from cement.core.controller import CementBaseController, expose from cement.core import handler, hook from ee.core.shellexec import EEShellExec from ee.core.variables import EEVariables import string import random import sys import hashlib import getpass def secure_plugin_hook(app): # do something with the ``app`` object here. pass class EEsecureController(CementBaseController): class Meta: label = 'secure' stacked_on = 'base' stacked_type = 'nested' description = 'clean command cleans different cache with following \ options' arguments = [ (['--auth'], dict(help='secure auth', action='store_true')), (['--port'], dict(help='secure port', action='store_true')), (['--ip'], dict(help='secure ip', action='store_true')) ] @expose(hide=True) def default(self): if self.app.pargs.auth: self.secure_auth() if self.app.pargs.port: self.secure_port() if self.app.pargs.ip: self.secure_ip() @expose(hide=True) def secure_auth(self): passwd = ''.join([random.choice (string.ascii_letters + string.digits) for n in range(6)]) username = input("Provide HTTP authentication user " "name [{0}] :".format(EEVariables.ee_user)) password = input("Provide HTTP authentication " "password [{0}]".format(passwd)) if username == "": username = EEVariables.ee_user self.app.log.info("HTTP authentication username:{username}" .format(username=username)) if password == "": password = passwd self.app.log.info("HTTP authentication password:{password}" .format(password=password)) EEShellExec.cmd_exec(self, "printf \"{username}:" "$(openssl passwd -crypt " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-ee 2>/dev/null" .format(username=username, password=password)) @expose(hide=True) def secure_port(self): port = input("EasyEngine admin port [22222]:") if port == "": port = 22222 if EEVariables.ee_platform_distro == 'Ubuntu': EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen " "{port} default_server ssl spdy;/\" " "/etc/nginx/sites-available/22222" .format(port=port)) elif EEVariables.ee_platform_distro == 'Debian': EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen " "{port} default_server ssl;/\" " "/etc/nginx/sites-available/22222" .format(port=port)) @expose(hide=True) def secure_ip(self): #TODO:remaining with ee.conf updation in file newlist = [] ip = input("Enter the comma separated IP addresses " "to white list [127.0.0.1]:") try: user_list_ip = ip.split(',') except Exception as e: ip = ['127.0.0.1'] self.app.config.set('mysql', 'grant-host', "hello") exist_ip_list = self.app.config.get('stack', 'ip-address').split() print(exist_ip_list) for check_ip in user_list_ip: if check_ip not in exist_ip_list: newlist.extend(exist_ip_list) # changes in acl.conf file if len(newlist) != 0: EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx" "/common/acl.conf") for whitelist_adre in newlist: EEShellExec.cmd_exec(self, "sed -i \"/deny/i " "echo allow {whitelist_adre}\\;\" " "/etc/nginx/common/acl.conf" .format(whitelist_adre=whitelist_adre)) def load(app): # register the plugin class.. this only happens if the plugin is enabled handler.register(EEsecureController) # register a hook (function) to run after arguments are parsed. hook.register('post_argument_parsing', secure_plugin_hook)