コード例 #1
ファイル: webservers.py プロジェクト: zbrdge/woven
def deploy_webconf():
    """ Deploy nginx and other wsgi server site configurations to the host """
    deployed = []
    log_dir = '/'.join([deployment_root(), 'log'])
    #TODO - incorrect - check for actual package to confirm installation
    if webserver_list():
        if env.verbosity:
            print env.host, "DEPLOYING webconf:"
        if not exists(log_dir):
            run('ln -s /var/log log')
        #deploys confs for each domain based on sites app
        if 'apache2' in get_packages():
            deployed += _deploy_webconf('/etc/apache2/sites-available',
            deployed += _deploy_webconf('/etc/nginx/sites-available',
        elif 'gunicorn' in get_packages():
            deployed += _deploy_webconf('/etc/nginx/sites-available',

        sudo('chmod ugo+r /var/www/nginx-default/maintenance.html')
        print env.host, """WARNING: Apache or Nginx not installed"""

    return deployed
コード例 #4
ファイル: ubuntu.py プロジェクト: aweakley/woven
def restrict_ssh(rollback=False):
    Set some sensible restrictions in Ubuntu /etc/ssh/sshd_config and restart sshd
    UseDNS no #prevents dns spoofing sshd defaults to yes
    X11Forwarding no # defaults to no
    AuthorizedKeysFile  %h/.ssh/authorized_keys

    uncomments PasswordAuthentication no and restarts sshd

    if not rollback:
        if server_state('ssh_restricted'):
            print env.host, 'Warning: sshd_config has already been modified. Skipping..'
            return False

        sshd_config = '/etc/ssh/sshd_config'
        if env.verbosity:
            print env.host, "RESTRICTING SSH with "+sshd_config
        filename = 'sshd_config'
        if not exists('/home/%s/.ssh/authorized_keys'% env.user): #do not pass go do not collect $200
            print env.host, 'You need to upload_ssh_key first.'
            return False
        context = {"HOST_SSH_PORT": env.HOST_SSH_PORT}
        # Restart sshd
        sudo('/etc/init.d/ssh restart')
        # The user can modify the sshd_config file directly but we save
        if env.INTERACTIVE and contains('#PasswordAuthentication no','/etc/ssh/sshd_config',use_sudo=True):
            c_text = 'Woven will now remove password login from ssh, and use only your ssh key. \n'
            c_text = c_text + 'CAUTION: please confirm that you can ssh %s@%s -p%s from a terminal without requiring a password before continuing.\n'% (env.user, env.host, env.port)
            c_text += 'If you cannot login, press enter to rollback your sshd_config file'
            proceed = confirm(c_text,default=False)
        if not env.INTERACTIVE or proceed:
            #uncomments PasswordAuthentication no and restarts
            sudo('/etc/init.d/ssh restart')
        else: #rollback
            print env.host, 'Rolling back sshd_config to default and proceeding without passwordless login'
            _restore_file('/etc/ssh/sshd_config', delete_backup=False)
            sed('/etc/ssh/sshd_config','Port '+ str(env.DEFAULT_SSH_PORT),'Port '+str(env.HOST_SSH_PORT),use_sudo=True)
            sudo('/etc/init.d/ssh restart')
            return False
        return True
    else: #Full rollback
        if server_state('ssh_port_changed'):
            sed('/etc/ssh/sshd_config','Port '+ str(env.DEFAULT_SSH_PORT),'Port '+str(env.HOST_SSH_PORT),use_sudo=True)
            sudo('/etc/init.d/ssh restart')
        sudo('/etc/init.d/ssh restart')
        set_server_state('ssh_restricted', delete=True)
        return True
コード例 #9
ファイル: linux.py プロジェクト: depleater/woven
def setup_ufw():
    Setup basic ufw rules just for ssh login
    if not env.ENABLE_UFW:

    ufw_state = server_state("ufw_installed")
    if ufw_state and not env.overwrite or ufw_state == str(env.HOST_SSH_PORT):
    # Check for actual package.
    ufw = run("dpkg -l | grep 'ufw' | awk '{print $2}'").strip()
    if not ufw:
        if env.verbosity:
            print env.host, "INSTALLING & ENABLING FIREWALL ufw"

    if env.verbosity:
        print env.host, "CONFIGURING FIREWALL ufw"
    # Upload basic woven (ssh) ufw app config.
        "/".join(["woven", "ufw.txt"]),
        {"HOST_SSH_PORT": env.HOST_SSH_PORT},
    sudo("chown root:root /etc/ufw/applications.d/woven")
    with settings(warn_only=True):
        if not ufw_state:
            sudo("ufw allow woven")
            sudo("ufw app update woven")

    # Enable ufw.
    sed("/etc/ufw/ufw.conf", "ENABLED=no", "ENABLED=yes", use_sudo=True, backup="")
    with settings(warn_only=True):
        output = sudo("ufw reload")
        if env.verbosity:
            print output

    set_server_state("ufw_installed", str(env.HOST_SSH_PORT))
