2019-12-10 23:04:24 +05:00
|
|
|
#!/usr/local/CyberCP/bin/python
|
2019-12-25 18:25:18 +05:00
|
|
|
import sys
|
2024-10-03 10:46:18 +05:00
|
|
|
|
2019-12-25 18:25:18 +05:00
|
|
|
sys.path.append('/usr/local/CyberCP')
|
2019-12-15 13:30:40 +05:00
|
|
|
from plogical import CyberCPLogFileWriter as logging
|
2018-08-06 02:01:09 +05:00
|
|
|
import subprocess
|
|
|
|
|
import shlex
|
|
|
|
|
import argparse
|
|
|
|
|
import os
|
2018-08-10 23:29:10 +05:00
|
|
|
import threading as multi
|
2019-03-21 23:26:42 +05:00
|
|
|
from plogical.processUtilities import ProcessUtilities
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-10-08 13:17:33 -04:00
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
class CSF(multi.Thread):
|
2018-08-06 02:01:09 +05:00
|
|
|
installLogPath = "/home/cyberpanel/csfInstallLog"
|
|
|
|
|
csfURL = 'https://download.configserver.com/csf.tgz'
|
|
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
def __init__(self, installApp, extraArgs):
|
|
|
|
|
multi.Thread.__init__(self)
|
|
|
|
|
self.installApp = installApp
|
|
|
|
|
self.extraArgs = extraArgs
|
|
|
|
|
|
|
|
|
|
def run(self):
|
2018-08-06 02:01:09 +05:00
|
|
|
try:
|
2018-08-10 23:29:10 +05:00
|
|
|
if self.installApp == 'installCSF':
|
|
|
|
|
self.installCSF()
|
|
|
|
|
elif self.installApp == 'removeCSF':
|
|
|
|
|
self.removeCSF()
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2018-08-10 23:29:10 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + ' [CSF.run]')
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
@staticmethod
|
|
|
|
|
def installCSF():
|
2018-08-10 23:29:10 +05:00
|
|
|
try:
|
2018-08-06 02:01:09 +05:00
|
|
|
##
|
|
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
logging.CyberCPLogFileWriter.statusWriter(CSF.installLogPath, 'Downloading CSF..\n', 1)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
command = 'wget ' + CSF.csfURL
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
|
|
|
|
##
|
|
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
logging.CyberCPLogFileWriter.statusWriter(CSF.installLogPath, 'Extracting CSF..\n', 1)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
command = 'tar -xzf csf.tgz'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
|
|
|
|
##
|
|
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
logging.CyberCPLogFileWriter.statusWriter(CSF.installLogPath, 'Installing CSF..\n', 1)
|
2024-10-07 14:50:54 +05:00
|
|
|
|
2018-08-06 02:01:09 +05:00
|
|
|
os.chdir('csf')
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2024-01-15 11:39:28 +05:00
|
|
|
### manually update csf views.py because it does not load CyberPanel properly in default configurations
|
|
|
|
|
|
2024-10-07 16:43:10 +05:00
|
|
|
content = '''
|
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
|
|
|
|
|
import os
|
|
|
|
|
import os.path
|
|
|
|
|
import sys
|
|
|
|
|
import django
|
|
|
|
|
|
|
|
|
|
sys.path.append('/usr/local/CyberCP')
|
|
|
|
|
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings")
|
|
|
|
|
django.setup()
|
|
|
|
|
from plogical.acl import ACLManager
|
|
|
|
|
|
|
|
|
|
from plogical.processUtilities import ProcessUtilities
|
|
|
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
|
|
|
import tempfile
|
|
|
|
|
from django.http import HttpResponse
|
|
|
|
|
from django.views.decorators.clickjacking import xframe_options_exempt
|
|
|
|
|
from plogical.httpProc import httpProc
|
|
|
|
|
|
|
|
|
|
def configservercsf(request):
|
|
|
|
|
proc = httpProc(request, 'configservercsf/index.html',
|
|
|
|
|
None, 'admin')
|
|
|
|
|
return proc.render()
|
|
|
|
|
|
|
|
|
|
@csrf_exempt
|
|
|
|
|
@xframe_options_exempt
|
|
|
|
|
def configservercsfiframe(request):
|
|
|
|
|
userID = request.session['userID']
|
|
|
|
|
currentACL = ACLManager.loadedACL(userID)
|
|
|
|
|
|
|
|
|
|
if currentACL['admin'] == 1:
|
|
|
|
|
pass
|
|
|
|
|
else:
|
|
|
|
|
return ACLManager.loadError()
|
|
|
|
|
|
|
|
|
|
if request.method == 'GET':
|
|
|
|
|
qs = request.GET.urlencode()
|
|
|
|
|
elif request.method == 'POST':
|
|
|
|
|
qs = request.POST.urlencode()
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
tmp = tempfile.NamedTemporaryFile(mode = "w", delete=False)
|
|
|
|
|
tmp.write(qs)
|
|
|
|
|
tmp.close()
|
|
|
|
|
command = "/usr/local/csf/bin/cyberpanel.pl '" + tmp.name + "'"
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
output = ProcessUtilities.outputExecutioner(command)
|
|
|
|
|
except:
|
|
|
|
|
output = "Output Error from csf UI script"
|
|
|
|
|
|
|
|
|
|
os.unlink(tmp.name)
|
|
|
|
|
except:
|
|
|
|
|
output = "Unable to create csf UI temp file"
|
|
|
|
|
|
|
|
|
|
return HttpResponse(output)
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
WriteToFile = open('cyberpanel/configservercsf/views.py', 'w')
|
|
|
|
|
WriteToFile.write(content)
|
|
|
|
|
WriteToFile.close()
|
|
|
|
|
|
|
|
|
|
### now update content of signals.py
|
|
|
|
|
WriteToFile = open('cyberpanel/configservercsf/signals.py', 'w')
|
|
|
|
|
WriteToFile.close()
|
|
|
|
|
|
|
|
|
|
### now update content of apps.py
|
|
|
|
|
|
|
|
|
|
content = '''
|
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
|
|
|
|
|
from django.apps import AppConfig
|
|
|
|
|
|
|
|
|
|
class configservercsfConfig(AppConfig):
|
|
|
|
|
name = 'configservercsf'
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
WriteToFile = open('cyberpanel/configservercsf/apps.py', 'w')
|
|
|
|
|
WriteToFile.write(content)
|
|
|
|
|
WriteToFile.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### now update content of urls.py
|
|
|
|
|
|
|
|
|
|
content = '''
|
|
|
|
|
from django.urls import path, re_path
|
|
|
|
|
from . import views
|
|
|
|
|
|
|
|
|
|
urlpatterns = [
|
|
|
|
|
path('', views.configservercsf, name='configservercsf'),
|
|
|
|
|
path('iframe/', views.configservercsfiframe, name='configservercsfiframe'),
|
|
|
|
|
]
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
WriteToFile = open('cyberpanel/configservercsf/urls.py', 'w')
|
|
|
|
|
WriteToFile.write(content)
|
|
|
|
|
WriteToFile.close()
|
2024-01-15 11:39:28 +05:00
|
|
|
|
2024-10-07 17:19:19 +05:00
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
command = "chmod +x install.sh"
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
command = 'bash install.sh'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-10-12 07:17:10 -04:00
|
|
|
command = 'mv /etc/csf/ui/server.crt /etc/csf/ui/server.crt-bak'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'mv /etc/csf/ui/server.key /etc/csf/ui/server.key-bak'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'ln -s /usr/local/lscp/conf/cert.pem /etc/csf/ui/server.crt'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'ln -s /usr/local/lscp/conf/key.pem /etc/csf/ui/server.key'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
|
2024-10-07 17:40:29 +05:00
|
|
|
##
|
|
|
|
|
|
|
|
|
|
data = open('/usr/local/CyberCP/CyberCP/urls.py', 'r').readlines()
|
|
|
|
|
|
|
|
|
|
WriteToFile = open('/usr/local/CyberCP/CyberCP/urls.py', 'w')
|
|
|
|
|
|
|
|
|
|
for line in data:
|
|
|
|
|
if line[0] == '#' and line.find('configservercsf') > -1:
|
|
|
|
|
WriteToFile.write(" path(r'configservercsf/',include('configservercsf.urls')),\n")
|
|
|
|
|
else:
|
|
|
|
|
WriteToFile.write(line)
|
|
|
|
|
WriteToFile.close()
|
|
|
|
|
|
|
|
|
|
command = 'killall lswsgi'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
2019-10-08 13:17:33 -04:00
|
|
|
# install required packages for CSF perl and /usr/bin/host
|
2020-05-24 10:23:55 +01:00
|
|
|
if ProcessUtilities.decideDistro() == ProcessUtilities.centos or ProcessUtilities.decideDistro() == ProcessUtilities.cent8:
|
2019-11-29 11:28:43 -05:00
|
|
|
command = 'yum install bind-utils net-tools perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph ipset -y'
|
2019-10-08 13:17:33 -04:00
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2020-05-15 01:07:04 +05:00
|
|
|
elif ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu or ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu20:
|
2019-11-29 11:28:43 -05:00
|
|
|
command = 'apt-get install dnsutils libwww-perl liblwp-protocol-https-perl libgd-graph-perl net-tools ipset -y'
|
2019-10-08 13:17:33 -04:00
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2019-10-27 18:08:10 +05:00
|
|
|
command = 'ln -s /bin/systemctl /usr/bin/systemctl'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2019-10-08 13:17:33 -04:00
|
|
|
else:
|
|
|
|
|
logging.CyberCPLogFileWriter.statusWriter(CSF.installLogPath,
|
|
|
|
|
'CSF required packages successfully Installed.[200]\n', 1)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-10-08 13:17:33 -04:00
|
|
|
# Some initial configurations
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2024-03-28 18:11:18 +04:00
|
|
|
try:
|
2024-10-03 21:08:44 +05:00
|
|
|
cPort = open(ProcessUtilities.portPath, 'r').read().split(':')[1].rstrip('\n')
|
2024-03-28 18:11:18 +04:00
|
|
|
except:
|
|
|
|
|
cPort = '8090'
|
|
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
data = open('/etc/csf/csf.conf', 'r').readlines()
|
|
|
|
|
writeToConf = open('/etc/csf/csf.conf', 'w')
|
|
|
|
|
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find('TCP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-10-08 13:17:33 -04:00
|
|
|
writeToConf.writelines(
|
2024-03-28 18:11:18 +04:00
|
|
|
f'TCP_IN = "20,21,22,25,53,80,110,995,143,443,465,587,993,995,1025,7080,{cPort},40110:40210,8088,5678"\n')
|
2018-08-10 23:29:10 +05:00
|
|
|
elif items.find('TCP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-10-27 18:08:10 +05:00
|
|
|
writeToConf.writelines(
|
2024-03-28 18:11:18 +04:00
|
|
|
f'TCP_OUT = "20,21,22,25,43,53,80,110,113,443,587,993,995,{cPort},40110:40210,8088,5678"\n')
|
2018-08-10 23:29:10 +05:00
|
|
|
elif items.find('UDP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-12-08 17:47:47 +05:00
|
|
|
writeToConf.writelines('UDP_IN = "20,21,53,443"\n')
|
2018-08-10 23:29:10 +05:00
|
|
|
elif items.find('UDP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-12-08 17:47:47 +05:00
|
|
|
writeToConf.writelines('UDP_OUT = "20,21,53,113,123,443"\n')
|
2019-10-12 07:17:10 -04:00
|
|
|
elif items.find('TESTING =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('TESTING = "0"\n')
|
2019-10-27 18:08:10 +05:00
|
|
|
# setting RESTRICT_SYSLOG to "3" for use with option RESTRICT_SYSLOG_GROUP
|
2019-10-08 13:17:33 -04:00
|
|
|
elif items.find('RESTRICT_SYSLOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RESTRICT_SYSLOG = "3"\n')
|
|
|
|
|
|
|
|
|
|
# Send an email alert if an IP address is blocked by one of the [*] triggers: disabled
|
|
|
|
|
elif items.find('LF_EMAIL_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_EMAIL_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# Set LF_PERMBLOCK_ALERT to "0" to disable this feature
|
|
|
|
|
elif items.find('LF_PERMBLOCK_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_PERMBLOCK_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# Set LF_NETBLOCK_ALERT to "0" to disable this feature
|
|
|
|
|
elif items.find('LF_NETBLOCK_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_NETBLOCK_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# Login Failure Blocking and Alerts
|
|
|
|
|
# LF_TRIGGER_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_TRIGGER_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_TRIGGER_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# Enable login failure detection of sshd connections: 10 failures triggers
|
|
|
|
|
elif items.find('LF_SSHD =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_SSHD = "10"\n')
|
|
|
|
|
|
|
|
|
|
# LF_SSHD_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_SSHD_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_SSHD_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# Enable login failure detection of ftp connections: 10 failures triggers
|
|
|
|
|
elif items.find('LF_FTPD =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_FTPD = "10"\n')
|
|
|
|
|
|
|
|
|
|
# LF_FTPD_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_FTPD_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_FTPD_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# Enable login failure detection of SMTP AUTH connections: 10 failures triggers
|
|
|
|
|
elif items.find('LF_SMTPAUTH =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_SMTPAUTH = "10"\n')
|
|
|
|
|
|
|
|
|
|
# LF_SMTPAUTH_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_SMTPAUTH_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_SMTPAUTH_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# Enable login failure detection of pop3 connections: 10 failures triggers
|
|
|
|
|
elif items.find('LF_POP3D =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_POP3D = "10"\n')
|
|
|
|
|
|
|
|
|
|
# LF_POP3D_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_POP3D_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_POP3D_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# Enable login failure detection of imap connections: 10 failures triggers
|
|
|
|
|
elif items.find('LF_IMAPD =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_IMAPD = "10"\n')
|
|
|
|
|
|
|
|
|
|
# LF_IMAPD_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_IMAPD_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_IMAPD_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# LF_HTACCESS_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_HTACCESS_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_HTACCESS_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# Enable failure detection of repeated Apache mod_security rule triggers: 10 failures triggers
|
|
|
|
|
elif items.find('LF_MODSEC =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_MODSEC = "10"\n')
|
|
|
|
|
|
|
|
|
|
# LF_MODSEC_PERM = "1800" => the IP is blocked temporarily for 30 minutes
|
|
|
|
|
elif items.find('LF_MODSEC_PERM') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_MODSEC_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# MODSEC_LOG location
|
|
|
|
|
elif items.find('MODSEC_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('MODSEC_LOG = "/usr/local/lsws/logs/auditmodsec.log"\n')
|
|
|
|
|
|
|
|
|
|
# Send an email alert if anyone logs in successfully using SSH: Disabled
|
|
|
|
|
elif items.find('LF_SSH_EMAIL_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_SSH_EMAIL_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# Send an email alert if anyone accesses webmin: Disabled not applicable
|
|
|
|
|
elif items.find('LF_WEBMIN_EMAIL_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_WEBMIN_EMAIL_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# LF_QUEUE_ALERT disabled
|
|
|
|
|
elif items.find('LF_QUEUE_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_QUEUE_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# LF_QUEUE_INTERVAL disabled
|
|
|
|
|
elif items.find('LF_QUEUE_INTERVAL = "0"') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_TRIGGER_PERM = "1800"\n')
|
|
|
|
|
|
|
|
|
|
# Relay Tracking. This allows you to track email that is relayed through the server. Disabled
|
|
|
|
|
elif items.find('RT_RELAY_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_RELAY_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# RT_[relay type]_LIMIT: the limit/hour afterwhich an email alert will be sent
|
|
|
|
|
elif items.find('RT_RELAY_LIMIT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_RELAY_LIMIT = "500"\n')
|
|
|
|
|
|
|
|
|
|
# RT_[relay type]_BLOCK: 0 = no block;1 = perm block;nn=temp block for nn secs
|
|
|
|
|
elif items.find('RT_RELAY_BLOCK') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_RELAY_BLOCK = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This option triggers for email authenticated by SMTP AUTH disabled
|
|
|
|
|
elif items.find('RT_AUTHRELAY_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_AUTHRELAY_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# RT_AUTHRELAY_LIMIT set to 100
|
|
|
|
|
elif items.find('RT_AUTHRELAY_LIMIT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_AUTHRELAY_LIMIT = "100"\n')
|
|
|
|
|
|
|
|
|
|
# RT_AUTHRELAY_LIMIT set to 0
|
|
|
|
|
elif items.find('RT_AUTHRELAY_BLOCK') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_AUTHRELAY_BLOCK = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This option triggers for email authenticated by POP before SMTP
|
|
|
|
|
elif items.find('RT_POPRELAY_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_POPRELAY_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This option triggers for email authenticated by POP before SMTP
|
|
|
|
|
elif items.find('RT_POPRELAY_LIMIT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_POPRELAY_LIMIT = "100"\n')
|
|
|
|
|
|
|
|
|
|
# RT_POPRELAY_BLOCK disabled
|
|
|
|
|
elif items.find('RT_POPRELAY_BLOCK') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_POPRELAY_BLOCK = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This option triggers for email sent via /usr/sbin/sendmail or /usr/sbin/exim: Disabled
|
|
|
|
|
elif items.find('RT_LOCALRELAY_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_LOCALRELAY_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This option triggers for email sent via a local IP addresses
|
|
|
|
|
elif items.find('RT_LOCALRELAY_LIMIT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_LOCALRELAY_LIMIT = "100"\n')
|
|
|
|
|
|
|
|
|
|
# This option triggers for email sent via a local IP addresses
|
|
|
|
|
elif items.find('RT_LOCALHOSTRELAY_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_LOCALHOSTRELAY_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This option triggers for email sent via a local IP addresses disabled
|
|
|
|
|
elif items.find('RT_LOCALHOSTRELAY_LIMIT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_LOCALHOSTRELAY_LIMIT = "100"\n')
|
|
|
|
|
|
|
|
|
|
# If an RT_* event is triggered, then if the following contains the path to a script
|
|
|
|
|
elif items.find('RT_ACTION') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('RT_ACTION = ""\n')
|
|
|
|
|
|
|
|
|
|
# Send an email alert if an IP address is blocked due to connection tracking disabled
|
|
|
|
|
elif items.find('CT_EMAIL_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('CT_EMAIL_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# User Process Tracking. Set to 0 to disable this feature
|
|
|
|
|
elif items.find('PT_USERPROC =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('PT_USERPROC = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This User Process Tracking option sends an alert if any user process exceeds the virtual memory usage set (MB)
|
|
|
|
|
elif items.find('PT_USERMEM =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('PT_USERMEM = "0"\n')
|
|
|
|
|
|
|
|
|
|
# This User Process Tracking option sends an alert if any user process exceeds the RSS memory usage set (MB) - RAM used, not virtual.
|
|
|
|
|
elif items.find('PT_USERRSS =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('PT_USERRSS = "0"\n')
|
|
|
|
|
|
|
|
|
|
# If this option is set then processes detected by PT_USERMEM, PT_USERTIME or PT_USERPROC are killed. Disabled
|
|
|
|
|
elif items.find('PT_USERTIME =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('PT_USERTIME = "0"\n')
|
|
|
|
|
|
|
|
|
|
# If you want to disable email alerts if PT_USERKILL is triggered, then set this option to 0. Disabled
|
|
|
|
|
elif items.find('PT_USERKILL_ALERT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('PT_USERKILL_ALERT = "0"\n')
|
|
|
|
|
|
|
|
|
|
# Check the PT_LOAD_AVG minute Load Average (can be set to 1 5 or 15 and defaults to 5 if set otherwise) on the server every PT_LOAD seconds. Disabled
|
|
|
|
|
elif items.find('PT_LOAD =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('PT_LOAD = "0"\n')
|
|
|
|
|
|
2019-11-29 11:28:43 -05:00
|
|
|
# Enable LF_IPSET for CSF for more efficient ipables rules with ipset
|
|
|
|
|
elif items.find('LF_IPSET =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('LF_IPSET = "1"\n')
|
|
|
|
|
|
2019-10-08 13:17:33 -04:00
|
|
|
# HTACCESS_LOG is ins main error.log
|
|
|
|
|
elif items.find('HTACCESS_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('HTACCESS_LOG = "/usr/local/lsws/logs/error.log"\n')
|
2019-10-27 18:08:10 +05:00
|
|
|
|
2019-10-23 08:42:14 -04:00
|
|
|
# SYSLOG_CHECK Check whether syslog is running
|
|
|
|
|
elif items.find('SYSLOG_CHECK =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('SYSLOG_CHECK = "300"\n')
|
2019-10-27 18:08:10 +05:00
|
|
|
|
|
|
|
|
# CSF UI enable
|
|
|
|
|
# elif items.find('UI = "0"') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-10-23 08:31:25 -04:00
|
|
|
# writeToConf.writelines('UI = "1"\n')
|
2019-10-27 18:08:10 +05:00
|
|
|
# elif items.find('UI_ALLOW') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-10-23 08:31:25 -04:00
|
|
|
# writeToConf.writelines('UI_ALLOW = "0"\n')
|
2019-10-27 18:08:10 +05:00
|
|
|
# elif items.find('UI_PORT =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-10-23 08:31:25 -04:00
|
|
|
# writeToConf.writelines('UI_PORT = "1025"\n')
|
2019-10-27 18:08:10 +05:00
|
|
|
# elif items.find('UI_USER') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-10-23 08:31:25 -04:00
|
|
|
# writeToConf.writelines('UI_USER = "cyberpanel"\n')
|
2019-10-27 18:08:10 +05:00
|
|
|
# elif items.find('UI_PASS') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-10-23 08:31:25 -04:00
|
|
|
# writeToConf.writelines('UI_PASS = "csfadmin1234567"\n')
|
2019-10-11 02:30:22 -04:00
|
|
|
else:
|
|
|
|
|
writeToConf.writelines(items)
|
|
|
|
|
|
|
|
|
|
writeToConf.close()
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
# Some Ubuntu initial configurations
|
2020-05-15 01:07:04 +05:00
|
|
|
if ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu or ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu20:
|
2019-10-11 02:30:22 -04:00
|
|
|
data = open('/etc/csf/csf.conf', 'r').readlines()
|
|
|
|
|
writeToConf = open('/etc/csf/csf.conf', 'w')
|
|
|
|
|
|
|
|
|
|
for items in data:
|
2019-10-08 13:17:33 -04:00
|
|
|
if items.find('SSHD_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('SSHD_LOG = "/var/log/auth.log"\n')
|
|
|
|
|
elif items.find('SU_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('SU_LOG = "/var/log/auth.log"\n')
|
|
|
|
|
elif items.find('SMTPAUTH_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('SMTPAUTH_LOG = "/var/log/mail.log"\n')
|
|
|
|
|
elif items.find('POP3D_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('POP3D_LOG = "/var/log/mail.log"\n')
|
|
|
|
|
elif items.find('IMAPD_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('IMAPD_LOG = "/var/log/mail.log"\n')
|
2019-10-11 02:30:22 -04:00
|
|
|
elif items.find('IPTABLES_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('IPTABLES_LOG = "/var/log/kern.log"\n')
|
2019-10-08 13:17:33 -04:00
|
|
|
elif items.find('SYSLOG_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToConf.writelines('SYSLOG_LOG = "/var/log/syslog"\n')
|
2019-10-11 02:30:22 -04:00
|
|
|
else:
|
|
|
|
|
writeToConf.writelines(items)
|
|
|
|
|
writeToConf.close()
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2019-10-11 02:30:22 -04:00
|
|
|
##
|
2019-10-08 13:17:33 -04:00
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
command = 'csf -s'
|
2019-04-01 15:19:54 +05:00
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2019-10-12 07:17:10 -04:00
|
|
|
command = 'sleep 5'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'csf -ra'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
|
2024-01-15 11:39:28 +05:00
|
|
|
##### update csf views file
|
|
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
logging.CyberCPLogFileWriter.statusWriter(CSF.installLogPath, 'CSF successfully Installed.[200]\n', 1)
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2019-04-01 15:19:54 +05:00
|
|
|
try:
|
|
|
|
|
os.remove('csf.tgz')
|
|
|
|
|
os.removedirs('csf')
|
|
|
|
|
except:
|
|
|
|
|
pass
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2024-10-07 14:28:16 +05:00
|
|
|
# sed_commands = [
|
|
|
|
|
# 'sed -i "s/url(r\'^configservercsf/path(\'configservercsf/g" /usr/local/CyberCP/CyberCP/urls.py',
|
|
|
|
|
# 'sed -i "s/from django.conf.urls import url/from django.urls import path/g" /usr/local/CyberCP/configservercsf/urls.py',
|
|
|
|
|
# 'sed -i "s/import signals/import configservercsf.signals/g" /usr/local/CyberCP/configservercsf/apps.py',
|
|
|
|
|
# 'sed -i "s/url(r\'^$\'/path(\'\'/g" /usr/local/CyberCP/configservercsf/urls.py',
|
|
|
|
|
# 'sed -i "s|url(r\'^iframe/$\'|path(\'iframe/\'|g" /usr/local/CyberCP/configservercsf/urls.py',
|
|
|
|
|
# # 'sed -i -E "s/from.*, response/from plogical.httpProc import httpProc/g" /usr/local/CyberCP/configservercsf/views.py'
|
|
|
|
|
# # '''sed -i -E "s#^(\s*)return render.*index\.html.*#\1proc = httpProc(request, 'configservercsf/index.html', None, 'admin')\n\1return proc.render()#g" /usr/local/CyberCP/configservercsf/views.py'''
|
|
|
|
|
# 'killall lswsgi'
|
|
|
|
|
# ]
|
|
|
|
|
#
|
|
|
|
|
# for cmd in sed_commands:
|
|
|
|
|
# ProcessUtilities.executioner(cmd)
|
|
|
|
|
|
2024-10-07 17:19:19 +05:00
|
|
|
# command = 'rm -Rfv /usr/local/CyberCP/configservercsf'
|
|
|
|
|
# ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
#
|
|
|
|
|
# command = 'rm -fv /home/cyberpanel/plugins/configservercsf'
|
|
|
|
|
# ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
#
|
|
|
|
|
# command = 'rm -Rfv /usr/local/CyberCP/public/static/configservercsf'
|
|
|
|
|
# ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
#
|
|
|
|
|
# command = 'sed -i "/configservercsf/d" /usr/local/CyberCP/CyberCP/settings.py'
|
|
|
|
|
# ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
#
|
|
|
|
|
# command = 'sed -i "/configservercsf/d" /usr/local/CyberCP/CyberCP/urls.py'
|
|
|
|
|
# ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
#
|
|
|
|
|
# if not os.path.exists('/etc/cxs/cxs.pl'):
|
|
|
|
|
#
|
|
|
|
|
# command = 'sed -i "/configserver/d" /usr/local/CyberCP/baseTemplate/templates/baseTemplate/index.html'
|
|
|
|
|
# ProcessUtilities.normalExecutioner(command)
|
|
|
|
|
#
|
|
|
|
|
# command = 'killall lswsgi'
|
|
|
|
|
# ProcessUtilities.normalExecutioner(command)
|
2024-10-07 14:28:16 +05:00
|
|
|
|
2024-10-07 17:19:19 +05:00
|
|
|
data = open('/usr/local/CyberCP/CyberCP/urls.py', 'r').readlines()
|
2024-10-07 14:28:16 +05:00
|
|
|
|
2024-10-07 17:19:19 +05:00
|
|
|
WriteToFile = open('/usr/local/CyberCP/CyberCP/urls.py', 'w')
|
2024-10-07 14:28:16 +05:00
|
|
|
|
2024-10-07 17:19:19 +05:00
|
|
|
for line in data:
|
|
|
|
|
if line[0] == '#' and line.find('configservercsf') > -1:
|
|
|
|
|
WriteToFile.write(" path(r'configservercsf/',include('configservercsf.urls')),\n")
|
|
|
|
|
else:
|
|
|
|
|
WriteToFile.write(line)
|
|
|
|
|
WriteToFile.close()
|
2024-10-07 14:28:16 +05:00
|
|
|
|
2024-10-07 14:55:39 +05:00
|
|
|
command = 'killall lswsgi'
|
|
|
|
|
ProcessUtilities.normalExecutioner(command)
|
2024-10-07 14:28:16 +05:00
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
return 1
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-04-01 15:19:54 +05:00
|
|
|
try:
|
|
|
|
|
os.remove('csf.tgz')
|
|
|
|
|
os.removedirs('csf')
|
|
|
|
|
except:
|
|
|
|
|
pass
|
2018-08-10 23:29:10 +05:00
|
|
|
writeToFile = open(CSF.installLogPath, 'a')
|
|
|
|
|
writeToFile.writelines(str(msg) + " [404]")
|
|
|
|
|
writeToFile.close()
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[installCSF]")
|
|
|
|
|
|
|
|
|
|
def removeCSF(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
##
|
2018-10-12 18:18:10 +05:00
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
os.chdir('/etc/csf')
|
|
|
|
|
|
|
|
|
|
command = './uninstall.sh'
|
2018-08-06 02:01:09 +05:00
|
|
|
cmd = shlex.split(command)
|
2018-08-10 23:29:10 +05:00
|
|
|
subprocess.call(cmd)
|
|
|
|
|
|
|
|
|
|
os.chdir('/usr/local/CyberCP')
|
|
|
|
|
|
|
|
|
|
#
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2018-10-12 18:18:10 +05:00
|
|
|
command = 'systemctl unmask firewalld'
|
|
|
|
|
subprocess.call(shlex.split(command))
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
command = 'systemctl start firewalld'
|
|
|
|
|
subprocess.call(shlex.split(command))
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
command = 'systemctl enable firewalld'
|
|
|
|
|
subprocess.call(shlex.split(command))
|
|
|
|
|
|
2018-08-06 02:01:09 +05:00
|
|
|
return 1
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2018-08-10 23:29:10 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[removeCSF]")
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
@staticmethod
|
|
|
|
|
def fetchCSFSettings():
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
currentSettings = {}
|
|
|
|
|
|
|
|
|
|
command = 'sudo cat /etc/csf/csf.conf'
|
2019-03-26 16:19:03 +05:00
|
|
|
output = ProcessUtilities.outputExecutioner(command).splitlines()
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
for items in output:
|
2019-10-08 13:17:33 -04:00
|
|
|
if items.find('TESTING') > -1 and items.find('=') > -1 and (items[0] != '#') and items.find(
|
|
|
|
|
'TESTING_INTERVAL') == -1:
|
2018-08-10 23:29:10 +05:00
|
|
|
if items.find('0') > -1:
|
|
|
|
|
currentSettings['TESTING'] = 0
|
|
|
|
|
else:
|
|
|
|
|
currentSettings['TESTING'] = 1
|
|
|
|
|
elif items.find('TCP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
tcpIN = items[items.find('"'):]
|
|
|
|
|
currentSettings['tcpIN'] = tcpIN.strip('"')
|
|
|
|
|
elif items.find('TCP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
tcpOUT = items[items.find('"'):]
|
|
|
|
|
currentSettings['tcpOUT'] = tcpOUT.strip('"')
|
|
|
|
|
elif items.find('UDP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
udpIN = items[items.find('"'):]
|
|
|
|
|
currentSettings['udpIN'] = udpIN.strip('"')
|
|
|
|
|
elif items.find('UDP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
udpOUT = items[items.find('"'):]
|
|
|
|
|
currentSettings['udpOUT'] = udpOUT.strip('"')
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
### Check if rules are applied
|
|
|
|
|
|
|
|
|
|
currentSettings['firewallStatus'] = 0
|
|
|
|
|
|
|
|
|
|
command = 'sudo iptables -nv -L'
|
2019-03-26 16:19:03 +05:00
|
|
|
output = ProcessUtilities.outputExecutioner(command)
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
if output.find('0.0.0.0/0') > -1:
|
|
|
|
|
currentSettings['firewallStatus'] = 1
|
|
|
|
|
|
|
|
|
|
return currentSettings
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2018-12-20 16:18:16 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [fetchCSFSettings]")
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def changeStatus(controller, status):
|
|
|
|
|
try:
|
|
|
|
|
if controller == 'csf':
|
|
|
|
|
if status == 'enable':
|
|
|
|
|
command = 'csf -s'
|
|
|
|
|
subprocess.call(shlex.split(command))
|
2019-12-10 15:09:10 +05:00
|
|
|
print('1,None')
|
2018-08-10 23:29:10 +05:00
|
|
|
else:
|
|
|
|
|
command = 'csf -f'
|
|
|
|
|
subprocess.call(shlex.split(command))
|
2019-12-10 15:09:10 +05:00
|
|
|
print('1,None')
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
elif controller == 'testingMode':
|
|
|
|
|
data = open('/etc/csf/csf.conf', 'r').readlines()
|
|
|
|
|
writeToFile = open('/etc/csf/csf.conf', 'w')
|
|
|
|
|
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find('TESTING') > -1 and items.find('=') > -1 and (items[0] != '#') and items.find(
|
|
|
|
|
'TESTING_INTERVAL') == -1:
|
|
|
|
|
if status == 'enable':
|
|
|
|
|
writeToFile.writelines('TESTING = "1"\n')
|
|
|
|
|
else:
|
|
|
|
|
writeToFile.writelines('TESTING = "0"\n')
|
|
|
|
|
else:
|
|
|
|
|
writeToFile.writelines(items)
|
|
|
|
|
writeToFile.close()
|
2019-12-10 15:09:10 +05:00
|
|
|
print('1,None')
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2018-08-10 23:29:10 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[changeStatus]")
|
2019-12-10 15:09:10 +05:00
|
|
|
print('0', str(msg))
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
@staticmethod
|
2019-08-03 22:08:18 +05:00
|
|
|
def modifyPorts(protocol, portsPath):
|
2018-08-10 23:29:10 +05:00
|
|
|
try:
|
2019-08-03 22:08:18 +05:00
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
data = open('/etc/csf/csf.conf', 'r').readlines()
|
|
|
|
|
writeToFile = open('/etc/csf/csf.conf', 'w')
|
|
|
|
|
|
2019-08-03 22:08:18 +05:00
|
|
|
ports = open(portsPath, 'r').read()
|
|
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
if protocol == 'TCP_IN':
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find('TCP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-12-08 18:45:17 +05:00
|
|
|
if ports.find(',') > -1:
|
|
|
|
|
writeToFile.writelines('TCP_IN = "' + ports + '"\n')
|
|
|
|
|
else:
|
2019-12-08 20:39:29 +05:00
|
|
|
content = '%s,%s"\n' % (items.rstrip('\n"'), ports)
|
2019-12-08 18:45:17 +05:00
|
|
|
writeToFile.writelines(content)
|
2018-08-10 23:29:10 +05:00
|
|
|
else:
|
|
|
|
|
writeToFile.writelines(items)
|
|
|
|
|
writeToFile.close()
|
|
|
|
|
elif protocol == 'TCP_OUT':
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find('TCP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
2019-12-08 18:45:17 +05:00
|
|
|
if ports.find(',') > -1:
|
|
|
|
|
writeToFile.writelines('TCP_OUT = "' + ports + '"\n')
|
|
|
|
|
else:
|
2019-12-08 20:39:29 +05:00
|
|
|
content = '%s,%s"\n' % (items.rstrip('\n"'), ports)
|
2019-12-08 18:45:17 +05:00
|
|
|
writeToFile.writelines(content)
|
2018-08-10 23:29:10 +05:00
|
|
|
else:
|
|
|
|
|
writeToFile.writelines(items)
|
|
|
|
|
writeToFile.close()
|
|
|
|
|
elif protocol == 'UDP_IN':
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find('UDP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToFile.writelines('UDP_IN = "' + ports + '"\n')
|
|
|
|
|
else:
|
|
|
|
|
writeToFile.writelines(items)
|
|
|
|
|
writeToFile.close()
|
|
|
|
|
elif protocol == 'UDP_OUT':
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find('UDP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
|
|
|
|
|
writeToFile.writelines('UDP_OUT = "' + ports + '"\n')
|
|
|
|
|
else:
|
|
|
|
|
writeToFile.writelines(items)
|
|
|
|
|
writeToFile.close()
|
|
|
|
|
|
|
|
|
|
command = 'csf -r'
|
|
|
|
|
subprocess.call(shlex.split(command))
|
|
|
|
|
|
2019-08-03 22:08:18 +05:00
|
|
|
try:
|
|
|
|
|
os.remove(portsPath)
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
print('1,None')
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2018-08-10 23:29:10 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[modifyPorts]")
|
2019-12-10 15:09:10 +05:00
|
|
|
print('0', str(msg))
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def allowIP(ipAddress):
|
|
|
|
|
try:
|
|
|
|
|
command = 'sudo csf -dr ' + ipAddress
|
2019-03-26 16:19:03 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
command = 'sudo csf -a ' + ipAddress
|
2019-03-26 16:19:03 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2018-08-10 23:29:10 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[allowIP]")
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def blockIP(ipAddress):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
command = 'sudo csf -tr ' + ipAddress
|
2019-03-26 16:19:03 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
2018-08-10 23:29:10 +05:00
|
|
|
|
|
|
|
|
command = 'sudo csf -d ' + ipAddress
|
2019-03-26 16:19:03 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
2018-08-10 23:29:10 +05:00
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2018-08-10 23:29:10 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[blockIP]")
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-10-08 13:17:33 -04:00
|
|
|
@staticmethod
|
|
|
|
|
def checkIP(ipAddress):
|
|
|
|
|
try:
|
2019-10-11 02:30:22 -04:00
|
|
|
command = 'sudo csf -g ' + ipAddress
|
|
|
|
|
ProcessUtilities.executioner(command)
|
2019-10-08 13:17:33 -04:00
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-10-08 13:17:33 -04:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[checkIP]")
|
|
|
|
|
|
2019-10-27 18:08:10 +05:00
|
|
|
|
2019-10-08 13:17:33 -04:00
|
|
|
def main():
|
2018-08-10 23:29:10 +05:00
|
|
|
parser = argparse.ArgumentParser(description='CSF Manager')
|
2018-08-06 02:01:09 +05:00
|
|
|
parser.add_argument('function', help='Specific a function to call!')
|
|
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
parser.add_argument('--controller', help='Controller selection!')
|
|
|
|
|
parser.add_argument('--status', help='Controller status!')
|
|
|
|
|
parser.add_argument('--protocol', help='Protocol Modifications!')
|
|
|
|
|
parser.add_argument('--ports', help='Ports!')
|
2018-08-06 02:01:09 +05:00
|
|
|
|
|
|
|
|
args = parser.parse_args()
|
|
|
|
|
|
2018-08-10 23:29:10 +05:00
|
|
|
if args.function == "installCSF":
|
2019-10-08 13:17:33 -04:00
|
|
|
CSF.installCSF()
|
2018-08-10 23:29:10 +05:00
|
|
|
elif args.function == 'removeCSF':
|
|
|
|
|
controller = CSF(args.function, {})
|
|
|
|
|
controller.run()
|
|
|
|
|
elif args.function == 'changeStatus':
|
|
|
|
|
CSF.changeStatus(args.controller, args.status)
|
|
|
|
|
elif args.function == 'modifyPorts':
|
|
|
|
|
CSF.modifyPorts(args.protocol, args.ports)
|
2018-08-06 02:01:09 +05:00
|
|
|
|
2019-10-08 13:17:33 -04:00
|
|
|
|
2018-08-06 02:01:09 +05:00
|
|
|
if __name__ == "__main__":
|
2018-10-12 18:18:10 +05:00
|
|
|
main()
|
