Beispiel #1
0
    def __init__(self):
        InstallCommand.__init__(self)
        self.cron_acl = "#!/bin/sh"
        with open(files.get_rel_path("data/cron_acl_apache.tpl")) as f:
            self.cron_acl = f.read()

        self.root_directive = str(""
                                    "<Directory />\n"
	                                "    AllowOverride None\n"
	                                "    Order Deny,Allow\n"
	                                "    Deny from all\n"
                                    "</Directory>\n")

        self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand())
        self.add_package('apache2')
        self.add_folder('/data/www',
                        ck_func=self.check_moved,
                        fix_func=self.fix_moved)
        self.add_file('/etc/cron.acl/apache',
                        ck_func=self.check_perm_cron,
                        fix_func=self.fix_perm_cron,
                        perm={'u':'rx', 'g':'rx', 'o':'rx'})
        self.add_file('/etc/apache2/conf.d/security',
                        ck_func=self.check_secure,
                        fix_func=self.fix_secure)
        self.add_folder('/var/www/default',perm={'u':'rwx', 'g':'rwx', 'o':'rx'})
        self.add_file('/var/www/default/index.html',
                        fix_func=self.fix_default_index,
                        perm={'u':'rw', 'g':'rw', 'o':'r'})
        self.add_file('/etc/apache2/sites-available/default',
                        ck_func=self.check_vh_default,
                        fix_func=self.fix_vh_default)
        self.add_file('/etc/apache2/sites-available/default-ssl',
                        ck_func=self.check_vh_default_ssl,
                        fix_func=self.fix_vh_default_ssl)
Beispiel #2
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "openssh-server"
     self.add_package(self.packages)
     self.add_file('/etc/ssh/sshd_config',
                     ck_func=self.check_ssh,
                     fix_func=self.fix_ssh)
Beispiel #3
0
    def __init__(self):
        InstallCommand.__init__(self)

        self.cron_acl_sudo = "#!/bin/sh"
        with open(files.get_rel_path("data/cron_acl.tpl")) as f:
            cron_acl_tpl = Template(f.read())
            self.cron_acl_sudo = cron_acl_tpl.safe_substitute(group="sudo", site_path="/data/www")

        self.cron_acl_dev_team = "#!/bin/sh"
        if CONFIG.is_set('site','ldap_dev_team'):
            with open(files.get_rel_path("data/cron_dev_team.tpl")) as f:
                cron_acl_tpl = Template(f.read())
                self.cron_acl_dev_team = cron_acl_tpl.safe_substitute(group=CONF_MAP('site','ldap_dev_team'))

        self.packages = "acl"
        self.add_package(self.packages)
        self.add_folder('/etc/cron.acl')
        self.add_file('/etc/crontab',
                        ck_func=self.check_acl_crontab,
                        fix_func=self.fix_acl_crontab)
        self.add_file('/etc/cron.acl/sudo',
                        ck_func=self.check_perm_cron,
                        fix_func=self.fix_perm_cron,
                        perm={'u':'rx', 'g':'rx', 'o':'rx'})
        self.add_file('/etc/cron.acl/ldap_dev_team',
                        ck_func=self.check_perm_dev_team,
                        fix_func=self.fix_perm_dev_team,
                        perm={'u':'rx', 'g':'rx', 'o':'rx'})
Beispiel #4
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "ufw"
     self.add_package(self.packages)
     self.add_file('/etc/rsyslog.d/20-ufw.conf', 
                     ck_func=self.check_ufw, 
                     fix_func=self.fix_ufw)
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "automysqlbackup"
     self.add_package(self.packages)
     self.add_file('/etc/default/automysqlbackup', 
                     ck_func=self.check_backup, 
                     fix_func=self.fix_backup)
Beispiel #6
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.org_dis_fun = "disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,\n"
     self.dis_fun = "\ndisable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,shell_exec, passthru,proc_open,proc_close,proc_get-status,proc_nice,proc_terminate,exec,system,suexec,popen,pclose,dl,virtual,set_time_limit,phpinfo,php_uname"
     self.packages = "php5 php5-mysql php5-ldap libapache2-mod-php5"
     self.add_package(self.packages)
     self.add_file('/etc/php5/apache2/php.ini',
                     ck_func=self.check_secure_php,
                     fix_func=self.fix_secure_php)
Beispiel #7
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "munin-node"
     self.add_package(self.packages)
     self.add_file('/etc/munin/munin-node.conf', 
                     ck_func=self.check_munin_master_ip, 
                     fix_func=self.fix_munin_master_ip)
     self.master_ip = self.LOCIP
     conf = CONFIG.get()
     if not CONFIG.is_set(self.NAME,'master_ip'):
         self.master_ip = None
     else:
         self.master_ip = conf[self.NAME]['master_ip']
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "libpam-script"
     self.add_package(self.packages)
     self.add_folder(CONF_MAP('libpam_script','auto_mount_dir'))
     self.add_file('/etc/pam.d/common-session', 
                     ck_func=self.check_common_session, 
                     fix_func=self.fix_common_session)
     self.add_file('/usr/share/libpam-script/pam_script_ses_open', 
                     ck_func=self.check_ses_open, 
                     fix_func=self.fix_ses_open,
                     perm={'u':'rx', 'g':'rx', 'o':'rx'})
     self.add_file('/usr/share/libpam-script/pam_script_ses_close', 
                     ck_func=self.check_ses_close, 
                     fix_func=self.fix_ses_close,
                     perm={'u':'rx', 'g':'rx', 'o':'rx'})
Beispiel #9
0
 def init_help(self):
     help = InstallCommand.init_help(self)
     help['command_detail'] = t("%s\n\t"
                                 "The folder /var/www will be moved to /data/www\n\t"
                                 "A cron is added in crontab to reapply www-data ownership on /data/www each 15 minutes\n\t"
                                 "Server signature will be fixed in /etc/apache2/conf.d/security" %
                                 help['command_detail'])
     return help
Beispiel #10
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.add_prerequisite(InstallNTPCommand.NAME, obj=InstallNTPCommand())
     self.add_prerequisite(InstallTopToolsCommand.NAME, obj=InstallTopToolsCommand())
     self.add_prerequisite(InstallFail2BanCommand.NAME, obj=InstallFail2BanCommand())
     self.add_prerequisite(InstallPHPCommand.NAME, obj=InstallPHPCommand())
     self.add_prerequisite(InstallApacheCommand.NAME, obj=InstallApacheCommand())
     self.add_prerequisite(InstallMySQLCommand.NAME, obj=InstallMySQLCommand())
     self.add_prerequisite(InstallAutoMySQLBackupCommand.NAME, obj=InstallAutoMySQLBackupCommand())
     self.add_prerequisite(InstallUFWCommand.NAME, obj=InstallUFWCommand())
     self.add_prerequisite(InstallSSHCommand.NAME, obj=InstallSSHCommand())
     self.add_prerequisite(InstallMuninNodeCommand.NAME, obj=InstallMuninNodeCommand())
     self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand())
     self.add_prerequisite(InstallAWStatsCommand.NAME, obj=InstallAWStatsCommand())
     self.add_prerequisite(InstallLibPAMScriptCommand.NAME, obj=InstallLibPAMScriptCommand())
     self.add_prerequisite(InstallGrubGFXCommand.NAME, obj=InstallGrubGFXCommand())
     self.add_prerequisite(InstallCentrifyCommand.NAME, obj=InstallCentrifyCommand())
Beispiel #11
0
 def do(self, args=[]):
     completed = InstallCommand.do(self,args)
     if 'check' not in args and 'fix' not in args:
         MySQLCommand().do(['reset_root_pass'])
         admin_mail = inputs.get_input_string(t("What is the admin mail?"), CONF_MAP('mail','admin_mail'))
         smtp_server = inputs.get_input_string(t("What is the smtp server to use?"), CONF_MAP('mail','smtp_server'))
         CONFIG.mod('mail','admin_mail', admin_mail)
         CONFIG.mod('mail','smtp_server', smtp_server)
         CONFIG.save()
Beispiel #12
0
    def __init__(self):
        InstallCommand.__init__(self)
        self.cron_acl_domainadmins = "#!/bin/sh"
        with open(files.get_rel_path("data/cron_acl.tpl")) as f:
            cron_acl_tpl = Template(f.read())
            self.cron_acl_domainadmins = cron_acl_tpl.safe_substitute(group="domain\\ admins", site_path="/data/www")

        self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand())
        self.add_package("centrifydc", fix_func=self.fix_centrifydc)
        self.add_file('/etc/centrifydc/centrifydc.conf',
                        ck_func=self.check_centrify_conf,
                        fix_func=self.fix_centrify_conf)
        self.add_file('/etc/centrifydc/users.allow',fix_func=self.fix_user_allow)
        self.add_file('/etc/centrifydc/groups.allow',
                        ck_func=self.check_group_allow,
                        fix_func=self.fix_group_allow)
        self.add_file('/etc/sudoers.d/centrify_uwsa',
                        ck_func=self.check_sudoers,
                        fix_func=self.fix_sudoers,
                        perm={'u':'r', 'g':'r', 'o':''})
        self.add_file('/etc/cron.acl/domainadmins',
                        ck_func=self.check_perm_cron,
                        fix_func=self.fix_perm_cron,
                        perm={'u':'rx', 'g':'rx', 'o':'rx'})
Beispiel #13
0
    def __init__(self):
        InstallCommand.__init__(self)
        self.add_package("python-ldap")
        self.add_package("python-iniparse")
        self.add_package("python-mysqldb")

        self.add_folder("/var/log/uwsa")
        self.add_folder("/etc/uwsa")
        self.add_folder("/var/lib/uwsa/")
        self.add_folder("/var/lib/uwsa/user_scripts")
        self.add_folder(CONF_MAP("site", "conf_path"))
        self.add_folder(CONF_MAP("site", "wordpress_template_path"))
        self.add_folder(CONF_MAP("site", "wikimedia_template_path"))
        self.add_folder(CONF_MAP("site", "typo3_template_path"))
        self.add_folder(CONF_MAP("site", "vhost_path"))

        self.add_file("/etc/uwsa/uwsa.conf", fix_func=self.fix_uwsa_conf)
        self.add_file("/etc/logrotate.d/uwsa", fix_func=self.fix_logrotate)

        self.add_file("/var/log/uwsa/*.log", perm={"u": "rw", "g": "r", "o": ""})
        self.add_file("/var/lib/uwsa/user_scripts/*.py", ck_func=self.check_user_scripts)
        self.add_file(
            "/var/lib/uwsa/auto_mount/*", ck_func=self.check_user_scripts, perm={"u": "rx", "g": "rx", "o": ""}
        )
Beispiel #14
0
    def do(self, args=[]):
        completed = InstallCommand.do(self,args)

        if inputs.get_input_yesno(t("Do you want to configure centrify/ldap now?")):
            if inputs.get_input_yesno(t("Will this machine use Active Directory?")):
                domain_name = inputs.get_input_string(t("What is the domain name?"), CONF_MAP('ldap','domain'))
                domain_controller = inputs.get_input_string(t("What is the address of the domain controller?"), CONF_MAP('ldap','dc'))
                domain_read_user = inputs.get_input_string(t("What is the ldap reader username?"), CONF_MAP('ldap','ldap_reader'))
                domain_read_pass = inputs.get_password(t("What is the ldap reader password?"),validate=False)
                domain_default_ou = inputs.get_input_string(t("What is the ldap default OU for uwsa?"), CONF_MAP('ldap','uwsa_ou'))

                CONFIG.mod('ldap','enabled', True)
                CONFIG.mod('ldap','domain', domain_name)
                CONFIG.mod('ldap','dc', domain_controller)
                CONFIG.mod('ldap','ldap_reader', domain_read_user)
                CONFIG.mod('ldap','ldap_reader_pass', domain_read_pass)
                CONFIG.mod('ldap','uwsa_ou', domain_default_ou)

                if not CONF_MAP('centrify', 'joined') and inputs.get_input_yesno(t("Do you want to join the Active Directory now?")):
                    domain_admin_user = inputs.get_input_string(t("What is the domain admin username?"))
                    domain_admin_pass = inputs.get_password(t("What is the domain admin password?"),confirm=False, validate=False)
                    cmd_list = [
                        {'command' : 'adjoin -w --force --user %s --password %s %s' % (domain_admin_user, domain_admin_pass, domain_name),
                         'anonymous' : 'adjoin -w --force --user %s --password XXXXXXXXXXXXX %s' % (domain_admin_user, domain_name),
                         'success_code' : [0,8],
                        },
                        'service centrifydc start',
                    ]
                    completed, pinfo = core.exec_cmd_list(cmd_list)
                    L.info(pinfo['stdout'])
                    if not completed:
                        raise Exception(t("Error in installation!"), self.NAME)
                    CONFIG.mod('centrify','joined', "True" )
                CONFIG.save()

        return completed
 def init_help(self):
     help = InstallCommand.init_help(self)
     help['command_detail'] = t("%s\n\t"
                                 "The folder /var/lib/automysqlbackup will be moved to /data/automysqlbackup\n\t" % 
                                 help['command_detail'])
     return help
Beispiel #16
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "ntp ntpdate"
     self.add_package(self.packages)
Beispiel #17
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "fail2ban"
     self.add_package(self.packages)
Beispiel #18
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "iotop htop jnettop nethogs apachetop sysstat dstat ifstat latencytop mytop ntop iperf"
     self.add_package(self.packages)
Beispiel #19
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "awstats"
     self.add_package(self.packages)
Beispiel #20
0
 def init_help(self):
     help = InstallCommand.init_help(self)
     help['command_detail'] = t("%s\n\t"
                                 "This command will install the almost perfect uwsa server." % 
                                 help['command_detail'])
Beispiel #21
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.packages = "mysql-server"
     self.add_package(self.packages, ck_func=self.check_mysql, fix_func=self.fix_mysql)
Beispiel #22
0
 def init_help(self):
     help = InstallCommand.init_help(self)
     help['command_detail'] = t("%s\n\t"
                                 "The folder /var/www will be moved to /data/www\n\t" % 
                                 help['command_detail'])
     return help
Beispiel #23
0
 def __init__(self):
     InstallCommand.__init__(self)
     self.add_file('/etc/default/grub', 
                     ck_func=self.check_grub, 
                     fix_func=self.fix_grub)