def __init__(self, debug: bool = False) -> None: """TODO: Doku.""" self.cfg_log = Config(LOG_CONFIG_PATH) loglevel = self.cfg_log.get_value("LOG", "level") to_stdout = self.cfg_log.get_value("LOG", "to_stdout") to_files = self.cfg_log.get_value("LOG", "to_files") logpath = self.cfg_log.get_value("LOG", "filepath") logfile = self.cfg_log.get_value("LOG", "filename") self.log = Log(str(loglevel), bool(to_stdout), bool(to_files), str(logpath), str(logfile)) info("starting easywall-web") self.cfg = Config(CONFIG_PATH) if debug is True: info("loading Flask debug configuration") APP.config.from_object('easywall.web.__main__.DevelopmentConfig') else: info("loading Flask production configuration") APP.config.from_object('easywall.web.__main__.ProductionConfig') self.rules_handler = RulesHandler() self.login_attempts = self.cfg.get_value("WEB", "login_attempts") self.login_bantime = self.cfg.get_value("WEB", "login_bantime") self.ip_ban = IpBan(app=APP, ban_count=self.login_attempts, ban_seconds=self.login_bantime, ipc=True) self.ip_ban.url_pattern_add('^/static.*$', match_type='regex')
def get_config_version_mismatch(self) -> bool: """ TODO: Docu """ cfg1 = Config("config/easywall.sample.ini") cfg2 = Config("config/easywall.ini") for section in cfg1.get_sections(): if section not in cfg2.get_sections(): return True for key in cfg1.get_keys(section): if key not in cfg2.get_keys(section): return True return False
def get_config_version_mismatch(self, cfgtype: str) -> bool: """TODO: Doku.""" if cfgtype == "core": cfg1 = Config("config/easywall.sample.ini") cfg2 = Config("config/easywall.ini") elif cfgtype == "web": cfg1 = Config("config/web.sample.ini") cfg2 = Config("config/web.ini") for section in cfg1.get_sections(): if section not in cfg2.get_sections(): return True for key in cfg1.get_keys(section): if key not in cfg2.get_keys(section): return True return False
def __init__(self, debug: bool = False) -> None: self.cfg = Config(CONFIG_PATH) loglevel = self.cfg.get_value("LOG", "level") to_stdout = self.cfg.get_value("LOG", "to_stdout") to_files = self.cfg.get_value("LOG", "to_files") logpath = self.cfg.get_value("LOG", "filepath") logfile = self.cfg.get_value("LOG", "filename") self.log = Log(str(loglevel), bool(to_stdout), bool(to_files), str(logpath), str(logfile)) info("starting easywall-web") self.is_first_run = not folder_exists("rules") self.rules_handler = RulesHandler() if self.is_first_run: self.rules_handler.ensure_files_exist() if debug is True: port = self.cfg.get_value("WEB", "bindport") host = self.cfg.get_value("WEB", "bindip") APP.config.from_object('easywall_web.__main__.DevelopmentConfig') APP.run(str(host), str(port)) else: APP.config.from_object('easywall_web.__main__.ProductionConfig')
def __init__(self, debug: bool = False) -> None: self.cfg = Config(CONFIG_PATH) loglevel = self.cfg.get_value("LOG", "level") to_stdout = self.cfg.get_value("LOG", "to_stdout") to_files = self.cfg.get_value("LOG", "to_files") logpath = self.cfg.get_value("LOG", "filepath") logfile = self.cfg.get_value("LOG", "filename") self.log = Log(str(loglevel), bool(to_stdout), bool(to_files), str(logpath), str(logfile)) self.login_attempts = self.cfg.get_value("WEB", "login_attempts") self.login_bantime = self.cfg.get_value("WEB", "login_bantime") self.ip_ban = IpBan(app=APP, ban_count=self.login_attempts, ban_seconds=self.login_bantime, ipc=True) self.ip_ban.url_pattern_add('^/static.*$', match_type='regex') info("starting easywall-web") self.rules_handler = RulesHandler() self.rules_handler.ensure_files_exist() if debug is True: port = self.cfg.get_value("WEB", "bindport") host = self.cfg.get_value("WEB", "bindip") APP.config.from_object('easywall_web.__main__.DevelopmentConfig') APP.run(str(host), str(port)) else: APP.config.from_object('easywall_web.__main__.ProductionConfig')
def __init__(self, configpath): self.config = Config(configpath) self.loglevel = self.get_level(self.config.get_value("LOG", "level")) # create logger root = logging.getLogger() root.handlers.clear() # workaround for default stdout handler root.setLevel(self.loglevel) # create formatter and add it to the handlers formatter = logging.Formatter( '[%(asctime)s] [%(levelname)s] [%(filename)s:%(lineno)d] %(message)s') # create console handler -> logs are always written to stdout if bool(self.config.get_value("LOG", "to_stdout")): std_handler = logging.StreamHandler(stdout) std_handler.setLevel(self.loglevel) std_handler.setFormatter(formatter) root.addHandler(std_handler) # create file handler if enabled in configuration if bool(self.config.get_value("LOG", "to_files")): # create log filepath if not exists create_folder_if_not_exists( self.config.get_value("LOG", "filepath")) file_handler = logging.FileHandler( self.config.get_value("LOG", "filepath") + "/" + self.config.get_value("LOG", "filename") ) file_handler.setLevel(self.loglevel) file_handler.setFormatter(formatter) root.addHandler(file_handler)
def setUp(self): self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = false to_stdout = true filepath = filename = [IPV6] enabled = true [ACCEPTANCE] enabled = true duration = 1 [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.rules_firstrun()
def __init__(self): """the init function creates some class variables""" self.config = Config("config/easywall.ini") self.enabled = bool(self.config.get_value("ACCEPTANCE", "enabled")) self.filename = self.config.get_value("ACCEPTANCE", "filename") debug("Acceptance Process initialized. Status: " + str(self.enabled) + " Filename: " + self.filename)
def setUp(self) -> None: """TODO: Doku.""" prepare_configuration() self.config = Config(WEB_CONFIG_PATH) self.config.set_value("WEB", "username", "") self.config.set_value("WEB", "password", "") self.client = prepare_client()
def run(): """this is the main function of the program""" # Startup Process config = Config("config/easywall.ini") loglevel = config.get_value("LOG", "level") to_stdout = config.get_value("LOG", "to_stdout") to_files = config.get_value("LOG", "to_files") logpath = config.get_value("LOG", "filepath") logfile = config.get_value("LOG", "filename") log = Log(loglevel, to_stdout, to_files, logpath, logfile) info("Starting up easywall...") ensure_rules_files(config) event_handler = ModifiedHandler() observer = Observer() observer.schedule(event_handler, config.get_value("RULES", "filepath")) observer.start() info("easywall is up and running.") # waiting for file modifications try: while True: sleep(2) except KeyboardInterrupt: info("KeyboardInterrupt received, starting shutdown") finally: shutdown(observer, config, log)
def test_init(self, input: Any, getpass: Any) -> None: """TODO: Doku.""" input.return_value = "test" getpass.return_value = "test" from easywall.web.passwd import Passwd Passwd() self.config = Config(WEB_CONFIG_PATH) self.assertEqual(self.config.get_value("WEB", "username"), "test")
def set_username_password(self) -> None: """TODO: Doku.""" self.config = Config(WEB_CONFIG_PATH) self.config.set_value("WEB", "username", "test") hostname = platform.node().encode("utf-8") salt = hashlib.sha512(hostname).hexdigest() pw_hash = hashlib.sha512( str(salt + "test").encode("utf-8")).hexdigest() self.config.set_value("WEB", "password", pw_hash)
def setUp(self) -> None: self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = no to_stdout = yes filepath = /var/log filename = easywall.log [IPTABLES] log_blocked_connections = yes log_blocked_connections_log_limit = 60 log_blacklist_connections = yes log_blacklist_connections_log_limit = 60 drop_broadcast_packets = yes drop_multicast_packets = yes drop_anycast_packets = yes ssh_brute_force_prevention = yes ssh_brute_force_prevention_log = yes ssh_brute_force_prevention_connection_limit = 5 ssh_brute_force_prevention_log_limit = 60 icmp_flood_prevention = yes icmp_flood_prevention_log = yes icmp_flood_prevention_connection_limit = 5 icmp_flood_prevention_log_limit = 60 drop_invalid_packets = yes drop_invalid_packets_log = yes drop_invalid_packets_log_limit = 60 port_scan_prevention = yes port_scan_prevention_log = yes port_scan_prevention_log_limit = 60 [IPV6] enabled = true icmp_allow_router_advertisement = yes icmp_allow_neighbor_advertisement = yes [ACCEPTANCE] enabled = yes duration = 1 timestamp = [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.ensure_files_exist()
def setUp(self): content = """[ACCEPTANCE] enabled = true duration = 1 """ create_file_if_not_exists("acceptance.ini") write_into_file("acceptance.ini", content) self.config = Config("acceptance.ini") self.acceptance = Acceptance(self.config)
def test_constructor_file_not_read(self) -> None: """TODO: Doku.""" create_file_if_not_exists("test.ini") content = """[DEFAULT] goodcontent = test badcontent """ write_into_file("test.ini", content) with self.assertRaises(ParsingError): Config("test.ini")
def test_init(self, input, getpass): """ TODO: Doku """ input.return_value = "test" getpass.return_value = "test" from easywall_web.passwd import Passwd Passwd() self.config = Config(CONFIG_PATH) self.assertEqual(self.config.get_value("WEB", "username"), "test")
def setUp(self): content = """[TEST] teststring = string testboolean = true testint = 1 testfloat = 1.1 """ create_file_if_not_exists("test.ini") write_into_file("test.ini", content) self.config = Config("test.ini")
def __init__(self, configpath: str): info("Applying new configuration.") self.create_running_file() self.config = Config(configpath) self.iptables = Iptables(configpath) self.acceptance = Acceptance(configpath) self.ipv6 = self.config.get_value("IPV6", "enabled") self.filepath = None self.filename = None self.date = None self.apply() self.delete_running_file()
def __init__(self): logging.info("Applying new configuration.") self.create_running_file() self.config = Config("config/easywall.ini") self.iptables = Iptables() self.acceptance = Acceptance() self.ipv6 = self.config.get_value("IPV6", "enabled") self.filepath = None self.filename = None self.date = None self.apply() self.delete_running_file()
def __init__(self) -> None: """TODO: Doku.""" self.cfg = Config(CONFIG_PATH) self.cfg_log = Config(LOG_CONFIG_PATH) loglevel = self.cfg_log.get_value("LOG", "level") to_stdout = self.cfg_log.get_value("LOG", "to_stdout") to_files = self.cfg_log.get_value("LOG", "to_files") logpath = self.cfg_log.get_value("LOG", "filepath") logfile = self.cfg_log.get_value("LOG", "filename") self.log = Log(str(loglevel), bool(to_stdout), bool(to_files), str(logpath), str(logfile)) info("starting easywall") self.easywall = Easywall(self.cfg) self.event_handler = ModifiedHandler(self.apply) self.observer = Observer() self.stop_flag = False info("easywall has been started")
def test_disabled(self): """ TODO: Doku """ content = """[ACCEPTANCE] enabled = false duration = 1 """ create_file_if_not_exists("acceptance.ini") write_into_file("acceptance.ini", content) self.config = Config("acceptance.ini") self.acceptance = Acceptance(self.config) self.assertEqual(self.acceptance.status(), "disabled")
def __init__(self) -> None: """the init function creates the config variable and calls the user input""" self.config = Config(CONFIG_PATH) parser = argparse.ArgumentParser() parser.add_argument("--username", "-u", help="set username") parser.add_argument("--password", "-p", help="set password") args = parser.parse_args() if args.username and args.password: self.saveuser(args.username) self.savepasswd(args.password) else: self.ask_user()
def __init__(self): """the init function creates some useful class variables""" debug("Setting up iptables...") self.config = Config("config/easywall.ini") self.ipv6 = bool(self.config.get_value("IPV6", "enabled")) self.iptables_bin = self.config.get_value("EXEC", "iptables") self.iptables_bin_save = self.config.get_value("EXEC", "iptables-save") self.iptables_bin_restore = self.config.get_value( "EXEC", "iptables-restore") if self.ipv6 is True: debug("IPV6 is enabled") self.ip6tables_bin = self.config.get_value("EXEC", "ip6tables") self.ip6tables_bin_save = self.config.get_value( "EXEC", "ip6tables-save") self.ip6tables_bin_restore = self.config.get_value( "EXEC", "ip6tables-restore")
def prepare_configuration() -> None: """ TODO: Doku """ if file_exists(CONFIG_PATH): rename_file(CONFIG_PATH, CONFIG_BACKUP_PATH) content = """[LOG] level = info to_files = no to_stdout = yes filepath = log filename = easywall-web.log [WEB] username = demo password = xxx bindip = 0.0.0.0 bindport = 12227 login_attempts = 10 login_bantime = 1800 [VERSION] version = 0.0.0 sha = 12345 date = 2020-01-01T00:00:00Z timestamp = 1234 [uwsgi] https-socket = 0.0.0.0:12227,easywall.crt,easywall.key processes = 5 threads = 2 callable = APP master = false wsgi-file = easywall_web/__main__.py need-plugin = python3 """ create_file_if_not_exists(CONFIG_PATH) write_into_file(CONFIG_PATH, content) config = Config(CONFIG_PATH) config.set_value("VERSION", "timestamp", str(int(time())))
def run(): """ this is the first and main function of the program """ config = Config(CONFIG_PATH) loglevel = config.get_value("LOG", "level") to_stdout = config.get_value("LOG", "to_stdout") to_files = config.get_value("LOG", "to_files") logpath = config.get_value("LOG", "filepath") logfile = config.get_value("LOG", "filename") log = Log(loglevel, to_stdout, to_files, logpath, logfile) info("executing startup sequence...") create_rule_files(config) event_handler = ModifiedHandler() observer = Observer() observer.schedule(event_handler, config.get_value("RULES", "filepath")) observer.start() info("startup sequence successfully finished") start_observer(observer, config, log)
def run(): """this is the main function of the program""" # Startup Process masterlog = Log("config/easywall.ini") logging.info("Starting up easywall...") masterconfig = Config("config/easywall.ini") ensure_rules_files(masterconfig) event_handler = ModifiedHandler() observer = Observer() observer.schedule( event_handler, masterconfig.get_value("RULES", "filepath")) observer.start() logging.info("easywall is up and running.") # waiting for file modifications try: while True: time.sleep(2) except KeyboardInterrupt: shutdown(observer, masterconfig, masterlog) shutdown(observer, masterconfig, masterlog)
def __init__(self, debug=False): APP.secret_key = os.urandom(12) self.cfg = Config(CONFIG_PATH) loglevel = self.cfg.get_value("LOG", "level") to_stdout = self.cfg.get_value("LOG", "to_stdout") to_files = self.cfg.get_value("LOG", "to_files") logpath = self.cfg.get_value("LOG", "filepath") logfile = self.cfg.get_value("LOG", "filename") self.log = Log(loglevel, to_stdout, to_files, logpath, logfile) info("starting easywall-web") self.is_first_run = not folder_exists("rules") self.rules_handler = RulesHandler() if self.is_first_run: self.rules_handler.rules_firstrun() if debug is True: port = self.cfg.get_value("WEB", "bindport") host = self.cfg.get_value("WEB", "bindip") APP.run(host, port, debug)
def __init__(self): self.cfg = Config(CONFIG_PATH) loglevel = self.cfg.get_value("LOG", "level") to_stdout = self.cfg.get_value("LOG", "to_stdout") to_files = self.cfg.get_value("LOG", "to_files") logpath = self.cfg.get_value("LOG", "filepath") logfile = self.cfg.get_value("LOG", "filename") self.log = Log(loglevel, to_stdout, to_files, logpath, logfile) info("starting easywall") self.is_first_run = not folder_exists("rules") self.rules_handler = RulesHandler() if self.is_first_run: self.rules_handler.rules_firstrun() self.easywall = Easywall(self.cfg) self.event_handler = ModifiedHandler(self.apply) self.observer = Observer() self.stop_flag = False info("easywall has been started")
def setUp(self) -> None: content = """[EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [IPV6] enabled = yes [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists("iptables.ini") write_into_file("iptables.ini", content) self.config = Config("iptables.ini") self.iptables = Iptables(self.config)
def __init__(self) -> None: """TODO: Doku.""" self.cfg = Config("config/web.ini") self.cfg_easywall = Config(CONFIG_PATH) self.cfg_log = Config(LOG_CONFIG_PATH)