lukechilds
/
easyengine
mirror of https://github.com/lukechilds/easyengine.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1724 Commits
16 Branches
76 Tags
4.0 MiB
Tree: 5804eb8edc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5804eb8edc'
${ noResults }
easyengine/ee/cli/plugins/secure.py

117 lines
4.4 KiB
Raw Normal View History

ee secure command
10 years ago
from cement.core.controller import CementBaseController, expose
from cement.core import handler, hook
from ee.core.shellexec import EEShellExec
from ee.core.variables import EEVariables
import string
import random
import sys
import hashlib
import getpass
def secure_plugin_hook(app):
# do something with the ``app`` object here.
pass
class EEsecureController(CementBaseController):
class Meta:
label = 'secure'
stacked_on = 'base'
stacked_type = 'nested'
description = 'clean command cleans different cache with following \
options'
arguments = [
(['--auth'],
dict(help='secure auth', action='store_true')),
(['--port'],
dict(help='secure port', action='store_true')),
(['--ip'],
dict(help='secure ip', action='store_true'))
]
@expose(hide=True)
def default(self):
# TODO Default action for ee clean command here
if self.app.pargs.auth:
self.secure_auth()
if self.app.pargs.port:
self.secure_port()
if self.app.pargs.ip:
self.secure_ip()
@expose(hide=True)
def secure_auth(self):
print("Securing auth.....")
passwd = ''.join([random.choice
(string.ascii_letters + string.digits)
for n in range(6)])
username = input("Provide HTTP authentication user "
"name [{0}] :".format(EEVariables.ee_user))
password = input("Provide HTTP authentication "
"password [{0}]".format(passwd))
if password == "":
password = passwd
print(password)
if username == "":
username = EEVariables.ee_user
print(username)
EEShellExec.cmd_exec(self, "printf \"{username}:"
"$(openssl passwd -crypt "
"{password} 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-ee 2>/dev/null"
.format(username=username,
password=password))
@expose(hide=True)
def secure_port(self):
#TODO:remaining with ee.conf updation in file
port = input("EasyEngine admin port [22222]:")
if port == "":
port = 22222
if EEVariables.ee_platform_distro == 'Ubuntu':
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl spdy;/\" "
"/etc/nginx/sites-available/22222"
.format(port=port))
elif EEVariables.ee_platform_distro == 'Debian':
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl;/\" "
"/etc/nginx/sites-available/22222"
.format(port=port))
@expose(hide=True)
def secure_ip(self):
newlist = []
ip = input("Enter the comma separated IP addresses "
"to white list [127.0.0.1]:")
ip_found = False
try:
user_list_ip = ip.split(',')
except Exception as e:
ip = ['127.0.0.1']
self.app.config.set('mysql', 'grant-host', "hello")
exist_ip_list = self.app.config.get('stack', 'ip-address').split()
print(exist_ip_list)
for check_ip in user_list_ip:
if check_ip not in exist_ip_list:
newlist.extend(exist_ip_list)
else:
print("IP found")
# changes in acl.conf file
if len(newlist) != 0:
EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx"
"/common/acl.conf")
for whitelist_adre in newlist:
EEShellExec.cmd_exec(self, "sed -i \"/deny/i "
"echo allow {whitelist_adre}\\;\" "
"/etc/nginx/common/acl.conf"
.format(whitelist_adre=whitelist_adre))
def load(app):
# register the plugin class.. this only happens if the plugin is enabled
handler.register(EEsecureController)
# register a hook (function) to run after arguments are parsed.
hook.register('post_argument_parsing', secure_plugin_hook)