def reload_all_intfs(request): k_output = "Reloading all interface :<br>" intfs = Intf.objects.all() mc = MC() for intf in intfs: if intf.need_restart: fail = intf.maybeWrite() if fail: k_output += "%s:%s" % (intf.name, fail) else: k_output += intf.name + ":" outp = intf.k('graceful') if outp: k_output += outp else: k_output += "everything ok" k_output += "<br>" # Delete memcached records to update config for app in App.objects.filter(intf=intf).all(): mc.delete(app.name + ':app') return render_to_response('vulture/intf_list.html', { 'object_list': intfs, 'k_output': k_output, 'user': request.user })
def stop_intf(request, intf_id): intf = Intf.objects.get(pk=intf_id) k_output = intf.k('stop') apps = App.objects.filter(intf=intf).all() for app in apps: # Delete memcached records to update config MC.delete(app.name + ':app') sleep(2) return render_to_response('vulture/intf_list.html', {'object_list': Intf.objects.all(), 'k_output': k_output, 'user' : request.user})
def reload_intf(request, intf_id): intf = Intf.objects.get(pk=intf_id) fail = intf.maybeWrite() if fail: k_output = fail else: k_output = intf.k('graceful') apps = App.objects.filter(intf=intf).all() for app in apps: # Delete memcached records to update config MC.delete("%s:app"%app.name) return render_to_response('vulture/intf_list.html', {'object_list': Intf.objects.all(), 'k_output': k_output, 'user' : request.user})
def stop_intf(request, intf_id): intf = Intf.objects.get(pk=intf_id) k_output = intf.k('stop') apps = App.objects.filter(intf=intf).all() mc = MC() for app in apps: # Delete memcached records to update config mc.delete(app.name + ':app') sleep(2) return render_to_response( 'vulture/intf_list.html', { 'object_list': Intf.objects.all(), 'k_output': k_output, 'user': request.user })
def reload_intf(request, intf_id): intf = Intf.objects.get(pk=intf_id) fail = intf.maybeWrite() if fail: k_output = fail else: k_output = intf.k('graceful') apps = App.objects.filter(intf=intf).all() mc = MC() for app in apps: # Delete memcached records to update config mc.delete("%s:app" % app.name) return render_to_response( 'vulture/intf_list.html', { 'object_list': Intf.objects.all(), 'k_output': k_output, 'user': request.user })
def reload_all_intfs(request): k_output = "Reloading all interface :<br>" intfs = Intf.objects.all() for intf in intfs : if intf.need_restart: fail = intf.maybeWrite() if fail: k_output += "%s:%s"%(intf.name,fail) else: k_output += intf.name+":" outp = intf.k('graceful') if outp: k_output += outp else: k_output += "everything ok" k_output += "<br>" # Delete memcached records to update config for app in App.objects.filter(intf=intf).all(): MC.delete(app.name + ':app') return render_to_response('vulture/intf_list.html', {'object_list': intfs, 'k_output': k_output, 'user' : request.user})
def edit_app(request, object_id=None): inst = object_id and App.objects.get(pk=object_id) app_inst = object_id and App.objects.get(id=object_id) form = AppForm(request.POST or None, instance=inst) form.header = Header.objects.order_by("-id").filter(app=object_id) FJKD = inlineformset_factory(App, JKDirective, extra=4) # Save new/edited app if request.method == 'POST' and form.is_valid(): appdirname = request.POST['name'] appdirname = appdirname.replace("/", "") regex = re.compile("[\w\-\.]+") if not regex.match(appdirname): raise ValueError(appdirname + " does not match a valid app name") dataPosted = request.POST app = form.save() fjkd = FJKD(request.POST, instance=inst) #JK Directives if fjkd.is_valid(): fjkd.save() else: raise ValueError("bad inline formset !!!!") #SSL Configuration fssl_conf = SSLConfForm(request.POST, instance=object_id and app_inst.ssl_configuration, prefix='ssl_conf') if form.cleaned_data['conf_from_intf']: inst = Intf.objects.get(id=form.cleaned_data['intf']) ssl_conf_id = inst.ssl_configuration if hasattr( app_inst, 'ssl_configuration' ) and app_inst.ssl_configuration != inst.ssl_configuration: #delete unused ssl_configuration try: app_inst.ssl_configuration.delete() except AttributeError: pass if fssl_conf.is_valid() and not form.cleaned_data['conf_from_intf']: if hasattr(app_inst, 'ssl_configuration' ) and app_inst.ssl_configuration == Intf.objects.get( id=form.cleaned_data['intf']).ssl_configuration: fssl_conf = SSLConfForm( request.POST, prefix='ssl_conf' ) #To switch from Intf-SSL_Conf to App-SSL_Conf ssl_conf_id = fssl_conf.save() app.ssl_configuration = ssl_conf_id # headers .. headers = Header.objects.filter(app=object_id) #Delete old headers headers.delete() for data in dataPosted: m = re.match('header_id-(\d+)', data) if m != None: id_ = m.group(1) desc = dataPosted['field_desc-' + id_] type_ = dataPosted['field_type-' + id_] if desc and type_: instance = Header(app=app, name=desc, value=dataPosted['field_value-' + id_], type=type_) instance.save() # delete cached version of this app in memcache MC().delete('%s:app' % app.name) # Make sure we're using logic auth there app.auth = get_logic_auth_for(app.auth) app.save() return HttpResponseRedirect('/app/') fjkd = FJKD(instance=inst) fssl_conf = SSLConfForm(request.POST or None, instance=object_id and app_inst.ssl_configuration, prefix='ssl_conf') # Save new/edited app return render_to_response('vulture/app_form.html', { 'form': form, 'user': request.user, 'fjkd': fjkd, 'fssl_conf': fssl_conf })
def manage_cluster(request): version_conf = Conf.objects.get(var='version_conf') curversion=int(version_conf.value or 0) if request.method == 'POST': curversion += 1 version_conf.value = str(curversion) version_conf.save() return render_to_response('vulture/cluster_list.html', {'last_version':curversion, 'object_list':MC.list_servers()})
def edit_app(request,object_id=None): inst = object_id and App.objects.get(pk=object_id) form = AppForm(request.POST or None,instance=inst) form.header = Header.objects.order_by("-id").filter(app=object_id) FJKD = inlineformset_factory(App, JKDirective, extra=4) # Save new/edited app if request.method == 'POST' and form.is_valid(): appdirname = request.POST['name'] appdirname = appdirname.replace("/","") regex = re.compile("[\w\-\.]+") if not regex.match(appdirname): raise ValueError(appdirname+" does not match a valid app name") path = "%s/security-rules"%(settings.CONF_PATH) custom_p = "%s/CUSTOM"%path custom_app_p = "%s/%s"%(custom_p,appdirname) app_acti_p = "%s/activated/%s"%(path,appdirname) fname = "vulture-%s.conf"%(appdirname) fpath = "%s/%s"%(custom_app_p,fname) dataPosted = request.POST app = form.save() #Delete old headers headers = Header.objects.filter(app=object_id) headers.delete() fjkd = FJKD(request.POST,instance=inst) if fjkd.is_valid(): fjkd.save() else: raise ValueError("bad inline formset !!!!") if "MS_Activated" in dataPosted: # create needed directories for this app for rep in (path,custom_p,custom_app_p,app_acti_p): if not os.path.exists(rep): os.mkdir(rep,0770) # get variables we send to the template mod_secu_vars = {"appname":app.name} for row in ('version','action', 'motor', 'critical_score','warning_score','error_score', 'notice_score','inbound_score','outbound_score', 'paranoid', 'UTF', 'XML', 'BodyAccess', 'max_num_args', 'arg_name_length', 'arg_length', 'total_arg_length', 'max_file_size','combined_file_size', 'allowed_http','allowed_content_type', 'allowed_http_version','restricted_extensions', 'restricted_headers', 'BT_activated', 'protected_urls', 'BT_burst_time_slice', 'BT_counter_threshold', 'BT_block_timeout', 'DoS_activated', 'DoS_burst_time_slice', 'DoS_counter_threshold', 'DoS_block_timeout', 'Custom' ): if row in dataPosted: mod_secu_vars[row]=dataPosted[row] # write config file for this app t = get_template("mod_secu.conf") ctx = Context(mod_secu_vars) conf_txt = t.render(ctx) f = open(fpath,'wb') f.write(conf_txt) f.close() # create/remove symlinks for activated rules directory = { "base_rules":"securitybase", "experimental_rules":'securityexp', "optional_rules":'securityopt', "slr_rules":'securityslr', "CUSTOM":'CUSTOM' } # create directory for app conf if needed # remove deleted rules, add new ones for dir_, file_list in directory.iteritems(): new_files = request.POST.getlist(file_list) # if not form.fields[file_list].initial: # break; for old_file in form.fields[file_list].initial: if not old_file in new_files: os.remove("%s/%s"%(app_acti_p,old_file)) for file_ in new_files: try: os.symlink("%s/%s/%s"%(path,dir_,file_),"%s/%s"%(app_acti_p,file_)) except: pass # link all data files in app directory for src in directory: link_path("%s/%s"%(path,src),app_acti_p,".*\.data$") try: os.symlink(fpath,"%s/%s"%(app_acti_p,fname)) except: pass # mod_security was disabled for this app else: for rep in (custom_app_p,app_acti_p): if os.path.exists(rep): for rmfile in os.listdir(rep): os.remove("%s/%s"%(rep,rmfile)) os.rmdir(rep) # headers .. for data in dataPosted: m = re.match('header_id-(\d+)',data) if m != None: id_ = m.group(1) desc = dataPosted['field_desc-' + id_] type_ = dataPosted['field_type-' + id_] if desc and type_: instance = Header(app=app, name = desc, value = dataPosted['field_value-' + id_], type=type_) instance.save() # delete cached version of this app in memcache MC.delete('%s:app'%app.name) # Make sure we're using logic auth there app.auth = get_logic_auth_for(app.auth) app.save() return HttpResponseRedirect('/app/') fjkd = FJKD(instance=inst) return render_to_response('vulture/app_form.html', {'form': form, 'user' : request.user, 'fjkd':fjkd})