You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

145 lines
6.1 KiB

10 years ago
from cement.core.controller import CementBaseController, expose
from cement.core import handler, hook
from ee.core.shellexec import EEShellExec
from ee.core.variables import EEVariables
from ee.core.logging import Log
from ee.core.git import EEGit
from ee.core.services import EEService
10 years ago
import string
import random
import sys
import hashlib
import getpass
10 years ago
def ee_secure_hook(app):
10 years ago
# do something with the ``app`` object here.
pass
class EESecureController(CementBaseController):
10 years ago
class Meta:
label = 'secure'
stacked_on = 'base'
stacked_type = 'nested'
description = ('Secure command secure auth, ip and port')
10 years ago
arguments = [
(['--auth'],
dict(help='secure auth', action='store_true')),
(['--port'],
dict(help='secure port', action='store_true')),
(['--ip'],
dict(help='secure ip', action='store_true')),
(['user_input'],
dict(help='user input', nargs='?', default=None)),
(['user_pass'],
dict(help='user pass', nargs='?', default=None))]
usage = "ee secure [options]"
10 years ago
@expose(hide=True)
def default(self):
if self.app.pargs.auth:
self.secure_auth()
if self.app.pargs.port:
self.secure_port()
if self.app.pargs.ip:
self.secure_ip()
@expose(hide=True)
def secure_auth(self):
"""This function Secures authentication"""
10 years ago
passwd = ''.join([random.choice
(string.ascii_letters + string.digits)
for n in range(6)])
if not self.app.pargs.user_input:
username = input("Provide HTTP authentication user "
"name [{0}] :".format(EEVariables.ee_user))
self.app.pargs.user_input = username
if username == "":
self.app.pargs.user_input = EEVariables.ee_user
if not self.app.pargs.user_pass:
password = getpass.getpass("Provide HTTP authentication "
"password [{0}] :".format(passwd))
self.app.pargs.user_pass = password
if password == "":
self.app.pargs.user_pass = passwd
10 years ago
Log.debug(self, "printf username:"
"$(openssl passwd -crypt "
"password 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-ee 2>/dev/null")
10 years ago
EEShellExec.cmd_exec(self, "printf \"{username}:"
"$(openssl passwd -crypt "
"{password} 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-ee 2>/dev/null"
.format(username=self.app.pargs.user_input,
10 years ago
password=self.app.pargs.user_pass),
log=False)
EEGit.add(self, ["/etc/nginx"],
msg="Adding changed secure auth into Git")
10 years ago
@expose(hide=True)
def secure_port(self):
"""This function Secures port"""
if self.app.pargs.user_input:
while not self.app.pargs.user_input.isdigit():
Log.info(self, "Please Enter valid port number ")
self.app.pargs.user_input = input("EasyEngine "
"admin port [22222]:")
if not self.app.pargs.user_input:
port = input("EasyEngine admin port [22222]:")
if port == "":
self.app.pargs.user_input = 22222
while not port.isdigit() and port != "":
Log.info(self, "Please Enter valid port number :")
port = input("EasyEngine admin port [22222]:")
self.app.pargs.user_input = port
10 years ago
if EEVariables.ee_platform_distro == 'ubuntu':
10 years ago
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl spdy;/\" "
"/etc/nginx/sites-available/22222"
.format(port=self.app.pargs.user_input))
if EEVariables.ee_platform_distro == 'debian':
10 years ago
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl;/\" "
"/etc/nginx/sites-available/22222"
.format(port=self.app.pargs.user_input))
EEGit.add(self, ["/etc/nginx"],
msg="Adding changed secure port into Git")
if not EEService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "Successfully port changed {port}"
.format(port=self.app.pargs.user_input))
10 years ago
@expose(hide=True)
def secure_ip(self):
"""This function Secures IP"""
# TODO:remaining with ee.conf updation in file
10 years ago
newlist = []
if not self.app.pargs.user_input:
ip = input("Enter the comma separated IP addresses "
"to white list [127.0.0.1]:")
self.app.pargs.user_input = ip
10 years ago
try:
user_ip = self.app.pargs.user_input.split(',')
10 years ago
except Exception as e:
user_ip = ['127.0.0.1']
for ip_addr in user_ip:
if not ("exist_ip_address "+ip_addr in open('/etc/nginx/common/'
'acl.conf').read()):
EEShellExec.cmd_exec(self, "sed -i "
"\"/deny/i allow {whitelist_adre}\;\""
" /etc/nginx/common/acl.conf"
.format(whitelist_adre=ip_addr))
EEGit.add(self, ["/etc/nginx"],
msg="Adding changed secure ip into Git")
Log.info(self, "Successfully added IP address in acl.conf file")
10 years ago
def load(app):
# register the plugin class.. this only happens if the plugin is enabled
handler.register(EESecureController)
10 years ago
# register a hook (function) to run after arguments are parsed.
10 years ago
hook.register('post_argument_parsing', ee_secure_hook)