|
|
|
|
from cement.core.controller import CementBaseController, expose
|
|
|
|
|
from cement.core import handler, hook
|
|
|
|
|
from ee.core.shellexec import EEShellExec
|
|
|
|
|
from ee.core.variables import EEVariables
|
|
|
|
|
from ee.core.logging import Log
|
|
|
|
|
from ee.core.git import EEGit
|
|
|
|
|
from ee.core.services import EEService
|
|
|
|
|
import string
|
|
|
|
|
import random
|
|
|
|
|
import sys
|
|
|
|
|
import hashlib
|
|
|
|
|
import getpass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def ee_secure_hook(app):
|
|
|
|
|
# do something with the ``app`` object here.
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class EESecureController(CementBaseController):
|
|
|
|
|
class Meta:
|
|
|
|
|
label = 'secure'
|
|
|
|
|
stacked_on = 'base'
|
|
|
|
|
stacked_type = 'nested'
|
|
|
|
|
description = ('Secure command secure auth, ip and port')
|
|
|
|
|
arguments = [
|
|
|
|
|
(['--auth'],
|
|
|
|
|
dict(help='secure auth', action='store_true')),
|
|
|
|
|
(['--port'],
|
|
|
|
|
dict(help='secure port', action='store_true')),
|
|
|
|
|
(['--ip'],
|
|
|
|
|
dict(help='secure ip', action='store_true')),
|
|
|
|
|
(['user_input'],
|
|
|
|
|
dict(help='user input', nargs='?', default=None)),
|
|
|
|
|
(['user_pass'],
|
|
|
|
|
dict(help='user pass', nargs='?', default=None))]
|
|
|
|
|
usage = "ee secure [options]"
|
|
|
|
|
|
|
|
|
|
@expose(hide=True)
|
|
|
|
|
def default(self):
|
|
|
|
|
if self.app.pargs.auth:
|
|
|
|
|
self.secure_auth()
|
|
|
|
|
if self.app.pargs.port:
|
|
|
|
|
self.secure_port()
|
|
|
|
|
if self.app.pargs.ip:
|
|
|
|
|
self.secure_ip()
|
|
|
|
|
|
|
|
|
|
@expose(hide=True)
|
|
|
|
|
def secure_auth(self):
|
|
|
|
|
"""This function Secures authentication"""
|
|
|
|
|
passwd = ''.join([random.choice
|
|
|
|
|
(string.ascii_letters + string.digits)
|
|
|
|
|
for n in range(6)])
|
|
|
|
|
if not self.app.pargs.user_input:
|
|
|
|
|
username = input("Provide HTTP authentication user "
|
|
|
|
|
"name [{0}] :".format(EEVariables.ee_user))
|
|
|
|
|
self.app.pargs.user_input = username
|
|
|
|
|
if username == "":
|
|
|
|
|
self.app.pargs.user_input = EEVariables.ee_user
|
|
|
|
|
if not self.app.pargs.user_pass:
|
|
|
|
|
password = getpass.getpass("Provide HTTP authentication "
|
|
|
|
|
"password [{0}] :".format(passwd))
|
|
|
|
|
self.app.pargs.user_pass = password
|
|
|
|
|
if password == "":
|
|
|
|
|
self.app.pargs.user_pass = passwd
|
|
|
|
|
Log.debug(self, "printf username:"
|
|
|
|
|
"$(openssl passwd -crypt "
|
|
|
|
|
"password 2> /dev/null)\n\""
|
|
|
|
|
"> /etc/nginx/htpasswd-ee 2>/dev/null")
|
|
|
|
|
EEShellExec.cmd_exec(self, "printf \"{username}:"
|
|
|
|
|
"$(openssl passwd -crypt "
|
|
|
|
|
"{password} 2> /dev/null)\n\""
|
|
|
|
|
"> /etc/nginx/htpasswd-ee 2>/dev/null"
|
|
|
|
|
.format(username=self.app.pargs.user_input,
|
|
|
|
|
password=self.app.pargs.user_pass),
|
|
|
|
|
log=False)
|
|
|
|
|
EEGit.add(self, ["/etc/nginx"],
|
|
|
|
|
msg="Adding changed secure auth into Git")
|
|
|
|
|
|
|
|
|
|
@expose(hide=True)
|
|
|
|
|
def secure_port(self):
|
|
|
|
|
"""This function Secures port"""
|
|
|
|
|
if self.app.pargs.user_input:
|
|
|
|
|
while not self.app.pargs.user_input.isdigit():
|
|
|
|
|
Log.info(self, "Please Enter valid port number ")
|
|
|
|
|
self.app.pargs.user_input = input("EasyEngine "
|
|
|
|
|
"admin port [22222]:")
|
|
|
|
|
if not self.app.pargs.user_input:
|
|
|
|
|
port = input("EasyEngine admin port [22222]:")
|
|
|
|
|
if port == "":
|
|
|
|
|
self.app.pargs.user_input = 22222
|
|
|
|
|
while not port.isdigit() and port != "":
|
|
|
|
|
Log.info(self, "Please Enter valid port number :")
|
|
|
|
|
port = input("EasyEngine admin port [22222]:")
|
|
|
|
|
self.app.pargs.user_input = port
|
|
|
|
|
if EEVariables.ee_platform_distro == 'Ubuntu':
|
|
|
|
|
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
|
|
|
|
|
"{port} default_server ssl spdy;/\" "
|
|
|
|
|
"/etc/nginx/sites-available/22222"
|
|
|
|
|
.format(port=self.app.pargs.user_input))
|
|
|
|
|
if EEVariables.ee_platform_distro == 'debian':
|
|
|
|
|
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
|
|
|
|
|
"{port} default_server ssl;/\" "
|
|
|
|
|
"/etc/nginx/sites-available/22222"
|
|
|
|
|
.format(port=self.app.pargs.user_input))
|
|
|
|
|
EEGit.add(self, ["/etc/nginx"],
|
|
|
|
|
msg="Adding changed secure port into Git")
|
|
|
|
|
EEService.reload_service(self, 'nginx')
|
|
|
|
|
Log.info(self, "Successfully port changed {port}"
|
|
|
|
|
.format(port=self.app.pargs.user_input))
|
|
|
|
|
|
|
|
|
|
@expose(hide=True)
|
|
|
|
|
def secure_ip(self):
|
|
|
|
|
"""This function Secures IP"""
|
|
|
|
|
# TODO:remaining with ee.conf updation in file
|
|
|
|
|
newlist = []
|
|
|
|
|
if not self.app.pargs.user_input:
|
|
|
|
|
ip = input("Enter the comma separated IP addresses "
|
|
|
|
|
"to white list [127.0.0.1]:")
|
|
|
|
|
self.app.pargs.user_input = ip
|
|
|
|
|
try:
|
|
|
|
|
user_ip = self.app.pargs.user_input.split(',')
|
|
|
|
|
except Exception as e:
|
|
|
|
|
user_ip = ['127.0.0.1']
|
|
|
|
|
for ip_addr in user_ip:
|
|
|
|
|
if not ("exist_ip_address "+ip_addr in open('/etc/nginx/common/'
|
|
|
|
|
'acl.conf').read()):
|
|
|
|
|
EEShellExec.cmd_exec(self, "sed -i "
|
|
|
|
|
"\"/deny/i allow {whitelist_adre}\;\""
|
|
|
|
|
" /etc/nginx/common/acl.conf"
|
|
|
|
|
.format(whitelist_adre=ip_addr))
|
|
|
|
|
EEGit.add(self, ["/etc/nginx"],
|
|
|
|
|
msg="Adding changed secure ip into Git")
|
|
|
|
|
|
|
|
|
|
Log.info(self, "Successfully added IP address in acl.conf file")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def load(app):
|
|
|
|
|
# register the plugin class.. this only happens if the plugin is enabled
|
|
|
|
|
handler.register(EESecureController)
|
|
|
|
|
# register a hook (function) to run after arguments are parsed.
|
|
|
|
|
hook.register('post_argument_parsing', ee_secure_hook)
|
