Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 22:06:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

added support for LiteSpeed Ent for OWASP and updated the rules, ref https://github.com/usmannasir/cyberpanel/issues/653?fbclid=IwAR12yOLL24w98NjLnkoi44hcJtLGzwpz-P6nW9qx-6irTOXpz18xqE5gnMM

Browse Source
This commit is contained in:
Usman Nasir
2021-06-30 00:25:52 +05:00
parent 89ab69a22a
commit 888aec2d7c
2 changed files with 176 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
firewall/firewallManager.py
View File

@@ -1048,6 +1048,14 @@ class FirewallManager:
except subprocess.CalledProcessError: except subprocess.CalledProcessError:
pass pass
try:
command = 'cat /usr/local/lsws/conf/modsec.conf'
output = ProcessUtilities.outputExecutioner(command)
if output.find('modsec/owasp') > -1:
owaspInstalled = 1
except:
pass
final_dic = { final_dic = {
'modSecInstalled': 1, 'modSecInstalled': 1,
'owaspInstalled': owaspInstalled, 'owaspInstalled': owaspInstalled,
@@ -1089,9 +1097,9 @@ class FirewallManager:
json_data = json.dumps(data_ret) json_data = json.dumps(data_ret)
return HttpResponse(json_data) return HttpResponse(json_data)
else: else:
if packName == 'disableOWASP' or packName == 'installOWASP': # if packName == 'disableOWASP' or packName == 'installOWASP':
final_json = json.dumps({'installStatus': 0, 'error_message': "OWASP will be available later.", }) # final_json = json.dumps({'installStatus': 0, 'error_message': "OWASP will be available later.", })
return HttpResponse(final_json) # return HttpResponse(final_json)
execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py"
execPath = execPath + " " + packName execPath = execPath + " " + packName
@@ -1122,70 +1130,26 @@ class FirewallManager:
packName = data['packName'] packName = data['packName']
if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
command = "sudo cat " + confPath command = "sudo cat " + confPath
httpdConfig = ProcessUtilities.outputExecutioner(command).splitlines() httpdConfig = ProcessUtilities.outputExecutioner(command).splitlines()
json_data = "[" json_data = "["
checker = 0 checker = 0
counter = 0 counter = 0
for items in httpdConfig: for items in httpdConfig:
if items.find('modsec/' + packName) > -1: if items.find('modsec/' + packName) > -1:
counter = counter + 1 counter = counter + 1
if items[0] == '#': if items[0] == '#':
status = False status = False
else:
status = True
fileName = items.lstrip('#')
fileName = fileName.split('/')[-1]
dic = {
'id': counter,
'fileName': fileName,
'packName': packName,
'status': status,
}
if checker == 0:
json_data = json_data + json.dumps(dic)
checker = 1
else:
json_data = json_data + ',' + json.dumps(dic)
json_data = json_data + ']'
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
return HttpResponse(final_json)
else:
if packName == 'owasp':
final_json = json.dumps({'fetchStatus': 0, 'error_message': "OWASP will be available later.", })
return HttpResponse(final_json)
comodoPath = '/usr/local/lsws/conf/comodo_litespeed'
command = 'sudo chown -R cyberpanel:cyberpanel /usr/local/lsws/conf'
ProcessUtilities.executioner(command)
json_data = "["
counter = 0
checker = 0
for fileName in os.listdir(comodoPath):
if fileName == 'categories.conf':
continue
if fileName.endswith('bak'):
status = 0
fileName = fileName.rstrip('.bak')
elif fileName.endswith('conf'):
status = 1
else: else:
continue status = True
fileName = items.lstrip('#')
fileName = fileName.split('/')[-1]
dic = { dic = {
'id': counter, 'id': counter,
@@ -1195,20 +1159,96 @@ class FirewallManager:
} }
counter = counter + 1
if checker == 0: if checker == 0:
json_data = json_data + json.dumps(dic) json_data = json_data + json.dumps(dic)
checker = 1 checker = 1
else: else:
json_data = json_data + ',' + json.dumps(dic) json_data = json_data + ',' + json.dumps(dic)
command = 'sudo chown -R lsadm:lsadm /usr/local/lsws/conf' json_data = json_data + ']'
ProcessUtilities.executioner(command) final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
return HttpResponse(final_json)
json_data = json_data + ']' # if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) # confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
return HttpResponse(final_json) #
# command = "sudo cat " + confPath
# httpdConfig = ProcessUtilities.outputExecutioner(command).splitlines()
#
# json_data = "["
# checker = 0
# counter = 0
#
# for items in httpdConfig:
#
# if items.find('modsec/' + packName) > -1:
# counter = counter + 1
# if items[0] == '#':
# status = False
# else:
# status = True
#
# fileName = items.lstrip('#')
# fileName = fileName.split('/')[-1]
#
# dic = {
# 'id': counter,
# 'fileName': fileName,
# 'packName': packName,
# 'status': status,
#
# }
#
# if checker == 0:
# json_data = json_data + json.dumps(dic)
# checker = 1
# else:
# json_data = json_data + ',' + json.dumps(dic)
#
# json_data = json_data + ']'
# final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
# return HttpResponse(final_json)
# else:
#
# command = 'cat /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf'
# files = ProcessUtilities.outputExecutioner(command).splitlines()
#
# json_data = "["
#
# counter = 0
# checker = 0
# for fileName in files:
#
# if fileName == 'categories.conf':
# continue
#
# if fileName.endswith('bak'):
# status = 0
# fileName = fileName.rstrip('.bak')
# elif fileName.endswith('conf'):
# status = 1
# else:
# continue
#
# dic = {
# 'id': counter,
# 'fileName': fileName,
# 'packName': packName,
# 'status': status,
#
# }
#
# counter = counter + 1
#
# if checker == 0:
# json_data = json_data + json.dumps(dic)
# checker = 1
# else:
# json_data = json_data + ',' + json.dumps(dic)
#
# json_data = json_data + ']'
# final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
# return HttpResponse(final_json)
except BaseException as msg: except BaseException as msg:
final_dic = {'fetchStatus': 0, 'error_message': str(msg)} final_dic = {'fetchStatus': 0, 'error_message': str(msg)}
@@ -1235,7 +1275,7 @@ class FirewallManager:
execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py"
execPath = execPath + " " + functionName + ' --packName ' + packName + ' --fileName ' + fileName execPath = execPath + " " + functionName + ' --packName ' + packName + ' --fileName "%s"' % (fileName)
output = ProcessUtilities.outputExecutioner(execPath) output = ProcessUtilities.outputExecutioner(execPath)

112
plogical/modSec.py
View File

@@ -493,25 +493,42 @@ include {pathToOWASFolderNew}/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
print('0, Unable to download OWASP Rules.') print('0, Unable to download OWASP Rules.')
return return
owaspRulesConf = """ if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
owaspRulesConf = """
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf
""" """
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines() confData = open(confFile).readlines()
conf = open(confFile, 'w') conf = open(confFile, 'w')
for items in confData: for items in confData:
if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1: if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1:
conf.writelines(items) conf.writelines(items)
conf.write(owaspRulesConf) conf.write(owaspRulesConf)
continue continue
else: else:
conf.writelines(items) conf.writelines(items)
conf.close()
else:
confFile = os.path.join('/usr/local/lsws/conf/modsec.conf')
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('/conf/comodo_litespeed/') > -1:
conf.writelines(items)
conf.write('Include /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/*.conf\n')
continue
else:
conf.writelines(items)
conf.close()
conf.close()
installUtilities.reStartLiteSpeed() installUtilities.reStartLiteSpeed()
print("1,None") print("1,None")
@@ -549,26 +566,17 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas
def disableRuleFile(fileName, packName): def disableRuleFile(fileName, packName):
try: try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') confData = open(confFile).readlines()
confData = open(confFile).readlines() conf = open(confFile, 'w')
conf = open(confFile, 'w')
for items in confData: for items in confData:
if items.find('modsec/'+packName) > -1 and items.find(fileName) > -1: if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
conf.write("#" + items) conf.write("#" + items)
else: else:
conf.writelines(items) conf.writelines(items)
conf.close() conf.close()
else:
path = '/usr/local/lsws/conf/comodo_litespeed/'
completePath = path + fileName
completePathBak = path + fileName + '.bak'
command = 'mv ' + completePath + ' ' + completePathBak
ProcessUtilities.executioner(command)
installUtilities.reStartLiteSpeed() installUtilities.reStartLiteSpeed()
@@ -583,25 +591,37 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas
def enableRuleFile(fileName, packName): def enableRuleFile(fileName, packName):
try: try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') confData = open(confFile).readlines()
confData = open(confFile).readlines() conf = open(confFile, 'w')
conf = open(confFile, 'w')
for items in confData: for items in confData:
if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
conf.write(items.lstrip('#')) conf.write(items.lstrip('#'))
else: else:
conf.writelines(items) conf.writelines(items)
conf.close() conf.close()
else:
path = '/usr/local/lsws/conf/comodo_litespeed/'
completePath = path + fileName
completePathBak = path + fileName + '.bak'
command = 'mv ' + completePathBak + ' ' + completePath # if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
ProcessUtilities.executioner(command) # confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
# confData = open(confFile).readlines()
# conf = open(confFile, 'w')
#
# for items in confData:
# if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
# conf.write(items.lstrip('#'))
# else:
# conf.writelines(items)
#
# conf.close()
# else:
# path = '/usr/local/lsws/conf/comodo_litespeed/'
# completePath = path + fileName
# completePathBak = path + fileName + '.bak'
#
# command = 'mv ' + completePathBak + ' ' + completePath
# ProcessUtilities.executioner(command)
installUtilities.reStartLiteSpeed() installUtilities.reStartLiteSpeed()