ee secure command

10 years ago · 5804eb8edc
2 changed files with 124 additions and 0 deletions
--- a/config/plugins.d/secure.conf
+++ b/config/plugins.d/secure.conf
@ -0,0 +1,8 @@
+### Example Plugin Configuration for EasyEngine
+
+[secure]
+
+### If enabled, load a plugin named `example` either from the Python module
+### `ee.cli.plugins.example` or from the file path
+### `/var/lib/ee/plugins/example.py`
+enable_plugin = true
--- a/ee/cli/plugins/secure.py
+++ b/ee/cli/plugins/secure.py
@ -0,0 +1,116 @@
+from cement.core.controller import CementBaseController, expose
+from cement.core import handler, hook
+from ee.core.shellexec import EEShellExec
+from ee.core.variables import EEVariables
+import string
+import random
+import sys
+import hashlib
+import getpass
+
+
+def secure_plugin_hook(app):
+    # do something with the ``app`` object here.
+    pass
+
+
+class EEsecureController(CementBaseController):
+    class Meta:
+        label = 'secure'
+        stacked_on = 'base'
+        stacked_type = 'nested'
+        description = 'clean command cleans different cache with following \
+                        options'
+        arguments = [
+            (['--auth'],
+                dict(help='secure auth', action='store_true')),
+            (['--port'],
+                dict(help='secure port', action='store_true')),
+            (['--ip'],
+                dict(help='secure ip', action='store_true'))
+            ]
+
+    @expose(hide=True)
+    def default(self):
+        # TODO Default action for ee clean command here
+            if self.app.pargs.auth:
+                self.secure_auth()
+            if self.app.pargs.port:
+                self.secure_port()
+            if self.app.pargs.ip:
+                self.secure_ip()
+
+    @expose(hide=True)
+    def secure_auth(self):
+        print("Securing auth.....")
+        passwd = ''.join([random.choice
+                 (string.ascii_letters + string.digits)
+                 for n in range(6)])
+        username = input("Provide HTTP authentication user "
+                         "name [{0}] :".format(EEVariables.ee_user))
+        password = input("Provide HTTP authentication "
+                         "password [{0}]".format(passwd))
+        if password == "":
+            password = passwd
+            print(password)
+        if username == "":
+            username = EEVariables.ee_user
+            print(username)
+        EEShellExec.cmd_exec(self, "printf \"{username}:"
+                             "$(openssl passwd -crypt "
+                             "{password} 2> /dev/null)\n\""
+                             "> /etc/nginx/htpasswd-ee 2>/dev/null"
+                             .format(username=username,
+                                     password=password))
+
+    @expose(hide=True)
+    def secure_port(self):
+        #TODO:remaining with ee.conf updation in file
+        port = input("EasyEngine admin port [22222]:")
+        if port == "":
+            port = 22222
+        if EEVariables.ee_platform_distro == 'Ubuntu':
+            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
+                                 "{port} default_server ssl spdy;/\" "
+                                 "/etc/nginx/sites-available/22222"
+                                 .format(port=port))
+        elif EEVariables.ee_platform_distro == 'Debian':
+            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
+                                 "{port} default_server ssl;/\" "
+                                 "/etc/nginx/sites-available/22222"
+                                 .format(port=port))
+
+    @expose(hide=True)
+    def secure_ip(self):
+        newlist = []
+        ip = input("Enter the comma separated IP addresses "
+                   "to white list [127.0.0.1]:")
+        ip_found = False
+        try:
+            user_list_ip = ip.split(',')
+        except Exception as e:
+            ip = ['127.0.0.1']
+        self.app.config.set('mysql', 'grant-host', "hello")
+        exist_ip_list = self.app.config.get('stack', 'ip-address').split()
+        print(exist_ip_list)
+        for check_ip in user_list_ip:
+            if check_ip not in exist_ip_list:
+                newlist.extend(exist_ip_list)
+            else:
+                print("IP found")
+        # changes in acl.conf file
+            if len(newlist) != 0:
+                EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx"
+                                     "/common/acl.conf")
+            for whitelist_adre in newlist:
+                EEShellExec.cmd_exec(self, "sed -i \"/deny/i "
+                                     "echo allow {whitelist_adre}\\;\" "
+                                     "/etc/nginx/common/acl.conf"
+                                     .format(whitelist_adre=whitelist_adre))
+
+
+def load(app):
+    # register the plugin class.. this only happens if the plugin is enabled
+    handler.register(EEsecureController)
+    # register a hook (function) to run after arguments are parsed.
+    hook.register('post_argument_parsing', secure_plugin_hook)