o

��h���@s,dd
lm
Z

ddlmZmZ
ddlmZ
ddlmZ
ddl	Z	ddl
mZ
ddlm
Z

ddlZddlZddlZddlZddlmZ
dd	lmZ
dd
lmZ
ddlmZmZ
ddlmZ
dd
lmZ
ddl m!Z!m"Z"
ddl#m$Z$
ddl%m&Z&
ddl'm(Z)
ddl*m+Z+
ddl,m-Z-
ddl.m/Z/m0Z0
ddl1Z1dZ2dZ3edd��
Z4edd��
Z5edd��
Z6dd�Z7dd �Z8d!d"�Z9ed#d$��
Z:d%d&�Z;d'd(�Z<d)d*�Z=ed+d,��
Z>d-d.�Z?d/d0�Z@d1d2�ZAd3d4�ZBd5d6�ZCd7d8�ZDd9d:�ZEd;d<�ZFee/d=d>��
�
ZGee/d?d@��
�
ZHee0dAdB��
�
ZIee0dCdD��
�
ZJee/dEdF��
�
ZKdS)G�)
�randint)�render�redirect)
�HttpResponse)
�SystemInformationN)
�
loadLoginPage�
)
�version)
�
ACLManager)
�
PDNSStatus)�ensure_csrf_cookie�csrf_exempt�
�ProcessUtilities)
�httpProc)�Websites�WPSites)
�	Databases)
�EUsers)
�Users)
�
Administrator)
�Package)�require_GET�require_POSTz2.4�c
Cs8d
}
t�
�}|d|d|dd�}t||
|�}|��S)NzbaseTemplate/homePage.html�ramUsage�cpuUsage�	diskUsage)rrr)r�
cpuRamDiskrr)�request�templater�finaData�proc�r#�(/usr/local/CyberCP/baseTemplate/views.py�
renderBase#s


�
r%c
Cs�t�
d
�
}
|
��}|d}|d}t}tt�
}d||f}t�|�

t�
|�
}|��dd}	d}
t�	|
�
}|�
d�
}d	}
||	krCd
}
d}|||||	||
d�}t|||d
�}|��S�N�"https://cyberpanel.net/version.txtr	�buildzEhttps://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v%s.%sr
�shaz)git -C /usr/local/CyberCP/ rev-parse HEAD�

TFz"baseTemplate/versionManagment.html)r(�currentVersion�
latestVersion�latestBuild�latestcomit�Currentcomt�	Notecheck�versionManagement)
�requests�get�json�VERSION�str�BUILD�logging�writeToFiler�outputExecutioner�rstriprr�r�
getVersion�latestr,r-r+�currentBuild�
u�
rr.�command�outputr/�notechkr �	finalDatar"r#r#r$r1-s.

















�
r1c

Cs�|jd
krHz&d}
t
j|
dt
jt
jdd�}|jdkr!ddd�}WdSdd	|jd�}WdStyG
}
zdd
t|�
d�}WYd}~dSd}~w
wdS)N�POSTz�sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)T)�shell�stdout�stderr�universal_newlinesr
z*CyberPanel upgrade completed successfully.)�success�messageFz)CyberPanel upgrade failed. Error output: z&An error occurred during the upgrade: )�method�
subprocess�run�PIPE�
returncoderI�	Exceptionr6)r�upgrade_command�result�
response_data�
er#r#r$�upgrade_cyberpanelNs 




�


� 
���rWc
Cs�zn|jd
}
t
�|
�
}tj�d�
rd|d<nd|d<tj�d�
r%d|d<nd|d<ztjjdd�
}|j	|d	<Wn-


t
��t
jksIt
��t
j
krLd
}nd}tj�|�
r`tdd�
��
d|d	<nd|d	<Yt�|�
}t|�
WSty{


td
�
YSw)N�userIDz/home/cyberpanel/postfixr�emailAsWholer
z/home/cyberpanel/pureftpd�
ftpAsWhole�
�pk�
dnsAsWholez
/etc/powerdnsz	/etc/pdns)
�serverStatuszCan not get admin Status)�sessionr
�	loadedACL�os�path�existsr�objectsr3r^r�decideDistro�ubuntu�ubuntu20�saver4�dumpsr�KeyError)r�val�
currentACL�pdns�pdnsPath�	json_datar#r#r$�getAdminStatus_s4
















�




�rpc
 Cs|�
z|jd
}
t
�|
�
}tjj|
d�
}|�dd�r't��}t�	|�
}t
|�
WSddl}ddl}d}d}	|j
��}
tjj|jd�
}|D]	}|
|j
��B}
qB|
D]7}
d|
j��}|j�|�
r|z|jdd|g|jd	�}t|����d�
}||7}Wn


Y|
jr�|	|
jj7}	qNt|d
d�}|	dkr�|	n
d}td||�}|dkr�tdt||d�
�n
d}d}d}|
D]}
|
jr�||
jj7}q�|dkr�|n
d
}d}|
��}d}d}t |
j!ddd��
}|r�t"jj|d�
��}t#jj|d�
��}tdt|d�
�tdt|d|d�
�|ddt|�
t|�
dd�}t�	|�
}t
|�
WSt$�
y=
}
zddddddddd�}t
t�	|�
�
WYd}~Sd}~w
w)NrXr[�adminr
�
�owner�/home/�duz-sm)
rIi��d���domainT�
�flat�
�website__domain__in�
�#emailOwner__domainOwner__domain__in��
izUser Account Active)rrr�cpuCores�
ramTotalMB�diskTotalGB�
diskFreeGB�uptimezN/A)%r_r
r`rrdr3r�getSystemInformationr4rirrNra�websites_set�all�filterr\ryrbrc�check_output�DEVNULL�int�decode�split�package�	diskSpace�round�max�min�	bandwidth�count�list�values_listrrrR) rrkrlrq�HTTPDatarorNra�total_disk_used�total_disk_limit�
user_websites�child_admins�child_admin�website�website_pathrT�	disk_used�total_disk_used_gb�total_disk_limit_gb�disk_free_gb�disk_usage_percent�bandwidth_used�bandwidth_limit�bandwidth_limit_gb�bandwidth_usage_percent�total_websites�total_databases�total_emails�
website_names�	user_datarV�default_datar#r#r$�getSystemStatus�s�























�

"




�












�









�
��r�c
	Cs�zB|jd
}
t
�|
�
}|�dd�stt�ddd��
ddd�WSt��}t	|�
}|d}|d	}|d
}|||d�}t�|�
}t|�
WSt
yO


td�
YSw)
NrXrqr
�Admin access required��status�
error_message�application/json�
��content_typer�rrv)�one�two�threezNot allowed.)r_r
r`r3rr4rir�cpuLoadr�rj)	rrkrl�loadAverager�r�r��loadAvgror#r#r$�getLoadAverage�s 
















�r�c
Cs�t�
d
�
}
|
��}|d}|d}t}tt�
}d||f}tj�|�

t�
|�
}|��dd}	d}
t	�
|
�
}|�d�
}d	}
||	krDd
}
d}|||||	||
d�}t|||d
�}|�
�Sr&)r2r3r4r5r6r7r8�CyberCPLogFileWriterr9rr:r;rrr<r#r#r$�versionManagment�s.
















�
r�c
	Cs�zC|jd
}
t
�|
�
}t�|j�
}|ddkrnt
�dd�WSddlm}
i}|d|d<|d|�}|�	�
d	di
}t�
|�
}t|�
WStyZ


dd
d�}t�
|�
}t|�
YSw)NrXrqr�fetchStatusr
)
�ApplicationInstaller�branchSelect�	UpgradeCP�upgradez"Please login or refresh this page.)r�r�)
r_r
r`r4�loads�body�
loadErrorJson�plogical.applicationInstallerr��startrirrj)	rrqrl�datar��	extraArgs�
background�	adminDataror#r#r$r�!
s(


















�r�c


Csn
z�|jd
}
t
�|
�
}|ddkrnt
�dd�WSzc|jdkryddlm}
|j}z
t�	d|���
}Wn


t
�ddd	d
d��
}t|�
YWWS|�
d�
d
krid|��}t�|�

t
�ddd	|d��
}t|�
WWSt
�ddd	|d��
}t|�
WWSWWdSty�
}
zdt|�
d�}	t
�|	�
}t|�
WYd}~WSd}~w
wty�


ddd�}	t
�|	�
}t|�
YSw)NrXrqr�FilemanagerAdminr
rF)
�Upgradezcat �NonezUpgrade Just started..)�finished�
upgradeStatusr��
upgradeLogzUpgrade Completed���zrm -rf )r�r�z6Not Logged In, please refresh the page or login again.)r_r
r`r�rM�plogical.upgrader��
LogPathNewrr:r4rir�find�executioner�
BaseExceptionr6rj)
rrkrlr�rbr��
final_jsonrB�msg�	final_dicr#r#r$r�>
sV














�




�

��



��




�r�c

Cs�z#tj
jd
d�
}
t�d�
}|��}|d|
_|d|
_|
��
td�
WSt	yC
}
zt
j�t
|�
�

tt
|�
�
WYd}~Sd}~w
w)Nrr[r'r	r(zVersion upgrade OK.)r	rdr3r2r4r+r(rhrr�r8r�r9r6)r�versr=r>r�r#r#r$�upgradeVersionm
s













��r�c
CsP
zd
dlm
}

|
jjdd�
}Wn


d
dlm
}

|
�}|��
Y|jd}t�|�
}|ddkr2nt�dd
�Si}|j	dkrQ|j
�d	d
�}||_|��
d|d<d}t�|�
}|�
�d
d
}	d|	}
t�|
�
}t|�
�d�
}g|d<t|�
D]}
|�
�d|
ddkr�|d�|�
�d|
d�

qyd}||d<t|||d�}|��S)Nr
)
�CyberPanelCosmeticrr[rXrq�rebootrF�MainDashboardCSS��savedzAhttps://api.github.com/repos/usmannasir/CyberPanel-Themes/commitsr)zFhttps://api.github.com/repos/usmannasir/CyberPanel-Themes/git/trees/%s�tree�typerbzbaseTemplate/design.html�cosmeticr1)�baseTemplate.modelsr�rdr3rhr_r
r`r�rMrFr�r2r4�len�range�appendrr)rr�r�rkrlrEr��sha_url�sha_resr)�
l�fres�tott�
ir r"r#r#r$�design|
sB
























�

r�c


Cs�z;|jd
}
t
�|
�
}t�|j�
}|ddkrnt
�dd�WSd|d}t�|�
}|j	}d|d�}t�
|�
}t|�
WSty]
}	
zdt
|	�
d	�}t�
|�
}t|�
WYd}	~	Sd}	~	w
w)
NrXrqrr�r
zQhttps://raw.githubusercontent.com/usmannasir/CyberPanel-Themes/main/%s/design.css�	Themename)r��
csscontentr�)r_r
r`r4r�r�r�r2r3�textrirr�r6)
rrkrlr��url�res�rsultr�r�r�r#r#r$�getthemedata�
s&


















��r�c
Csd
}
t||
dd�}|�
�S)NzbaseTemplate/onboarding.htmlrq)rr)rr r"r#r#r$�
onboarding�
s

r�c

Cs
zg|jd
}
t
�|
�
}|ddkrnt
��WSt�|j�
}|d}z
tt|d�
�
}Wn


d}Ydtt	dd	��
}t
|d
�}|�d�

|��
d|�d
|�d|��}t
�|�

d|d�}	t�|	�
}
t|
�
WSty�
}
zdt|�
d�}	t�|	�
}
t|
�
WYd}~Sd}~w
w)NrXrqr�hostname�	rDNSCheckr
z/home/cyberpanel/rxi'�
w�Startingzw/usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/virtualHostUtilities.py OnBoardingHostName --virtualHostName z --path z --rdns )r��tempStatusPathr�)r_r
r`r�r4r�r�r6r�r�open�write�closer�popenExecutionerrirr�)rrXrlr�r�r�r
�WriteToFilerB�dicror�r#r#r$�
runonboarding�
s6

























��r
c

Cs�z+|jd
}
t
�|
�
}|ddkrnt
��WSd}t�|�

ddi
}t�|�
}t|�
WSt	yM
}
zdt
|�
d�}t�|�
}t|�
WYd}~Sd}~w
w)NrXrqrzsystemctl restart lscpdr�r
r�)r_r
r`r�rr
r4rirr�r6)rrXrlrBr
ror�r#r#r$�RestartCyberPanel�
s"
















��r
c

Cs�
z�|jd
}
t
�|
�
}tjj|
d�
}|ddkr7tj��}tj��}tj��}t	j��}t
j��}tj��}	nqtjj|j
d�
��d}|j��}
t|
jddd��
}tjj|j
d�
}|D]}
|
j��}|�t|jddd��
�

q[t|�
}|r�tjj|d	�
��}t	jj|d
�
��}ddlm}
t
jj|d
�
��}tjj|d�
��}	nd}d}d}d}	||||||	dd�}tt�|�
dd�WSty�
}
ztt�dt|�
d��
dd�WYd}~Sd}~w
w)NrXr[rqrrrryTrz)
�owner__domain__inr|r
)
�Domainsr~)
�
domain__in)�total_users�total_sites�total_wp_sites�	total_dbsr��total_ftp_usersr�r��
r�r�)r_r
r`rrdr3r�rrrr�FTPUsersr�r\r�r�r�r��extendr��mailServer.modelsr

rr4rirRr6)rrkrlrqr
r

r
r
r�r
r�r�r�r��child_websites�EmailDomainsr�rVr#r#r$�getDashboardStatssT
































�	
(
��r
c


Cs
zk|jd
}
t
�|
�
}|�dd�stt�dddd��
dd�WSd}}td	d
��,}|��D]}d|vr4q-d|vrL|�	�}|t
|d
�
7}|t
|d�
7}q-Wd�
n1sWw



Y
||d
d�}tt�|�
dd�WSty�
}	
ztt�dt|	�
d��
dd�WYd}	~	Sd}	~	w
w)NrXrqr
r�T�r�r��
admin_onlyr�r
z
/proc/net/devrAzlo:�
:r�	)�rx_bytes�tx_bytesr�r�)
r_r
r`r3rr4rir

�	readlinesr�r�rRr6)
rrkrl�rx�tx�
f�line�partsr�rVr#r#r$�getTrafficStatsMs4













���	

�
(
��r$
c

Cs:
z||jd
}
t
�|
�
}|�dd�stt�dddd��
dd�WSd}d}d	}td
d��7}|D],}|��}t	|�
dkr:q-|d
}	|	�
d�
sH|	�
d�
rIq-|t|d�
7}|t|d�
7}q-Wd�
n1sdw



Y
||||dd�}
tt�|
�
dd�WSty�
}
ztt�dt
|�
d��
dd�WYd}~Sd}~w
w)NrXrqr
r�Tr
r�r
iz/proc/diskstatsrA�rv�loop�ramr�r
r)�
read_bytes�write_bytesr�r�)r_r
r`r3rr4rir

r�r��
startswithr�rRr6)rrkrl�read_sectors�
write_sectors�sector_sizer!
r"
r#
�devr�rVr#r#r$�getDiskIOStatsis:















��


�
(
��r/
c
	
Cs
za|jd
}
t
�|
�
}|�dd�stt�dddd��
dd�WStd	d
��'}|D]}|�d�
rA|�	��
�}dd
�|dd�D�
}
nq'g}Wd�
n1sNw



Y
|dd�}tt�|�
dd�WSty�
}
ztt�dt|�
d��
dd�WYd}~Sd}~w
w)NrXrqr
r�Tr
r�r
z
/proc/statrAzcpu c
Ssg|]}
t|
�
�qSr#)
�float��.0�
xr#r#r$�
<listcomp>��z#getCPULoadGraph.<locals>.<listcomp>r)�	cpu_timesr�r�)
r_r
r`r3rr4rir

r*
�stripr�rRr6)	rrkrlr!
r"
r#
r6
r�rVr#r#r$�getCPULoadGraph�s.










���

�
(
��r8
c
s��
z;|j�
d
�
}
|
stt�ddi
�
ddd�WSt�|
�
}|�
dd�s/tt�dd	i
�
ddd�WSddl}ddl}dd
l	m
}
zt�d�
}Wn#t
yg
}
ztt�ddt|�
i
�
dd
d�WYd}~WSd}~w
w|���d�
}g}	i}
|D]�����r�t�f
dd�dD�
�
r�qu|jd�dd�}t|�
dkr�qu|^}}
}}|r�|dn
d}|�d��}|r�|�d�
n
d}d}d�vr�d�
d��}nd�vr�d}d}}|�d|��
r|dk�
r||
vr�|
|\}}n?z'tj
d|��dd���}|�
d d�}|�
rd!|���d"�n
d}||f|
|<Wnt
�
y


d#\}}Yn
w|dk�
r#d$\}}|	�||||||�d%��

qutt�d&|	i
�
dd'�WSt
�
y]
}
ztt�dt|�
i
�
dd
d�WYd}~Sd}~w
w)(NrX�error�
Not logged inr�r�r�rqr
�
Admin only)
�OrderedDictz
last -n 20zFailed to run last: %s��
r*c
3��|]}
|
�vV
qdS�
Nr#r1
�
r"
r#r$�	<genexpr>���z%getRecentSSHLogins.<locals>.<genexpr>)r�zsystem bootzwtmp beginsz\s+r�)
�maxsplitr�r�z%([A-Za-z]{3} [A-Za-z]{3} +\d+ [\d:]+)r�
-zstill logged inz\d+\.\d+\.\d+\.\d+�	127.0.0.1�http://ip-api.com/json/rv�
�timeout�countryCodezhttps://flagcdn.com/24x18/z.png)r�r�)�Localr�)�user�ip�country�flag�dater_�raw�loginsr
)r_r3rr4rir
r`�re�time�collectionsr<
rr:rRr6r7
r��anyr��search�group�matchr2�lowerr�)r�user_idrlrR
rS
r<
rCrV�linesrQ
�ip_cacher#
rK
�ttyrL
�rest�date_session�
date_match�date_str�session_inforM
rN
�geor#r@
r$�getRecentSSHLogins�sz









.
��





















�










�	
(
��rd
c

Cs�
z�|j�
d
�
}
|
stt�ddi
�
ddd�WSt�|
�
}|�
dd�s.tt�dd	i
�
ddd�WSdd
lm}
|�	�}||j
|jfvrCd}nd}z
|�d
|���
}Wn$t
ys
}
ztt�ddt|�
��i
�
ddd�WYd}~WSd}~w
w|�d�
}g}	|D]1}
|
��s�q}|
��}t|�
dkr�d�|dd��
}d�|dd��
}
nd}|
}
|	�||
|
d��

q}tt�d|	i
�
dd�WSt
y�
}
ztt�dt|�
i
�
ddd�WYd}~Sd}~w
w)NrXr9
r:
r�r�r�rqr
r;
r�/var/log/auth.log�/var/log/secureztail -n 100 �Failed to read log: r=
r*r�
 �r�)�	timestamprLrP
�logsr
)r_r3rr4rir
r`�plogical.processUtilitiesrrerfrgr:rRr6r�r7
r��joinr�)rrZ
rlr�distro�log_pathrCrVr[
rk
r"
r#
rj
rLr#r#r$�getRecentSSHLogs�sF













0
��












(
��rp
c
$s�z�|j�
d
�
}
|
stt�ddi
�
ddd�WSt�|
�
}|�
dd�s/tt�dd	i
�
ddd�WSt�d
�
sGtt�dddd
gd�
dd��
dd�WSddlm	}
ddl
}ddlm}
ddl
m
}m}
g}d}	z|�d�
}
|
rqd|
vrqd}	Wn


Y|	s�z|�d�
}|r�d|vr�d}	Wn


d}	Y|��}||j|jfvr�d}
nd}
z
|�d|
���
}Wn$ty�
}
ztt�ddt|�
��i
�
dd d�WYd}~WSd}~w
w|�d!�
}|t�
}|t�
}|t�
}|t�
}g}g�
|t�
}|t�
}|t�
}|t�
}|t�
}|D�
]�����
sq�d"�v�
r;|�d#��}|�
r:|��\}}||d$7<||�d%|�f�

|d&k�
r:�
�|�d'��

q�d(�v�
sEd)�v�
rg|�d*��}|�
rf|��\}}||d$7<||�d+|�f�

q�d,�v�
sqd-�v�
r�|�d.��}|�
r�|�d$�
}||d$7<q�d/�v�
r�d0�v�
r�|�d1��}|�
r�|��\}}||v�
r�||�|t||�
�d2��

q�t�f
d3d4�d5D�
�
�
r�t�f
d6d4�d7D�
�
�
r�|���

q�d8�v�
r�|�d9��}|�
r�|�d$�
}||d$7<q�d:�v�
s�d;�v�r|�d.��}|�r|�d$�
}||d$7<q�|��D]5\}}|d<k�rI|	dk�r-d=|�d>|�d?�}nd@|�dA�}|�dBdC|�dD|�dE�dF||dGdH�|dI��

�q�
�r�|�dJdKtt dLd4��
D�
�
�
�dM�dFtt dNd4��
D�
�
�
t�
�
t!t dOd4��
D�
�
�
f
dPdQ�dR�dS�dTdI��

|��D]5\}}|dUk�r�|	dk�r�dV|�dW|�dX�}ndY|�dZ�}|�d[dC|�d\|�d]�d^||d_d`�|dI��

�q�|��D] \}}|dak�r�|�dbdC|�dc|�dd�d^||dedf�dgdI��

�q�|��D]0\}} | �rt!dhd4�| D�
�
}!|!dak�r|�didC|�dj|!�dk�dl||!| ddmdn�dodI��

�q�|��D]5\}}|dpk�rP|	dk�r4dq|�dr|�ds�}ndt|�dA�}|�dudC|�dD|�dv�dF||dwdx�|dI��

�q|�rs|�dydzt|�
�d{�d^t|�
d||�rk|dn
dd}�d~dI��

|�s�g}"z|�d�
}#d�|#v�r�|"�d��

d�|#v�r�|"�d��

Wn


Y|"�r�|�d�d�d�d�t|�
|	�r�|	�"�n
d�d��d!�#|"�
dI��

n|�d�d�d�d�t|�
|	�r�|	�"�n
d�d��d�dI��

dd$d�dad���|j$�f
d�dQ�dR�

tt�d$|d���
dd�WSt�y

}
ztt�dt|�
i
�
dd d�WYd}~Sd}~w
w)�NrXr9
r:
r�r�r�rqr
r;
r�TzSSH Security Analysisz�Advanced SSH security monitoring and threat detection that helps protect your server from brute force attacks, port scanning, and unauthorized access attempts.)z*Real-time detection of brute force attacksz?Identification of dictionary attacks and invalid login attemptszPort scanning detectionzRoot login attempt monitoringz"Automatic security recommendationsz"Integration with CSF and Firewalldz&Detailed threat analysis and reportingz(https://cyberpanel.net/cyberpanel-addons)r��addon_required�
feature_title�feature_description�features�	addon_urlr
r)
�defaultdict)�datetime�	timedeltar�z	which csfz/csf�csfzsystemctl is-active firewalld�active�	firewalldre
rf
ztail -n 500 rg
r=
r*zFailed passwordz6Failed password for (?:invalid user )?(\S+) from (\S+)r�password�root)rL
r"
zInvalid userzinvalid userz [Ii]nvalid user (\S+) from (\S+)�invalidz%Did not receive identification stringz#Bad protocol version identificationz
from (\S+)�Accepted�forz!Accepted \S+ for (\S+) from (\S+))rK
�failuresr"
c
3r>
r?
r#)r2
�patternr@
r#r$rA
�rB
z%analyzeSSHSecurity.<locals>.<genexpr>)zCOMMAND=zsudo:zsu[zauthentication failurec
3r>
r?
r#)r2
�cmdr@
r#r$rA
�rB
)z/etc/passwdz/etc/shadowz	chmod 777zrm -rf /�wget�curl�base64z(Connection closed by authenticating userz2Connection closed by authenticating user \S+ (\S+)zConnection fromzConnection closed byr�z"Block this IP immediately:
csf -d z "Brute force attack - z failed attempts"zeBlock this IP immediately:
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=z drop" && firewall-cmd --reloadzBrute Force Attack DetectedzIP address z
 has made zI failed password attempts. This indicates a potential brute force attack.�highzBrute Force)�
IP AddresszFailed Attempts�Attack Type)�title�description�severity�details�recommendationzRoot Login Attempts Detectedz)Direct root login attempts detected from c
s��|]}
|
dV
qd
S�rL
Nr#�r2
rAr#r#r$rA
�rB
z2 IP addresses. Root SSH access should be disabled.c
sr�
r�
r#r�
r#r#r$rA
�rB
c
sr�
r�
r#r�
r#r#r$rA
�rB
c

st�f
d
d��
D�
�
S)Nc
3s �|]}
|
d�krd
V
qdS)rL
rNr#r�
�
r3
r#r$rA
�s�z7analyzeSSHSecurity.<locals>.<lambda>.<locals>.<genexpr>)
�sumr�
)
�root_login_attemptsr�
r$�<lambda>�sz$analyzeSSHSecurity.<locals>.<lambda>)
�key)z
Unique IPszTotal AttemptszTop IPzNDisable root SSH login by setting "PermitRootLogin no" in /etc/ssh/sshd_configr�z"Consider blocking this IP:
csf -d z "Dictionary attack - zV invalid users"

Also configure CSF Login Failure Daemon (lfd) for automatic blocking.zeConsider blocking this IP:
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=z\ drop" && firewall-cmd --reload

Also consider implementing fail2ban for automatic blocking.zDictionary Attack Detectedz attempted to login with z< non-existent usernames. This indicates a dictionary attack.�mediumzDictionary Attack)r�
zInvalid User Attemptsr�
ri
zPort Scan Detectedz& appears to be scanning SSH port with z3 connection attempts without proper identification.z	Port Scan)r�
z
Scan Attemptsr�
zcMonitor this IP for further suspicious activity. Consider using port knocking or changing SSH port.c
sr�
)r�
Nr#)r2
�
sr#r#r$rA
�rB
z(Successful Login After Multiple Failuresz successfully logged in after zB failed attempts. This could be legitimate or a successful breach.�lowrK
)r�
zFailed Attempts Before SuccesszSuccessful UserzbVerify if this login is legitimate. Check user activity and consider enforcing stronger passwords.�2zABlock this IP immediately to prevent resource exhaustion:
csf -d z "SSH flooding - z
 connections"z�Block this IP immediately to prevent resource exhaustion:
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=z SSH Connection Flooding DetectedzM rapid connection attempts. This may be a DDoS attack or connection flooding.zConnection Flooding)r�
zConnection Attemptsr�
z%Suspicious Command Execution Detectedz	Detected zC suspicious command executions that may indicate system compromise.z6System file access, downloads, or dangerous operations)zSuspicious Commandsz
Command Types�Sampleu�Review these commands immediately. If unauthorized, investigate the affected user accounts and consider:
• Changing all passwords
• Reviewing sudo access
• Checking for backdoors or rootkitszMgrep -E "^(PermitRootLogin|PasswordAuthentication|Port)" /etc/ssh/sshd_configzPermitRootLogin yesuH• Disable root login: Set "PermitRootLogin no" in /etc/ssh/sshd_configzPort 22u?• Change default SSH port from 22 to reduce automated attackszSSH Security Best Practicesz\While no immediate threats were detected, consider implementing these security enhancements.�infozNo Active Threats�Unknown)�Statusz
Logs Analyzed�FirewallzNo Immediate Threats DetectedzyNo significant security threats were detected in recent SSH logs. Your SSH configuration follows security best practices.�SecurezBKeep your system updated and continue regular security monitoring.rv)r�
r�
r�
r�
c

s��|d
d�S)Nr�
ri
)
r3r�
)
�severity_orderr#r$r�
Ms)r��alerts)%r_r3rr4rir
r`�CheckForPremFeaturerl
rrR
rT
rv
rw
rx
r:rerfrgrRr6r�r�r�r7
rV
�groupsr�rW
r�rU
�items�setr��upperrm
�sort)$rrZ
rlrrR
rv
rw
rx
r�
�firewall_cmd�	csf_check�firewalld_checkrn
ro
rCrVr[
�
failed_logins�failed_passwords�
invalid_users�port_scan_attempts�suspicious_commands�successful_after_failures�connection_closed�repeated_connections�ip_failures�recent_attemptsrX
rK
rL
r�r�
�	successes�max_failures�ssh_config_recommendations�sshd_configr#)r"
r�
r�
r$�analyzeSSHSecuritys













	��






�





�




0
��






















��




�




�









��


�





�




�









���





 
��









���







���











���









���






��











�







�
�




��



��(
��r�
c
'
s�d
dl}
d
dl
}d
dlm}
�z.|j�d�
}|s%t|
�ddi
�
ddd�WSt�	|�
}|�d	d
�s=t|
�dd
i
�
ddd�WS|
�
|j�d�
�
}|�d�
}|�d
�
}|�dd�}	|set|
�ddi
�
ddd�WSd|�d�}
z|�
|
�
}Wnty�
}
zd}WYd}~nd}~w
wg�
i}
|r�|���d�
D]O}|�dd�}t|�
dkr�|\}}}}}|r�||v
r�q�d}zd|�d�}|j�|�
r�|�|�
}Wnty�


d}Yn
w||||||d�}�
�|�

||
|<q�g�d:��
�fdd�	��dd
�
g}z"ztjj|d�
}d|j��}Wnt�
y


t�|�
j}Yn
wWnt�
y'


d|��}Yn
wd}dD]}|j�||�}|j�|�
�
r@|}
n�
q,|�
ryz't|d ��}|��}d!d"�|d#d�D�
}Wd�
n	1�
sfw



Y
Wnt�
yx


g}Yn
wd} |j�|�
�
r�z|�
d$|���
}!|!�
r�|!���d%�
d
n
d} Wnt�
y�


d} Ynwd&} i}"|	�
r�|	d'v
�
r�z6t jd(|	�d)�d*d+���}#|#�d,�
d-k�
r�|#�d.�
|#�d/�
|#�d0�
|#�d1�
|#�d2�
|#�d3�
|#�d4�
d5�}"Wnt�
y�


i}"Yn
wd6|��}$z|�
|$�
}%Wnt�y
}
zd}%WYd}~nd}~w
wg}&|%�r-|%���d�
D]}|&�|�

�q$t|
��
�|| |"|&d7��
dd8�WSt�y^
}
zt|
�dt!|�
i
�
dd9d�WYd}~Sd}~w
w);Nr
rrXr9
r:
r�r�r�rqr;
zutf-8rK
r]
rL
r�zMissing useri�
zps -u z& -o pid,ppid,tty,time,cmd --no-headersr*rr�z/proc/z/cwd)�pid�ppidr]
rS
r�
�cwdcsF�
D]}|d
|kr |��}|
|d<��
|�

�|d|
d�
qdS)Nr�
�levelr�
r)�copyr�)�
parent_pidr�
r"�	proc_copy��
build_tree�	processesr�r#r$r�
�s






��z&getSSHUserActivity.<locals>.build_tree�
1)
�externalApprt)z
.bash_historyz.zsh_historyrAc
Ssg|]}
|
���qSr#)
r7
)r2
r�r#r#r$r4
�r5
z&getSSHUserActivity.<locals>.<listcomp>i����zdu -sh �
	zHome directory does not exist)rE
�	localhostrF
z??fields=status,message,country,regionName,city,isp,org,as,queryrvrG
r�rKrM
�
regionName�city�isp�org�as�query)rM
�regionr�
r�
r�
r�
rL
zw -h )r�
�process_tree�
shell_history�
disk_usage�geoipr�r
r=
)
r
)"r4rarl
rr_r3rrir
r`r�r�r�r:rRr7
r�r�rb�islink�readlinkr�rrdry�pwd�getpwnam�pw_dirrm
rcr

r
r2r6)'rr4rarrZ
rlr�rK
r]
�login_ip�ps_cmd�	ps_outputrV�pid_mapr"
r#
r�
r�
�tty_val�time_valr�
r�
�cwd_pathr"r�
r��
shell_home�history_filerGrbr!
r[
r�
�du_outr�
rc
�w_cmd�w_output�w_linesr#r�
r$�getSSHUserActivityWs






















��












�

�




�

�







��
�




�



��
�


 


�









��	
�




��









��(
��r�
c
Cs$z�|j�
d
�
}
|
stt�ddi
�
ddd�WSt�|
�
}|�
dd�s.tt�dd	i
�
ddd�WSddl}ddl}|j	d
dd��}|j
}Wd�
n1sKw



Y
z�t|d
��}|jdd|d�
Wd�
n1siw



Y
t|d��}|�
�}	Wd�
n1s�w



Y
g}
d}|	D];}|d7}|dk
r�q�t|
�
dkr�
n)|��}
dd�|
D�
}
t|
�
dkr�|
d|
d|
d|
d|
dd�}|
�|�

q�tt�d|
d��
dd�Wzt�|�

WWS


YWSzt�|�

Ww


Ywt�
y
}
ztt�dt|�
i
�
ddd�WYd}~Sd}~w
w)NrXr9
r:
r�r�r�rqr
r;
zw+F)�mode�deleter�z
top -n1 -bT)rGrHrAr�r�c
Ssg|]}
|
dkr|
�qS)
r�r#)r2
�
ar#r#r$r4
sz#getTopProcesses.<locals>.<listcomp>��r
�)r�
rK
�cpu�memoryrB)r�r�
r
r=
)r_r3rr4rir
r`rN�tempfile�NamedTemporaryFile�namer

�callr
r�r�r�ra�unlinkrRr6)rrZ
rlrNr�
�	temp_file�	temp_path�outfile�infiler�r�
�counterr"
�points�processrVr#r#r$�getTopProcesses�sp







�
�

�









�
�

��


�


(
��r�
)L�randomr�django.shortcutsrr�django.httpr�plogical.getSystemInformationrr4�loginSystem.viewsr�modelsr	r2rN�shlexra�plogical.CyberCPLogFileWriterr�r8�plogical.aclr
�manageServices.modelsr�django.views.decorators.csrfrr
rl
r�plogical.httpProcr�websiteFunctions.modelsrr�databases.modelsrr
r�
ftp.modelsrr
�loginSystem.modelsr�packages.modelsr�django.views.decorators.httprrr�
r5r7r%r1rWrpr�r�r�r�r�r�r�r�r�r
r
r
r$
r/
r8
rd
rp
r�
r�
r�
r#r#r#r$�<module>
s�


























	

 

$d

$/

0%A"

E

#

E