Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-01-03 14:19:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

OWASP and Comodo initial integration.

Browse Source
This commit is contained in:
usmannasir
2018-04-04 02:17:12 +05:00
parent 7ac68c4d76
commit e217076352
13 changed files with 847 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backup/views.py
View File

@@ -1225,7 +1225,7 @@ def submitRemoteBackups(request):
Version = version.objects.get(pk=1)
if data['currentVersion'] == Version.currentVersion and data['build'] == Version.build:
if data['currentVersion'] == Version.currentVersion and data['build'] >= 0:
pass
else:
data_ret = {'status': 0,

2
baseTemplate/views.py
View File

@@ -57,7 +57,7 @@ def getAdminStatus(request):
logging.CyberCPLogFileWriter.writeToFile("Failed to read machine IP, error:" +str(msg))
serverIPAddress = "192.168.100.1"
adminName = administrator.firstName + " " + administrator.lastName[0]
adminName = administrator.firstName + " " + administrator.lastName[:3]
adminData = {"admin_type":admin_type,"user_name":adminName,"serverIPAddress":serverIPAddress}

2
filemanager/templates/filemanager/index.html
View File

@@ -18,7 +18,7 @@
<!-- Angular JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.6/angular.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.6.6/angular.min.js"></script>
<script src="{% static 'filemanager/js/fileManager.js' %}"></script>
<!-- Fix for old browsers -->

185
firewall/static/firewall/firewall.js
View File

@@ -745,7 +745,7 @@ app.controller('secureSSHCTRL', function($scope,$http) {
function ListInitialDatas(response) {
if(response.data.delete_status == 1){
if(response.data.delete_status === 1){
$scope.secureSSHLoading = true;
$scope.keyDeleted = false;
populateCurrentKeys();
@@ -789,7 +789,7 @@ app.controller('secureSSHCTRL', function($scope,$http) {
function ListInitialDatas(response) {
if(response.data.add_status == 1){
if(response.data.add_status === 1){
$scope.secureSSHLoading = true;
$scope.saveKeyBtn = true;
$scope.showKeyBox = false;
@@ -1236,4 +1236,185 @@ app.controller('modSecRules', function($scope, $http) {
});
/* Java script code for ModSec */
app.controller('modSecRulesPack', function($scope, $http, $timeout, $window) {
$scope.modsecLoading = true;
$scope.owaspDisable = true;
$scope.comodoDisable = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = true;
$scope.installationFailed = true;
$scope.installationSuccess = true;
///// ModSec configs
var owaspInstalled = false;
var comodoInstalled = false;
var counterOWASP = 0;
var counterComodo = 0;
$('#owaspInstalled').change(function() {
counterOWASP = counterOWASP + 1;
owaspInstalled = $(this).prop('checked');
if(counterOWASP > 2) {
if (owaspInstalled === true) {
installModSecRulesPack('installOWASP');
} else {
installModSecRulesPack('disableOWASP')
}
}
});
$('#comodoInstalled').change(function() {
counterComodo = counterComodo + 1;
comodoInstalled = $(this).prop('checked');
if(counterComodo > 2) {
if (comodoInstalled === true) {
installModSecRulesPack('installComodo');
} else {
installModSecRulesPack('disableComodo')
}
}
});
getOWASPAndComodoStatus();
function getOWASPAndComodoStatus(){
$scope.modsecLoading = false;
$('#owaspInstalled').bootstrapToggle('off');
$('#comodoInstalled').bootstrapToggle('off');
url = "/firewall/getOWASPAndComodoStatus";
var data = {};
var config = {
headers : {
'X-CSRFToken': getCookie('csrftoken')
}
};
$http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas);
function ListInitialDatas(response) {
$scope.modsecLoading = true;
if(response.data.modSecInstalled === 1){
if (response.data.owaspInstalled === 1) {
$('#owaspInstalled').bootstrapToggle('on');
$scope.owaspDisable = false;
}else{
$('#owaspInstalled').bootstrapToggle('off');
$scope.owaspDisable = true;
}
if (response.data.comodoInstalled === 1) {
$('#comodoInstalled').bootstrapToggle('on');
$scope.comodoDisable = false;
}else{
$('#comodoInstalled').bootstrapToggle('off');
$scope.comodoDisable = true;
}
}
}
function cantLoadInitialDatas(response) {
$scope.modsecLoading = true;
}
}
/////
function installModSecRulesPack(packName) {
$scope.modsecLoading = false;
url = "/firewall/installModSecRulesPack";
var data = {
packName:packName
};
var config = {
headers : {
'X-CSRFToken': getCookie('csrftoken')
}
};
$http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas);
function ListInitialDatas(response) {
$scope.modsecLoading = true;
if(response.data.installStatus === 1){
$scope.modsecLoading = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = true;
$scope.installationFailed = true;
$scope.installationSuccess = false;
$timeout(function() { $window.location.reload(); }, 3000);
}else{
$scope.modsecLoading = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = true;
$scope.installationFailed = false;
$scope.installationSuccess = true;
$scope.errorMessage = response.data.error_message;
}
}
function cantLoadInitialDatas(response) {
$scope.modsecLoading = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = false;
$scope.installationFailed = true;
$scope.installationSuccess = true;
}
}
});
/* Java script code for ModSec */

1
firewall/templates/firewall/modSecurity.html
View File

@@ -37,6 +37,7 @@
<div ng-hide="modSecNotifyBox" class="form-group">
<label class="col-sm-3 control-label"></label>
<div class="col-sm-6">
<div ng-hide="failedToStartInallation" class="alert alert-danger">
<p>{% trans "Failed to start installation, Error message: " %} {$ errorMessage $}</p>
</div>

113
firewall/templates/firewall/modSecurityRulesPacks.html Normal file
View File

@@ -0,0 +1,113 @@
{% extends "baseTemplate/index.html" %}
{% load i18n %}
{% block title %}{% trans "ModSecurity Rules Packs - CyberPanel" %}{% endblock %}
{% block content %}
{% load static %}
{% get_current_language as LANGUAGE_CODE %}
<!-- Current language: {{ LANGUAGE_CODE }} -->
<div class="container">
<div id="page-title">
<h2>{% trans "ModSecurity Rules Packages!" %} </h2>
<p>{% trans "Install/Un-install ModSecurity rules packages." %}</p>
</div>
<div ng-controller="modSecRulesPack" class="example-box-wrapper">
<div style="border-radius: 25px;border-color:#3498db" class="content-box">
<h3 class="content-box-header bg-blue">
{% trans "ModSecurity Rules Packages!" %} <img ng-hide="modsecLoading" src="/static/images/loading.gif">
</h3>
{% if modSecInstalled == 0 %}
<div class="content-box-wrapper">
<div class="row">
<div class="col-md-12 text-center" style="margin-bottom: 2%;">
<h3>{% trans "ModSecurity is not installed " %}
<a href="{% url 'modSecurity' %}"><button class="btn btn-alt btn-hover btn-blue-alt">
<span>{% trans "Install Now." %}</span>
<i class="glyph-icon icon-arrow-right"></i>
</button></a>
</h3>
</div>
</div>
</div>
<!----- ModeSec Install Log box ----------------->
{% else %}
<div class="content-box-wrapper">
<div class="row">
<table cellpadding="0" cellspacing="0" border="0" class="table text-center" id="datatable-example">
<thead>
<tr>
<th style="width: 33%" >Package</th>
<th style="width: 33%">Status</th>
<th style="width: 33%"></th>
</tr>
</thead>
<tbody>
<tr>
<td>OWASP ModSecurity Core Rules</td>
<td><input type="checkbox" id="owaspInstalled" data-toggle="toggle"></td>
<td>
<button ng-disabled="owaspDisable" ng-click="installModSec()" class="btn btn-alt btn-hover btn-blue-alt">
<span >{% trans "Configure" %}</span>
<i class="glyph-icon icon-arrow-right"></i>
</button>
</td>
</tr>
<tr>
<td>COMODO ModSecurity 3.0</td>
<td><input type="checkbox" id="comodoInstalled" data-toggle="toggle"></td>
<td>
<button ng-disabled="comodoDisable" ng-click="installModSec()" class="btn btn-alt btn-hover btn-blue-alt">
<span>{% trans "Configure" %}</span>
<i class="glyph-icon icon-arrow-right"></i>
</button>
</td>
</tr>
</tbody>
</table>
<div class="col-sm-3"></div>
<div class="col-sm-6">
<div ng-hide="installationQuote" class="alert alert-success">
<p>{% trans "Operation successful." %}</p>
</div>
<div ng-hide="couldNotConnect" class="alert alert-danger">
<p>{% trans "Could not connect. Please refresh this page." %} </p>
</div>
<div ng-hide="installationFailed" class="alert alert-danger">
<p>{% trans "Installation failed." %} {$ errorMessage $}</p>
</div>
<div ng-hide="installationSuccess" class="alert alert-success">
<p>{% trans "Operation successful, refreshing page in 3 seconds.." %}</p>
</div>
</div>
</div>
</div>
{% endif %}
</div>
</div>
</div>
{% endblock %}

10
firewall/urls.py
View File

@@ -26,13 +26,17 @@ urlpatterns = [
## ModSecurity
url(r'^modSecurity', views.loadModSecurityHome, name='modSecurity'),
url(r'^installModSec', views.installModSec, name='installModSec'),
url(r'^installStatusModSec', views.installStatusModSec, name='installStatusModSec'),
url(r'^installModSec$', views.installModSec, name='installModSec'),
url(r'^installStatusModSec$', views.installStatusModSec, name='installStatusModSec'),
url(r'^fetchModSecSettings', views.fetchModSecSettings, name='fetchModSecSettings'),
url(r'^saveModSecConfigurations', views.saveModSecConfigurations, name='saveModSecConfigurations'),
url(r'^modSecRules', views.modSecRules, name='modSecRules'),
url(r'^modSecRules$', views.modSecRules, name='modSecRules'),
url(r'^fetchModSecRules', views.fetchModSecRules, name='fetchModSecRules'),
url(r'^saveModSecRules', views.saveModSecRules, name='saveModSecRules'),
url(r'^modSecRulesPacks', views.modSecRulesPacks, name='modSecRulesPacks'),
url(r'^getOWASPAndComodoStatus', views.getOWASPAndComodoStatus, name='getOWASPAndComodoStatus'),
url(r'^installModSecRulesPack', views.installModSecRulesPack, name='installModSecRulesPack'),
]

106
firewall/views.py
View File

@@ -1015,3 +1015,109 @@ def saveModSecRules(request):
return HttpResponse(json_data)
def modSecRulesPacks(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
return HttpResponse("You don't have enough privileges to access this page.")
modSecPath = os.path.join(virtualHostUtilities.Server_root,'modules','mod_security.so')
modSecInstalled = 0
if os.path.exists(modSecPath):
modSecInstalled = 1
return render(request, 'firewall/modSecurityRulesPacks.html',{'modSecInstalled': modSecInstalled})
except KeyError:
return redirect(loadLoginPage)
def getOWASPAndComodoStatus(request):
try:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
if admin.type == 3:
final_dic = {'modSecInstalled': 0}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
modSecPath = os.path.join(virtualHostUtilities.Server_root,'modules','mod_security.so')
confPath = os.path.join(virtualHostUtilities.Server_root, 'conf/httpd_config.conf')
comodoInstalled = 0
owaspInstalled = 0
if os.path.exists(modSecPath):
command = "sudo cat " + confPath
httpdConfig = subprocess.check_output(shlex.split(command)).splitlines()
for items in httpdConfig:
if items.find('modsec/comodo') > -1:
comodoInstalled = 1
elif items.find('modsec/owasp') > -1:
owaspInstalled = 1
if owaspInstalled == 1 and comodoInstalled == 1:
break
final_dic = {
'modSecInstalled': 1,
'owaspInstalled': owaspInstalled,
'comodoInstalled': comodoInstalled
}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
final_dic = {'modSecInstalled': 0}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except KeyError:
return redirect(loadLoginPage)
def installModSecRulesPack(request):
try:
val = request.session['userID']
try:
if request.method == 'POST':
data = json.loads(request.body)
packName = data['packName']
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py"
execPath = execPath + " " + packName
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
installUtilities.reStartLiteSpeed()
data_ret = {'installStatus': 1, 'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'installStatus': 0, 'error_message': output}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException, msg:
data_ret = {'installStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except KeyError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg))
data_ret = {'installStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)

8
install/install.py
View File

@@ -703,8 +703,8 @@ class preFlightsChecks:
count = 0
while (1):
#command = "wget http://cyberpanel.net/CyberPanel.1.6.0.tar.gz"
command = "wget http://cyberpanel.net/CyberPanelTemp.tar.gz"
command = "wget http://cyberpanel.net/CyberPanel.1.6.1.tar.gz"
#command = "wget http://cyberpanel.net/CyberPanelTemp.tar.gz"
res = subprocess.call(shlex.split(command))
if res == 1:
@@ -723,8 +723,8 @@ class preFlightsChecks:
count = 0
while(1):
#command = "tar zxf CyberPanel.1.6.0.tar.gz"
command = "tar zxf CyberPanelTemp.tar.gz"
command = "tar zxf CyberPanel.1.6.1.tar.gz"
#command = "tar zxf CyberPanelTemp.tar.gz"
res = subprocess.call(shlex.split(command))

2
loginSystem/views.py
View File

@@ -129,7 +129,7 @@ def loadLoginPage(request):
firstName="Cyber",lastName="Panel")
admin.save()
vers = version(currentVersion="1.6",build=0)
vers = version(currentVersion="1.6",build=1)
vers.save()
package = Package(admin=admin, packageName="Default", diskSpace=1000,

1
plogical/backupUtilities.py
View File

@@ -294,6 +294,7 @@ class backupUtilities:
status.write("Extracting web home data!")
status.close()
# /home/backup/backup-example-06-50-03-Thu-Feb-2018/public_html.tar.gz
tar = tarfile.open(pathToCompressedHome)
tar.extractall(websiteHome)

248
plogical/modSec.py
View File

@@ -4,10 +4,13 @@ import shlex
import argparse
from virtualHostUtilities import virtualHostUtilities
import os
import tarfile
import shutil
class modSec:
installLogPath = "/home/cyberpanel/modSecInstallLog"
tempRulesFile = "/home/cyberpanel/tempModSecRules"
mirrorPath = "mirror.cyberpanel.net"
@staticmethod
def installModSec(install, modSecInstall):
@@ -73,8 +76,7 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf
rulesFilePath = os.path.join(virtualHostUtilities.Server_root,"conf/modsec/rules.conf")
if not os.path.exists(rulesFilePath):
initialRules = """
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access' ,log,auditlog,deny"
initialRules = """SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access' ,log,auditlog,deny"
"""
rule = open(rulesFilePath,'a+')
rule.write(initialRules)
@@ -140,7 +142,6 @@ SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'
@staticmethod
def saveModSecRules():
try:
rulesFile = open(modSec.tempRulesFile,'r')
data = rulesFile.read()
rulesFile.close()
@@ -162,6 +163,235 @@ SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'
print "0," + str(msg)
@staticmethod
def setupComodoRules():
try:
pathTOOWASPFolder = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/comodo")
extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf/modsec")
if os.path.exists(pathTOOWASPFolder):
shutil.rmtree(pathTOOWASPFolder)
if os.path.exists('comodo.tar.gz'):
os.remove('comodo.tar.gz')
command = "wget https://" + modSec.mirrorPath + "/modsec/comodo.tar.gz"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
tar = tarfile.open('comodo.tar.gz')
tar.extractall(extractLocation)
tar.close()
return 1
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [setupComodoRules]")
return 0
@staticmethod
def installComodo():
try:
if modSec.setupComodoRules() == 0:
print '0, Unable to download Comodo Rules.'
return
owaspRulesConf = """modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/modsecurity.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/01_Init_AppsInitialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/03_Global_Agents.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/04_Global_Domains.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/05_Global_Backdoor.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/06_XSS_XSS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/07_Global_Other.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/08_Bruteforce_Bruteforce.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/09_HTTP_HTTP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/10_HTTP_HTTPDoS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/11_HTTP_Protocol.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/12_HTTP_Request.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/13_Outgoing_FilterGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/14_Outgoing_FilterASP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/15_Outgoing_FilterPHP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/16_Outgoing_FilterSQL.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/17_Outgoing_FilterOther.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/18_Outgoing_FilterInFrame.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/19_Outgoing_FiltersEnd.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/20_PHP_PHPGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/21_SQL_SQLi.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/22_Apps_Joomla.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/23_Apps_JComponent.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/24_Apps_WordPress.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/25_Apps_WPPlugin.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/26_Apps_WHMCS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/27_Apps_Drupal.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_OtherApps.conf
"""
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1:
conf.writelines(items)
conf.write(owaspRulesConf)
continue
else:
conf.writelines(items)
conf.close()
print "1,None"
return
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [installOWASP]")
print "0," + str(msg)
@staticmethod
def disableComodo():
try:
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/comodo') > -1:
continue
else:
conf.writelines(items)
conf.close()
print "1,None"
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [disableComodo]")
print "0," + str(msg)
@staticmethod
def setupOWASPRules():
try:
pathTOOWASPFolder = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/owasp")
extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf/modsec")
if os.path.exists(pathTOOWASPFolder):
shutil.rmtree(pathTOOWASPFolder)
if os.path.exists('owasp.tar.gz'):
os.remove('owasp.tar.gz')
command = "wget https://" + modSec.mirrorPath + "/modsec/owasp.tar.gz"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
tar = tarfile.open('owasp.tar.gz')
tar.extractall(extractLocation)
tar.close()
return 1
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [setupOWASPRules]")
return 0
@staticmethod
def installOWASP():
try:
if modSec.setupOWASPRules() == 0:
print '0, Unable to download OWASP Rules.'
return
owaspRulesConf = """modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/modsecurity.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/crs-setup.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-901-INITIALIZATION.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-910-IP-REPUTATION.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-912-DOS-PROTECTION.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-913-SCANNER-DETECTION.conf
#modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-921-PROTOCOL-ATTACK.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-949-BLOCKING-EVALUATION.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-950-DATA-LEAKAGES.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-980-CORRELATION.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
"""
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1:
conf.writelines(items)
conf.write(owaspRulesConf)
continue
else:
conf.writelines(items)
conf.close()
print "1,None"
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [installOWASP]")
print "0," + str(msg)
@staticmethod
def disableOWASP():
try:
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/owasp') > -1:
continue
else:
conf.writelines(items)
conf.close()
print "1,None"
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [disableOWASP]")
print "0," + str(msg)
def main():
@@ -178,6 +408,18 @@ def main():
modSec.saveModSecConfigs(args.tempConfigPath)
elif args.function == "saveModSecRules":
modSec.saveModSecRules()
elif args.function == "setupOWASPRules":
modSec.setupOWASPRules()
elif args.function == "installOWASP":
modSec.installOWASP()
elif args.function == "disableOWASP":
modSec.disableOWASP()
elif args.function == "setupComodoRules":
modSec.setupComodoRules()
elif args.function == "installComodo":
modSec.installComodo()
elif args.function == "disableComodo":
modSec.disableComodo()
if __name__ == "__main__":
main()

185
static/firewall/firewall.js
View File

@@ -745,7 +745,7 @@ app.controller('secureSSHCTRL', function($scope,$http) {
function ListInitialDatas(response) {
if(response.data.delete_status == 1){
if(response.data.delete_status === 1){
$scope.secureSSHLoading = true;
$scope.keyDeleted = false;
populateCurrentKeys();
@@ -789,7 +789,7 @@ app.controller('secureSSHCTRL', function($scope,$http) {
function ListInitialDatas(response) {
if(response.data.add_status == 1){
if(response.data.add_status === 1){
$scope.secureSSHLoading = true;
$scope.saveKeyBtn = true;
$scope.showKeyBox = false;
@@ -1236,4 +1236,185 @@ app.controller('modSecRules', function($scope, $http) {
});
/* Java script code for ModSec */
app.controller('modSecRulesPack', function($scope, $http, $timeout, $window) {
$scope.modsecLoading = true;
$scope.owaspDisable = true;
$scope.comodoDisable = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = true;
$scope.installationFailed = true;
$scope.installationSuccess = true;
///// ModSec configs
var owaspInstalled = false;
var comodoInstalled = false;
var counterOWASP = 0;
var counterComodo = 0;
$('#owaspInstalled').change(function() {
counterOWASP = counterOWASP + 1;
owaspInstalled = $(this).prop('checked');
if(counterOWASP > 2) {
if (owaspInstalled === true) {
installModSecRulesPack('installOWASP');
} else {
installModSecRulesPack('disableOWASP')
}
}
});
$('#comodoInstalled').change(function() {
counterComodo = counterComodo + 1;
comodoInstalled = $(this).prop('checked');
if(counterComodo > 2) {
if (comodoInstalled === true) {
installModSecRulesPack('installComodo');
} else {
installModSecRulesPack('disableComodo')
}
}
});
getOWASPAndComodoStatus();
function getOWASPAndComodoStatus(){
$scope.modsecLoading = false;
$('#owaspInstalled').bootstrapToggle('off');
$('#comodoInstalled').bootstrapToggle('off');
url = "/firewall/getOWASPAndComodoStatus";
var data = {};
var config = {
headers : {
'X-CSRFToken': getCookie('csrftoken')
}
};
$http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas);
function ListInitialDatas(response) {
$scope.modsecLoading = true;
if(response.data.modSecInstalled === 1){
if (response.data.owaspInstalled === 1) {
$('#owaspInstalled').bootstrapToggle('on');
$scope.owaspDisable = false;
}else{
$('#owaspInstalled').bootstrapToggle('off');
$scope.owaspDisable = true;
}
if (response.data.comodoInstalled === 1) {
$('#comodoInstalled').bootstrapToggle('on');
$scope.comodoDisable = false;
}else{
$('#comodoInstalled').bootstrapToggle('off');
$scope.comodoDisable = true;
}
}
}
function cantLoadInitialDatas(response) {
$scope.modsecLoading = true;
}
}
/////
function installModSecRulesPack(packName) {
$scope.modsecLoading = false;
url = "/firewall/installModSecRulesPack";
var data = {
packName:packName
};
var config = {
headers : {
'X-CSRFToken': getCookie('csrftoken')
}
};
$http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas);
function ListInitialDatas(response) {
$scope.modsecLoading = true;
if(response.data.installStatus === 1){
$scope.modsecLoading = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = true;
$scope.installationFailed = true;
$scope.installationSuccess = false;
$timeout(function() { $window.location.reload(); }, 3000);
}else{
$scope.modsecLoading = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = true;
$scope.installationFailed = false;
$scope.installationSuccess = true;
$scope.errorMessage = response.data.error_message;
}
}
function cantLoadInitialDatas(response) {
$scope.modsecLoading = true;
//
$scope.installationQuote = true;
$scope.couldNotConnect = false;
$scope.installationFailed = true;
$scope.installationSuccess = true;
}
}
});
/* Java script code for ModSec */