def SaveProtocols(): import changeconfig a = stuffs.Filtro() b = a.CheckStr(request.vars['id']) if b != 'YES': return query = db(db.production.id_rand == request.vars['id']).select( db.production.nginx_conf_data, db.production.app_name) text = "" array = ['unchecked', 'unchecked', 'unchecked'] if request.vars['1'] == "true": text = text + " TLSv1" array[0] = 'checked' if request.vars['2'] == "true": text = text + " TLSv1.1" array[1] = 'checked' if request.vars['3'] == "true": text = text + " TLSv1.2" array[2] = 'checked' if text == "": response.flash = "Error" return #print array text = text + ";" try: change = changeconfig.Change() r = change.Text(query[0]['nginx_conf_data'], 'ssl_protocols', " ssl_protocols%s" % (text)) DataNginx = '\n'.join(r['new_list']) AppName = query[0]['app_name'] UpdateFiles = stuffs.CreateFiles() UpdateFiles.CreateNginxFiles(ProdNginxAvail, AppName, DataNginx) u = stuffs.Nginx() u.Reload() db.certificate.update_or_insert( db.certificate.id_rand == request.vars['id'], protocol=array) db(db.production.id_rand == request.vars['id']).update( nginx_conf_data='\n'.join(r['new_list'])) except Exception as e: response.flash = e return response.flash = "Changed Protocol SSL" return
def DenyPaths(): # print request.vars a = stuffs.Filtro() r = '' try: b = a.CheckStr(request.vars['id']) except Exception as error: r = error b = 'NO' response.flash = T('Error in data supplied') path_list = [] count_safe = 0 go_ahead = '' if b == 'YES': for i in request.vars.keys(): if len(request.vars[i]) == 0: response.flash = "Paths can't be empty" break elif 'path' in i: path_list.append(request.vars[i]) count_safe += 1 if count_safe <= 20: # increase here if you want more than 20 paths to deny... go_ahead = 'YES' else: go_ahead = 'NO' if b == 'YES' and go_ahead == 'YES': # falta hacer que se guarden en la db y se muestren en la vista paths = '\n'.join(path_list) db(db.production.id_rand == request.vars['id']).update( paths_denied=paths) total_deny = '' for path in path_list: # print 'path: ', path total_deny += "location %s {\nreturn 403;}\n" % (path) # print 'total: ', total_deny name = db(db.production.id_rand == request.vars['id']).select( db.production.app_name) f = open( DenyPathsDir + name[0]['app_name'] + '/' + name[0]['app_name'] + '_denyPaths.conf', 'w') f.write(total_deny) f.close() r = stuffs.Nginx() r.Reload() response.flash = 'Configuration was saved' r = 'Configuration was saved' else: response.flash = T('Error in data supplied') if r == '': r = 'Error in data supplied' return r
def CipherPrefer(): import changeconfig a = stuffs.Filtro() b = a.CheckStr(request.vars['id']) if b != 'YES': return query = db(db.production.id_rand == request.vars['id']).select( db.production.nginx_conf_data, db.production.app_name) text = "" if request.vars['status'] == "On": text = text + " on" db.certificate.update_or_insert( db.certificate.id_rand == request.vars['id'], prefer_cipher="checked") elif request.vars['status'] == "Off": text = text + " off" db.certificate.update_or_insert( db.certificate.id_rand == request.vars['id'], prefer_cipher="unchecked") else: response.flash = "Error" return text = text + ";" try: change = changeconfig.Change() r = change.Text(query[0]['nginx_conf_data'], 'ssl_prefer_server_ciphers', " ssl_prefer_server_ciphers%s" % (text)) DataNginx = '\n'.join(r['new_list']) AppName = query[0]['app_name'] UpdateFiles = stuffs.CreateFiles() UpdateFiles.CreateNginxFiles(ProdNginxAvail, AppName, DataNginx) u = stuffs.Nginx() u.Reload() db(db.production.id_rand == request.vars['id']).update( nginx_conf_data='\n'.join(r['new_list'])) except Exception as e: response.flash = e return response.flash = "Changed SSL prefer server ciphers SSL" return
def ExcludeLocal(): a = stuffs.Filtro() try: b = a.CheckStr(request.vars['id_rand']) c = a.CheckRule(request.vars['ruleid']) d = a.CheckName(request.vars['attack_name']) f = a.CheckPath(request.vars['path']) except: b = 'NO' if b == 'YES' and c == 'YES' and d == 'YES' and f == 'YES': data = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 1) & (db.exclusions.rules_id == request.vars['ruleid']) & (db.exclusions.local_path == request.vars['path'])).select(db.exclusions.rules_id, db.exclusions.local_path) modsec_conf = db(db.production.id_rand == request.vars['id_rand']).select(db.production.app_name, db.production.modsec_conf_data) if not data: #random custom_id custom_id = randint(0, 99999999) #add rule id to exclusions in db db.exclusions.insert(rules_id=request.vars['ruleid'], id_rand=request.vars['id_rand'], custom_id=custom_id, local_path=request.vars['path'], type=1, attack_name=request.vars['attack_name'], user=session['auth']['user']['username']) #get updated rules id rulesid = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 1)).select(db.exclusions.rules_id, db.exclusions.local_path, db.exclusions.custom_id) #Recreate the rules rules = '#ExclusionLocal\n' for i in rulesid: rules = rules + "SecRule REQUEST_URI \"@beginswith "+i['local_path']+"\" \"id:"+str(i['custom_id'])+",phase:1,pass,nolog, ctl:ruleRemoveById="+i['rules_id']+"\"\n" rules_list = rules #replace old rules with new ones replace = re.sub(r'^(##\w+Local\w+##\n).*(##\w+Local\w+##)', r'\1%s\2' %(rules_list.decode("utf-8")), modsec_conf[0]['modsec_conf_data'], flags=re.S | re.M) db(db.production.id_rand == request.vars['id_rand']).update(modsec_conf_data=replace)#'\n'.join(r)) db.commit() UpdateFiles = stuffs.CreateFiles() try: UpdateFiles.CreateModsecConf('prod', modsec_conf[0]['app_name'], replace) a = stuffs.Nginx() b = a.Reload() #NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name']) except Exception as e: #NewLogError(db2, auth.user.username, "Mode: " + str(e)) session.flash = e response.flash = 'Rule has been excluded locally' r = 'Rule has been excluded locally' else: response.flash = 'Rule ID or Path already excluded' r = 'Rule ID already excluded' else: response.flash = 'Error in data supplied' r = 'Error in data supplied' #print b,c,d,f return response.json(r)
def ExcludeGlobal(): #import changeconfig a = stuffs.Filtro() try: b = a.CheckStr(request.vars['id_rand']) c = a.CheckRule(request.vars['ruleid']) d = a.CheckName(request.vars['attack_name']) except: b = 'NO' if b == 'YES' and c == 'YES' and d == 'YES': data = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 0) & (db.exclusions.rules_id == request.vars['ruleid'])).select(db.exclusions.rules_id) modsec_conf = db(db.production.id_rand == request.vars['id_rand']).select(db.production.app_name, db.production.modsec_conf_data) if not data: #add rule id to exclusions in db db.exclusions.insert(rules_id=request.vars['ruleid'], id_rand=request.vars['id_rand'], type=0, attack_name=request.vars['attack_name'], user=session['auth']['user']['username']) #get updated rules id rulesid = db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.type == 0)).select(db.exclusions.rules_id) #change = changeconfig.Change() rules = '#ExclusionGLobally\n' for i in rulesid: rules = rules + "SecRuleRemoveById " + str(i['rules_id']) + '\n' rules_list = rules replace = re.sub(r'^(##\w+Global\w+##\n).*(##\w+Global\w+##)', r'\1%s\2' %(rules_list.decode("utf-8")), modsec_conf[0]['modsec_conf_data'], flags=re.S | re.M) db(db.production.id_rand == request.vars['id_rand']).update(modsec_conf_data=replace)#'\n'.join(r)) db.commit() UpdateFiles = stuffs.CreateFiles() try: UpdateFiles.CreateModsecConf('prod', modsec_conf[0]['app_name'], replace) a = stuffs.Nginx() b = a.Reload() #NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name']) except Exception as e: #NewLogError(db2, auth.user.username, "Mode: " + str(e)) session.flash = e response.flash = 'Rule has been excluded globally' r = 'Rule has been excluded globally' else: response.flash = 'Rule ID already excluded' r = 'Rule ID already excluded' else: response.flash = 'Error in data supplied' r = 'Error in data supplied' return response.json(r)
def SavedCipher(): import changeconfig a = stuffs.Filtro() b = a.CheckStr(request.vars['id']) if b != 'YES': response.flash = "Error" return if any(c in str(request.vars['ciphers']) for c in "\"/',%#$=*()[]{}?¿|&<>¨~°^ ."): response.flash = "Error" return query = db(db.production.id_rand == request.vars['id']).select( db.production.nginx_conf_data, db.production.app_name) text = request.vars['ciphers'] text2 = "'" + text + "';" try: change = changeconfig.Change() r = change.Text(query[0]['nginx_conf_data'], 'ssl_ciphers', " ssl_ciphers %s" % (text2)) DataNginx = '\n'.join(r['new_list']) AppName = query[0]['app_name'] UpdateFiles = stuffs.CreateFiles() UpdateFiles.CreateNginxFiles(ProdNginxAvail, AppName, DataNginx) u = stuffs.Nginx() u.Reload() db.certificate.update_or_insert( db.certificate.id_rand == request.vars['id'], ciphers=text) db(db.production.id_rand == request.vars['id']).update( nginx_conf_data='\n'.join(r['new_list'])) except Exception as e: response.flash = e return response.flash = "Changed SSL Cipher" return
def AddHeaders(): a = stuffs.Filtro() # print request.vars check_list = [] try: b = a.CheckStr(request.vars['id']) except Exception as debug: d = debug r = debug b = 'NO' response.flash = T('Error in data supplied') # something strange happens below, is more slow when POST contains no data ....... if b == 'YES': if len(request.vars) == 1 and request.vars.keys()[0] == 'id': db(db.production.id_rand == request.vars['id']).update( extra_headers="") nginx_conf = db( db.production.id_rand == request.vars['id']).select( db.production.app_name, db.production.nginx_conf_data) replace = re.sub( r'(^ ##startInsertHead\w+##\n).*(^ ##endInsertHead\w+##)', r'\1%s\2' % (''), nginx_conf[0]['nginx_conf_data'], flags=re.S | re.M) db(db.production.id_rand == request.vars['id']).update( nginx_conf_data=replace) # '\n'.join(r)) db.commit() UpdateFiles = stuffs.CreateFiles() # try: # get the new conf nginx_conf = db( db.production.id_rand == request.vars['id']).select( db.production.app_name, db.production.nginx_conf_data) UpdateFiles.CreateNginxFiles(ProdNginxAvail, nginx_conf[0]['app_name'], nginx_conf[0]['nginx_conf_data']) response.flash = 'Configuration was saved' r = stuffs.Nginx() r.Reload() r = 'Configuration was saved' else: for test in request.vars.keys(): if test != 'id': if len(request.vars[test]) == 2: check_list.append('YES') else: check_list.append('NO') response.flash = T('Error in data supplied') if request.vars[test][1] == "": check_list.append('NO') response.flash = 'Header must have a value!' else: check_list.append('YES') if len(request.vars[test][0]) != 0: check_list.append('YES') else: response.flash = 'Header name can\'t be empty!' check_list.append('NO') r = '' if 'NO' not in check_list and len(check_list) > 1: cookies = [] cookies_list = '' for i in request.vars.keys(): if 'cookie' in i: cookies.append(' add_header ' + '"' + request.vars[i][0] + '" "' + request.vars[i][1] + '";\n') cookies_list = cookies_list + \ request.vars[i][0] + ' ' + request.vars[i][1] + '\n' else: pass db(db.production.id_rand == request.vars['id']).update( extra_headers=cookies_list) nginx_conf = db( db.production.id_rand == request.vars['id']).select( db.production.app_name, db.production.nginx_conf_data) replace = re.sub( r'(^ ##startInsertHead\w+##\n).*(^ ##endInsertHead\w+##)', r'\1%s\2' % (''.join(cookies)), nginx_conf[0]['nginx_conf_data'], flags=re.S | re.M) db(db.production.id_rand == request.vars['id']).update( nginx_conf_data=replace) # '\n'.join(r)) db.commit() UpdateFiles = stuffs.CreateFiles() try: # get the new conf nginx_conf = db( db.production.id_rand == request.vars['id']).select( db.production.app_name, db.production.nginx_conf_data) UpdateFiles.CreateNginxFiles(ProdNginxAvail, nginx_conf[0]['app_name'], nginx_conf[0]['nginx_conf_data']) response.flash = 'Configuration was saved' r = stuffs.Nginx() r.Reload() r = 'Configuration was saved' # NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name']) except Exception as e: # NewLogError(db2, auth.user.username, "Mode: " + str(e)) session.flash = e r = e else: # print 'not continue' r = 'Error in data supplied' return response.json(r)
def DeleteRule(): import changeconfig a = stuffs.Filtro() #print request.vars['type'] try: b = a.CheckStr(request.vars['id_rand']) c = a.CheckRule(request.vars['ruleid']) d = int(request.vars['type']) except: b = 'NO' if b == 'YES' and c == 'YES' and request.vars['type'] == '0': #remove rule from exclusions table db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.rules_id == request.vars['ruleid']) & (db.exclusions.type == 0)).delete() modsec = db(db.production.id_rand == request.vars['id_rand']).select( db.production.modsec_conf_data, db.production.app_name, db.production.mode) #change configuration #Change return a dictionary with status message and the new list whith changed configuration ex: {'newconf_list': 'data', 'message':'success or error'} change = changeconfig.Change() alter = change.Text(modsec[0]['modsec_conf_data'], 'SecRuleRemoveById ' + request.vars['ruleid'], '') db(db.production.id_rand == request.vars['id_rand']).update( modsec_conf_data='\n'.join(alter['new_list'])) #get new modsec conf new_modsec = db( db.production.id_rand == request.vars['id_rand']).select( db.production.modsec_conf_data) UpdateFiles = stuffs.CreateFiles() try: UpdateFiles.CreateModsecConf('prod', modsec[0]['app_name'], new_modsec[0]['modsec_conf_data']) stuffs.Nginx().Reload() #NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name']) except Exception as e: #NewLogError(db2, auth.user.username, "Mode: " + str(e)) session.flash = e response.flash = 'Rule deleted succesfully' r = 'Rule deleted succesfully' elif b == 'YES' and c == 'YES' and request.vars['type'] == '1': db((db.exclusions.id_rand == request.vars['id_rand']) & (db.exclusions.rules_id == request.vars['ruleid']) & (db.exclusions.type == 1)).delete() modsec = db(db.production.id_rand == request.vars['id_rand']).select( db.production.modsec_conf_data, db.production.app_name, db.production.mode) #change configuration #Change return a dictionary with status message and the new list whith changed configuration ex: {'newconf_list': 'data', 'message':'success or error'} change = changeconfig.Change() alter = change.Text(modsec[0]['modsec_conf_data'], 'ctl:ruleRemoveById=' + request.vars['ruleid'], '') db(db.production.id_rand == request.vars['id_rand']).update( modsec_conf_data='\n'.join(alter['new_list'])) #get new modsec conf new_modsec = db( db.production.id_rand == request.vars['id_rand']).select( db.production.modsec_conf_data) UpdateFiles = stuffs.CreateFiles() try: UpdateFiles.CreateModsecConf('prod', modsec[0]['app_name'], new_modsec[0]['modsec_conf_data']) stuffs.Nginx().Reload() #NewLogApp(db2, auth.user.username, "Mode: prod " + data[0]['app_name']) except Exception as e: #NewLogError(db2, auth.user.username, "Mode: " + str(e)) session.flash = e response.flash = 'Rule deleted succesfully' r = 'Rule deleted succesfully' else: r = 'Error in data supplied' return response.json(r)