def secure_ssh_port(self):
"""Change SSH port"""
WOGit.add(self, ["/etc/ssh"],
msg="Adding changed SSH port into Git")
pargs = self.app.pargs
if pargs.user_input:
while ((not pargs.user_input.isdigit()) and
(not pargs.user_input < 65536)):
Log.info(self, "Please enter a valid port number ")
pargs.user_input = input("Server "
"SSH port [22]:")
if not pargs.user_input:
port = input("Server SSH port [22]:")
if port == "":
port = 22
while (not port.isdigit()) and (port != "") and (not port < 65536):
Log.info(self, "Please Enter valid port number :")
port = input("Server SSH port [22]:")
pargs.user_input = port
if WOFileUtils.grepcheck(self, '/etc/ssh/sshd_config', '#Port'):
WOShellExec.cmd_exec(self, "sed -i \"s/#Port.*/Port "
"{port}/\" /etc/ssh/sshd_config"
.format(port=pargs.user_input))
else:
WOShellExec.cmd_exec(self, "sed -i \"s/Port.*/Port "
"{port}/\" /etc/ssh/sshd_config"
.format(port=pargs.user_input))
# allow new ssh port if ufw is enabled
if os.path.isfile('/etc/ufw/ufw.conf'):
# add rule for proftpd with UFW
if WOFileUtils.grepcheck(
self, '/etc/ufw/ufw.conf', 'ENABLED=yes'):
try:
WOShellExec.cmd_exec(
self, 'ufw limit {0}'.format(pargs.user_input))
WOShellExec.cmd_exec(
self, 'ufw reload')
except Exception as e:
Log.debug(self, "{0}".format(e))
Log.error(self, "Unable to add UFW rule")
# add ssh into git
WOGit.add(self, ["/etc/ssh"],
msg="Adding changed SSH port into Git")
# restart ssh service
if not WOService.restart_service(self, 'ssh'):
Log.error(self, "service SSH restart failed.")
Log.info(self, "Successfully changed SSH port to {port}"
.format(port=pargs.user_input))
def migrate_mariadb(self, ci=False):
# Backup all database
WOMysql.backupAll(self, fulldump=True)
# Remove previous MariaDB repository
wo_mysql_old_repo = ("deb [arch=amd64,ppc64el] "
"http://mariadb.mirrors.ovh.net/MariaDB/repo/"
"10.3/{distro} {codename} main".format(
distro=WOVar.wo_distro,
codename=WOVar.wo_platform_codename))
if WOFileUtils.grepcheck(self, '/etc/apt/sources.list.d/wo-repo.list',
wo_mysql_old_repo):
WORepo.remove(self, repo_url=wo_mysql_old_repo)
# Add MariaDB repo
pre_pref(self, WOVar.wo_mysql)
# Install MariaDB
Log.wait(self, "Updating apt-cache ")
WOAptGet.update(self)
Log.valide(self, "Updating apt-cache ")
Log.wait(self, "Upgrading MariaDB ")
WOAptGet.remove(self, ["mariadb-server"])
WOAptGet.auto_remove(self)
WOAptGet.install(self, WOVar.wo_mysql)
if not ci:
WOAptGet.dist_upgrade(self)
WOAptGet.auto_remove(self)
Log.valide(self, "Upgrading MariaDB ")
WOFileUtils.mvfile(self, '/etc/mysql/my.cnf', '/etc/mysql/my.cnf.old')
WOFileUtils.create_symlink(
self, ['/etc/mysql/mariadb.cnf', '/etc/mysql/my.cnf'])
WOShellExec.cmd_exec(self, 'systemctl daemon-reload')
WOShellExec.cmd_exec(self, 'systemctl enable mariadb')
post_pref(self, WOVar.wo_mysql, [])
def hashbucket(self):
# Check Nginx Hashbucket error
sub = subprocess.Popen('nginx -t',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=True)
output, error_output = sub.communicate()
if 'server_names_hash_bucket_size' not in str(error_output):
return True
count = 0
# Get the list of sites-availble
sites_list = os.listdir("/etc/nginx/sites-enabled/")
# Count the number of characters in site names
for site in sites_list:
count = sum([count, len(site)])
# Calculate Nginx hash bucket size
ngx_calc = math.trunc(sum([math.log(count, 2), 2]))
ngx_hash = math.trunc(math.pow(2, ngx_calc))
# Replace hashbucket in Nginx.conf file
if WOFileUtils.grepcheck(self, "/etc/nginx/nginx.conf",
"# server_names_hash_bucket_size 64;"):
ngxconf = open("/etc/nginx/conf.d/hashbucket.conf",
encoding='utf-8',
mode='w')
ngxconf.write("\tserver_names_hash_bucket_size {0};".format(ngx_hash))
ngxconf.close()
elif WOFileUtils.grepcheck(self, "/etc/nginx/nginx/conf",
"server_names_hash_bucket_size"):
for line in fileinput.FileInput("/etc/nginx/nginx.conf", inplace=1):
if "server_names_hash_bucket_size" in line:
print("\tserver_names_hash_bucket_size {0};".format(ngx_hash))
else:
print(line, end='')
else:
ngxconf = open("/etc/nginx/conf.d/hashbucket.conf",
encoding='utf-8',
mode='w')
ngxconf.write("\tserver_names_hash_bucket_size {0};".format(ngx_hash))
ngxconf.close()
def removeconf(self, domain):
sslconf = ("/var/www/{0}/conf/nginx/ssl.conf"
.format(domain))
sslforce = ("/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(domain))
acmedir = [
'{0}'.format(sslforce), '{0}'.format(sslconf),
'{0}/{1}_ecc'.format(WOVar.wo_ssl_archive, domain),
'{0}.disabled'.format(sslconf), '{0}.disabled'
.format(sslforce), '{0}/{1}'
.format(WOVar.wo_ssl_live, domain),
'/etc/letsencrypt/shared/{0}.conf'.format(domain)]
wo_domain = domain
# check acme.sh is installed
WOAcme.check_acme(self)
if WOAcme.cert_check(self, wo_domain):
Log.info(self, "Removing Acme configuration")
Log.debug(self, "Removing Acme configuration")
try:
WOShellExec.cmd_exec(
self, "{0} ".format(WOAcme.wo_acme_exec) +
"--remove -d {0} --ecc".format(domain))
except CommandExecutionError as e:
Log.debug(self, "{0}".format(e))
Log.error(self, "Cert removal failed")
# remove all files and directories
for dir in acmedir:
if os.path.exists('{0}'.format(dir)):
WOFileUtils.rm(self, '{0}'.format(dir))
# find all broken symlinks
WOFileUtils.findBrokenSymlink(self, "/var/www")
else:
if os.path.islink("{0}".format(sslconf)):
WOFileUtils.remove_symlink(self, "{0}".format(sslconf))
WOFileUtils.rm(self, '{0}'.format(sslforce))
if WOFileUtils.grepcheck(self, '/var/www/22222/conf/nginx/ssl.conf',
'{0}'.format(domain)):
Log.info(
self, "Setting back default certificate for WordOps backend")
with open("/var/www/22222/conf/nginx/"
"ssl.conf", "w") as ssl_conf_file:
ssl_conf_file.write("ssl_certificate "
"/var/www/22222/cert/22222.crt;\n"
"ssl_certificate_key "
"/var/www/22222/cert/22222.key;\n")
def status(self):
"""Status of services"""
services = []
wo_system = "/lib/systemd/system/"
pargs = self.app.pargs
if not (pargs.nginx or pargs.php or pargs.php72 or pargs.php73
or pargs.php74 or pargs.php80 or pargs.php81 or pargs.mysql
or pargs.netdata or pargs.proftpd or pargs.redis
or pargs.fail2ban):
pargs.nginx = True
pargs.php = True
pargs.mysql = True
pargs.fail2ban = True
pargs.netdata = True
pargs.ufw = True
if pargs.nginx:
if os.path.exists('{0}'.format(wo_system) + 'nginx.service'):
services = services + ['nginx']
else:
Log.info(self, "Nginx is not installed")
if pargs.php:
if os.path.exists('{0}'.format(wo_system) + 'php7.2-fpm.service'):
services = services + ['php7.2-fpm']
else:
Log.info(self, "PHP7.2-FPM is not installed")
if os.path.exists('{0}'.format(wo_system) + 'php7.3-fpm.service'):
services = services + ['php7.3-fpm']
else:
Log.info(self, "PHP7.3-FPM is not installed")
if os.path.exists('{0}'.format(wo_system) + 'php7.4-fpm.service'):
services = services + ['php7.4-fpm']
else:
Log.info(self, "PHP7.4-FPM is not installed")
if os.path.exists('{0}'.format(wo_system) + 'php8.0-fpm.service'):
services = services + ['php8.0-fpm']
else:
Log.info(self, "PHP8.0-FPM is not installed")
if os.path.exists('{0}'.format(wo_system) + 'php8.1-fpm.service'):
services = services + ['php8.1-fpm']
else:
Log.info(self, "PHP8.1-FPM is not installed")
if pargs.php72:
if os.path.exists('{0}'.format(wo_system) + 'php7.2-fpm.service'):
services = services + ['php7.2-fpm']
else:
Log.info(self, "PHP7.2-FPM is not installed")
if pargs.php73:
if os.path.exists('{0}'.format(wo_system) + 'php7.3-fpm.service'):
services = services + ['php7.3-fpm']
else:
Log.info(self, "PHP7.3-FPM is not installed")
if pargs.php74:
if os.path.exists('{0}'.format(wo_system) + 'php7.4-fpm.service'):
services = services + ['php7.4-fpm']
else:
Log.info(self, "PHP7.4-FPM is not installed")
if pargs.php80:
if os.path.exists('{0}'.format(wo_system) + 'php8.0-fpm.service'):
services = services + ['php8.0-fpm']
else:
Log.info(self, "PHP8.0-FPM is not installed")
if pargs.php81:
if os.path.exists('{0}'.format(wo_system) + 'php8.1-fpm.service'):
services = services + ['php8.1-fpm']
else:
Log.info(self, "PHP8.1-FPM is not installed")
if pargs.mysql:
if ((WOVar.wo_mysql_host == "localhost")
or (WOVar.wo_mysql_host == "127.0.0.1")):
if os.path.exists('/lib/systemd/system/mariadb.service'):
services = services + ['mariadb']
else:
Log.info(self, "MySQL is not installed")
else:
Log.warn(
self, "Remote MySQL found, "
"Unable to check MySQL service status")
if pargs.redis:
if os.path.exists('{0}'.format(wo_system) +
'redis-server.service'):
services = services + ['redis-server']
else:
Log.info(self, "Redis server is not installed")
if pargs.fail2ban:
if os.path.exists('{0}'.format(wo_system) + 'fail2ban.service'):
services = services + ['fail2ban']
else:
Log.info(self, "fail2ban is not installed")
# proftpd
if pargs.proftpd:
if os.path.exists('/etc/init.d/proftpd'):
services = services + ['proftpd']
else:
Log.info(self, "ProFTPd is not installed")
# netdata
if pargs.netdata:
if os.path.exists('{0}'.format(wo_system) + 'netdata.service'):
services = services + ['netdata']
else:
Log.info(self, "Netdata is not installed")
# UFW
if pargs.ufw:
if os.path.exists('/usr/sbin/ufw'):
if WOFileUtils.grepcheck(self, '/etc/ufw/ufw.conf',
'ENABLED=yes'):
Log.info(self, "UFW Firewall is enabled")
else:
Log.info(self, "UFW Firewall is disabled")
else:
Log.info(self, "UFW is not installed")
for service in services:
if WOService.get_service_status(self, service):
Log.info(self, "{0:10}: {1}".format(service, "Running"))
def default(self):
pargs = self.app.pargs
if not pargs.site_name and not pargs.all:
try:
while not pargs.site_name:
pargs.site_name = (input('Enter site name : ').strip())
except IOError as e:
Log.debug(self, str(e))
Log.error(self, 'could not input site name')
pargs.site_name = pargs.site_name.strip()
wo_domain = WODomain.validate(self, pargs.site_name)
wo_db_name = ''
wo_prompt = ''
wo_nginx_prompt = ''
mark_db_delete_prompt = False
mark_webroot_delete_prompt = False
mark_db_deleted = False
mark_webroot_deleted = False
if not check_domain_exists(self, wo_domain):
Log.error(self, "site {0} does not exist".format(wo_domain))
if ((not pargs.db) and (not pargs.files) and (not pargs.all)):
pargs.all = True
if pargs.force:
pargs.no_prompt = True
# Gather information from wo-db for wo_domain
check_site = getSiteInfo(self, wo_domain)
wo_site_type = check_site.site_type
wo_site_webroot = check_site.site_path
if wo_site_webroot == 'deleted':
mark_webroot_deleted = True
if wo_site_type in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
wo_db_name = check_site.db_name
wo_db_user = check_site.db_user
if self.app.config.has_section('mysql'):
wo_mysql_grant_host = self.app.config.get(
'mysql', 'grant-host')
else:
wo_mysql_grant_host = 'localhost'
if wo_db_name == 'deleted':
mark_db_deleted = True
if pargs.all:
pargs.db = True
pargs.files = True
else:
if pargs.all:
mark_db_deleted = True
pargs.files = True
# Delete website database
if pargs.db:
if wo_db_name != 'deleted' and wo_db_name != '':
if not pargs.no_prompt:
wo_db_prompt = input('Are you sure, you want to delete'
' database [y/N]: ')
else:
wo_db_prompt = 'Y'
mark_db_delete_prompt = True
if wo_db_prompt == 'Y' or wo_db_prompt == 'y':
mark_db_delete_prompt = True
Log.info(
self, "Deleting Database, {0}, user {1}".format(
wo_db_name, wo_db_user))
deleteDB(self, wo_db_name, wo_db_user, wo_mysql_grant_host,
False)
updateSiteInfo(self,
wo_domain,
db_name='deleted',
db_user='******',
db_password='******')
mark_db_deleted = True
Log.info(self, "Deleted Database successfully.")
else:
mark_db_deleted = True
Log.info(self,
"Does not seems to have database for this site.")
# Delete webroot
if pargs.files:
if wo_site_webroot != 'deleted':
if not pargs.no_prompt:
wo_web_prompt = input('Are you sure, you want to delete '
'webroot [y/N]: ')
else:
wo_web_prompt = 'Y'
mark_webroot_delete_prompt = True
if wo_web_prompt == 'Y' or wo_web_prompt == 'y':
mark_webroot_delete_prompt = True
Log.info(self,
"Deleting Webroot, {0}".format(wo_site_webroot))
deleteWebRoot(self, wo_site_webroot)
updateSiteInfo(self, wo_domain, webroot='deleted')
mark_webroot_deleted = True
Log.info(self, "Deleted webroot successfully")
else:
mark_webroot_deleted = True
Log.info(self, "Webroot seems to be already deleted")
if not pargs.force:
if (mark_webroot_deleted and mark_db_deleted):
# TODO Delete nginx conf
removeNginxConf(self, wo_domain)
deleteSiteInfo(self, wo_domain)
WOAcme.removeconf(self, wo_domain)
Log.info(self, "Deleted site {0}".format(wo_domain))
# else:
# Log.error(self, " site {0} does
# not exists".format(wo_domain))
else:
if (mark_db_delete_prompt or mark_webroot_delete_prompt
or (mark_webroot_deleted and mark_db_deleted)):
# TODO Delete nginx conf
removeNginxConf(self, wo_domain)
deleteSiteInfo(self, wo_domain)
# To improve
if not WOFileUtils.grepcheck(
self, '/var/www/22222/conf/nginx/ssl.conf', wo_domain):
WOAcme.removeconf(self, wo_domain)
Log.info(self, "Deleted site {0}".format(wo_domain))
