def reload_all_intfs(request):
k_output = "Reloading all interface :<br>"
intfs = Intf.objects.all()
mc = MC()
for intf in intfs:
if intf.need_restart:
fail = intf.maybeWrite()
if fail:
k_output += "%s:%s" % (intf.name, fail)
else:
k_output += intf.name + ":"
outp = intf.k('graceful')
if outp:
k_output += outp
else:
k_output += "everything ok"
k_output += "<br>"
# Delete memcached records to update config
for app in App.objects.filter(intf=intf).all():
mc.delete(app.name + ':app')
return render_to_response('vulture/intf_list.html', {
'object_list': intfs,
'k_output': k_output,
'user': request.user
})
def stop_intf(request, intf_id):
intf = Intf.objects.get(pk=intf_id)
k_output = intf.k('stop')
apps = App.objects.filter(intf=intf).all()
for app in apps:
# Delete memcached records to update config
MC.delete(app.name + ':app')
sleep(2)
return render_to_response('vulture/intf_list.html',
{'object_list': Intf.objects.all(), 'k_output': k_output, 'user' : request.user})
def reload_intf(request, intf_id):
intf = Intf.objects.get(pk=intf_id)
fail = intf.maybeWrite()
if fail:
k_output = fail
else:
k_output = intf.k('graceful')
apps = App.objects.filter(intf=intf).all()
for app in apps:
# Delete memcached records to update config
MC.delete("%s:app"%app.name)
return render_to_response('vulture/intf_list.html',
{'object_list': Intf.objects.all(), 'k_output': k_output, 'user' : request.user})
def stop_intf(request, intf_id):
intf = Intf.objects.get(pk=intf_id)
k_output = intf.k('stop')
apps = App.objects.filter(intf=intf).all()
mc = MC()
for app in apps:
# Delete memcached records to update config
mc.delete(app.name + ':app')
sleep(2)
return render_to_response(
'vulture/intf_list.html', {
'object_list': Intf.objects.all(),
'k_output': k_output,
'user': request.user
})
def reload_intf(request, intf_id):
intf = Intf.objects.get(pk=intf_id)
fail = intf.maybeWrite()
if fail:
k_output = fail
else:
k_output = intf.k('graceful')
apps = App.objects.filter(intf=intf).all()
mc = MC()
for app in apps:
# Delete memcached records to update config
mc.delete("%s:app" % app.name)
return render_to_response(
'vulture/intf_list.html', {
'object_list': Intf.objects.all(),
'k_output': k_output,
'user': request.user
})
def reload_all_intfs(request):
k_output = "Reloading all interface :<br>"
intfs = Intf.objects.all()
for intf in intfs :
if intf.need_restart:
fail = intf.maybeWrite()
if fail:
k_output += "%s:%s"%(intf.name,fail)
else:
k_output += intf.name+":"
outp = intf.k('graceful')
if outp:
k_output += outp
else:
k_output += "everything ok"
k_output += "<br>"
# Delete memcached records to update config
for app in App.objects.filter(intf=intf).all():
MC.delete(app.name + ':app')
return render_to_response('vulture/intf_list.html', {'object_list': intfs, 'k_output': k_output, 'user' : request.user})
def edit_app(request, object_id=None):
inst = object_id and App.objects.get(pk=object_id)
app_inst = object_id and App.objects.get(id=object_id)
form = AppForm(request.POST or None, instance=inst)
form.header = Header.objects.order_by("-id").filter(app=object_id)
FJKD = inlineformset_factory(App, JKDirective, extra=4)
# Save new/edited app
if request.method == 'POST' and form.is_valid():
appdirname = request.POST['name']
appdirname = appdirname.replace("/", "")
regex = re.compile("[\w\-\.]+")
if not regex.match(appdirname):
raise ValueError(appdirname + " does not match a valid app name")
dataPosted = request.POST
app = form.save()
fjkd = FJKD(request.POST, instance=inst)
#JK Directives
if fjkd.is_valid():
fjkd.save()
else:
raise ValueError("bad inline formset !!!!")
#SSL Configuration
fssl_conf = SSLConfForm(request.POST,
instance=object_id
and app_inst.ssl_configuration,
prefix='ssl_conf')
if form.cleaned_data['conf_from_intf']:
inst = Intf.objects.get(id=form.cleaned_data['intf'])
ssl_conf_id = inst.ssl_configuration
if hasattr(
app_inst, 'ssl_configuration'
) and app_inst.ssl_configuration != inst.ssl_configuration: #delete unused ssl_configuration
try:
app_inst.ssl_configuration.delete()
except AttributeError:
pass
if fssl_conf.is_valid() and not form.cleaned_data['conf_from_intf']:
if hasattr(app_inst, 'ssl_configuration'
) and app_inst.ssl_configuration == Intf.objects.get(
id=form.cleaned_data['intf']).ssl_configuration:
fssl_conf = SSLConfForm(
request.POST, prefix='ssl_conf'
) #To switch from Intf-SSL_Conf to App-SSL_Conf
ssl_conf_id = fssl_conf.save()
app.ssl_configuration = ssl_conf_id
# headers ..
headers = Header.objects.filter(app=object_id) #Delete old headers
headers.delete()
for data in dataPosted:
m = re.match('header_id-(\d+)', data)
if m != None:
id_ = m.group(1)
desc = dataPosted['field_desc-' + id_]
type_ = dataPosted['field_type-' + id_]
if desc and type_:
instance = Header(app=app,
name=desc,
value=dataPosted['field_value-' + id_],
type=type_)
instance.save()
# delete cached version of this app in memcache
MC().delete('%s:app' % app.name)
# Make sure we're using logic auth there
app.auth = get_logic_auth_for(app.auth)
app.save()
return HttpResponseRedirect('/app/')
fjkd = FJKD(instance=inst)
fssl_conf = SSLConfForm(request.POST or None,
instance=object_id and app_inst.ssl_configuration,
prefix='ssl_conf')
# Save new/edited app
return render_to_response('vulture/app_form.html', {
'form': form,
'user': request.user,
'fjkd': fjkd,
'fssl_conf': fssl_conf
})
def manage_cluster(request):
version_conf = Conf.objects.get(var='version_conf')
curversion=int(version_conf.value or 0)
if request.method == 'POST':
curversion += 1
version_conf.value = str(curversion)
version_conf.save()
return render_to_response('vulture/cluster_list.html', {'last_version':curversion, 'object_list':MC.list_servers()})
def edit_app(request,object_id=None):
inst = object_id and App.objects.get(pk=object_id)
form = AppForm(request.POST or None,instance=inst)
form.header = Header.objects.order_by("-id").filter(app=object_id)
FJKD = inlineformset_factory(App, JKDirective, extra=4)
# Save new/edited app
if request.method == 'POST' and form.is_valid():
appdirname = request.POST['name']
appdirname = appdirname.replace("/","")
regex = re.compile("[\w\-\.]+")
if not regex.match(appdirname):
raise ValueError(appdirname+" does not match a valid app name")
path = "%s/security-rules"%(settings.CONF_PATH)
custom_p = "%s/CUSTOM"%path
custom_app_p = "%s/%s"%(custom_p,appdirname)
app_acti_p = "%s/activated/%s"%(path,appdirname)
fname = "vulture-%s.conf"%(appdirname)
fpath = "%s/%s"%(custom_app_p,fname)
dataPosted = request.POST
app = form.save()
#Delete old headers
headers = Header.objects.filter(app=object_id)
headers.delete()
fjkd = FJKD(request.POST,instance=inst)
if fjkd.is_valid():
fjkd.save()
else:
raise ValueError("bad inline formset !!!!")
if "MS_Activated" in dataPosted:
# create needed directories for this app
for rep in (path,custom_p,custom_app_p,app_acti_p):
if not os.path.exists(rep):
os.mkdir(rep,0770)
# get variables we send to the template
mod_secu_vars = {"appname":app.name}
for row in ('version','action',
'motor',
'critical_score','warning_score','error_score',
'notice_score','inbound_score','outbound_score',
'paranoid', 'UTF', 'XML', 'BodyAccess',
'max_num_args', 'arg_name_length', 'arg_length',
'total_arg_length', 'max_file_size','combined_file_size',
'allowed_http','allowed_content_type',
'allowed_http_version','restricted_extensions',
'restricted_headers',
'BT_activated', 'protected_urls',
'BT_burst_time_slice', 'BT_counter_threshold',
'BT_block_timeout',
'DoS_activated', 'DoS_burst_time_slice',
'DoS_counter_threshold', 'DoS_block_timeout', 'Custom' ):
if row in dataPosted:
mod_secu_vars[row]=dataPosted[row]
# write config file for this app
t = get_template("mod_secu.conf")
ctx = Context(mod_secu_vars)
conf_txt = t.render(ctx)
f = open(fpath,'wb')
f.write(conf_txt)
f.close()
# create/remove symlinks for activated rules
directory = {
"base_rules":"securitybase",
"experimental_rules":'securityexp',
"optional_rules":'securityopt',
"slr_rules":'securityslr',
"CUSTOM":'CUSTOM'
}
# create directory for app conf if needed
# remove deleted rules, add new ones
for dir_, file_list in directory.iteritems():
new_files = request.POST.getlist(file_list)
# if not form.fields[file_list].initial:
# break;
for old_file in form.fields[file_list].initial:
if not old_file in new_files:
os.remove("%s/%s"%(app_acti_p,old_file))
for file_ in new_files:
try:
os.symlink("%s/%s/%s"%(path,dir_,file_),"%s/%s"%(app_acti_p,file_))
except:
pass
# link all data files in app directory
for src in directory:
link_path("%s/%s"%(path,src),app_acti_p,".*\.data$")
try:
os.symlink(fpath,"%s/%s"%(app_acti_p,fname))
except:
pass
# mod_security was disabled for this app
else:
for rep in (custom_app_p,app_acti_p):
if os.path.exists(rep):
for rmfile in os.listdir(rep):
os.remove("%s/%s"%(rep,rmfile))
os.rmdir(rep)
# headers ..
for data in dataPosted:
m = re.match('header_id-(\d+)',data)
if m != None:
id_ = m.group(1)
desc = dataPosted['field_desc-' + id_]
type_ = dataPosted['field_type-' + id_]
if desc and type_:
instance = Header(app=app, name = desc, value = dataPosted['field_value-' + id_], type=type_)
instance.save()
# delete cached version of this app in memcache
MC.delete('%s:app'%app.name)
# Make sure we're using logic auth there
app.auth = get_logic_auth_for(app.auth)
app.save()
return HttpResponseRedirect('/app/')
fjkd = FJKD(instance=inst)
return render_to_response('vulture/app_form.html', {'form': form, 'user' : request.user, 'fjkd':fjkd})
