File manager - Edit - /home/newsbmcs.com/public_html/static/img/logo/modSec.py.tar
Back
usr/local/CyberCP/plogical/modSec.py����������������������������������������������������������������0000644�����������������00000065327�15030477403�0013334 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������import sys sys.path.append('/usr/local/CyberCP') from plogical import CyberCPLogFileWriter as logging import subprocess import shlex import argparse from plogical.virtualHostUtilities import virtualHostUtilities import os import tarfile import shutil from plogical.mailUtilities import mailUtilities from plogical.processUtilities import ProcessUtilities from plogical.installUtilities import installUtilities class modSec: installLogPath = "/home/cyberpanel/modSecInstallLog" tempRulesFile = "/home/cyberpanel/tempModSecRules" mirrorPath = "cyberpanel.net" @staticmethod def installModSec(): try: mailUtilities.checkHome() if ProcessUtilities.decideDistro() == ProcessUtilities.centos or ProcessUtilities.decideDistro() == ProcessUtilities.cent8: command = 'sudo yum install ols-modsecurity -y' else: command = 'sudo DEBIAN_FRONTEND=noninteractive apt-get install ols-modsecurity -y' cmd = shlex.split(command) with open(modSec.installLogPath, 'w') as f: res = subprocess.call(cmd, stdout=f) if res == 1: writeToFile = open(modSec.installLogPath, 'a') writeToFile.writelines("Can not be installed.[404]\n") writeToFile.close() logging.CyberCPLogFileWriter.writeToFile("[Could not Install]") return 0 else: writeToFile = open(modSec.installLogPath, 'a') writeToFile.writelines("ModSecurity Installed.[200]\n") writeToFile.close() return 1 except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[installModSec]") @staticmethod def installModSecConfigs(): try: ## Try making a dir that will store ModSec configurations path = os.path.join(virtualHostUtilities.Server_root,"conf/modsec") try: os.mkdir(path) except: logging.CyberCPLogFileWriter.writeToFile( "ModSecurity rules directory already exists." + " [installModSecConfigs]") initialConfigs = """ module mod_security { modsecurity on modsecurity_rules ` SecDebugLogLevel 0 SecDebugLog /usr/local/lsws/logs/modsec.log SecAuditEngine on SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts AFH SecAuditLogType Serial SecAuditLog /usr/local/lsws/logs/auditmodsec.log SecRuleEngine On ` modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf } """ confFile = os.path.join(virtualHostUtilities.Server_root,"conf/httpd_config.conf") confData = open(confFile).readlines() confData.reverse() modSecConfigFlag = False for items in confData: if items.find('module mod_security') > -1: modSecConfigFlag = True break if modSecConfigFlag == False: conf = open(confFile,'a+') conf.write(initialConfigs) conf.close() rulesFilePath = os.path.join(virtualHostUtilities.Server_root,"conf/modsec/rules.conf") if not os.path.exists(rulesFilePath): initialRules = """SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access' ,log,auditlog,deny" """ rule = open(rulesFilePath,'a+') rule.write(initialRules) rule.close() print("1,None") return except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [installModSecConfigs]") print("0," + str(msg)) @staticmethod def saveModSecConfigs(tempConfigPath): try: data = open(tempConfigPath).readlines() os.remove(tempConfigPath) if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsecurity ') > -1: conf.writelines(data[0]) continue elif items.find('SecAuditEngine ') > -1: conf.writelines(data[1]) continue elif items.find('SecRuleEngine ') > -1: conf.writelines(data[2]) continue elif items.find('SecDebugLogLevel') > -1: conf.writelines(data[3]) continue elif items.find('SecAuditLogRelevantStatus ') > -1: conf.writelines(data[5]) continue elif items.find('SecAuditLogParts ') > -1: conf.writelines(data[4]) continue elif items.find('SecAuditLogType ') > -1: conf.writelines(data[6]) continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") return else: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/modsec.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('SecAuditEngine ') > -1: conf.writelines(data[0]) continue elif items.find('SecRuleEngine ') > -1: conf.writelines(data[1]) continue elif items.find('SecDebugLogLevel') > -1: conf.writelines(data[2]) continue elif items.find('SecAuditLogRelevantStatus ') > -1: conf.writelines(data[4]) continue elif items.find('SecAuditLogParts ') > -1: conf.writelines(data[3]) continue elif items.find('SecAuditLogType ') > -1: conf.writelines(data[5]) continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") return except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [saveModSecConfigs]") print("0," + str(msg)) @staticmethod def saveModSecRules(): try: rulesFile = open(modSec.tempRulesFile,'r') data = rulesFile.read() rulesFile.close() if ProcessUtilities.decideServer() == ProcessUtilities.OLS: rulesFilePath = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/rules.conf") else: rulesFilePath = os.path.join(virtualHostUtilities.Server_root, "conf/rules.conf") rulesFile = open(rulesFilePath,'w') rulesFile.write(data) rulesFile.close() installUtilities.reStartLiteSpeed() print("1,None") return except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [saveModSecRules]") print("0," + str(msg)) @staticmethod def setupComodoRules(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: pathTOOWASPFolder = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/comodo") extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf/modsec") if os.path.exists(pathTOOWASPFolder): shutil.rmtree(pathTOOWASPFolder) if os.path.exists('comodo.tar.gz'): os.remove('comodo.tar.gz') command = "wget https://" + modSec.mirrorPath + "/modsec/comodo.tar.gz" result = subprocess.call(shlex.split(command)) if result == 1: return 0 tar = tarfile.open('comodo.tar.gz') tar.extractall(extractLocation) tar.close() return 1 else: if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'): shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed') extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf") if os.path.exists('cpanel_litespeed_vendor'): os.remove('cpanel_litespeed_vendor') command = "wget https://waf.comodo.com/api/cpanel_litespeed_vendor" result = subprocess.call(shlex.split(command)) if result == 1: return 0 command = "unzip cpanel_litespeed_vendor -d " + extractLocation subprocess.call(shlex.split(command)) return 1 except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [setupComodoRules]") return 0 @staticmethod def installComodo(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: if modSec.setupComodoRules() == 0: print('0, Unable to download Comodo Rules.') return owaspRulesConf = """modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/modsecurity.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/01_Init_AppsInitialization.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/03_Global_Agents.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/04_Global_Domains.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/05_Global_Backdoor.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/06_XSS_XSS.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/07_Global_Other.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/08_Bruteforce_Bruteforce.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/09_HTTP_HTTP.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/10_HTTP_HTTPDoS.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/11_HTTP_Protocol.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/12_HTTP_Request.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/13_Outgoing_FilterGen.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/14_Outgoing_FilterASP.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/15_Outgoing_FilterPHP.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/16_Outgoing_FilterSQL.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/17_Outgoing_FilterOther.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/18_Outgoing_FilterInFrame.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/19_Outgoing_FiltersEnd.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/20_PHP_PHPGen.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/21_SQL_SQLi.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/22_Apps_Joomla.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/23_Apps_JComponent.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/24_Apps_WordPress.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/25_Apps_WPPlugin.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/26_Apps_WHMCS.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/27_Apps_Drupal.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_OtherApps.conf """ confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1: conf.write(owaspRulesConf) conf.writelines(items) continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") return else: if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'): shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed') extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf") if os.path.exists('cpanel_litespeed_vendor'): os.remove('cpanel_litespeed_vendor') command = "wget --no-check-certificate https://waf.comodo.com/api/cpanel_litespeed_vendor" result = subprocess.call(shlex.split(command)) if result == 1: return 0 command = "unzip cpanel_litespeed_vendor -d " + extractLocation result = subprocess.call(shlex.split(command)) command = 'sudo chown -R lsadm:lsadm /usr/local/lsws/conf' subprocess.call(shlex.split(command)) installUtilities.reStartLiteSpeed() print("1,None") return except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [installComodo]") print("0," + str(msg)) @staticmethod def disableComodo(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsec/comodo') > -1: continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") else: try: shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed') except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + ' [disableComodo]') installUtilities.reStartLiteSpeed() print("1,None") except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [disableComodo]") print("0," + str(msg)) @staticmethod def setupOWASPRules(): try: pathTOOWASPFolder = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/owasp") pathToOWASFolderNew = '%s/modsec/owasp-modsecurity-crs-3.0-master' % (virtualHostUtilities.vhostConfPath) command = 'mkdir -p /usr/local/lsws/conf/modsec' result = subprocess.call(shlex.split(command)) if result != 0: return 0 if os.path.exists(pathToOWASFolderNew): shutil.rmtree(pathToOWASFolderNew) if os.path.exists(pathTOOWASPFolder): shutil.rmtree(pathTOOWASPFolder) if os.path.exists('owasp.tar.gz'): os.remove('owasp.tar.gz') command = "wget https://github.com/coreruleset/coreruleset/archive/v3.3.2/master.zip -O /usr/local/lsws/conf/modsec/owasp.zip" result = subprocess.call(shlex.split(command)) if result != 0: return 0 command = "unzip -o /usr/local/lsws/conf/modsec/owasp.zip -d /usr/local/lsws/conf/modsec/" result = subprocess.call(shlex.split(command)) if result != 0: return 0 command = 'mv /usr/local/lsws/conf/modsec/coreruleset-3.3.2 /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master' result = subprocess.call(shlex.split(command)) if result != 0: return 0 command = 'mv %s/crs-setup.conf.example %s/crs-setup.conf' % (pathToOWASFolderNew, pathToOWASFolderNew) result = subprocess.call(shlex.split(command)) if result != 0: return 0 command = 'mv %s/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %s/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf' % (pathToOWASFolderNew, pathToOWASFolderNew) result = subprocess.call(shlex.split(command)) if result != 0: return 0 command = 'mv %s/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %s/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf' % ( pathToOWASFolderNew, pathToOWASFolderNew) result = subprocess.call(shlex.split(command)) if result != 0: return 0 content = """include {pathToOWASFolderNew}/crs-setup.conf include {pathToOWASFolderNew}/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf include {pathToOWASFolderNew}/rules/REQUEST-901-INITIALIZATION.conf include {pathToOWASFolderNew}/rules/REQUEST-905-COMMON-EXCEPTIONS.conf include {pathToOWASFolderNew}/rules/REQUEST-910-IP-REPUTATION.conf include {pathToOWASFolderNew}/rules/REQUEST-911-METHOD-ENFORCEMENT.conf include {pathToOWASFolderNew}/rules/REQUEST-912-DOS-PROTECTION.conf include {pathToOWASFolderNew}/rules/REQUEST-913-SCANNER-DETECTION.conf include {pathToOWASFolderNew}/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf include {pathToOWASFolderNew}/rules/REQUEST-921-PROTOCOL-ATTACK.conf include {pathToOWASFolderNew}/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf include {pathToOWASFolderNew}/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf include {pathToOWASFolderNew}/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf include {pathToOWASFolderNew}/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf include {pathToOWASFolderNew}/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf include {pathToOWASFolderNew}/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf include {pathToOWASFolderNew}/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf include {pathToOWASFolderNew}/rules/REQUEST-949-BLOCKING-EVALUATION.conf include {pathToOWASFolderNew}/rules/RESPONSE-950-DATA-LEAKAGES.conf include {pathToOWASFolderNew}/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf include {pathToOWASFolderNew}/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf include {pathToOWASFolderNew}/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf include {pathToOWASFolderNew}/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf include {pathToOWASFolderNew}/rules/RESPONSE-959-BLOCKING-EVALUATION.conf include {pathToOWASFolderNew}/rules/RESPONSE-980-CORRELATION.conf include {pathToOWASFolderNew}/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf """ writeToFile = open('%s/owasp-master.conf' % (pathToOWASFolderNew), 'w') writeToFile.write(content.replace('{pathToOWASFolderNew}', pathToOWASFolderNew)) writeToFile.close() return 1 except BaseException as msg: print(str(msg)) logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [setupOWASPRules]") return 0 @staticmethod def installOWASP(): try: if modSec.setupOWASPRules() == 0: print('0, Unable to download OWASP Rules.') return if ProcessUtilities.decideServer() == ProcessUtilities.OLS: owaspRulesConf = """ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf """ confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1: conf.writelines(items) conf.write(owaspRulesConf) continue else: conf.writelines(items) conf.close() else: confFile = os.path.join('/usr/local/lsws/conf/modsec.conf') confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('/conf/comodo_litespeed/') > -1: conf.writelines(items) conf.write('Include /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/*.conf\n') continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [installOWASP]") print("0," + str(msg)) @staticmethod def disableOWASP(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsec/owasp') > -1: continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") else: confFile = os.path.join("/usr/local/lsws/conf/modsec.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsec/owasp') > -1: continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [disableOWASP]") print("0," + str(msg)) @staticmethod def disableRuleFile(fileName, packName): try: confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: conf.write("#" + items) else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print("1,None") except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [disableRuleFile]") print("0," + str(msg)) @staticmethod def enableRuleFile(fileName, packName): try: confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: conf.write(items.lstrip('#')) else: conf.writelines(items) conf.close() # if ProcessUtilities.decideServer() == ProcessUtilities.OLS: # confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') # confData = open(confFile).readlines() # conf = open(confFile, 'w') # # for items in confData: # if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: # conf.write(items.lstrip('#')) # else: # conf.writelines(items) # # conf.close() # else: # path = '/usr/local/lsws/conf/comodo_litespeed/' # completePath = path + fileName # completePathBak = path + fileName + '.bak' # # command = 'mv ' + completePathBak + ' ' + completePath # ProcessUtilities.executioner(command) installUtilities.reStartLiteSpeed() print("1,None") except BaseException as msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [enableRuleFile]") print("0," + str(msg)) def main(): parser = argparse.ArgumentParser(description='CyberPanel Installer') parser.add_argument('function', help='Specific a function to call!') parser.add_argument('--tempConfigPath', help='Temporary path to configurations data!') parser.add_argument('--packName', help='ModSecurity supplier name!') parser.add_argument('--fileName', help='Filename to enable or disable!') args = parser.parse_args() if args.function == "installModSecConfigs": modSec.installModSecConfigs() elif args.function == "installModSec": modSec.installModSec() elif args.function == "saveModSecConfigs": modSec.saveModSecConfigs(args.tempConfigPath) elif args.function == "saveModSecRules": modSec.saveModSecRules() elif args.function == "setupOWASPRules": modSec.setupOWASPRules() elif args.function == "installOWASP": modSec.installOWASP() elif args.function == "disableOWASP": modSec.disableOWASP() elif args.function == "setupComodoRules": modSec.setupComodoRules() elif args.function == "installComodo": modSec.installComodo() elif args.function == "disableComodo": modSec.disableComodo() elif args.function == "disableRuleFile": modSec.disableRuleFile(args.fileName, args.packName) elif args.function == "enableRuleFile": modSec.enableRuleFile(args.fileName, args.packName) if __name__ == "__main__": main() �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
| ver. 1.4 |
Github
|
.
| PHP 8.2.28 | Generation time: 0.02 |
proxy
|
phpinfo
|
Settings