def delHost(host): # Check if host exists if checkCommands.checkIfHostsExists(host) != 0: # Initialize answer variable answer = 'd' # Prompt if sure of deletion while answer != 'Y' and answer != 'n': answer = raw_input('Do you really want to delete host '+host+' and all the rules associated ? [Y/n] ') if answer == 'n': print 'Host deletion cancelled' return elif answer == 'Y': # Deleting host # Connecting to SQLite DB connection = sqlite.connect(configuration.basedir+configuration.datadir+"/db") cursor = connection.cursor() # First delete all the rules tied to the host cursor.execute("DELETE FROM rules WHERE host_id=(SELECT id FROM host WHERE name=?);",[host]) # Then delete the host cursor.execute("DELETE FROM host WHERE name=?",[host]) # Commit and exit connection.commit() cursor.close() print 'Host successfully deleted' else: print 'Host deletion failed : Unknown host'
def delRule(host,rule): # Check if host exists if checkCommands.checkIfHostsExists(host) != 1: print 'Unknow host '+host return # Prompt if sure of deletion answer = '?' while answer != 'Y' and answer != 'n': answer = raw_input('Are you sure you want to delete this rule on all lines ? [Y/n] ') if answer == 'n': return # Connecting to SQLite DB connection = sqlite.connect(configuration.basedir+configuration.datadir+"/db") cursor = connection.cursor() cursor.execute("DELETE FROM rules WHERE rule=? AND host_id=(SELECT id FROM host WHERE name=?)",[rule,host]) # Commit and exit connection.commit() cursor.close()
def delLine(host, linenumber): # Check if line number is correct try: int(linenumber) except: print 'Usage : line <#>. Deletes all rules on line in question.' return if int(linenumber) <= 0 or int(linenumber) > 200: print 'Line number must be less then or equal to 200 and greater then 0' return # Check if host exists if checkCommands.checkIfHostsExists(host) != 0: # Initialize answer variable answer = '?' # Prompt if sure of deletion while answer != 'Y' and answer != 'n': answer = raw_input('Do you really want to delete all the rules on line '+linenumber+' ? [Y/n] ') if answer == 'n': print 'Line deletion cancelled' return elif answer == 'Y': # Deleting all rules on line # Connecting to SQLite DB connection = sqlite.connect(configuration.basedir+configuration.datadir+"/db") cursor = connection.cursor() cursor.execute("DELETE FROM rules WHERE host_id=(SELECT id from host WHERE name=?) AND line=?;",[host,linenumber]) # Commit and exit connection.commit() cursor.close() print 'Line successfully deleted'
def __init__(self,command): # GLOBAL VARIABLE global __mode__ global __selectedhost__ global __selectedline__ command_family = command.split()[0] # # LEVEL OF COMMANDS : BASE # if __mode__ == "base": # Help command if command_family == 'help': print "Available commands are : add, del, exit, help, push, quit, show" # Exit command elif command_family == 'exit': sys.exit(0) # Quit command elif command_family == 'quit': sys.exit(0) # __mode__ add elif command_family == "add": __mode__ = "add" # __mode__ show elif command_family == "show": __mode__ = "show" # __mode__ del elif command_family == 'del': __mode__ = 'del' # __mode__ push elif command_family == 'push': __mode__ = 'push' # Default, error and propose help else: print "Unknown command "+command_family+". Type help for help." # # LEVEL OF COMMANDS : DEL # elif __mode__ == 'del': # Help command if command_family == 'help': print 'Available commands are : exit, help, host <name>, line <#>, quit, iptables <...>, iptables help, select <host>' # exit command elif command_family == 'exit': # If no host selected if __selectedhost__ == 'none': # Return to base commands __mode__ = 'base' # If there is a selected host else: # If there is a selected line if __selectedline__ != 0: # Remove selected line __selectedline__ == 0 else: # Remove selected host __selectedhost__ = 'none' # host command elif command_family == 'host': # Check if number of arguments is correct if len(command.split()) == 2: # Give the variable a friendlier name host = str(command.split()[1]) delCommands.delHost(host) else: print 'Usage : host <name>. Deletes the host in question.' # select command elif command_family == 'select': # check if number of arguments is correct if len(command.split()) == 2: if checkCommands.checkIfHostsExists(command.split()[1]) == 1: # Change prompt via global variable __selectedhost__ = command.split()[1] else: print 'Select host failed : Host not found' else: print 'Usage : select <name>. Selects a host.' # line command elif command_family == 'line': # Check if host is selected if __selectedhost__ != 'none': # Check if number of arguments is correct if len(command.split()) == 2: delCommands.delLine(__selectedhost__,command.split()[1]) else: print 'Usage : line <#>. Deletes all the rules on the line in question.' else: print 'You must select a host before selecting line.' # iptables command elif command_family == 'iptables': if __selectedhost__ == 'none' and not (len(command.split()) <= 2 or command.split()[1] == 'help'): print 'You must select a host before deleting rule' elif len(command.split()) <= 2 or command.split()[1] == 'help': print 'Usage : ' print ' 1. Select a host' print ' 2. Type in the rule you want to delete' else: delCommands.delRule(__selectedhost__,command) # quit command elif command_family == 'quit': sys.exit(0) # Unknow command else: print "Unknown command "+command_family+". Type help for help" # # LEVEL OF COMMANDS : PUSH # elif __mode__ == 'push': # help command if command_family == 'help': print 'Available commands are : exit, help, ssh <host>, quit' # exit command elif command_family == 'exit': # Check if no host selected if __selectedhost__ == 'none': # Return to base commands __mode__ = "base" # If there is a selected host else: # If there is a selected line if __selectedline__ != 0: # Remove selected line __selectedline__ = 0 else: # Remove selected host __selectedhost__ = 'none' # quit command elif command_family == 'quit': sys.exit(0) # push command elif command_family == 'ssh': # Send to pushCommandSSH pushCommands.pushSSH(command) # default : error and propose help else: print 'Unknown command '+command_family+'. Type help for help' # # LEVEL OF COMMANDS : ADD # elif __mode__ == "add": # Help command if command_family == "help": print "Available commands are : access-list, access-list help, exit, help, host, iptables, iptables help, line <#>, quit, select <host>" # exit command elif command_family == "exit": # Check if no host selected if __selectedhost__ == 'none': # Return to base commands __mode__ = "base" # If there is a selected host else: # If there is a selected line if __selectedline__ != 0: # Remove selected line __selectedline__ = 0 else: # Remove selected host __selectedhost__ = 'none' # Quit command elif command_family == "quit": sys.exit(0) # Host command elif command_family == "host": if len(command.split()) < 3: print "Usage : add <name> <ip/hostname>. Adds the host." elif len(command.split()) == 3: # Give the variables a friendlier name hostname = command.split()[1] ip = command.split()[2] # Add host addCommands.addHost(hostname,ip) else: print 'Usage : add <name> <ip/hostname>' # select command elif command_family == 'select': # check if number of arguments is correct if len(command.split()) == 2: if checkCommands.checkIfHostsExists(command.split()[1]) == 1: # Change prompt via global variable __selectedhost__ = command.split()[1] else: print 'Select host failed : Host not found' else: print 'Usage : select <name>. Selects a host.' # line command elif command_family == 'line': # Check if number of arguments is correct if len(command.split()) == 2: # Check if host is selected if __selectedhost__ != 'none': # Check if argument is a number if command.split()[1].isdigit(): # Check if line number >0 and <= 200 if int(command.split()[1]) > 0 and int(command.split()[1]) <= 200: __selectedline__ = command.split()[1] else: print 'Line number must be greater then 0 and less then 200' else: print 'Line argument is not a number' else: print 'Must select a host before selecting line.' else: print 'Usage : line <linenumber>. Selects a line' # Access-list command elif command_family == "access-list": if __selectedhost__ == 'none' and len(command.split()) >=2 and command.split()[1] != 'help': print 'Access-list rule add failed : No host selected. Use "select" command.' else: # Send command to add-access-list function rule = addCommands.addAccessList(command) # Check if we got an iptables rules or an error try: if rule.split()[0] == 'iptables': # Send rule to be written in host file writeCommands.writeIptablesRule(__selectedhost__,__selectedline__,rule) except: # If we got an error, do nothing. Error message was already sent by previous function pass # iptables command elif command_family == 'iptables': if __selectedhost__ == 'none' and len(command.split()) >=2 and command.split()[1] != 'help': print 'Iptables rule add failed : No host selected. Use "select" command.' # iptables help elif len(command.split()) == 1 or command.split()[1] == 'help': print 'Insert an iptables rule as you would on a normal host' print ' ex : iptables -A INPUT -s 192.168.0.0/24 -d 10.10.10.10 -j DROP' else: try: # Directly send the rule to be writtent writeCommands.writeIptablesRule(__selectedhost__,__selectedline__,command) except: # If we get an error, do nothing. Error message was already sent by previous function pass # template command elif command_family == 'template': # Check if host is selected if __selectedhost__ == 'none': print 'You must first select a host. Type help for help.' else: addCommands.addTemplateToHost(__selectedhost__,__selectedline__,command) # Default, error and propose help else: print "Unknown command "+command_family+". Type help for help" # # LEVEL OF COMMANDS : SHOW # elif __mode__ == "show": # Help command if command_family == "help": print "Availabe commands are : access-list <host>, exit, help, hosts, iptables <host>, quit, version" # exit command elif command_family == "exit": # Return to base commands __mode__ = "base" # Quit command elif command_family == "quit": sys.exit(0) # Hosts command elif command_family == "hosts": showCommands.showHosts() # Version command elif command_family == "version": showCommands.showVersion() elif command_family == 'access-list': # Check if argument count is correct if len(command.split()) == 2 : # Check if host exists host = command.split()[1] if checkCommands.checkIfHostsExists(host): # show access-list for the host showCommands.showAccessList(host,0) else: print 'Unknown host '+host else: print 'Usage : access-list <host>' elif command_family == 'iptables': # Check if argument count is correct if len(command.split()) == 2 : # Check if host exists host = command.split()[1] if checkCommands.checkIfHostsExists(host): # show access-list for the host showCommands.showAccessList(host,0) else: print 'Unknown host '+host else: print 'Usage : iptables <host>' # Default, error and propose help else: print "Unknown command "+command_family+". Type help for help" # Go back to previous prompt Prompt ()
def pushSSH(command): # Check if length of command is correct if len(command.split()) == 2: # Give variables a friendlier name host = command.split()[1] # Check if host exists if checkCommands.checkIfHostsExists(host): # Ask for user user = raw_input('Username: '******'Copy iptables script in directory [default: /usr/bin]: ') # Default if no directory given if directory == '': directory = '/usr/bin' # Get IP of the host ip = checkCommands.getHostIp(host).strip('\n') if ip == -1: print 'Push rules failed : Could not get IP or hostname of host' return try: # Create temporary file with all the rules tempfile = open(configuration.basedir+configuration.datadir+'/nm-iptables.sh','w') # Try to get the start template for the script. try: starttpl = open(configuration.basedir+configuration.tpldir+'/'+configuration.starttpl,'r') for line in starttpl: tempfile.write(str(line)) except: # If it fails doesn't matter. It just means there is not start template pass # Write all the rules tempfile.write(str(showCommands.showAccessList(host,1))) # Close file tempfile.close() except IOError as (errno, strerror): print "I/O error({0}): {1}".format(errno, strerror) print "Push rules failed : Unable to create temporary file." return # scp our file subprocess.Popen([ '/usr/bin/scp', configuration.basedir+configuration.datadir+'/nm-iptables.sh', user+'@'+ip+':'+directory+'/' ]).wait() # If username is root if user == 'root': # Ask our user if he wants us to execute the script answer = '?' while answer != 'n' and answer != 'y': answer = raw_input('Do you wish to execute the iptables script on the host ? [y/n]: ') if answer == 'y': # Send a little command via SSH subprocess.Popen([ '/usr/bin/ssh', user+'@'+ip, "'/bin/bash "+directory+"/nm-iptables.sh'" ]).wait() else: # Ask our user if he wants us to execute the script via sudo answer = '?' while answer != 'n' and answer != 'Y': answer = raw_input('Do you wish to execute the iptables script via sudo on the host ? [Y/n]: ') if answer == 'Y': # Send a little command via SSH using sudo subprocess.Popen("/usr/bin/ssh "+user+"@"+ip+" 'sudo bash "+directory+"/nm-iptables.sh'", shell=True).wait() # Remove the temporary file os.remove(configuration.basedir+configuration.datadir+'/nm-iptables.sh') else: print 'Unknown host' return