def delHost(host):
# Check if host exists
if checkCommands.checkIfHostsExists(host) != 0:
# Initialize answer variable
answer = 'd'
# Prompt if sure of deletion
while answer != 'Y' and answer != 'n':
answer = raw_input('Do you really want to delete host '+host+' and all the rules associated ? [Y/n] ')
if answer == 'n':
print 'Host deletion cancelled'
return
elif answer == 'Y':
# Deleting host
# Connecting to SQLite DB
connection = sqlite.connect(configuration.basedir+configuration.datadir+"/db")
cursor = connection.cursor()
# First delete all the rules tied to the host
cursor.execute("DELETE FROM rules WHERE host_id=(SELECT id FROM host WHERE name=?);",[host])
# Then delete the host
cursor.execute("DELETE FROM host WHERE name=?",[host])
# Commit and exit
connection.commit()
cursor.close()
print 'Host successfully deleted'
else:
print 'Host deletion failed : Unknown host'
def delRule(host,rule):
# Check if host exists
if checkCommands.checkIfHostsExists(host) != 1:
print 'Unknow host '+host
return
# Prompt if sure of deletion
answer = '?'
while answer != 'Y' and answer != 'n':
answer = raw_input('Are you sure you want to delete this rule on all lines ? [Y/n] ')
if answer == 'n':
return
# Connecting to SQLite DB
connection = sqlite.connect(configuration.basedir+configuration.datadir+"/db")
cursor = connection.cursor()
cursor.execute("DELETE FROM rules WHERE rule=? AND host_id=(SELECT id FROM host WHERE name=?)",[rule,host])
# Commit and exit
connection.commit()
cursor.close()
def delLine(host, linenumber):
# Check if line number is correct
try:
int(linenumber)
except:
print 'Usage : line <#>. Deletes all rules on line in question.'
return
if int(linenumber) <= 0 or int(linenumber) > 200:
print 'Line number must be less then or equal to 200 and greater then 0'
return
# Check if host exists
if checkCommands.checkIfHostsExists(host) != 0:
# Initialize answer variable
answer = '?'
# Prompt if sure of deletion
while answer != 'Y' and answer != 'n':
answer = raw_input('Do you really want to delete all the rules on line '+linenumber+' ? [Y/n] ')
if answer == 'n':
print 'Line deletion cancelled'
return
elif answer == 'Y':
# Deleting all rules on line
# Connecting to SQLite DB
connection = sqlite.connect(configuration.basedir+configuration.datadir+"/db")
cursor = connection.cursor()
cursor.execute("DELETE FROM rules WHERE host_id=(SELECT id from host WHERE name=?) AND line=?;",[host,linenumber])
# Commit and exit
connection.commit()
cursor.close()
print 'Line successfully deleted'
def __init__(self,command):
# GLOBAL VARIABLE
global __mode__
global __selectedhost__
global __selectedline__
command_family = command.split()[0]
#
# LEVEL OF COMMANDS : BASE
#
if __mode__ == "base":
# Help command
if command_family == 'help':
print "Available commands are : add, del, exit, help, push, quit, show"
# Exit command
elif command_family == 'exit':
sys.exit(0)
# Quit command
elif command_family == 'quit':
sys.exit(0)
# __mode__ add
elif command_family == "add":
__mode__ = "add"
# __mode__ show
elif command_family == "show":
__mode__ = "show"
# __mode__ del
elif command_family == 'del':
__mode__ = 'del'
# __mode__ push
elif command_family == 'push':
__mode__ = 'push'
# Default, error and propose help
else:
print "Unknown command "+command_family+". Type help for help."
#
# LEVEL OF COMMANDS : DEL
#
elif __mode__ == 'del':
# Help command
if command_family == 'help':
print 'Available commands are : exit, help, host <name>, line <#>, quit, iptables <...>, iptables help, select <host>'
# exit command
elif command_family == 'exit':
# If no host selected
if __selectedhost__ == 'none':
# Return to base commands
__mode__ = 'base'
# If there is a selected host
else:
# If there is a selected line
if __selectedline__ != 0:
# Remove selected line
__selectedline__ == 0
else:
# Remove selected host
__selectedhost__ = 'none'
# host command
elif command_family == 'host':
# Check if number of arguments is correct
if len(command.split()) == 2:
# Give the variable a friendlier name
host = str(command.split()[1])
delCommands.delHost(host)
else:
print 'Usage : host <name>. Deletes the host in question.'
# select command
elif command_family == 'select':
# check if number of arguments is correct
if len(command.split()) == 2:
if checkCommands.checkIfHostsExists(command.split()[1]) == 1:
# Change prompt via global variable
__selectedhost__ = command.split()[1]
else:
print 'Select host failed : Host not found'
else:
print 'Usage : select <name>. Selects a host.'
# line command
elif command_family == 'line':
# Check if host is selected
if __selectedhost__ != 'none':
# Check if number of arguments is correct
if len(command.split()) == 2:
delCommands.delLine(__selectedhost__,command.split()[1])
else:
print 'Usage : line <#>. Deletes all the rules on the line in question.'
else:
print 'You must select a host before selecting line.'
# iptables command
elif command_family == 'iptables':
if __selectedhost__ == 'none' and not (len(command.split()) <= 2 or command.split()[1] == 'help'):
print 'You must select a host before deleting rule'
elif len(command.split()) <= 2 or command.split()[1] == 'help':
print 'Usage : '
print ' 1. Select a host'
print ' 2. Type in the rule you want to delete'
else:
delCommands.delRule(__selectedhost__,command)
# quit command
elif command_family == 'quit':
sys.exit(0)
# Unknow command
else:
print "Unknown command "+command_family+". Type help for help"
#
# LEVEL OF COMMANDS : PUSH
#
elif __mode__ == 'push':
# help command
if command_family == 'help':
print 'Available commands are : exit, help, ssh <host>, quit'
# exit command
elif command_family == 'exit':
# Check if no host selected
if __selectedhost__ == 'none':
# Return to base commands
__mode__ = "base"
# If there is a selected host
else:
# If there is a selected line
if __selectedline__ != 0:
# Remove selected line
__selectedline__ = 0
else:
# Remove selected host
__selectedhost__ = 'none'
# quit command
elif command_family == 'quit':
sys.exit(0)
# push command
elif command_family == 'ssh':
# Send to pushCommandSSH
pushCommands.pushSSH(command)
# default : error and propose help
else:
print 'Unknown command '+command_family+'. Type help for help'
#
# LEVEL OF COMMANDS : ADD
#
elif __mode__ == "add":
# Help command
if command_family == "help":
print "Available commands are : access-list, access-list help, exit, help, host, iptables, iptables help, line <#>, quit, select <host>"
# exit command
elif command_family == "exit":
# Check if no host selected
if __selectedhost__ == 'none':
# Return to base commands
__mode__ = "base"
# If there is a selected host
else:
# If there is a selected line
if __selectedline__ != 0:
# Remove selected line
__selectedline__ = 0
else:
# Remove selected host
__selectedhost__ = 'none'
# Quit command
elif command_family == "quit":
sys.exit(0)
# Host command
elif command_family == "host":
if len(command.split()) < 3:
print "Usage : add <name> <ip/hostname>. Adds the host."
elif len(command.split()) == 3:
# Give the variables a friendlier name
hostname = command.split()[1]
ip = command.split()[2]
# Add host
addCommands.addHost(hostname,ip)
else:
print 'Usage : add <name> <ip/hostname>'
# select command
elif command_family == 'select':
# check if number of arguments is correct
if len(command.split()) == 2:
if checkCommands.checkIfHostsExists(command.split()[1]) == 1:
# Change prompt via global variable
__selectedhost__ = command.split()[1]
else:
print 'Select host failed : Host not found'
else:
print 'Usage : select <name>. Selects a host.'
# line command
elif command_family == 'line':
# Check if number of arguments is correct
if len(command.split()) == 2:
# Check if host is selected
if __selectedhost__ != 'none':
# Check if argument is a number
if command.split()[1].isdigit():
# Check if line number >0 and <= 200
if int(command.split()[1]) > 0 and int(command.split()[1]) <= 200:
__selectedline__ = command.split()[1]
else:
print 'Line number must be greater then 0 and less then 200'
else:
print 'Line argument is not a number'
else:
print 'Must select a host before selecting line.'
else:
print 'Usage : line <linenumber>. Selects a line'
# Access-list command
elif command_family == "access-list":
if __selectedhost__ == 'none' and len(command.split()) >=2 and command.split()[1] != 'help':
print 'Access-list rule add failed : No host selected. Use "select" command.'
else:
# Send command to add-access-list function
rule = addCommands.addAccessList(command)
# Check if we got an iptables rules or an error
try:
if rule.split()[0] == 'iptables':
# Send rule to be written in host file
writeCommands.writeIptablesRule(__selectedhost__,__selectedline__,rule)
except:
# If we got an error, do nothing. Error message was already sent by previous function
pass
# iptables command
elif command_family == 'iptables':
if __selectedhost__ == 'none' and len(command.split()) >=2 and command.split()[1] != 'help':
print 'Iptables rule add failed : No host selected. Use "select" command.'
# iptables help
elif len(command.split()) == 1 or command.split()[1] == 'help':
print 'Insert an iptables rule as you would on a normal host'
print ' ex : iptables -A INPUT -s 192.168.0.0/24 -d 10.10.10.10 -j DROP'
else:
try:
# Directly send the rule to be writtent
writeCommands.writeIptablesRule(__selectedhost__,__selectedline__,command)
except:
# If we get an error, do nothing. Error message was already sent by previous function
pass
# template command
elif command_family == 'template':
# Check if host is selected
if __selectedhost__ == 'none':
print 'You must first select a host. Type help for help.'
else:
addCommands.addTemplateToHost(__selectedhost__,__selectedline__,command)
# Default, error and propose help
else:
print "Unknown command "+command_family+". Type help for help"
#
# LEVEL OF COMMANDS : SHOW
#
elif __mode__ == "show":
# Help command
if command_family == "help":
print "Availabe commands are : access-list <host>, exit, help, hosts, iptables <host>, quit, version"
# exit command
elif command_family == "exit":
# Return to base commands
__mode__ = "base"
# Quit command
elif command_family == "quit":
sys.exit(0)
# Hosts command
elif command_family == "hosts":
showCommands.showHosts()
# Version command
elif command_family == "version":
showCommands.showVersion()
elif command_family == 'access-list':
# Check if argument count is correct
if len(command.split()) == 2 :
# Check if host exists
host = command.split()[1]
if checkCommands.checkIfHostsExists(host):
# show access-list for the host
showCommands.showAccessList(host,0)
else:
print 'Unknown host '+host
else:
print 'Usage : access-list <host>'
elif command_family == 'iptables':
# Check if argument count is correct
if len(command.split()) == 2 :
# Check if host exists
host = command.split()[1]
if checkCommands.checkIfHostsExists(host):
# show access-list for the host
showCommands.showAccessList(host,0)
else:
print 'Unknown host '+host
else:
print 'Usage : iptables <host>'
# Default, error and propose help
else:
print "Unknown command "+command_family+". Type help for help"
# Go back to previous prompt
Prompt ()
def pushSSH(command):
# Check if length of command is correct
if len(command.split()) == 2:
# Give variables a friendlier name
host = command.split()[1]
# Check if host exists
if checkCommands.checkIfHostsExists(host):
# Ask for user
user = raw_input('Username: '******'Copy iptables script in directory [default: /usr/bin]: ')
# Default if no directory given
if directory == '':
directory = '/usr/bin'
# Get IP of the host
ip = checkCommands.getHostIp(host).strip('\n')
if ip == -1:
print 'Push rules failed : Could not get IP or hostname of host'
return
try:
# Create temporary file with all the rules
tempfile = open(configuration.basedir+configuration.datadir+'/nm-iptables.sh','w')
# Try to get the start template for the script.
try:
starttpl = open(configuration.basedir+configuration.tpldir+'/'+configuration.starttpl,'r')
for line in starttpl:
tempfile.write(str(line))
except:
# If it fails doesn't matter. It just means there is not start template
pass
# Write all the rules
tempfile.write(str(showCommands.showAccessList(host,1)))
# Close file
tempfile.close()
except IOError as (errno, strerror):
print "I/O error({0}): {1}".format(errno, strerror)
print "Push rules failed : Unable to create temporary file."
return
# scp our file
subprocess.Popen([ '/usr/bin/scp', configuration.basedir+configuration.datadir+'/nm-iptables.sh', user+'@'+ip+':'+directory+'/' ]).wait()
# If username is root
if user == 'root':
# Ask our user if he wants us to execute the script
answer = '?'
while answer != 'n' and answer != 'y':
answer = raw_input('Do you wish to execute the iptables script on the host ? [y/n]: ')
if answer == 'y':
# Send a little command via SSH
subprocess.Popen([ '/usr/bin/ssh', user+'@'+ip, "'/bin/bash "+directory+"/nm-iptables.sh'" ]).wait()
else:
# Ask our user if he wants us to execute the script via sudo
answer = '?'
while answer != 'n' and answer != 'Y':
answer = raw_input('Do you wish to execute the iptables script via sudo on the host ? [Y/n]: ')
if answer == 'Y':
# Send a little command via SSH using sudo
subprocess.Popen("/usr/bin/ssh "+user+"@"+ip+" 'sudo bash "+directory+"/nm-iptables.sh'", shell=True).wait()
# Remove the temporary file
os.remove(configuration.basedir+configuration.datadir+'/nm-iptables.sh')
else:
print 'Unknown host'
return
