def __init__(self): InstallCommand.__init__(self) self.cron_acl = "#!/bin/sh" with open(files.get_rel_path("data/cron_acl_apache.tpl")) as f: self.cron_acl = f.read() self.root_directive = str("" "<Directory />\n" " AllowOverride None\n" " Order Deny,Allow\n" " Deny from all\n" "</Directory>\n") self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand()) self.add_package('apache2') self.add_folder('/data/www', ck_func=self.check_moved, fix_func=self.fix_moved) self.add_file('/etc/cron.acl/apache', ck_func=self.check_perm_cron, fix_func=self.fix_perm_cron, perm={'u':'rx', 'g':'rx', 'o':'rx'}) self.add_file('/etc/apache2/conf.d/security', ck_func=self.check_secure, fix_func=self.fix_secure) self.add_folder('/var/www/default',perm={'u':'rwx', 'g':'rwx', 'o':'rx'}) self.add_file('/var/www/default/index.html', fix_func=self.fix_default_index, perm={'u':'rw', 'g':'rw', 'o':'r'}) self.add_file('/etc/apache2/sites-available/default', ck_func=self.check_vh_default, fix_func=self.fix_vh_default) self.add_file('/etc/apache2/sites-available/default-ssl', ck_func=self.check_vh_default_ssl, fix_func=self.fix_vh_default_ssl)
def __init__(self): InstallCommand.__init__(self) self.packages = "openssh-server" self.add_package(self.packages) self.add_file('/etc/ssh/sshd_config', ck_func=self.check_ssh, fix_func=self.fix_ssh)
def __init__(self): InstallCommand.__init__(self) self.cron_acl_sudo = "#!/bin/sh" with open(files.get_rel_path("data/cron_acl.tpl")) as f: cron_acl_tpl = Template(f.read()) self.cron_acl_sudo = cron_acl_tpl.safe_substitute(group="sudo", site_path="/data/www") self.cron_acl_dev_team = "#!/bin/sh" if CONFIG.is_set('site','ldap_dev_team'): with open(files.get_rel_path("data/cron_dev_team.tpl")) as f: cron_acl_tpl = Template(f.read()) self.cron_acl_dev_team = cron_acl_tpl.safe_substitute(group=CONF_MAP('site','ldap_dev_team')) self.packages = "acl" self.add_package(self.packages) self.add_folder('/etc/cron.acl') self.add_file('/etc/crontab', ck_func=self.check_acl_crontab, fix_func=self.fix_acl_crontab) self.add_file('/etc/cron.acl/sudo', ck_func=self.check_perm_cron, fix_func=self.fix_perm_cron, perm={'u':'rx', 'g':'rx', 'o':'rx'}) self.add_file('/etc/cron.acl/ldap_dev_team', ck_func=self.check_perm_dev_team, fix_func=self.fix_perm_dev_team, perm={'u':'rx', 'g':'rx', 'o':'rx'})
def __init__(self): InstallCommand.__init__(self) self.packages = "ufw" self.add_package(self.packages) self.add_file('/etc/rsyslog.d/20-ufw.conf', ck_func=self.check_ufw, fix_func=self.fix_ufw)
def __init__(self): InstallCommand.__init__(self) self.packages = "automysqlbackup" self.add_package(self.packages) self.add_file('/etc/default/automysqlbackup', ck_func=self.check_backup, fix_func=self.fix_backup)
def __init__(self): InstallCommand.__init__(self) self.org_dis_fun = "disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,\n" self.dis_fun = "\ndisable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,shell_exec, passthru,proc_open,proc_close,proc_get-status,proc_nice,proc_terminate,exec,system,suexec,popen,pclose,dl,virtual,set_time_limit,phpinfo,php_uname" self.packages = "php5 php5-mysql php5-ldap libapache2-mod-php5" self.add_package(self.packages) self.add_file('/etc/php5/apache2/php.ini', ck_func=self.check_secure_php, fix_func=self.fix_secure_php)
def __init__(self): InstallCommand.__init__(self) self.packages = "munin-node" self.add_package(self.packages) self.add_file('/etc/munin/munin-node.conf', ck_func=self.check_munin_master_ip, fix_func=self.fix_munin_master_ip) self.master_ip = self.LOCIP conf = CONFIG.get() if not CONFIG.is_set(self.NAME,'master_ip'): self.master_ip = None else: self.master_ip = conf[self.NAME]['master_ip']
def __init__(self): InstallCommand.__init__(self) self.packages = "libpam-script" self.add_package(self.packages) self.add_folder(CONF_MAP('libpam_script','auto_mount_dir')) self.add_file('/etc/pam.d/common-session', ck_func=self.check_common_session, fix_func=self.fix_common_session) self.add_file('/usr/share/libpam-script/pam_script_ses_open', ck_func=self.check_ses_open, fix_func=self.fix_ses_open, perm={'u':'rx', 'g':'rx', 'o':'rx'}) self.add_file('/usr/share/libpam-script/pam_script_ses_close', ck_func=self.check_ses_close, fix_func=self.fix_ses_close, perm={'u':'rx', 'g':'rx', 'o':'rx'})
def init_help(self): help = InstallCommand.init_help(self) help['command_detail'] = t("%s\n\t" "The folder /var/www will be moved to /data/www\n\t" "A cron is added in crontab to reapply www-data ownership on /data/www each 15 minutes\n\t" "Server signature will be fixed in /etc/apache2/conf.d/security" % help['command_detail']) return help
def __init__(self): InstallCommand.__init__(self) self.add_prerequisite(InstallNTPCommand.NAME, obj=InstallNTPCommand()) self.add_prerequisite(InstallTopToolsCommand.NAME, obj=InstallTopToolsCommand()) self.add_prerequisite(InstallFail2BanCommand.NAME, obj=InstallFail2BanCommand()) self.add_prerequisite(InstallPHPCommand.NAME, obj=InstallPHPCommand()) self.add_prerequisite(InstallApacheCommand.NAME, obj=InstallApacheCommand()) self.add_prerequisite(InstallMySQLCommand.NAME, obj=InstallMySQLCommand()) self.add_prerequisite(InstallAutoMySQLBackupCommand.NAME, obj=InstallAutoMySQLBackupCommand()) self.add_prerequisite(InstallUFWCommand.NAME, obj=InstallUFWCommand()) self.add_prerequisite(InstallSSHCommand.NAME, obj=InstallSSHCommand()) self.add_prerequisite(InstallMuninNodeCommand.NAME, obj=InstallMuninNodeCommand()) self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand()) self.add_prerequisite(InstallAWStatsCommand.NAME, obj=InstallAWStatsCommand()) self.add_prerequisite(InstallLibPAMScriptCommand.NAME, obj=InstallLibPAMScriptCommand()) self.add_prerequisite(InstallGrubGFXCommand.NAME, obj=InstallGrubGFXCommand()) self.add_prerequisite(InstallCentrifyCommand.NAME, obj=InstallCentrifyCommand())
def do(self, args=[]): completed = InstallCommand.do(self,args) if 'check' not in args and 'fix' not in args: MySQLCommand().do(['reset_root_pass']) admin_mail = inputs.get_input_string(t("What is the admin mail?"), CONF_MAP('mail','admin_mail')) smtp_server = inputs.get_input_string(t("What is the smtp server to use?"), CONF_MAP('mail','smtp_server')) CONFIG.mod('mail','admin_mail', admin_mail) CONFIG.mod('mail','smtp_server', smtp_server) CONFIG.save()
def __init__(self): InstallCommand.__init__(self) self.cron_acl_domainadmins = "#!/bin/sh" with open(files.get_rel_path("data/cron_acl.tpl")) as f: cron_acl_tpl = Template(f.read()) self.cron_acl_domainadmins = cron_acl_tpl.safe_substitute(group="domain\\ admins", site_path="/data/www") self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand()) self.add_package("centrifydc", fix_func=self.fix_centrifydc) self.add_file('/etc/centrifydc/centrifydc.conf', ck_func=self.check_centrify_conf, fix_func=self.fix_centrify_conf) self.add_file('/etc/centrifydc/users.allow',fix_func=self.fix_user_allow) self.add_file('/etc/centrifydc/groups.allow', ck_func=self.check_group_allow, fix_func=self.fix_group_allow) self.add_file('/etc/sudoers.d/centrify_uwsa', ck_func=self.check_sudoers, fix_func=self.fix_sudoers, perm={'u':'r', 'g':'r', 'o':''}) self.add_file('/etc/cron.acl/domainadmins', ck_func=self.check_perm_cron, fix_func=self.fix_perm_cron, perm={'u':'rx', 'g':'rx', 'o':'rx'})
def __init__(self): InstallCommand.__init__(self) self.add_package("python-ldap") self.add_package("python-iniparse") self.add_package("python-mysqldb") self.add_folder("/var/log/uwsa") self.add_folder("/etc/uwsa") self.add_folder("/var/lib/uwsa/") self.add_folder("/var/lib/uwsa/user_scripts") self.add_folder(CONF_MAP("site", "conf_path")) self.add_folder(CONF_MAP("site", "wordpress_template_path")) self.add_folder(CONF_MAP("site", "wikimedia_template_path")) self.add_folder(CONF_MAP("site", "typo3_template_path")) self.add_folder(CONF_MAP("site", "vhost_path")) self.add_file("/etc/uwsa/uwsa.conf", fix_func=self.fix_uwsa_conf) self.add_file("/etc/logrotate.d/uwsa", fix_func=self.fix_logrotate) self.add_file("/var/log/uwsa/*.log", perm={"u": "rw", "g": "r", "o": ""}) self.add_file("/var/lib/uwsa/user_scripts/*.py", ck_func=self.check_user_scripts) self.add_file( "/var/lib/uwsa/auto_mount/*", ck_func=self.check_user_scripts, perm={"u": "rx", "g": "rx", "o": ""} )
def do(self, args=[]): completed = InstallCommand.do(self,args) if inputs.get_input_yesno(t("Do you want to configure centrify/ldap now?")): if inputs.get_input_yesno(t("Will this machine use Active Directory?")): domain_name = inputs.get_input_string(t("What is the domain name?"), CONF_MAP('ldap','domain')) domain_controller = inputs.get_input_string(t("What is the address of the domain controller?"), CONF_MAP('ldap','dc')) domain_read_user = inputs.get_input_string(t("What is the ldap reader username?"), CONF_MAP('ldap','ldap_reader')) domain_read_pass = inputs.get_password(t("What is the ldap reader password?"),validate=False) domain_default_ou = inputs.get_input_string(t("What is the ldap default OU for uwsa?"), CONF_MAP('ldap','uwsa_ou')) CONFIG.mod('ldap','enabled', True) CONFIG.mod('ldap','domain', domain_name) CONFIG.mod('ldap','dc', domain_controller) CONFIG.mod('ldap','ldap_reader', domain_read_user) CONFIG.mod('ldap','ldap_reader_pass', domain_read_pass) CONFIG.mod('ldap','uwsa_ou', domain_default_ou) if not CONF_MAP('centrify', 'joined') and inputs.get_input_yesno(t("Do you want to join the Active Directory now?")): domain_admin_user = inputs.get_input_string(t("What is the domain admin username?")) domain_admin_pass = inputs.get_password(t("What is the domain admin password?"),confirm=False, validate=False) cmd_list = [ {'command' : 'adjoin -w --force --user %s --password %s %s' % (domain_admin_user, domain_admin_pass, domain_name), 'anonymous' : 'adjoin -w --force --user %s --password XXXXXXXXXXXXX %s' % (domain_admin_user, domain_name), 'success_code' : [0,8], }, 'service centrifydc start', ] completed, pinfo = core.exec_cmd_list(cmd_list) L.info(pinfo['stdout']) if not completed: raise Exception(t("Error in installation!"), self.NAME) CONFIG.mod('centrify','joined', "True" ) CONFIG.save() return completed
def init_help(self): help = InstallCommand.init_help(self) help['command_detail'] = t("%s\n\t" "The folder /var/lib/automysqlbackup will be moved to /data/automysqlbackup\n\t" % help['command_detail']) return help
def __init__(self): InstallCommand.__init__(self) self.packages = "ntp ntpdate" self.add_package(self.packages)
def __init__(self): InstallCommand.__init__(self) self.packages = "fail2ban" self.add_package(self.packages)
def __init__(self): InstallCommand.__init__(self) self.packages = "iotop htop jnettop nethogs apachetop sysstat dstat ifstat latencytop mytop ntop iperf" self.add_package(self.packages)
def __init__(self): InstallCommand.__init__(self) self.packages = "awstats" self.add_package(self.packages)
def init_help(self): help = InstallCommand.init_help(self) help['command_detail'] = t("%s\n\t" "This command will install the almost perfect uwsa server." % help['command_detail'])
def __init__(self): InstallCommand.__init__(self) self.packages = "mysql-server" self.add_package(self.packages, ck_func=self.check_mysql, fix_func=self.fix_mysql)
def init_help(self): help = InstallCommand.init_help(self) help['command_detail'] = t("%s\n\t" "The folder /var/www will be moved to /data/www\n\t" % help['command_detail']) return help
def __init__(self): InstallCommand.__init__(self) self.add_file('/etc/default/grub', ck_func=self.check_grub, fix_func=self.fix_grub)