HEX

File: //proc/676643/root/usr/local/CyberCP/firewall/__pycache__/firewallManager.cpython-310.pyc
o

��h{�@sddlZddlZddlZddlZddlmZddlmZej�	d�ej
�dd�e��ddl
Z
ddlmZddlmZddlmZddlZdd	lmZmZmZdd
lmZddlZddlmZddlm Z dd
l!m"Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(Gdd�d�Z)dS)�N)�
Administrator)�httpProcz/usr/local/CyberCP�DJANGO_SETTINGS_MODULEzCyberCP.settings)�
ACLManager)�virtualHostUtilities)�HttpResponse�render�redirect)�randint)�FirewallUtilities)�
FirewallRules)�modSec)�CSF)�ProcessUtilities)�ServerStatusUtilc@s�eZdZdZdZdZd[dd�Zd\dd�Zd\d	d
�Zd[dd�Z	d\d
d�Z
d\dd�Zd\dd�Zd\dd�Z
d\dd�Zd\dd�Zd\dd�Zd\dd�Zd\dd�Zd\dd �Zd\d!d"�Zd\d#d$�Zd\d%d&�Zd\d'd(�Zd\d)d*�Zd\d+d,�Zd\d-d.�Zd\d/d0�Zd\d1d2�Zd\d3d4�Zd\d5d6�Zd\d7d8�Zd\d9d:�Z d\d;d<�Z!d=d>�Z"d?d@�Z#dAdB�Z$dCdD�Z%dEdF�Z&dGdH�Z'd[dIdJ�Z(dKdL�Z)dMdN�Z*dOdP�Z+dQdR�Z,dSdT�Z-d\dUdV�Z.d\dWdX�Z/d\dYdZ�Z0dS)]�FirewallManagerz/usr/bin/imunify360-agentz/etc/sysconfig/cloudlinuxz*/etc/sysconfig/imunify360/integration.confNcCs
||_dS�N)�request)�selfr�r�./usr/local/CyberCP/firewall/firewallManager.py�__init__"s
zFirewallManager.__init__cC�t|ddd�}|��S)Nzfirewall/index.html�admin�rr�rr�userID�procrrr�securityHome%��zFirewallManager.securityHomecCs.d}tj�|�rtd�St|ddd�}|��S)N�/etc/csfz/configservercsf/zfirewall/firewall.htmlr)�os�path�existsr	rr)rrr�csfPathrrrr�firewallHome*s�zFirewallManager.firewallHomec
Cs�zXt�|�}|ddkr
nt�dd�WStj��}d}d}|D]&}|j|j|j|j	|j
d�}|dkr<|t�|�}d}q|dt�|�}q|d}t�ddd	|d
��}t
|�WSty{}	zddt|	�d�}
t�|
�}t
|�WYd}	~	Sd}	~	ww)Nr��fetchStatusr�[)�id�name�proto�port�	ipAddress�,�]�None)�statusr'�
error_message�data)r1r'r2)r�	loadedACL�
loadErrorJsonr�objects�allr)r*r+r,r-�json�dumpsr�
BaseException�str)rr�
currentACL�rules�	json_data�checker�items�dic�
final_json�msg�	final_dicrrr�getCurrentRules4s8

�

��zFirewallManager.getCurrentRulesc
Cs�zFt�|�}|ddkr
nt�dd�WS|d}|d}|d}|d}t�|||�t||||d	�}|��ddd
d�}	t�|	�}
t	|
�WSt
yi}zddt|�d�}	t�|	�}
t	|
�WYd}~Sd}~ww)Nrr&�
add_statusr�ruleName�ruleProtocol�rulePort�ruleIP)r*r+r,r-r0)r1rFr2)rr4r5r�addRuler�saver8r9rr:r;)rrr3r<rGrHrIrJ�	newFWRulerDrBrCrrrrKZs*



��zFirewallManager.addRulec
Cs�zEt�|�}|ddkr
nt�dd�WS|d}|d}|d}|d}t�|||�tjj|d	�}|��ddd
d�}	t	�
|	�}
t|
�WStyh}zddt
|�d�}	t	�
|	�}
t|
�WYd}~Sd}~ww)Nrr&�
delete_statusrr)r+r,rJ)r)r0)r1rNr2)rr4r5r�
deleteRulerr6�get�deleter8r9rr:r;)rrr3r<�ruleIDrHrIrJ�delRulerDrBrCrrrrOws*



��zFirewallManager.deleteRulec	
C�z<t�|�}|ddkr
nt�dd�WSd}t�|�}|dkr.ddd�}t�|�}t|�WSddd�}t�|�}t|�WSty^}zdt	|�d�}t�|�}t|�WYd}~Sd}~ww)	Nrr&�
reload_statusrzsudo firewall-cmd --reloadr0)rUr2z3Can not reload firewall, see CyberCP main log file.�
rr4r5r�executionerr8r9rr:r;�	rrr3r<�command�resrDrBrCrrr�reloadFirewall��,




�


��zFirewallManager.reloadFirewallc	
CrT)	Nrr&�start_statusrzsudo systemctl start firewalldr0)r]r2z2Can not start firewall, see CyberCP main log file.rVrXrrr�
startFirewall�r\zFirewallManager.startFirewallc	
CrT)	Nrr&�stop_statusrzsudo systemctl stop firewalldr0)r_r2z1Can not stop firewall, see CyberCP main log file.rVrXrrr�stopFirewall�r\zFirewallManager.stopFirewallc	
Cs�z?t�|�}|ddkr
nt��WSd}t�|�}|�d�dkr0dddd�}t�|�}t|�WSdddd�}t�|�}t|�WSt	ya}zdt
|�d	�}t�|�}t|�WYd}~Sd}~ww)
Nrr&zsystemctl status firewalld�dead����noner)r1r2�firewallStatus�r1r2)rr4r5r�outputExecutioner�findr8r9rr:r;)	rrr3r<rYr1rDrBrCrrrrd�s(







��zFirewallManager.firewallStatuscCr)Nzfirewall/secureSSH.htmlrrrrrr�	secureSSHrzFirewallManager.secureSSHc
Cs@z�t�|�}|ddkr
nt��WS|d}|dkrqd}d|}t�|��d�}d}d	}|D]2}	|	�d
�dkrH|	�d�dksE|	�d
�dkrHd}q.|	�d�dkr`|	�d�dks`|	�d�d�d�}q.d||d�}
t�	|
�}t
|�WSd}d|}t�|��d�}d}
d}|D]e}	|	�d�dkr�|	�d�}z*d|ddd�d|d}z|dd|d�d��}Wn|d}YWnd|ddd�}d}Y||d�}|dkr�|
t�	|�}
d}q�|
dt�	|�}
q�|
d}
t�	dd|
d��}t
|�WSt�y}zdt
|�d �}
t�	|
�}t
|�WYd}~Sd}~ww)!Nrr&�type�1z/etc/ssh/sshd_config�	sudo cat �
r�22�PermitRootLoginrb�Yes�yes�Port�GatewayPorts� )r1�permitRootLogin�sshPortz/root/.ssh/authorized_keysr(zssh-rsazssh-rsa �2z  ..  ��@�)�userName�keyr.r/r0)r1r2r3re)rr4r5rrf�splitrg�stripr8r9r�indexr:r;)rrr3r<ri�	pathToSSH�catrtrur@rDrB�
pathToKeyFiler>r?�keydatar{rzrArCrrr�
getSSHConfigs	st

�


 
���

��zFirewallManager.getSSHConfigsc
Csz�t�|�}|ddkr
nt�dd�WS|d}|d}|d}|dkr'd	}nd
}dtjd}|d
t|�d|d|}t�|�}|�d�dkr�d}	t	j
�|	�rid|d�}
|�|
�d|d�}
|�|
�nZzt
jjdd�}t�d|jd�||_|��t�d|d�Wn:zt
d|dd�}|��t�d|d�d}
t�|
�Wnty�}ztj�t|��WYd}~nd}~wwYddd�}t�|�}t|�WSdd|d�}t�|�}t|�WSt�y}zddt|�d�}t�|�}t|�WYd}~Sd}~ww)Nrr&�
saveStatusrriru�	rootLoginTrj�0�/usr/local/CyberCP/bin/python �/plogical/firewallUtilities.pyz saveSSHConfigs --type z --sshPort z
 --rootLogin �1,Nonerbr �TCP_IN)�protocol�ports�TCP_OUT�	SSHCustom)r*�tcpz	0.0.0.0/0)r*r,r+z-firewall-cmd --permanent --remove-service=ssh)r1r�)r1r�r2)rr4r5r�
cyberPanelr;rrfrgr!r"r#�modifyPortsrr6rPrrOr,rLrKrWr:�logging�CyberCPLogFileWriter�writeToFiler8r9r)rrr3r<rirur��execPath�outputr$�dataIn�updateFW�newFireWallRulerYrCrDrBrrr�saveSSHConfigsZsf
 



���





��zFirewallManager.saveSSHConfigsc

Cs�zQt�|�}|ddkr
nt�dd�WS|d}dtjd}|d|d	}t�|�}|�d
�dkrBddd�}t�	|�}t
|�WSdd|d
�}t�	|�}t
|�WStyt}	zddt|	�d
�}t�	|�}t
|�WYd}	~	Sd}	~	ww)Nrr&rNrr{r�r�z deleteSSHKey --key '�'r�rb)r1rN)r1rN�error_mssage�
rr4r5rr�rrfrgr8r9rr:r;)
rrr3r<r{r�r�rDrBrCrrr�deleteSSHKey�s,







��zFirewallManager.deleteSSHKeyc
Cszft�|�}|ddkr
nt�dd�WS|d}dttdd��}t|d	�}|�|�|��d
tj	d}|d|}t
�|�}|�d
�dkrWddd�}	t
�|	�}
t|
�WSdd|d�}	t
�|	�}
t|
�WSty�}zddt|�d�}	t
�|	�}
t|
�WYd}~Sd}~ww)Nrr&rFrr{�/home/cyberpanel/���'�w�#sudo /usr/local/CyberCP/bin/python r�z addSSHKey --tempPath r�rb)r1rF)r1rFr�)rr4r5r;r
�open�write�closerr�rrfrgr8r9rr:)rrr3r<r{�tempPathr�r�r�rDrBrCrrr�	addSSHKey�s4









��zFirewallManager.addSSHKeyc
Cs�t��tjkr/d}tj�tjd�}d|}t�|��	�}d}|D]
}|�
d�dkr-d}nq nd}d}t|d||d�d	�}	|	��S)
Nr&�conf/httpd_config.confrkr�module mod_securityrbzfirewall/modSecurity.html)�modSecInstalled�OLSr)
r�decideServerr�r!r"�joinr�Server_rootrf�
splitlinesrgrr)
rrrr��confPathrY�httpdConfigr�r@rrrr�loadModSecurityHome�s$��
�z#FirewallManager.loadModSecurityHomec
Cs�z5t�|�}|ddkr
nt�dd�WSdtjd}|d}t�|�t�d�t	�
dd	d
��}t|�WStyW}zdt
|�d
�}t	�
|�}t|�WYd}~Sd}~ww)Nrr&�
installModSecrr��/plogical/modSec.pyz installModSec�r0)r�r2)rr4r5rr�r�popenExecutioner�time�sleepr8r9rr:r;)rrr3r<r�rBrCrDrrrr��s"




��zFirewallManager.installModSecc

Cszkdtj}t�|�}|�d�dkrHdtjd}|d}t�|�}|�d�dkr*nt�d|d	d
d��}t	|�WSt�d|d	d	d��}t	|�WS|�d
�dkr^t�d	d
d|d��}t	|�WSt�d
d|d��}t	|�WSt
y�}zd	d
t|�d�}	t�|	�}t	|�WYd}~Sd}~ww)Nrk�[200]rbr�r�z installModSecConfigsr�z-Failed to install ModSecurity configurations.r&r�r2�
requestStatus�abort�	installedr0�[404]�r�r�r2r��r�r2r��r�r�r2)r
�installLogPathrrfrgrr�r8r9rr:r;)
rrr3rY�
installStatusr�r�rBrCrDrrr�installStatusModSecsV


�
�
�
�

��z#FirewallManager.installStatusModSecc
Cs�z�t�|�}|ddkrnt�dd�WSt��tjk�rd}d}d}d}d}d}	d}
tj�t	j
d	�}tj�t	j
d
d�}tj�|��rd|}
t�|
��
d
�}|D]�}|�d�dkrk|�d�dksh|�d�dkrkd}qQ|�d�dkr�|�d�dks�|�d�dkr�d}qQ|�d�dkr�|�d�dks�|�d�dkr�d}qQ|�d�dkr�|�
d�}|ddkr�|d}qQ|�d�dkr�|�
d�}|ddkr�|d}qQ|�d�dkr�|�
d�}|ddkr�|d}	qQ|�d�dkr�|�
d�}|ddkr�|d}
qQqQdd|||||	||
d�	}n�ddd�}n�d}d}d}d}d}	d}
tj�t	j
d�}d|}
t�|
��
d
�}|D]�}|�d�dk�rK|�d�dk�sG|�d�dk�rKd}�q-|�d�dk�rg|�d�dk�sc|�d�dk�rgd}�q-|�d�dk�r�|�
d�}|ddk�r�|d}�q-|�d�dk�r�|�
d�}|ddk�r�|d}�q-|�d�dk�r�|�
d�}|ddk�r�|d}	�q-|�d�dk�r�|�
d�}|ddk�r�|d}
�q-�q-dd||||	||
d�}t�|�}t|�WSt�y}zdt|�d�}t�|�}t|�WYd}~Sd}~ww)Nrr&r'r�9z^(?:5|4(?!04))�	ABIJDEFHZ�Serialr��moduleszmod_security.sorkrlzmodsecurity rb�on�OnzSecAuditEngine zSecRuleEngine �SecDebugLogLevelrs�SecAuditLogRelevantStatus�SecAuditLogParts�SecAuditLogType)	r'r��
SecRuleEngine�modsecurity�SecAuditEnginer�r�r�r�)r'r�zconf/modsec.conf)r'r�r�r�r�r�r�r��r'r2)rr4r5rr�r�r!r"r�rr�r#rfr|rgr8r9rr:r;)rrr3r<r�r�r�r�r�r�r�r��
modSecPathrYr@�resultrDrBrCrrr�fetchModSecSettings>s�




���  



��



��z#FirewallManager.fetchModSecSettingsc
Csp�z�t�|�}|ddkrnt�dd�WSt��tjkr�|d}|d}|d}|d}|d	}|d
}	|d}
|dkr?d
}nd}|dkrHd}nd}|dkrQd}nd}dt|�}dt|�}d|	}	d|
}
dttdd��}t|d�}|�	|d�|�	|d�|�	|d�|�	|d�|�	|d�|�	|	d�|�	|
d�|�
�dtjd}
|
d|}
t�
|
�}|�d�d kr�dd!d"�}t�|�}t|�WSd|d"�}t�|�}t|�WS|d}|d}|d}|d	}|d
}	|d}
|dk�rd}nd}|dk�rd}nd}dt|�}dt|�}d|	}	d|
}
dttdd��}t|d�}|�	|d�|�	|d�|�	|d�|�	|d�|�	|	d�|�	|
d�|�
�dtjd}
|
d|}
t�
|
�}|�d�d k�r�dd!d"�}t�|�}t|�WSd|d"�}t�|�}t|�WSt�y�}zdt|�d"�}t�|�}t|�WYd}~Sd}~ww)#Nrr&r�r�modsecurity_statusr�r�r�r�r�r�Tzmodsecurity  onzmodsecurity  offzSecAuditEngine onzSecAuditEngine offzSecRuleEngine OnzSecRuleEngine offzSecDebugLogLevel zSecAuditLogParts zSecAuditLogRelevantStatus zSecAuditLogType r�r�r�r�rlr�r�z$ saveModSecConfigs --tempConfigPath r�rbr0�r�r2)rr4r5rr�r�r;r
r��
writelinesr�rr�rfrgr8r9rr:)rrr3r<r�r�r�r�r�r�r��tempConfigPathr�r�r��data_retr>rCrrr�saveModSecConfigurations�s�



















��z(FirewallManager.saveModSecConfigurationsc	C�zt��tjkr.tj�tjd�}d|}t�|��	d�}d}|D]
}|�
d�dkr,d}nqnd}t|dd	|id
�}|��S)Nr�rkrlrr�rbr&zfirewall/modSecurityRules.htmlr�r�
rr�r�r!r"r�rr�rfr|rgrr�	rrrr�rYr�r�r@rrrr�modSecRulesPs ���zFirewallManager.modSecRulesc
Csjz�t�|�}|ddkr
nt�dd�WSt��tjkrrtj�t	j
d�}d|}t�|��d�}d}|D]
}|�
d�d	kr@d}nq3tj�t	j
d
�}	|rdd|	}t�|�}
d|
d�}t�|�}t|�WSddi}t�|�}t|�WStj�t	j
d�}	d|	}t�|�}
d|
d�}t�|�}t|�WSty�}
zdt|
�d
�}t�|�}t|�WYd}
~
Sd}
~
ww)Nrr&r�rr�rkrlr�rbz/conf/modsec/rules.conf)r��currentModSecRulesz/conf/rules.conf�r�r2)rr4r5rr�r�r!r"r�rr�rfr|rgr8r9rr:r;)rrr3r<r�rYr�r�r@�	rulesPathr�rDrBrCrrr�fetchModSecRulesdsV
�
�




�

�
��z FirewallManager.fetchModSecRulesc
Cs�z[t�|�}|ddkr
nt�dd�WS|d}ttjd�}|�|�|��dtj	d}|d	}t
�|�}|�d
�dkrMddd
�}t
�|�}	t|	�WSd|d
�}t
�|�}	t|	�WSty}}
zdt|
�d
�}t
�|�}	t|	�WYd}
~
Sd}
~
ww)Nrr&r�rr�r�r�r�z saveModSecRulesr�rbr0r�)rr4r5r�r
�
tempRulesFiler�r�rr�rrfrgr8r9rr:r;)rrr3r<�newModSecRulesr�r�r�r�r>rCrrr�saveModSecRules�s2









��zFirewallManager.saveModSecRulesc	Cr�)Nr�rkrlrr�rbr&z#firewall/modSecurityRulesPacks.htmlr�rr�r�rrr�modSecRulesPacks�s ���z FirewallManager.modSecRulesPacksc
Cs�z�t�|�}|ddkr
nt�dd�WSt��tjkr�tj�t	j
d�}d|}t�|���}d}|D]
}|�
d�dkr?d}nq2d}	d}
|r�d|}t�|���}|D]}|�
d	�dkr_d}	n	|�
d
�dkrhd}
|
dkrr|	dkrrnqSd|
|	d�}t�|�}t|�WSddi}t�|�}t|�WSd}	d}
zd}t�|�}
|
�
d
�dkr�d}	nd}	Wn
tjy�Ynwzd}t�|�}
|
�
d
�dkr�d}
WnYd|
|	d�}t�|�}t|�WSty�}zdt|�d�}t�|�}t|�WYd}~Sd}~ww)Nrr&r�rr�rkr�rbz
modsec/comodozmodsec/owasp)r��owaspInstalled�comodoInstalledz.sudo ls /usr/local/lsws/conf/comodo_litespeed/zNo suchz$cat /usr/local/lsws/conf/modsec.confr�)rr4r5rr�r�r!r"r�rr�rfr�rgr8r9r�
subprocess�CalledProcessErrorr:r;)rrr3r<r�rYr�r�r@r�r�rDrBr�rCrrr�getOWASPAndComodoStatus�s�
���




��
��


��z'FirewallManager.getOWASPAndComodoStatusc

Cs^z�t�|�}|ddkr
nt�dd�WS|d}t��tjkrVdtjd}|d|}t�|�}|�	d	�d
krGddd�}t
�|�}t|�WSd|d�}t
�|�}t|�WSdtjd}|d|}t�|�}|�	d	�d
kr~ddd�}t
�|�}t|�WSd|d�}t
�|�}t|�WSt
y�}	zdt|	�d�}t
�|�}t|�WYd}	~	Sd}	~	ww)
Nrr&r�r�packNamer�r�rsr�rbr0�r�r2)rr4r5rr�r�rr�rfrgr8r9rr:r;)
rrr3r<r�r�r�r�r>rCrrr�installModSecRulesPack1sB















��z&FirewallManager.installModSecRulesPackc
CsTz�t�|�}|ddkr
nt�dd�WS|d}tj�d�}d|}t�|���}d}d}	d}
|D]D}|�	d	|�d
kru|
d}
|ddkrId}nd
}|�
d�}
|
�d�d
}
|
|
||d�}|	dkrl|t�
|�}d}	q1|dt�
|�}q1|d}t�
dd|d��}t|�WSty�}zdt|�d�}t�
|�}t|�WYd}~Sd}~ww)Nrr&r'rr�zN/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.confrkr(zmodsec/rb�#FT�/)r)�fileNamer�r1r.r/r0)r'r2r3r�)rr4r5r!r"r�rrfr�rg�lstripr|r8r9rr:r;)rrr3r<r�r�rYr�r>r?�counterr@r1r�rArBrCrDrrr�
getRulesFilescsN

��
S
��zFirewallManager.getRulesFilesc

Cszgt�|�}|ddkr
nt�dd�WS|d}|d}|d}|dkr'd	}nd
}dtjd}|d
|d|d|}t�|�}	|	�d�dkrYddd�}
t�	|
�}t
|�WSd|	d�}
t�	|
�}t
|�WSty�}zdt|�d�}
t�	|
�}t
|�WYd}~Sd}~ww)Nrr&r�rr�r�r1T�disableRuleFile�enableRuleFiler�r�rsz --packName z --fileName "%s"r�rbr0r�r�)
rrr3r<r�r��
currentStatus�functionNamer�r�r�r>rCrrr�enableDisableRuleFile�s6








��z%FirewallManager.enableDisableRuleFilecCs^d}zd}t�|�}|�d�dkrd}Wntjy d}Ynwt|jdd|id�}|��S)	Nr&zcsf -hzcommand not foundrbrzfirewall/csf.html�csfInstalledr)rrfrgr�r�rrr)rr�rYr�rrrr�csfs
���zFirewallManager.csfc	
C�z<|jjd}t�|�}|ddkrnt�dd�WSdtjd}|d}t�|�t	�
d	�ddi}t�|�}t
|�WSty^}zdt|�d
�}t�|�}t
|�WYd}~Sd}~ww)Nrrr&r�rr��/plogical/csf.pyz installCSFrwr��r�sessionrr4r5rr�rr�r�r�r8r9rr:r;�	rrr<r�r�r>rCrDrBrrr�
installCSFs&





��zFirewallManager.installCSFc
Csz\|jjd}t�dtj�}|�d�dkr/dtj}t�|�t�	d|ddd��}t
|�WS|�d	�dkrOdtj}t�|�t�	dd
d|d��}t
|�WSt�	d
d|d��}t
|�WSty}zdd
t|�d
�}t�	|�}t
|�WYd}~Sd}~ww)Nrrkr�rbzsudo rm -f r0r&r�r�rr�r�r�)
rrrrfrr�rgrWr8r9rr:r;)rrr�rYrBrCrDrrr�installStatusCSF:sF

�


�
�

��z FirewallManager.installStatusCSFc	
Cr�)Nrrr&r�rr�r�z
 removeCSFrwr�rrrrr�	removeCSFds&





��zFirewallManager.removeCSFc	
Cs�z=|jjd}t�|�}|ddkrnt�dd�WSt��}d|d|d|d|d	|d
|dd�}t�|�}t	|�WSt
y]}zdd
d�}t�|�}t	|�WYd}~Sd}~ww)Nrrr&r'r�TESTING�tcpIN�tcpOUT�udpIN�udpOUTrd)r'�testingModerrr	r
rdzCSF is not installed.r�)rrrr4r5r�fetchCSFSettingsr8r9rr:)	rrr<�currentSettingsr�r>rCrDrBrrrr}s,
�



��z FirewallManager.fetchCSFSettingsc

Csz`|jjd}t�|�}|ddkrnt��WSt�|jj�}|d}|d}dtj	d}|d|d	|}t
�|�}|�d
�dkrRddi}t�
|�}	t|	�WSd|d
�}t�
|�}	t|	�WSty�}
zdt|
�d
�}t�
|�}t|�WYd}
~
Sd}
~
ww)Nrrr&�
controllerr1r�r�z changeStatus --controller z
 --status r�rbrre)rrrr4r5r8�loads�bodyrr�rrfrgr9rr:r;)
rrr<r3rr1r�r�r�r>rCrDrBrrr�changeStatus�s2








��zFirewallManager.changeStatusc
CsNz�|jjd}t�|�}|ddkrnt��WS|d}|d}dttdd��}tj�	|�r4t�
|�t|d	�}|�|�|�
�d
|}t�|�dtjd}	|	d
|d|}	t�|	�}
|
�d�dkrvddi}t�|�}t|�WSd|
d�}t�|�}t|�WSty�}
zdt|
�d�}t�|�}t|�WYd}
~
Sd}
~
ww)Nrrr&r�r�r�r�r�r�zchmod 600 %sr�r�z modifyPorts --protocol z	 --ports r�rbr1rre)rrrr4r5r;r
r!r"r#�remover�r�r�rrWrr�rfrgr8r9rr:)rr3rr<r�r��	portsPathr�rYr�r�r�r>rCrDrBrrrr��s@












��zFirewallManager.modifyPortsc
Cs�zG|jjd}t�|�}|ddkrnt��WSt�|jj�}|d}|d}|dkr1t�	|�n	|dkr:t�
|�ddi}t�|�}t|�WSt
yi}zd	t|�d
�}	t�|	�}
t|
�WYd}~Sd}~ww)Nrrr&�moder-�allowIP�blockIPr1rre)rrrr4r5r8rrrrrr9rr:r;)rrr<r3rr-r�r>rCrDrBrrr�	modifyIPs�s,





��zFirewallManager.modifyIPscCs�d}t|�}|��}|�dd�d}d|t��f}i}||d<d|d<tj�tj	�r0d|d<nd|d<|ddkrFt
|jd	|d
�}|��S|ddkrXt
|jd	|d
�}|��St
|jd|d
�}|��S)N�/etc/cyberpanel/machineIPrlr&r�%s:%sr-�CL�imunifyzfirewall/notAvailable.htmlrzfirewall/imunify.html)
r��readr|r�fetchCurrentPortr!r"r#r�imunifyPathrrr�r�ipFile�f�ipDatar-�fullAddressr3rrrrrs2
���zFirewallManager.imunifyc
Cs�zC|jjd}t�|�}|ddkrntj�tjdd�WdSt	�
|jj�}d}|d|d}t�
|�dd	d
�}t	�|�}t|�WStyc}ztj�tjt|�dd�WYd}~dSd}~ww)Nrrr&�4Not authorized to install container packages. [404].r�D/usr/local/CyberCP/bin/python /usr/local/CyberCP/CLManager/CageFS.pyz) --function submitinstallImunify --key %sr{r0re� [404].)rrrr4r�r��statusWriterr�lswsInstallStatusPathr8rrrr�r9rr:r;)rrr<r3r�r�r>rCrrr�submitinstallImunify$s*

�



(��z$FirewallManager.submitinstallImunifycCs�d}t|�}|��}|�dd�d}d|t��f}i}||d<tj�tj	�r,d|d<nd|d<|ddkrBt
|jd|d	�}|��St
|jd
|d	�}|��S)Nrrlr&rrr-rzfirewall/notAvailableAV.htmlrzfirewall/imunifyAV.html)
r�rr|rrr!r"r#r�
imunifyAVPathrrrrrrr�	imunifyAV>s&
��zFirewallManager.imunifyAVc
Cs�z8|jjd}t�|�}|ddkrntj�tjdd�WdSd}|d}t	�
|�ddd	�}t�|�}t
|�WStyX}ztj�tjt|�d
d�WYd}~dSd}~ww)Nrrr&r$rr%z" --function submitinstallImunifyAVr0rer&)rrrr4r�r�r'rr(rr�r8r9rr:r;)rrr<r�r�r>rCrrr�submitinstallImunifyAVWs(

�



(��z&FirewallManager.submitinstallImunifyAVcCr)Nz firewall/litespeed_ent_conf.htmlrrrrrr�litespeed_ent_confqrz"FirewallManager.litespeed_ent_confc

Cs�zTt�|�}|ddkr
nt�dd�WSd}tj�|�s<d}t�|�d|��}t�|�}d|d�}t	�
|�}t|�WSd|��}t�|�}d|d�}t	�
|�}t|�WStyv}	zdt
|	�d	�}t	�
|�}t|�WYd}	~	Sd}	~	ww)
Nrr&r�r�)/usr/local/lsws/conf/pre_main_global.confz/touch /usr/local/lsws/conf/pre_main_global.conf�cat �r1�currentLitespeed_confre)rr4r5r!r"r#rrWrfr8r9rr:r;)
rrr3r<�	file_pathrYr�rDrBrCrrr�fetchlitespeed_Confvs:



�



�


��z#FirewallManager.fetchlitespeed_Confc

Cszht�|�}|ddkr
nt�dd�WSd}d|��}t�|�|d}d}t|d	�}|�|�|��d
|�d|��}t�|�d|�d
|��}t�|dd�d|��}t�|�}	d|	d�}
t	�
|
�}t|�WSty�}zdt
|�d�}
t	�
|
�}t|�WYd}~Sd}~ww)Nrr&r�rr.zrm -f r�z%/home/cyberpanel/pre_main_global.confr�zmv rsz
chmod 644 z && chown lsadm:lsadm Tr/r0re)rr4r5rrWr�r�r�rfr8r9rr:r;)
rrr3r<r2rYr1�
tempRulesPath�WriteToFiler�rDrBrCrrr�saveLitespeed_conf�s<







�


��z"FirewallManager.saveLitespeed_confr)NN)1�__name__�
__module__�__qualname__r�CLPathr*rrr%rErKrOr[r^r`rdrhr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrrr�rrr)r+r,r-r3r6rrrrrsd





&







Q
>

$


6



9
%

Z
2
	&*
!,

'r)*r!�os.path�sys�django�loginSystem.modelsr�plogical.httpProcrr"�append�environ�
setdefault�setupr8�plogical.aclr�plogical.CyberCPLogFileWriterr�r��plogical.virtualHostUtilitiesrr��django.shortcutsrrr	�randomr
r��plogical.firewallUtilitiesr�firewall.modelsr�plogical.modSecr
�plogical.csfr�plogical.processUtilitiesr�serverStatus.serverStatusUtilrrrrrr�<module>s0