Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-08 06:16:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

added support for LiteSpeed Ent for OWASP and updated the rules, ref https://github.com/usmannasir/cyberpanel/issues/653?fbclid=IwAR12yOLL24w98NjLnkoi44hcJtLGzwpz-P6nW9qx-6irTOXpz18xqE5gnMM

Browse Source
This commit is contained in:
Usman Nasir
2021-06-30 00:25:52 +05:00
parent 89ab69a22a
commit 888aec2d7c
2 changed files with 176 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
firewall/firewallManager.py
View File

@@ -1048,6 +1048,14 @@ class FirewallManager:
except subprocess.CalledProcessError: except subprocess.CalledProcessError:
pass pass
try:
command = 'cat /usr/local/lsws/conf/modsec.conf'
output = ProcessUtilities.outputExecutioner(command)
if output.find('modsec/owasp') > -1:
owaspInstalled = 1
except:
pass
final_dic = { final_dic = {
'modSecInstalled': 1, 'modSecInstalled': 1,
'owaspInstalled': owaspInstalled, 'owaspInstalled': owaspInstalled,
@@ -1089,9 +1097,9 @@ class FirewallManager:
json_data = json.dumps(data_ret) json_data = json.dumps(data_ret)
return HttpResponse(json_data) return HttpResponse(json_data)
else: else:
if packName == 'disableOWASP' or packName == 'installOWASP': # if packName == 'disableOWASP' or packName == 'installOWASP':
final_json = json.dumps({'installStatus': 0, 'error_message': "OWASP will be available later.", }) # final_json = json.dumps({'installStatus': 0, 'error_message': "OWASP will be available later.", })
return HttpResponse(final_json) # return HttpResponse(final_json)
execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py"
execPath = execPath + " " + packName execPath = execPath + " " + packName
@@ -1122,7 +1130,6 @@ class FirewallManager:
packName = data['packName'] packName = data['packName']
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
command = "sudo cat " + confPath command = "sudo cat " + confPath
@@ -1161,54 +1168,87 @@ class FirewallManager:
json_data = json_data + ']' json_data = json_data + ']'
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
return HttpResponse(final_json) return HttpResponse(final_json)
else:
if packName == 'owasp':
final_json = json.dumps({'fetchStatus': 0, 'error_message': "OWASP will be available later.", })
return HttpResponse(final_json)
comodoPath = '/usr/local/lsws/conf/comodo_litespeed' # if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
command = 'sudo chown -R cyberpanel:cyberpanel /usr/local/lsws/conf' # confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
ProcessUtilities.executioner(command) #
# command = "sudo cat " + confPath
json_data = "[" # httpdConfig = ProcessUtilities.outputExecutioner(command).splitlines()
#
counter = 0 # json_data = "["
checker = 0 # checker = 0
for fileName in os.listdir(comodoPath): # counter = 0
#
if fileName == 'categories.conf': # for items in httpdConfig:
continue #
# if items.find('modsec/' + packName) > -1:
if fileName.endswith('bak'): # counter = counter + 1
status = 0 # if items[0] == '#':
fileName = fileName.rstrip('.bak') # status = False
elif fileName.endswith('conf'): # else:
status = 1 # status = True
else: #
continue # fileName = items.lstrip('#')
# fileName = fileName.split('/')[-1]
dic = { #
'id': counter, # dic = {
'fileName': fileName, # 'id': counter,
'packName': packName, # 'fileName': fileName,
'status': status, # 'packName': packName,
# 'status': status,
} #
# }
counter = counter + 1 #
# if checker == 0:
if checker == 0: # json_data = json_data + json.dumps(dic)
json_data = json_data + json.dumps(dic) # checker = 1
checker = 1 # else:
else: # json_data = json_data + ',' + json.dumps(dic)
json_data = json_data + ',' + json.dumps(dic) #
# json_data = json_data + ']'
command = 'sudo chown -R lsadm:lsadm /usr/local/lsws/conf' # final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
ProcessUtilities.executioner(command) # return HttpResponse(final_json)
# else:
json_data = json_data + ']' #
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) # command = 'cat /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf'
return HttpResponse(final_json) # files = ProcessUtilities.outputExecutioner(command).splitlines()
#
# json_data = "["
#
# counter = 0
# checker = 0
# for fileName in files:
#
# if fileName == 'categories.conf':
# continue
#
# if fileName.endswith('bak'):
# status = 0
# fileName = fileName.rstrip('.bak')
# elif fileName.endswith('conf'):
# status = 1
# else:
# continue
#
# dic = {
# 'id': counter,
# 'fileName': fileName,
# 'packName': packName,
# 'status': status,
#
# }
#
# counter = counter + 1
#
# if checker == 0:
# json_data = json_data + json.dumps(dic)
# checker = 1
# else:
# json_data = json_data + ',' + json.dumps(dic)
#
# json_data = json_data + ']'
# final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
# return HttpResponse(final_json)
except BaseException as msg: except BaseException as msg:
final_dic = {'fetchStatus': 0, 'error_message': str(msg)} final_dic = {'fetchStatus': 0, 'error_message': str(msg)}
@@ -1235,7 +1275,7 @@ class FirewallManager:
execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py"
execPath = execPath + " " + functionName + ' --packName ' + packName + ' --fileName ' + fileName execPath = execPath + " " + functionName + ' --packName ' + packName + ' --fileName "%s"' % (fileName)
output = ProcessUtilities.outputExecutioner(execPath) output = ProcessUtilities.outputExecutioner(execPath)

54
plogical/modSec.py
View File

@@ -493,6 +493,7 @@ include {pathToOWASFolderNew}/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
print('0, Unable to download OWASP Rules.') print('0, Unable to download OWASP Rules.')
return return
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
owaspRulesConf = """ owaspRulesConf = """
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf
""" """
@@ -512,6 +513,22 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas
conf.writelines(items) conf.writelines(items)
conf.close() conf.close()
else:
confFile = os.path.join('/usr/local/lsws/conf/modsec.conf')
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('/conf/comodo_litespeed/') > -1:
conf.writelines(items)
conf.write('Include /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/*.conf\n')
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed() installUtilities.reStartLiteSpeed()
print("1,None") print("1,None")
@@ -549,27 +566,18 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas
def disableRuleFile(fileName, packName): def disableRuleFile(fileName, packName):
try: try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
confData = open(confFile).readlines() confData = open(confFile).readlines()
conf = open(confFile, 'w') conf = open(confFile, 'w')
for items in confData: for items in confData:
if items.find('modsec/'+packName) > -1 and items.find(fileName) > -1: if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
conf.write("#" + items) conf.write("#" + items)
else: else:
conf.writelines(items) conf.writelines(items)
conf.close() conf.close()
else:
path = '/usr/local/lsws/conf/comodo_litespeed/'
completePath = path + fileName
completePathBak = path + fileName + '.bak'
command = 'mv ' + completePath + ' ' + completePathBak
ProcessUtilities.executioner(command)
installUtilities.reStartLiteSpeed() installUtilities.reStartLiteSpeed()
print("1,None") print("1,None")
@@ -583,7 +591,6 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas
def enableRuleFile(fileName, packName): def enableRuleFile(fileName, packName):
try: try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
confData = open(confFile).readlines() confData = open(confFile).readlines()
conf = open(confFile, 'w') conf = open(confFile, 'w')
@@ -595,13 +602,26 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas
conf.writelines(items) conf.writelines(items)
conf.close() conf.close()
else:
path = '/usr/local/lsws/conf/comodo_litespeed/'
completePath = path + fileName
completePathBak = path + fileName + '.bak'
command = 'mv ' + completePathBak + ' ' + completePath # if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
ProcessUtilities.executioner(command) # confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
# confData = open(confFile).readlines()
# conf = open(confFile, 'w')
#
# for items in confData:
# if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
# conf.write(items.lstrip('#'))
# else:
# conf.writelines(items)
#
# conf.close()
# else:
# path = '/usr/local/lsws/conf/comodo_litespeed/'
# completePath = path + fileName
# completePathBak = path + fileName + '.bak'
#
# command = 'mv ' + completePathBak + ' ' + completePath
# ProcessUtilities.executioner(command)
installUtilities.reStartLiteSpeed() installUtilities.reStartLiteSpeed()