You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

118 lines
4.6 KiB

10 years ago
from cement.core.controller import CementBaseController, expose
from cement.core import handler, hook
from ee.core.shellexec import EEShellExec
from ee.core.variables import EEVariables
from ee.core.logging import Log
10 years ago
import string
import random
import sys
import hashlib
import getpass
def secure_plugin_hook(app):
# do something with the ``app`` object here.
pass
class EESecureController(CementBaseController):
10 years ago
class Meta:
label = 'secure'
stacked_on = 'base'
stacked_type = 'nested'
description = ('clean command cleans different cache with following '
'options')
10 years ago
arguments = [
(['--auth'],
dict(help='secure auth', action='store_true')),
(['--port'],
dict(help='secure port', action='store_true')),
(['--ip'],
dict(help='secure ip', action='store_true'))
]
@expose(hide=True)
def default(self):
if self.app.pargs.auth:
self.secure_auth()
if self.app.pargs.port:
self.secure_port()
if self.app.pargs.ip:
self.secure_ip()
@expose(hide=True)
def secure_auth(self):
passwd = ''.join([random.choice
(string.ascii_letters + string.digits)
for n in range(6)])
10 years ago
username = input("Provide HTTP authentication user "
"name [{0}] :".format(EEVariables.ee_user))
password = input("Provide HTTP authentication "
"password [{0}]".format(passwd))
if username == "":
username = EEVariables.ee_user
Log.info(self, "HTTP authentication username:{username}"
.format(username=username))
if password == "":
password = passwd
Log.info(self, "HTTP authentication password:{password}"
.format(password=password))
10 years ago
EEShellExec.cmd_exec(self, "printf \"{username}:"
"$(openssl passwd -crypt "
"{password} 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-ee 2>/dev/null"
.format(username=username,
password=password))
@expose(hide=True)
def secure_port(self):
port = input("EasyEngine admin port [22222]:")
if port == "":
port = 22222
if EEVariables.ee_platform_distro == 'Ubuntu':
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl spdy;/\" "
"/etc/nginx/sites-available/22222"
.format(port=port))
else:
Log.error(self, "Unable to change EasyEngine admin port")
if EEVariables.ee_platform_distro == 'Debian':
10 years ago
EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl;/\" "
"/etc/nginx/sites-available/22222"
.format(port=port))
else:
Log.error(self, "Unable to change EasyEngine admin port")
10 years ago
@expose(hide=True)
def secure_ip(self):
# TODO:remaining with ee.conf updation in file
10 years ago
newlist = []
ip = input("Enter the comma separated IP addresses "
"to white list [127.0.0.1]:")
try:
user_list_ip = ip.split(',')
except Exception as e:
ip = ['127.0.0.1']
self.app.config.set('mysql', 'grant-host', "hello")
exist_ip_list = self.app.config.get('stack', 'ip-address').split()
for check_ip in user_list_ip:
if check_ip not in exist_ip_list:
newlist.extend(exist_ip_list)
# changes in acl.conf file
10 years ago
if len(newlist) != 0:
EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx"
"/common/acl.conf")
for whitelist_adre in newlist:
EEShellExec.cmd_exec(self, "sed -i \"/deny/i "
"echo allow {whitelist_adre}\\;\" "
"/etc/nginx/common/acl.conf"
.format(whitelist_adre=whitelist_adre))
def load(app):
# register the plugin class.. this only happens if the plugin is enabled
handler.register(EESecureController)
10 years ago
# register a hook (function) to run after arguments are parsed.
hook.register('post_argument_parsing', secure_plugin_hook)