def __init__(self, debug: bool = False) -> None:
"""TODO: Doku."""
self.cfg_log = Config(LOG_CONFIG_PATH)
loglevel = self.cfg_log.get_value("LOG", "level")
to_stdout = self.cfg_log.get_value("LOG", "to_stdout")
to_files = self.cfg_log.get_value("LOG", "to_files")
logpath = self.cfg_log.get_value("LOG", "filepath")
logfile = self.cfg_log.get_value("LOG", "filename")
self.log = Log(str(loglevel), bool(to_stdout), bool(to_files),
str(logpath), str(logfile))
info("starting easywall-web")
self.cfg = Config(CONFIG_PATH)
if debug is True:
info("loading Flask debug configuration")
APP.config.from_object('easywall.web.__main__.DevelopmentConfig')
else:
info("loading Flask production configuration")
APP.config.from_object('easywall.web.__main__.ProductionConfig')
self.rules_handler = RulesHandler()
self.login_attempts = self.cfg.get_value("WEB", "login_attempts")
self.login_bantime = self.cfg.get_value("WEB", "login_bantime")
self.ip_ban = IpBan(app=APP,
ban_count=self.login_attempts,
ban_seconds=self.login_bantime,
ipc=True)
self.ip_ban.url_pattern_add('^/static.*$', match_type='regex')
def get_config_version_mismatch(self) -> bool:
"""
TODO: Docu
"""
cfg1 = Config("config/easywall.sample.ini")
cfg2 = Config("config/easywall.ini")
for section in cfg1.get_sections():
if section not in cfg2.get_sections():
return True
for key in cfg1.get_keys(section):
if key not in cfg2.get_keys(section):
return True
return False
def get_config_version_mismatch(self, cfgtype: str) -> bool:
"""TODO: Doku."""
if cfgtype == "core":
cfg1 = Config("config/easywall.sample.ini")
cfg2 = Config("config/easywall.ini")
elif cfgtype == "web":
cfg1 = Config("config/web.sample.ini")
cfg2 = Config("config/web.ini")
for section in cfg1.get_sections():
if section not in cfg2.get_sections():
return True
for key in cfg1.get_keys(section):
if key not in cfg2.get_keys(section):
return True
return False
def __init__(self, debug: bool = False) -> None:
self.cfg = Config(CONFIG_PATH)
loglevel = self.cfg.get_value("LOG", "level")
to_stdout = self.cfg.get_value("LOG", "to_stdout")
to_files = self.cfg.get_value("LOG", "to_files")
logpath = self.cfg.get_value("LOG", "filepath")
logfile = self.cfg.get_value("LOG", "filename")
self.log = Log(str(loglevel), bool(to_stdout), bool(to_files),
str(logpath), str(logfile))
info("starting easywall-web")
self.is_first_run = not folder_exists("rules")
self.rules_handler = RulesHandler()
if self.is_first_run:
self.rules_handler.ensure_files_exist()
if debug is True:
port = self.cfg.get_value("WEB", "bindport")
host = self.cfg.get_value("WEB", "bindip")
APP.config.from_object('easywall_web.__main__.DevelopmentConfig')
APP.run(str(host), str(port))
else:
APP.config.from_object('easywall_web.__main__.ProductionConfig')
def __init__(self, debug: bool = False) -> None:
self.cfg = Config(CONFIG_PATH)
loglevel = self.cfg.get_value("LOG", "level")
to_stdout = self.cfg.get_value("LOG", "to_stdout")
to_files = self.cfg.get_value("LOG", "to_files")
logpath = self.cfg.get_value("LOG", "filepath")
logfile = self.cfg.get_value("LOG", "filename")
self.log = Log(str(loglevel), bool(to_stdout), bool(to_files), str(logpath), str(logfile))
self.login_attempts = self.cfg.get_value("WEB", "login_attempts")
self.login_bantime = self.cfg.get_value("WEB", "login_bantime")
self.ip_ban = IpBan(app=APP, ban_count=self.login_attempts,
ban_seconds=self.login_bantime, ipc=True)
self.ip_ban.url_pattern_add('^/static.*$', match_type='regex')
info("starting easywall-web")
self.rules_handler = RulesHandler()
self.rules_handler.ensure_files_exist()
if debug is True:
port = self.cfg.get_value("WEB", "bindport")
host = self.cfg.get_value("WEB", "bindip")
APP.config.from_object('easywall_web.__main__.DevelopmentConfig')
APP.run(str(host), str(port))
else:
APP.config.from_object('easywall_web.__main__.ProductionConfig')
def __init__(self, configpath):
self.config = Config(configpath)
self.loglevel = self.get_level(self.config.get_value("LOG", "level"))
# create logger
root = logging.getLogger()
root.handlers.clear() # workaround for default stdout handler
root.setLevel(self.loglevel)
# create formatter and add it to the handlers
formatter = logging.Formatter(
'[%(asctime)s] [%(levelname)s] [%(filename)s:%(lineno)d] %(message)s')
# create console handler -> logs are always written to stdout
if bool(self.config.get_value("LOG", "to_stdout")):
std_handler = logging.StreamHandler(stdout)
std_handler.setLevel(self.loglevel)
std_handler.setFormatter(formatter)
root.addHandler(std_handler)
# create file handler if enabled in configuration
if bool(self.config.get_value("LOG", "to_files")):
# create log filepath if not exists
create_folder_if_not_exists(
self.config.get_value("LOG", "filepath"))
file_handler = logging.FileHandler(
self.config.get_value("LOG", "filepath") + "/" +
self.config.get_value("LOG", "filename")
)
file_handler.setLevel(self.loglevel)
file_handler.setFormatter(formatter)
root.addHandler(file_handler)
def setUp(self):
self.config_file = "test_easywall.ini"
content = """[LOG]
level = info
to_files = false
to_stdout = true
filepath =
filename =
[IPV6]
enabled = true
[ACCEPTANCE]
enabled = true
duration = 1
[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore
[BACKUP]
filepath = ./backup
ipv4filename = iptables_v4_backup
ipv6filename = iptables_v6_backup
"""
create_file_if_not_exists(self.config_file)
write_into_file(self.config_file, content)
self.cfg = Config(self.config_file)
self.easywall = Easywall(self.cfg)
self.easywall.rules.rules_firstrun()
def __init__(self):
"""the init function creates some class variables"""
self.config = Config("config/easywall.ini")
self.enabled = bool(self.config.get_value("ACCEPTANCE", "enabled"))
self.filename = self.config.get_value("ACCEPTANCE", "filename")
debug("Acceptance Process initialized. Status: " +
str(self.enabled) + " Filename: " + self.filename)
def setUp(self) -> None:
"""TODO: Doku."""
prepare_configuration()
self.config = Config(WEB_CONFIG_PATH)
self.config.set_value("WEB", "username", "")
self.config.set_value("WEB", "password", "")
self.client = prepare_client()
def run():
"""this is the main function of the program"""
# Startup Process
config = Config("config/easywall.ini")
loglevel = config.get_value("LOG", "level")
to_stdout = config.get_value("LOG", "to_stdout")
to_files = config.get_value("LOG", "to_files")
logpath = config.get_value("LOG", "filepath")
logfile = config.get_value("LOG", "filename")
log = Log(loglevel, to_stdout, to_files, logpath, logfile)
info("Starting up easywall...")
ensure_rules_files(config)
event_handler = ModifiedHandler()
observer = Observer()
observer.schedule(event_handler, config.get_value("RULES", "filepath"))
observer.start()
info("easywall is up and running.")
# waiting for file modifications
try:
while True:
sleep(2)
except KeyboardInterrupt:
info("KeyboardInterrupt received, starting shutdown")
finally:
shutdown(observer, config, log)
def test_init(self, input: Any, getpass: Any) -> None:
"""TODO: Doku."""
input.return_value = "test"
getpass.return_value = "test"
from easywall.web.passwd import Passwd
Passwd()
self.config = Config(WEB_CONFIG_PATH)
self.assertEqual(self.config.get_value("WEB", "username"), "test")
def set_username_password(self) -> None:
"""TODO: Doku."""
self.config = Config(WEB_CONFIG_PATH)
self.config.set_value("WEB", "username", "test")
hostname = platform.node().encode("utf-8")
salt = hashlib.sha512(hostname).hexdigest()
pw_hash = hashlib.sha512(
str(salt + "test").encode("utf-8")).hexdigest()
self.config.set_value("WEB", "password", pw_hash)
def setUp(self) -> None:
self.config_file = "test_easywall.ini"
content = """[LOG]
level = info
to_files = no
to_stdout = yes
filepath = /var/log
filename = easywall.log
[IPTABLES]
log_blocked_connections = yes
log_blocked_connections_log_limit = 60
log_blacklist_connections = yes
log_blacklist_connections_log_limit = 60
drop_broadcast_packets = yes
drop_multicast_packets = yes
drop_anycast_packets = yes
ssh_brute_force_prevention = yes
ssh_brute_force_prevention_log = yes
ssh_brute_force_prevention_connection_limit = 5
ssh_brute_force_prevention_log_limit = 60
icmp_flood_prevention = yes
icmp_flood_prevention_log = yes
icmp_flood_prevention_connection_limit = 5
icmp_flood_prevention_log_limit = 60
drop_invalid_packets = yes
drop_invalid_packets_log = yes
drop_invalid_packets_log_limit = 60
port_scan_prevention = yes
port_scan_prevention_log = yes
port_scan_prevention_log_limit = 60
[IPV6]
enabled = true
icmp_allow_router_advertisement = yes
icmp_allow_neighbor_advertisement = yes
[ACCEPTANCE]
enabled = yes
duration = 1
timestamp =
[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore
"""
create_file_if_not_exists(self.config_file)
write_into_file(self.config_file, content)
self.cfg = Config(self.config_file)
self.easywall = Easywall(self.cfg)
self.easywall.rules.ensure_files_exist()
def setUp(self):
content = """[ACCEPTANCE]
enabled = true
duration = 1
"""
create_file_if_not_exists("acceptance.ini")
write_into_file("acceptance.ini", content)
self.config = Config("acceptance.ini")
self.acceptance = Acceptance(self.config)
def test_constructor_file_not_read(self) -> None:
"""TODO: Doku."""
create_file_if_not_exists("test.ini")
content = """[DEFAULT]
goodcontent = test
badcontent
"""
write_into_file("test.ini", content)
with self.assertRaises(ParsingError):
Config("test.ini")
def test_init(self, input, getpass):
"""
TODO: Doku
"""
input.return_value = "test"
getpass.return_value = "test"
from easywall_web.passwd import Passwd
Passwd()
self.config = Config(CONFIG_PATH)
self.assertEqual(self.config.get_value("WEB", "username"), "test")
def setUp(self):
content = """[TEST]
teststring = string
testboolean = true
testint = 1
testfloat = 1.1
"""
create_file_if_not_exists("test.ini")
write_into_file("test.ini", content)
self.config = Config("test.ini")
def __init__(self, configpath: str):
info("Applying new configuration.")
self.create_running_file()
self.config = Config(configpath)
self.iptables = Iptables(configpath)
self.acceptance = Acceptance(configpath)
self.ipv6 = self.config.get_value("IPV6", "enabled")
self.filepath = None
self.filename = None
self.date = None
self.apply()
self.delete_running_file()
def __init__(self):
logging.info("Applying new configuration.")
self.create_running_file()
self.config = Config("config/easywall.ini")
self.iptables = Iptables()
self.acceptance = Acceptance()
self.ipv6 = self.config.get_value("IPV6", "enabled")
self.filepath = None
self.filename = None
self.date = None
self.apply()
self.delete_running_file()
def __init__(self) -> None:
"""TODO: Doku."""
self.cfg = Config(CONFIG_PATH)
self.cfg_log = Config(LOG_CONFIG_PATH)
loglevel = self.cfg_log.get_value("LOG", "level")
to_stdout = self.cfg_log.get_value("LOG", "to_stdout")
to_files = self.cfg_log.get_value("LOG", "to_files")
logpath = self.cfg_log.get_value("LOG", "filepath")
logfile = self.cfg_log.get_value("LOG", "filename")
self.log = Log(str(loglevel), bool(to_stdout), bool(to_files),
str(logpath), str(logfile))
info("starting easywall")
self.easywall = Easywall(self.cfg)
self.event_handler = ModifiedHandler(self.apply)
self.observer = Observer()
self.stop_flag = False
info("easywall has been started")
def test_disabled(self):
"""
TODO: Doku
"""
content = """[ACCEPTANCE]
enabled = false
duration = 1
"""
create_file_if_not_exists("acceptance.ini")
write_into_file("acceptance.ini", content)
self.config = Config("acceptance.ini")
self.acceptance = Acceptance(self.config)
self.assertEqual(self.acceptance.status(), "disabled")
def __init__(self) -> None:
"""the init function creates the config variable and calls the user input"""
self.config = Config(CONFIG_PATH)
parser = argparse.ArgumentParser()
parser.add_argument("--username", "-u", help="set username")
parser.add_argument("--password", "-p", help="set password")
args = parser.parse_args()
if args.username and args.password:
self.saveuser(args.username)
self.savepasswd(args.password)
else:
self.ask_user()
def __init__(self):
"""the init function creates some useful class variables"""
debug("Setting up iptables...")
self.config = Config("config/easywall.ini")
self.ipv6 = bool(self.config.get_value("IPV6", "enabled"))
self.iptables_bin = self.config.get_value("EXEC", "iptables")
self.iptables_bin_save = self.config.get_value("EXEC", "iptables-save")
self.iptables_bin_restore = self.config.get_value(
"EXEC", "iptables-restore")
if self.ipv6 is True:
debug("IPV6 is enabled")
self.ip6tables_bin = self.config.get_value("EXEC", "ip6tables")
self.ip6tables_bin_save = self.config.get_value(
"EXEC", "ip6tables-save")
self.ip6tables_bin_restore = self.config.get_value(
"EXEC", "ip6tables-restore")
def prepare_configuration() -> None:
"""
TODO: Doku
"""
if file_exists(CONFIG_PATH):
rename_file(CONFIG_PATH, CONFIG_BACKUP_PATH)
content = """[LOG]
level = info
to_files = no
to_stdout = yes
filepath = log
filename = easywall-web.log
[WEB]
username = demo
password = xxx
bindip = 0.0.0.0
bindport = 12227
login_attempts = 10
login_bantime = 1800
[VERSION]
version = 0.0.0
sha = 12345
date = 2020-01-01T00:00:00Z
timestamp = 1234
[uwsgi]
https-socket = 0.0.0.0:12227,easywall.crt,easywall.key
processes = 5
threads = 2
callable = APP
master = false
wsgi-file = easywall_web/__main__.py
need-plugin = python3
"""
create_file_if_not_exists(CONFIG_PATH)
write_into_file(CONFIG_PATH, content)
config = Config(CONFIG_PATH)
config.set_value("VERSION", "timestamp", str(int(time())))
def run():
"""
this is the first and main function of the program
"""
config = Config(CONFIG_PATH)
loglevel = config.get_value("LOG", "level")
to_stdout = config.get_value("LOG", "to_stdout")
to_files = config.get_value("LOG", "to_files")
logpath = config.get_value("LOG", "filepath")
logfile = config.get_value("LOG", "filename")
log = Log(loglevel, to_stdout, to_files, logpath, logfile)
info("executing startup sequence...")
create_rule_files(config)
event_handler = ModifiedHandler()
observer = Observer()
observer.schedule(event_handler, config.get_value("RULES", "filepath"))
observer.start()
info("startup sequence successfully finished")
start_observer(observer, config, log)
def run():
"""this is the main function of the program"""
# Startup Process
masterlog = Log("config/easywall.ini")
logging.info("Starting up easywall...")
masterconfig = Config("config/easywall.ini")
ensure_rules_files(masterconfig)
event_handler = ModifiedHandler()
observer = Observer()
observer.schedule(
event_handler, masterconfig.get_value("RULES", "filepath"))
observer.start()
logging.info("easywall is up and running.")
# waiting for file modifications
try:
while True:
time.sleep(2)
except KeyboardInterrupt:
shutdown(observer, masterconfig, masterlog)
shutdown(observer, masterconfig, masterlog)
def __init__(self, debug=False):
APP.secret_key = os.urandom(12)
self.cfg = Config(CONFIG_PATH)
loglevel = self.cfg.get_value("LOG", "level")
to_stdout = self.cfg.get_value("LOG", "to_stdout")
to_files = self.cfg.get_value("LOG", "to_files")
logpath = self.cfg.get_value("LOG", "filepath")
logfile = self.cfg.get_value("LOG", "filename")
self.log = Log(loglevel, to_stdout, to_files, logpath, logfile)
info("starting easywall-web")
self.is_first_run = not folder_exists("rules")
self.rules_handler = RulesHandler()
if self.is_first_run:
self.rules_handler.rules_firstrun()
if debug is True:
port = self.cfg.get_value("WEB", "bindport")
host = self.cfg.get_value("WEB", "bindip")
APP.run(host, port, debug)
def __init__(self):
self.cfg = Config(CONFIG_PATH)
loglevel = self.cfg.get_value("LOG", "level")
to_stdout = self.cfg.get_value("LOG", "to_stdout")
to_files = self.cfg.get_value("LOG", "to_files")
logpath = self.cfg.get_value("LOG", "filepath")
logfile = self.cfg.get_value("LOG", "filename")
self.log = Log(loglevel, to_stdout, to_files, logpath, logfile)
info("starting easywall")
self.is_first_run = not folder_exists("rules")
self.rules_handler = RulesHandler()
if self.is_first_run:
self.rules_handler.rules_firstrun()
self.easywall = Easywall(self.cfg)
self.event_handler = ModifiedHandler(self.apply)
self.observer = Observer()
self.stop_flag = False
info("easywall has been started")
def setUp(self) -> None:
content = """[EXEC]
iptables = /sbin/iptables
ip6tables = /sbin/ip6tables
iptables-save = /sbin/iptables-save
ip6tables-save = /sbin/ip6tables-save
iptables-restore = /sbin/iptables-restore
ip6tables-restore = /sbin/ip6tables-restore
[IPV6]
enabled = yes
[BACKUP]
filepath = ./backup
ipv4filename = iptables_v4_backup
ipv6filename = iptables_v6_backup
"""
create_file_if_not_exists("iptables.ini")
write_into_file("iptables.ini", content)
self.config = Config("iptables.ini")
self.iptables = Iptables(self.config)
def __init__(self) -> None:
"""TODO: Doku."""
self.cfg = Config("config/web.ini")
self.cfg_easywall = Config(CONFIG_PATH)
self.cfg_log = Config(LOG_CONFIG_PATH)
