def ensure_rules_files(cfg): """the function creates several files if they don't exist""" for ruletype in ["blacklist", "whitelist", "tcp", "udp", "custom"]: filepath = cfg.get_value("RULES", "filepath") filename = cfg.get_value("RULES", ruletype) create_folder_if_not_exists(filepath) create_file_if_not_exists(filepath + "/" + filename)
def __init__(self, loglevel: str, to_stdout: bool, to_files: bool, logpath: str, logfile: str): self.loglevel = self.correct_level(loglevel) # create logger root = logging.getLogger() root.handlers.clear() # workaround for default stdout handler root.setLevel(self.loglevel) # create formatter and add it to the handlers formatter = logging.Formatter( '[%(asctime)s] [%(levelname)s] [%(filename)s:%(lineno)d] %(message)s') # create console handler -> logs are always written to stdout if to_stdout: std_handler = logging.StreamHandler(stdout) std_handler.setLevel(self.loglevel) std_handler.setFormatter(formatter) root.addHandler(std_handler) # create file handler if enabled in configuration if to_files: # create log filepath if not exists fullpath = "{}/{}".format(logpath, logfile) create_folder_if_not_exists(logpath) create_file_if_not_exists(fullpath) file_handler = logging.FileHandler(fullpath) file_handler.setLevel(self.loglevel) file_handler.setFormatter(formatter) root.addHandler(file_handler)
def setUp(self): self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = false to_stdout = true filepath = filename = [IPV6] enabled = true [ACCEPTANCE] enabled = true duration = 1 [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.rules_firstrun()
def set_status(self, status: str) -> None: """ TODO: Doku """ filename = ".acceptance_status" create_file_if_not_exists(filename) write_into_file(filename, status) self.mystatus = status
def setUp(self) -> None: self.config_file = "test_easywall.ini" content = """[LOG] level = info to_files = no to_stdout = yes filepath = /var/log filename = easywall.log [IPTABLES] log_blocked_connections = yes log_blocked_connections_log_limit = 60 log_blacklist_connections = yes log_blacklist_connections_log_limit = 60 drop_broadcast_packets = yes drop_multicast_packets = yes drop_anycast_packets = yes ssh_brute_force_prevention = yes ssh_brute_force_prevention_log = yes ssh_brute_force_prevention_connection_limit = 5 ssh_brute_force_prevention_log_limit = 60 icmp_flood_prevention = yes icmp_flood_prevention_log = yes icmp_flood_prevention_connection_limit = 5 icmp_flood_prevention_log_limit = 60 drop_invalid_packets = yes drop_invalid_packets_log = yes drop_invalid_packets_log_limit = 60 port_scan_prevention = yes port_scan_prevention_log = yes port_scan_prevention_log_limit = 60 [IPV6] enabled = true icmp_allow_router_advertisement = yes icmp_allow_neighbor_advertisement = yes [ACCEPTANCE] enabled = yes duration = 1 timestamp = [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore """ create_file_if_not_exists(self.config_file) write_into_file(self.config_file, content) self.cfg = Config(self.config_file) self.easywall = Easywall(self.cfg) self.easywall.rules.ensure_files_exist()
def test_constructor_file_not_read(self) -> None: """TODO: Doku.""" create_file_if_not_exists("test.ini") content = """[DEFAULT] goodcontent = test badcontent """ write_into_file("test.ini", content) with self.assertRaises(ParsingError): Config("test.ini")
def setUp(self): content = """[ACCEPTANCE] enabled = true duration = 1 """ create_file_if_not_exists("acceptance.ini") write_into_file("acceptance.ini", content) self.config = Config("acceptance.ini") self.acceptance = Acceptance(self.config)
def create_rule_files(cfg: Config): """ the function checks if the rule files exist and creates them if they don't exist """ filepath = cfg.get_value("RULES", "filepath") create_folder_if_not_exists(filepath) filename = "" for ruletype in ["blacklist", "whitelist", "tcp", "udp", "custom"]: filename = cfg.get_value("RULES", ruletype) create_file_if_not_exists("{}/{}".format(filepath, filename))
def setUp(self): content = """[TEST] teststring = string testboolean = true testint = 1 testfloat = 1.1 """ create_file_if_not_exists("test.ini") write_into_file("test.ini", content) self.config = Config("test.ini")
def start(self) -> None: """ the start of the acceptance process is triggered by this function the function checks the internal status of the class. the internal status can be ready, accepted or not accepted. if the status is disabled the function does nothing """ if self.mystatus in ["ready", "accepted", "not accepted"]: create_file_if_not_exists(self.filename) write_into_file(self.filename, "false") self.set_status("started") info("Acceptance Process has been started.")
def test_disabled(self): """ TODO: Doku """ content = """[ACCEPTANCE] enabled = false duration = 1 """ create_file_if_not_exists("acceptance.ini") write_into_file("acceptance.ini", content) self.config = Config("acceptance.ini") self.acceptance = Acceptance(self.config) self.assertEqual(self.acceptance.status(), "disabled")
def ensure_file_exists(self) -> None: """TODO: Doku.""" if not file_exists(self.filepath): create_file_if_not_exists(self.filepath) template: dict = {} for state in self.states: template[state] = {} for ruletype in self.types: template[state][ruletype] = [] self.rules = template self.save()
def rules_firstrun(self) -> None: """ TODO: Doku """ create_folder_if_not_exists(self.rulesfolder) for state in self.states: create_folder_if_not_exists("{}/{}".format(self.rulesfolder, state)) for ruletype in self.types: create_file_if_not_exists("{}/{}/{}".format( self.rulesfolder, state, ruletype))
def test_file(self): assert not file_exists("testfile") create_file_if_not_exists("testfile") assert file_exists("testfile") write_into_file("testfile", "testcontent") assert file_get_contents("testfile") == "testcontent" assert len(get_abs_path_of_filepath("testfile")) > 0 rename_file("testfile", "testfilenew") assert not file_exists("testfile") assert file_exists("testfilenew") delete_file_if_exists("testfilenew") assert not file_exists("testfile") assert not file_exists("testfilenew")
def test_file(self) -> None: """TODO: Doku.""" self.assertFalse(file_exists("testfile")) create_file_if_not_exists("testfile") self.assertTrue(file_exists("testfile")) write_into_file("testfile", "testcontent") self.assertEqual(file_get_contents("testfile"), "testcontent") self.assertGreater(len(get_abs_path_of_filepath("testfile")), 0) rename_file("testfile", "testfilenew") self.assertFalse(file_exists("testfile")) self.assertTrue(file_exists("testfilenew")) delete_file_if_exists("testfilenew") self.assertFalse(file_exists("testfile")) self.assertFalse(file_exists("testfilenew"))
def test_file(self): """ TODO: Doku """ assert not file_exists("testfile") create_file_if_not_exists("testfile") assert file_exists("testfile") write_into_file("testfile", "testcontent") assert file_get_contents("testfile") == "testcontent" self.assertGreater(len(get_abs_path_of_filepath("testfile")), 0) rename_file("testfile", "testfilenew") assert not file_exists("testfile") assert file_exists("testfilenew") delete_file_if_exists("testfilenew") assert not file_exists("testfile") assert not file_exists("testfilenew")
def prepare_configuration() -> None: """ TODO: Doku """ if file_exists(CONFIG_PATH): rename_file(CONFIG_PATH, CONFIG_BACKUP_PATH) content = """[LOG] level = info to_files = no to_stdout = yes filepath = log filename = easywall-web.log [WEB] username = demo password = xxx bindip = 0.0.0.0 bindport = 12227 login_attempts = 10 login_bantime = 1800 [VERSION] version = 0.0.0 sha = 12345 date = 2020-01-01T00:00:00Z timestamp = 1234 [uwsgi] https-socket = 0.0.0.0:12227,easywall.crt,easywall.key processes = 5 threads = 2 callable = APP master = false wsgi-file = easywall_web/__main__.py need-plugin = python3 """ create_file_if_not_exists(CONFIG_PATH) write_into_file(CONFIG_PATH, content) config = Config(CONFIG_PATH) config.set_value("VERSION", "timestamp", str(int(time())))
def save(self) -> None: """Save the current iptables state into a file.""" create_folder_if_not_exists(self.backup_path) create_file_if_not_exists("{}/{}".format(self.backup_path, self.backup_file_ipv4)) execute_os_command("{} >> {}/{}".format(self.iptables_bin_save, self.backup_path, self.backup_file_ipv4)) debug("backup for ipv4 rules created") if self.ipv6 is True: create_file_if_not_exists("{}/{}".format(self.backup_path, self.backup_file_ipv6)) execute_os_command("{} >> {}/{}".format(self.ip6tables_bin_save, self.backup_path, self.backup_file_ipv6)) debug("backup of ipv6 rules created") info("backup of iptables configuration created")
def setUp(self) -> None: content = """[EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [IPV6] enabled = yes [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists("iptables.ini") write_into_file("iptables.ini", content) self.config = Config("iptables.ini") self.iptables = Iptables(self.config)
def save(self) -> None: """ the function saves the current iptables state into a file """ backup_path = self.cfg.get_value("BACKUP", "filepath") create_folder_if_not_exists(backup_path) backup_file = self.cfg.get_value("BACKUP", "ipv4filename") create_file_if_not_exists("{}/{}".format(backup_path, backup_file)) execute_os_command("{} >> {}/{}".format(self.iptables_bin_save, backup_path, backup_file)) debug("backup for ipv4 rules created") if self.ipv6 is True: backup_file = self.cfg.get_value("BACKUP", "ipv6filename") create_file_if_not_exists("{}/{}".format(backup_path, backup_file)) execute_os_command("{} >> {}/{}".format(self.ip6tables_bin_save, backup_path, backup_file)) debug("backup of ipv6 rules created") info("backup of iptables configuration created")
def setUp(self) -> None: self.config_backup_path = "config/easywall.ini.backup" if file_exists(CONFIG_PATH): rename_file(CONFIG_PATH, self.config_backup_path) content = """[LOG] level = info to_files = false to_stdout = true filepath = filename = [IPV6] enabled = true [ACCEPTANCE] enabled = false duration = 120 timestamp = [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore [BACKUP] filepath = ./backup ipv4filename = iptables_v4_backup ipv6filename = iptables_v6_backup """ create_file_if_not_exists(CONFIG_PATH) write_into_file(CONFIG_PATH, content) delete_folder_if_exists("rules")
def reset(self): """the function is called then the user did not accept the changes""" if self.enabled: create_file_if_not_exists(self.filename) write_into_file(self.filename, "false") debug("Acceptance has been reset.")
def create_running_file(self): """the function creates a file in the main directory called .running""" create_file_if_not_exists(".running")
def apply_step_one() -> None: """ the function triggeres the easywall core to apply the new firewall rules """ create_file_if_not_exists(".apply")
def prepare_configuration() -> None: """TODO: Doku.""" if file_exists(EASYWALL_CONFIG_PATH): rename_file(EASYWALL_CONFIG_PATH, EASYWALL_CONFIG_BACKUP_PATH) if file_exists(WEB_CONFIG_PATH): rename_file(WEB_CONFIG_PATH, WEB_CONFIG_BACKUP_PATH) if file_exists(LOG_CONFIG_PATH): rename_file(LOG_CONFIG_PATH, LOG_CONFIG_BACKUP_PATH) content = """[IPTABLES] log_blocked_connections = yes log_blocked_connections_log_limit = 60 log_blacklist_connections = yes log_blacklist_connections_log_limit = 60 drop_broadcast_packets = yes drop_multicast_packets = yes drop_anycast_packets = yes ssh_brute_force_prevention = yes ssh_brute_force_prevention_log = yes ssh_brute_force_prevention_connection_limit = 5 ssh_brute_force_prevention_log_limit = 60 icmp_flood_prevention = yes icmp_flood_prevention_log = yes icmp_flood_prevention_connection_limit = 5 icmp_flood_prevention_log_limit = 60 drop_invalid_packets = yes drop_invalid_packets_log = yes drop_invalid_packets_log_limit = 60 port_scan_prevention = yes port_scan_prevention_log = yes port_scan_prevention_log_limit = 60 [IPV6] enabled = yes icmp_allow_router_advertisement = yes icmp_allow_neighbor_advertisement = yes [ACCEPTANCE] enabled = yes duration = 1 timestamp = [EXEC] iptables = /sbin/iptables ip6tables = /sbin/ip6tables iptables-save = /sbin/iptables-save ip6tables-save = /sbin/ip6tables-save iptables-restore = /sbin/iptables-restore ip6tables-restore = /sbin/ip6tables-restore """ create_file_if_not_exists(EASYWALL_CONFIG_PATH) write_into_file(EASYWALL_CONFIG_PATH, content) content = """[WEB] username = demo password = xxx bindip = 0.0.0.0 bindport = 12227 login_attempts = 100 login_bantime = 1800 [VERSION] version = 0.0.0 sha = 12345 date = 2020-01-01T00:00:00Z timestamp = 1234 [uwsgi] ssl-option = 268435456 https-socket = 0.0.0.0:12227,ssl/easywall.crt,ssl/easywall.key,HIGH processes = 5 threads = 2 callable = APP master = yes die-on-term = yes wsgi-file = easywall/web/__main__.py need-plugin = python3 buffer-size = 16384 """ create_file_if_not_exists(WEB_CONFIG_PATH) write_into_file(WEB_CONFIG_PATH, content) config = Config(WEB_CONFIG_PATH) config.set_value("VERSION", "timestamp", str(int(time()))) content = """[LOG] level = info to_files = no to_stdout = yes filepath = /var/log filename = easywall.log """ create_file_if_not_exists(LOG_CONFIG_PATH) write_into_file(LOG_CONFIG_PATH, content)