mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2025-10-26 07:46:35 +01:00
259 lines
8.2 KiB
Python
259 lines
8.2 KiB
Python
#!/usr/local/CyberCP/bin/python
|
|
import os
|
|
import os.path
|
|
import sys
|
|
|
|
import django
|
|
sys.path.append('/usr/local/CyberCP')
|
|
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings")
|
|
try:
|
|
django.setup()
|
|
except:
|
|
pass
|
|
|
|
import plogical.CyberCPLogFileWriter as logging
|
|
import argparse
|
|
from plogical.processUtilities import ProcessUtilities
|
|
|
|
|
|
class FirewallUtilities:
|
|
|
|
@staticmethod
|
|
def resFailed(res):
|
|
if (ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu or ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu20) and res != 0:
|
|
return True
|
|
elif (ProcessUtilities.decideDistro() == ProcessUtilities.centos or ProcessUtilities.decideDistro() == ProcessUtilities.cent8) and res == 1:
|
|
return True
|
|
return False
|
|
|
|
@staticmethod
|
|
def doCommand(command):
|
|
try:
|
|
res = ProcessUtilities.executioner(command)
|
|
if res == 0:
|
|
logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error #" + str(res))
|
|
return 0
|
|
|
|
except OSError as msg:
|
|
logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error: " + str(msg))
|
|
return 0
|
|
except ValueError as msg:
|
|
logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error: " + str(msg), 1)
|
|
return 0
|
|
return 1
|
|
|
|
|
|
@staticmethod
|
|
def addRule(proto,port,ipAddress):
|
|
ruleFamily = 'rule family="ipv4"'
|
|
sourceAddress = 'source address="' + ipAddress + '"'
|
|
ruleProtocol = 'port protocol="' + proto + '"'
|
|
rulePort = 'port="' + port + '"'
|
|
|
|
command = "firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
ruleFamily = 'rule family="ipv6"'
|
|
sourceAddress = ''
|
|
|
|
command = "firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = 'firewall-cmd --reload'
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
return 1
|
|
|
|
@staticmethod
|
|
def addSieveFirewallRule():
|
|
"""Add Sieve port 4190 to firewall for all OS variants"""
|
|
try:
|
|
# Add Sieve port 4190 to firewall
|
|
FirewallUtilities.addRule('tcp', '4190', '0.0.0.0/0')
|
|
logging.CyberCPLogFileWriter.writeToFile("Sieve port 4190 added to firewall successfully")
|
|
return 1
|
|
except BaseException as msg:
|
|
logging.CyberCPLogFileWriter.writeToFile("Failed to add Sieve port 4190 to firewall: " + str(msg))
|
|
return 0
|
|
|
|
@staticmethod
|
|
def deleteRule(proto, port, ipAddress):
|
|
ruleFamily = 'rule family="ipv4"'
|
|
sourceAddress = 'source address="' + ipAddress + '"'
|
|
ruleProtocol = 'port protocol="' + proto + '"'
|
|
rulePort = 'port="' + port + '"'
|
|
|
|
command = "firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
ruleFamily = 'rule family="ipv6"'
|
|
sourceAddress = ''
|
|
|
|
command = "firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = 'firewall-cmd --reload'
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
return 1
|
|
|
|
@staticmethod
|
|
def saveSSHConfigs(type, sshPort, rootLogin):
|
|
try:
|
|
if type == "1":
|
|
|
|
command = 'semanage port -a -t ssh_port_t -p tcp ' + sshPort
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0")
|
|
|
|
|
|
if rootLogin == "1":
|
|
rootLogin = "PermitRootLogin yes\n"
|
|
else:
|
|
rootLogin = "PermitRootLogin no\n"
|
|
|
|
sshPort = "Port " + sshPort + "\n"
|
|
|
|
pathToSSH = "/etc/ssh/sshd_config"
|
|
|
|
data = open(pathToSSH, 'r').readlines()
|
|
|
|
writeToFile = open(pathToSSH, "w")
|
|
|
|
for items in data:
|
|
if items.find("PermitRootLogin") > -1:
|
|
if items.find("Yes") > -1 or items.find("yes"):
|
|
writeToFile.writelines(rootLogin)
|
|
continue
|
|
elif items.find("Port") > -1:
|
|
writeToFile.writelines(sshPort)
|
|
else:
|
|
writeToFile.writelines(items)
|
|
writeToFile.close()
|
|
|
|
command = 'systemctl restart sshd'
|
|
ProcessUtilities.normalExecutioner(command)
|
|
|
|
print("1,None")
|
|
|
|
except BaseException as msg:
|
|
print("0," + str(msg))
|
|
|
|
@staticmethod
|
|
def addSSHKey(tempPath, path=None):
|
|
try:
|
|
key = open(tempPath, 'r').read()
|
|
|
|
if path == None:
|
|
sshDir = "/root/.ssh"
|
|
pathToSSH = "/root/.ssh/authorized_keys"
|
|
|
|
if os.path.exists(sshDir):
|
|
pass
|
|
else:
|
|
os.mkdir(sshDir)
|
|
else:
|
|
pathToSSH = path
|
|
|
|
if os.path.exists(pathToSSH):
|
|
pass
|
|
else:
|
|
sshFile = open(pathToSSH, 'w')
|
|
sshFile.writelines("#Created by CyberPanel\n")
|
|
sshFile.close()
|
|
|
|
presenseCheck = 0
|
|
try:
|
|
data = open(pathToSSH, "r").readlines()
|
|
for items in data:
|
|
if items.find(key) > -1:
|
|
presenseCheck = 1
|
|
except:
|
|
pass
|
|
|
|
if presenseCheck == 0:
|
|
writeToFile = open(pathToSSH, 'a')
|
|
writeToFile.writelines("#Added by CyberPanel\n")
|
|
writeToFile.writelines("\n")
|
|
writeToFile.writelines(key)
|
|
writeToFile.writelines("\n")
|
|
writeToFile.close()
|
|
|
|
if os.path.split(tempPath):
|
|
os.remove(tempPath)
|
|
|
|
print("1,None")
|
|
|
|
except BaseException as msg:
|
|
print("0," + str(msg))
|
|
|
|
@staticmethod
|
|
def deleteSSHKey(key, path=None):
|
|
try:
|
|
keyPart = key.split(" ")[1]
|
|
|
|
if path == None:
|
|
pathToSSH = "/root/.ssh/authorized_keys"
|
|
else:
|
|
pathToSSH = path
|
|
|
|
data = open(pathToSSH, 'r').readlines()
|
|
|
|
writeToFile = open(pathToSSH, "w")
|
|
|
|
for items in data:
|
|
if items.find("ssh-rsa") > -1 and items.find(keyPart) > -1:
|
|
continue
|
|
else:
|
|
writeToFile.writelines(items)
|
|
|
|
writeToFile.close()
|
|
|
|
print("1,None")
|
|
|
|
except BaseException as msg:
|
|
print("0," + str(msg))
|
|
|
|
|
|
def main():
|
|
|
|
parser = argparse.ArgumentParser(description='CyberPanel Installer')
|
|
parser.add_argument('function', help='Specific a function to call!')
|
|
|
|
## Litespeed Tuning Arguments
|
|
|
|
parser.add_argument("--tempPath", help="Temporary path to file where PHP is storing data!")
|
|
|
|
parser.add_argument("--type", help="Type")
|
|
parser.add_argument("--sshPort", help="SSH Port")
|
|
parser.add_argument("--rootLogin", help="Root Login")
|
|
parser.add_argument("--key", help="Key")
|
|
parser.add_argument("--path", help="Path to key file.")
|
|
|
|
|
|
args = parser.parse_args()
|
|
|
|
if args.function == "saveSSHConfigs":
|
|
FirewallUtilities.saveSSHConfigs(args.type, args.sshPort, args.rootLogin)
|
|
elif args.function == "addSSHKey":
|
|
if not args.path:
|
|
FirewallUtilities.addSSHKey(args.tempPath)
|
|
else:
|
|
FirewallUtilities.addSSHKey(args.tempPath, args.path)
|
|
elif args.function == "deleteSSHKey":
|
|
if not args.path:
|
|
FirewallUtilities.deleteSSHKey(args.key)
|
|
else:
|
|
FirewallUtilities.deleteSSHKey(args.key, args.path)
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main() |