from cement.core.controller import CementBaseController, expose from cement.core import handler, hook from ee.core.shellexec import EEShellExec from ee.core.variables import EEVariables from ee.core.logging import Log import string import random import sys import hashlib import getpass def secure_plugin_hook(app): # do something with the ``app`` object here. pass class EESecureController(CementBaseController): class Meta: label = 'secure' stacked_on = 'base' stacked_type = 'nested' description = ('clean command cleans different cache ') arguments = [ (['--auth'], dict(help='secure auth', action='store_true')), (['--port'], dict(help='secure port', action='store_true')), (['--ip'], dict(help='secure ip', action='store_true')), (['user_input'], dict(help='user input', nargs='?', default=None)), (['user_pass'], dict(help='user pass', nargs='?', default=None))] @expose(hide=True) def default(self): if self.app.pargs.auth: self.secure_auth() if self.app.pargs.port: self.secure_port() if self.app.pargs.ip: self.secure_ip() @expose(hide=True) def secure_auth(self): passwd = ''.join([random.choice (string.ascii_letters + string.digits) for n in range(6)]) if not self.app.pargs.user_input: username = input("Provide HTTP authentication user " "name [{0}] :".format(EEVariables.ee_user)) self.app.pargs.user_input = username if username == "": self.app.pargs.user_input = EEVariables.ee_user if not self.app.pargs.user_pass: password = input("Provide HTTP authentication " "password [{0}]".format(passwd)) self.app.pargs.user_pass = password if password == "": self.app.pargs.user_pass = passwd EEShellExec.cmd_exec(self, "printf \"{username}:" "$(openssl passwd -crypt " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-ee 2>/dev/null" .format(username=self.app.pargs.user_input, password=self.app.pargs.user_pass)) Log.info(self, "Successfully changed HTTP authentication" " username:{username}" .format(username=self.app.pargs.user_input)) Log.info(self, "Successfully changed HTTP authentication" " password:{password}" .format(password=self.app.pargs.user_pass)) @expose(hide=True) def secure_port(self): while not self.app.pargs.user_input.isdigit(): Log.info(self, "Please Enter valid port number ") self.app.pargs.user_input = input("EasyEngine admin port [22222]:") if not self.app.pargs.user_input: port = input("EasyEngine admin port [22222]:") if port == "": self.app.pargs.user_input = 22222 while not port.isdigit() and port != "": Log.info(self, "Please Enter valid port number :") port = input("EasyEngine admin port [22222]:") self.app.pargs.user_input = port if EEVariables.ee_platform_distro == 'Ubuntu': EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen " "{port} default_server ssl spdy;/\" " "/etc/nginx/sites-available/22222.conf" .format(port=self.app.pargs.user_input)) if EEVariables.ee_platform_distro == 'debian': EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen " "{port} default_server ssl;/\" " "/etc/nginx/sites-available/22222.conf" .format(port=self.app.pargs.user_input)) Log.info(self, "Successfully port changed {port}" .format(port=self.app.pargs.user_input)) @expose(hide=True) def secure_ip(self): # TODO:remaining with ee.conf updation in file newlist = [] if not self.app.pargs.user_input: ip = input("Enter the comma separated IP addresses " "to white list [127.0.0.1]:") self.app.pargs.user_input = ip try: user_ip = self.app.pargs.user_input.split(',') except Exception as e: user_ip = ['127.0.0.1'] for ip_addr in user_ip: if not ("exist_ip_address "+ip_addr in open('/etc/nginx/common/' 'acl.conf').read()): EEShellExec.cmd_exec(self, "sed -i " "\"/deny/i allow {whitelist_adre}\;\"" " /etc/nginx/common/acl.conf" .format(whitelist_adre=ip_addr)) Log.info(self, "Successfully added IP address in acl.conf file") def load(app): # register the plugin class.. this only happens if the plugin is enabled handler.register(EESecureController) # register a hook (function) to run after arguments are parsed. hook.register('post_argument_parsing', secure_plugin_hook)