from cement.core.controller import CementBaseController, expose from cement.core import handler, hook from ee.core.shellexec import EEShellExec from ee.core.variables import EEVariables from ee.core.logging import Log import string import random import sys import hashlib import getpass def secure_plugin_hook(app): # do something with the ``app`` object here. pass class EESecureController(CementBaseController): class Meta: label = 'secure' stacked_on = 'base' stacked_type = 'nested' description = ('clean command cleans different cache ') arguments = [ (['--auth'], dict(help='secure auth', action='store_true')), (['--port'], dict(help='secure port', action='store_true')), (['--ip'], dict(help='secure ip', action='store_true')) ] @expose(hide=True) def default(self): if self.app.pargs.auth: self.secure_auth() if self.app.pargs.port: self.secure_port() if self.app.pargs.ip: self.secure_ip() @expose(hide=True) def secure_auth(self): passwd = ''.join([random.choice (string.ascii_letters + string.digits) for n in range(6)]) username = input("Provide HTTP authentication user " "name [{0}] :".format(EEVariables.ee_user)) password = input("Provide HTTP authentication " "password [{0}]".format(passwd)) if username == "": username = EEVariables.ee_user Log.info(self, "HTTP authentication username:{username}" .format(username=username)) if password == "": password = passwd Log.info(self, "HTTP authentication password:{password}" .format(password=password)) EEShellExec.cmd_exec(self, "printf \"{username}:" "$(openssl passwd -crypt " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-ee 2>/dev/null" .format(username=username, password=password)) @expose(hide=True) def secure_port(self): port = input("EasyEngine admin port [22222]:") if port == "": port = 22222 if EEVariables.ee_platform_distro == 'Ubuntu': EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen " "{port} default_server ssl spdy;/\" " "/etc/nginx/sites-available/22222.conf" .format(port=port)) if EEVariables.ee_platform_distro == 'Debian': EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen " "{port} default_server ssl;/\" " "/etc/nginx/sites-available/22222" .format(port=port)) @expose(hide=True) def secure_ip(self): # TODO:remaining with ee.conf updation in file newlist = [] ip = input("Enter the comma separated IP addresses " "to white list [127.0.0.1]:") try: user_list_ip = ip.split(',') except Exception as e: ip = ['127.0.0.1'] self.app.config.set('mysql', 'grant-host', "hello") exist_ip_list = self.app.config.get('stack', 'ip-address').split() for check_ip in user_list_ip: if check_ip not in exist_ip_list: newlist.extend(exist_ip_list) # changes in acl.conf file if len(newlist) != 0: EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx" "/common/acl.conf") for whitelist_adre in newlist: EEShellExec.cmd_exec(self, "sed -i \"/deny/i " "echo allow {whitelist_adre}\\;\" " "/etc/nginx/common/acl.conf" .format(whitelist_adre=whitelist_adre)) def load(app): # register the plugin class.. this only happens if the plugin is enabled handler.register(EESecureController) # register a hook (function) to run after arguments are parsed. hook.register('post_argument_parsing', secure_plugin_hook)