def set_dns_servers(dns_server_info):
with ConfigurationManager('dns_server') as dnx:
dns_server_settings = dnx.load_configuration()
dns = dns_server_settings['dns_server']['resolvers']
for i, (server_name, ip_address) in enumerate(dns_server_info.items(),
1):
if (server_name and ip_address):
server = dns[f'server{i}']
server.update({'name': server_name, 'ip_address': ip_address})
dnx.write_configuration(dns_server_settings)
wan_information = load_configuration('config')
interface = wan_information['settings']['interface']
wan_dhcp = interface['wan']['dhcp']
wan_int = interface['outside']
if (not wan_dhcp):
wan_ip = interface.get_ip_address(wan_int)
wan_netmask = Interface.netmask(wan_int)
wan_dfg = Interface.default_gateway(wan_int)
cidr = System.standard_to_cidr(wan_netmask)
wan_settings = {
'ip_address': wan_ip,
'cidr': cidr,
'default_gateway': wan_dfg
}
set_wan_interface(wan_settings)
def set_dns_servers(dns_server_info):
field = {1: 'primary', 2: 'secondary'}
with ConfigurationManager('dns_server') as dnx:
dns_server_settings = dnx.load_configuration()
public_resolvers = dns_server_settings['dns_server']['resolvers']
for i, (server_name, ip_address) in enumerate(dns_server_info.items(), 1):
if (not server_name and ip_address):
continue
public_resolvers[field[i]].update({
'name': server_name,
'ip_address': ip_address
})
dnx.write_configuration(dns_server_settings)
wan_information = load_configuration('config')['settings']
interface = wan_information['interfaces']
wan_dhcp = interface['wan']['dhcp']
wan_int = interface['wan']['ident']
if (not wan_dhcp):
wan_ip = interface.get_ip_address(wan_int)
wan_dfg = Interface.default_gateway(wan_int)
cidr = System.standard_to_cidr(wan_netmask)
# TODO: convert this to new module
wan_netmask = Interface.netmask(wan_int)
set_wan_interface({
'ip_address': wan_ip, 'cidr': cidr, 'default_gateway': wan_dfg
})
def set_ips_ddos(action):
with ConfigurationManager('ips') as dnx:
ips_settings = dnx.load_configuration()
ips_settings['ips']['ddos']['enabled'] = action
dnx.write_configuration(ips_settings)
def update_ips_dns_whitelist(action):
with ConfigurationManager('ips') as dnx:
ips_settings = dnx.load_configuration()
ips_settings['ips']['whitelist']['dns_servers'] = action
dnx.write_configuration(ips_settings)
def set_logging(log_settings):
with ConfigurationManager('logging_client') as dnx:
logging_settings = dnx.load_configuration()
logging_settings['logging']['logging'] = log_settings
dnx.write_configuration(logging_settings)
def update_session_tracker(username,
user_role=None,
remote_addr=None,
*,
action=CFG.ADD):
if (action is CFG.ADD and not remote_addr):
raise ValueError(
'remote_addr must be specified if action is set to add.')
with ConfigurationManager('session_tracker',
file_path='dnx_frontend') as session_tracker:
stored_tracker = session_tracker.load_configuration()
if (action is CFG.ADD):
stored_tracker['active_users'][username] = {
'user_role': user_role,
'remote_addr': remote_addr,
'logged_in': time.time(
), # NOTE: can probably make this human readable format here.
'last_seen': None
}
elif (action is CFG.DEL):
stored_tracker['active_users'].pop(username, None)
session_tracker.write_configuration(stored_tracker)
def set_dns_keywords(action):
with ConfigurationManager('dns_proxy') as dnx:
keyword_settings = dnx.load_configuration()
keyword_settings['dns_proxy']['keyword']['enabled'] = action
dnx.write_configuration(keyword_settings)
def update_ip_restriction_settings(tr_settings):
with ConfigurationManager('ip_proxy') as dnx:
time_restriction_settings = dnx.load_configuration()
hour = tr_settings['hour']
if (tr_settings['suffix'] == 'PM'):
hour += 12
minutes = tr_settings['minutes']
start_time = f'{hour}:{minutes}'
tlen_hour = tr_settings['length_hour']
min_fraction = str(tr_settings['length_minutes'] / 60).strip('0.')
res_length = f'{tlen_hour}.{min_fraction}'
res_length = int(float(res_length) * 3600)
time_restriction = time_restriction_settings['ip_proxy'][
'time_restriction']
time_restriction.update({
'start': start_time,
'length': res_length,
'enabled': tr_settings['enabled']
})
dnx.write_configuration(time_restriction_settings)
def del_proxy_ip_whitelist(whitelist_ip):
with ConfigurationManager('whitelist') as dnx:
whitelist = dnx.load_configuration()
whitelist['whitelist']['ip_whitelist'].pop(whitelist_ip)
dnx.write_configuration(whitelist)
def set_syslog_settings(syslog_settings):
with ConfigurationManager('syslog_client') as dnx:
stored_syslog_settings = dnx.load_configuration()
syslog = stored_syslog_settings['syslog']
tls_settings = syslog['tls']
tcp_settings = syslog['tcp']
for option in tls_settings:
if (option in syslog_settings['tls'] and option != 'retry'):
tls_settings[option] = True
elif (option not in syslog_settings['tls']):
tls_settings[option] = False
for protocol in ['tcp', 'udp']:
fallback = f'{protocol}_fallback'
if (fallback in syslog_settings['fallback']):
syslog[protocol]['fallback'] = True
else:
syslog[protocol]['fallback'] = False
syslog['protocol'] = 6 if 'syslog_protocol' in syslog_settings['syslog'] else 17
syslog['enabled'] = True if 'syslog_enabled' in syslog_settings['syslog'] else False
tls_settings['retry'] = int(syslog_settings['tls_retry']) * 60
tcp_settings['retry'] = int(syslog_settings['tcp_retry']) * 60
dnx.write_configuration(stored_syslog_settings)
def del_proxy_domain(domain, *, ruleset):
with ConfigurationManager(f'{ruleset}') as dnx:
domain_list = dnx.load_configuration()
domain_list[ruleset]['domain'].pop(domain)
dnx.write_configuration(domain_list)
def _write_end_time(self, restriction_end):
with ConfigurationManager('ip_proxy_timer') as dnx:
time_restriction = dnx.load_configuration()
time_restriction['time_restriction']['end'] = restriction_end
dnx.write_configuration(time_restriction)
def _write_end_time(self, restriction_end):
with ConfigurationManager('ip_proxy_timer.json') as dnx:
time_restriction = dnx.load_configuration()
time_restriction['time_restriction'].update(
{'end': restriction_end})
dnx.write_configuration(time_restriction)
def reset_flask_key(self):
with ConfigurationManager('config') as dnx:
flask_settings = dnx.load_configuration()
flask_config = flask_settings['settings']['flask']
flask_config['key'] = token_urlsafe(32)
dnx.write_configuration(flask_settings)
def set_ips_general_settings(pb_length, ids_mode):
with ConfigurationManager('ips') as dnx:
ips_settings = dnx.load_configuration()
ips_settings['ips']['passive_block_ttl'] = pb_length
ips_settings['ips']['ids_mode'] = ids_mode
dnx.write_configuration(ips_settings)
def _set_restriction_status(self, active):
self._change_attribute('_active', active)
with ConfigurationManager('ip_proxy_timer') as dnx:
restriction_status = dnx.load_configuration()
restriction_status['time_restriction']['active'] = active
dnx.write_configuration(restriction_status)
def set_domain_tlds(update_tlds):
with ConfigurationManager('dns_proxy') as dnx:
proxy_settings = dnx.load_configuration()
tld_list = proxy_settings['dns_proxy']['tlds']
for entry in tld_list:
tld_list[entry] = True if entry in update_tlds else False
dnx.write_configuration(proxy_settings)
def set_ips_ddos_limits(ddos_limits):
with ConfigurationManager('ips') as dnx:
ips_settings = dnx.load_configuration()
limits = ips_settings['ips']['ddos']['limits']['source']
for protocol, limit in ddos_limits.items():
limits[protocol] = limit
dnx.write_configuration(ips_settings)
def set_domain_category_keywords(en_keywords):
with ConfigurationManager('dns_proxy') as dnx:
dns_proxy_categories = dnx.load_configuration()
domain_cats = dns_proxy_categories['dns_proxy']['categories']['default']
for cat, settings in domain_cats.items():
settings['keyword'] = True if cat in en_keywords else False
dnx.write_configuration(dns_proxy_categories)
def set_dns_cache_clear_flag(clear_dns_cache):
with ConfigurationManager('dns_server') as dnx:
dns_server_settings = dnx.load_configuration()
dns_cache_flags = dns_server_settings['dns_server']['cache']
for flag, setting in clear_dns_cache.items():
if (setting):
dns_cache_flags[flag] = True
dnx.write_configuration(dns_server_settings)
def set_ips_portscan(portscan_settings):
with ConfigurationManager('ips') as dnx:
ips_settings = dnx.load_configuration()
ps_settings = ips_settings['ips']['port_scan']
ps_settings['enabled'] = True if 'enabled' in portscan_settings else False
ps_settings['reject'] = True if 'reject' in portscan_settings else False
dnx.write_configuration(ips_settings)
def set_default_mac_flag():
with ConfigurationManager('config') as dnx:
dnx_settings = dnx.load_configuration()
wan_settings = dnx_settings['settings']['interface']['wan']
if (not wan_settings['mac_set']):
default_mac = interface.get_mac(interface=wan_settings['ident'])
wan_settings.update({'default_mac': default_mac, 'mac_set': True})
dnx.write_configuration(dnx_settings)
def set_wan_interface(settings=None):
## Opening Config JASON file and updating WAN Interface information to be
## viewed by the front end
with ConfigurationManager('config') as dnx:
interface_settings = dnx.load_configuration()
interface = interface_settings['settings']['interface']
wan_config = interface['wan']
#Checking configured DNS Servers
dns_server_settings = load_configuration('dns_server')
resolvers = dns_server_settings['dns_server']['resolvers']
dns1 = resolvers['server1']['ip_address']
dns2 = resolvers['server2']['ip_address']
#Settings DHCP to false in json file for use by front end
wan_config['dhcp'] = False if settings else True
## setting local copy of wan interface configuration to user defined options
## then moving the file to the systemd/network folder and finally restarting
## networkd service for changes to take affect
with open(f'{HOME_DIR}/dnx_system/interface/wan_template',
'r') as wan_template_file:
wan_template = wan_template_file.readlines()
dns_counter = 1
with open(f'{HOME_DIR}/dnx_system/interface/wan.network',
'w') as wan_settings:
for line in wan_template:
if ('Address' in line and settings):
wan_ip = settings['ip_address']
wan_cidr = settings['cidr']
wan_address = f'{wan_ip}/{wan_cidr}'
line = line.replace('NULL', wan_address)
elif ('Gateway' in line and settings):
line = line.replace('NULL', settings['default_gateway'])
elif ('DNS' in line):
#NOTE: i dont care
line = line.replace('NULL', eval(f'dns{dns_counter}'))
dns_counter += 1
wan_settings.write(line)
# NOTE: python should be able to do this safer, also make the front end notify user of error and log!!!
try:
int_change = run(
f'sudo mv {HOME_DIR}/dnx_system/interface/wan.network /etc/systemd/network/wan.network',
shell=True)
int_change.check_returncode()
except CalledProcessError as cpe:
return cpe
else:
Services.restart('systemd-networkd')
dnx.write_configuration(interface_settings)
def update_ip_proxy_settings(category_settings, *, ruleset='categories'):
with ConfigurationManager('ip_proxy') as dnx:
ip_proxy_settings = dnx.load_configuration()
category_lists = ip_proxy_settings['ip_proxy'][ruleset]
for category in category_settings:
category, direction = category[:-2], int(category[-1])
category_lists[category] = direction
dnx.write_configuration(ip_proxy_settings)
def add_proxy_ip_whitelist(whitelist_settings):
with ConfigurationManager('whitelist') as dnx:
whitelist = dnx.load_configuration()
ip_whitelist = whitelist['whitelist']['ip_whitelist']
ip_whitelist[whitelist_settings['ip']] = {
'user': whitelist_settings['user'],
'type': whitelist_settings['type']
}
dnx.write_configuration(whitelist)
def _storage(self, dhcp_lease):
with ConfigurationManager('dhcp_server') as dnx:
dhcp_settings = dnx.load_configuration()
leases = dhcp_settings['dhcp_server']['leases']
if (not dhcp_lease.record):
leases.pop(dhcp_lease.ip, None)
else:
leases[dhcp_lease.ip] = dhcp_lease.record
dnx.write_configuration(dhcp_settings)
def update_dns_record(dns_record_name, action, dns_record_ip=None):
with ConfigurationManager('dns_server') as dnx:
dns_records = dnx.load_configuration()
record = dns_records['dns_server']['records']
if (action is CFG.ADD):
record[dns_record_name] = dns_record_ip
elif (action is CFG.DEL):
record.pop(dns_record_name, None)
dnx.write_configuration(dns_records)
def update_ips_ip_whitelist(whitelist_ip, whitelist_name, action):
with ConfigurationManager('ips') as dnx:
ips_settings = dnx.load_configuration()
ips_whitelist = ips_settings['ips']['whitelist']['ip_whitelist']
if (action is CFG.ADD):
ips_whitelist[whitelist_ip] = whitelist_name
elif (action is CFG.DEL):
ips_whitelist.pop(whitelist_ip)
dnx.write_configuration(ips_settings)
def set_proxy_exception(exception_settings, *, ruleset):
with ConfigurationManager(ruleset) as dnx:
exceptions_list = dnx.load_configuration()
exceptions = exceptions_list[ruleset]['exception']
if (exception_settings['action'] is CFG.ADD):
exceptions[exception_settings['domain']]['reason'] = exception_settings['reason']
elif (exception_settings['action'] is CFG.DEL):
exceptions.pop(exception_settings['domain'])
dnx.write_configuration(exceptions_list)
def remove_syslog_server(syslog_server_number):
with ConfigurationManager('syslog_client') as dnx:
syslog_settings = dnx.load_configuration()
servers = syslog_settings['syslog']['servers']
result = servers.pop(f'Server{syslog_server_number}', False)
if (result and 'server2' in servers):
servers['server1'] = servers.pop('server2')
dnx.write_configuration(syslog_settings)
return result