-config.php b/var/www/wordpress/wp-config.php
@@ -123,7 +123,7 @@
 // Make sure to change the directory to match where you're placing the worker code.
 //define( 'SWCFPC_CF_WOKER_FULL_PATH', '/home/some-site/public/wp-content/themes/your-theme/assets/js/my-custom-cf-worker.js' );
 
-/* WP-CLI 10Up Vulnerability Scanner */
+/* 10Up Vulnerability Scanner */
 // We're selecting Wordfence Intelligence CE as the default scanner. It does not require an API Key.
 //
 // Register for an account at
