def __init__(self): InstallCommand.__init__(self) self.cron_acl_sudo = "#!/bin/sh" with open(files.get_rel_path("data/cron_acl.tpl")) as f: cron_acl_tpl = Template(f.read()) self.cron_acl_sudo = cron_acl_tpl.safe_substitute(group="sudo", site_path="/data/www") self.cron_acl_dev_team = "#!/bin/sh" if CONFIG.is_set('site','ldap_dev_team'): with open(files.get_rel_path("data/cron_dev_team.tpl")) as f: cron_acl_tpl = Template(f.read()) self.cron_acl_dev_team = cron_acl_tpl.safe_substitute(group=CONF_MAP('site','ldap_dev_team')) self.packages = "acl" self.add_package(self.packages) self.add_folder('/etc/cron.acl') self.add_file('/etc/crontab', ck_func=self.check_acl_crontab, fix_func=self.fix_acl_crontab) self.add_file('/etc/cron.acl/sudo', ck_func=self.check_perm_cron, fix_func=self.fix_perm_cron, perm={'u':'rx', 'g':'rx', 'o':'rx'}) self.add_file('/etc/cron.acl/ldap_dev_team', ck_func=self.check_perm_dev_team, fix_func=self.fix_perm_dev_team, perm={'u':'rx', 'g':'rx', 'o':'rx'})
def __init__(self): InstallCommand.__init__(self) self.packages = "ufw" self.add_package(self.packages) self.add_file('/etc/rsyslog.d/20-ufw.conf', ck_func=self.check_ufw, fix_func=self.fix_ufw)
def __init__(self): InstallCommand.__init__(self) self.packages = "openssh-server" self.add_package(self.packages) self.add_file('/etc/ssh/sshd_config', ck_func=self.check_ssh, fix_func=self.fix_ssh)
def __init__(self): InstallCommand.__init__(self) self.cron_acl = "#!/bin/sh" with open(files.get_rel_path("data/cron_acl_apache.tpl")) as f: self.cron_acl = f.read() self.root_directive = str("" "<Directory />\n" " AllowOverride None\n" " Order Deny,Allow\n" " Deny from all\n" "</Directory>\n") self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand()) self.add_package('apache2') self.add_folder('/data/www', ck_func=self.check_moved, fix_func=self.fix_moved) self.add_file('/etc/cron.acl/apache', ck_func=self.check_perm_cron, fix_func=self.fix_perm_cron, perm={'u':'rx', 'g':'rx', 'o':'rx'}) self.add_file('/etc/apache2/conf.d/security', ck_func=self.check_secure, fix_func=self.fix_secure) self.add_folder('/var/www/default',perm={'u':'rwx', 'g':'rwx', 'o':'rx'}) self.add_file('/var/www/default/index.html', fix_func=self.fix_default_index, perm={'u':'rw', 'g':'rw', 'o':'r'}) self.add_file('/etc/apache2/sites-available/default', ck_func=self.check_vh_default, fix_func=self.fix_vh_default) self.add_file('/etc/apache2/sites-available/default-ssl', ck_func=self.check_vh_default_ssl, fix_func=self.fix_vh_default_ssl)
def __init__(self): InstallCommand.__init__(self) self.packages = "automysqlbackup" self.add_package(self.packages) self.add_file('/etc/default/automysqlbackup', ck_func=self.check_backup, fix_func=self.fix_backup)
def __init__(self): InstallCommand.__init__(self) self.org_dis_fun = "disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,\n" self.dis_fun = "\ndisable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,shell_exec, passthru,proc_open,proc_close,proc_get-status,proc_nice,proc_terminate,exec,system,suexec,popen,pclose,dl,virtual,set_time_limit,phpinfo,php_uname" self.packages = "php5 php5-mysql php5-ldap libapache2-mod-php5" self.add_package(self.packages) self.add_file('/etc/php5/apache2/php.ini', ck_func=self.check_secure_php, fix_func=self.fix_secure_php)
def __init__(self): InstallCommand.__init__(self) self.packages = "munin-node" self.add_package(self.packages) self.add_file('/etc/munin/munin-node.conf', ck_func=self.check_munin_master_ip, fix_func=self.fix_munin_master_ip) self.master_ip = self.LOCIP conf = CONFIG.get() if not CONFIG.is_set(self.NAME,'master_ip'): self.master_ip = None else: self.master_ip = conf[self.NAME]['master_ip']
def __init__(self): InstallCommand.__init__(self) self.packages = "libpam-script" self.add_package(self.packages) self.add_folder(CONF_MAP('libpam_script','auto_mount_dir')) self.add_file('/etc/pam.d/common-session', ck_func=self.check_common_session, fix_func=self.fix_common_session) self.add_file('/usr/share/libpam-script/pam_script_ses_open', ck_func=self.check_ses_open, fix_func=self.fix_ses_open, perm={'u':'rx', 'g':'rx', 'o':'rx'}) self.add_file('/usr/share/libpam-script/pam_script_ses_close', ck_func=self.check_ses_close, fix_func=self.fix_ses_close, perm={'u':'rx', 'g':'rx', 'o':'rx'})
def __init__(self): InstallCommand.__init__(self) self.add_prerequisite(InstallNTPCommand.NAME, obj=InstallNTPCommand()) self.add_prerequisite(InstallTopToolsCommand.NAME, obj=InstallTopToolsCommand()) self.add_prerequisite(InstallFail2BanCommand.NAME, obj=InstallFail2BanCommand()) self.add_prerequisite(InstallPHPCommand.NAME, obj=InstallPHPCommand()) self.add_prerequisite(InstallApacheCommand.NAME, obj=InstallApacheCommand()) self.add_prerequisite(InstallMySQLCommand.NAME, obj=InstallMySQLCommand()) self.add_prerequisite(InstallAutoMySQLBackupCommand.NAME, obj=InstallAutoMySQLBackupCommand()) self.add_prerequisite(InstallUFWCommand.NAME, obj=InstallUFWCommand()) self.add_prerequisite(InstallSSHCommand.NAME, obj=InstallSSHCommand()) self.add_prerequisite(InstallMuninNodeCommand.NAME, obj=InstallMuninNodeCommand()) self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand()) self.add_prerequisite(InstallAWStatsCommand.NAME, obj=InstallAWStatsCommand()) self.add_prerequisite(InstallLibPAMScriptCommand.NAME, obj=InstallLibPAMScriptCommand()) self.add_prerequisite(InstallGrubGFXCommand.NAME, obj=InstallGrubGFXCommand()) self.add_prerequisite(InstallCentrifyCommand.NAME, obj=InstallCentrifyCommand())
def __init__(self): InstallCommand.__init__(self) self.cron_acl_domainadmins = "#!/bin/sh" with open(files.get_rel_path("data/cron_acl.tpl")) as f: cron_acl_tpl = Template(f.read()) self.cron_acl_domainadmins = cron_acl_tpl.safe_substitute(group="domain\\ admins", site_path="/data/www") self.add_prerequisite(InstallACLCommand.NAME, obj=InstallACLCommand()) self.add_package("centrifydc", fix_func=self.fix_centrifydc) self.add_file('/etc/centrifydc/centrifydc.conf', ck_func=self.check_centrify_conf, fix_func=self.fix_centrify_conf) self.add_file('/etc/centrifydc/users.allow',fix_func=self.fix_user_allow) self.add_file('/etc/centrifydc/groups.allow', ck_func=self.check_group_allow, fix_func=self.fix_group_allow) self.add_file('/etc/sudoers.d/centrify_uwsa', ck_func=self.check_sudoers, fix_func=self.fix_sudoers, perm={'u':'r', 'g':'r', 'o':''}) self.add_file('/etc/cron.acl/domainadmins', ck_func=self.check_perm_cron, fix_func=self.fix_perm_cron, perm={'u':'rx', 'g':'rx', 'o':'rx'})
def __init__(self): InstallCommand.__init__(self) self.add_package("python-ldap") self.add_package("python-iniparse") self.add_package("python-mysqldb") self.add_folder("/var/log/uwsa") self.add_folder("/etc/uwsa") self.add_folder("/var/lib/uwsa/") self.add_folder("/var/lib/uwsa/user_scripts") self.add_folder(CONF_MAP("site", "conf_path")) self.add_folder(CONF_MAP("site", "wordpress_template_path")) self.add_folder(CONF_MAP("site", "wikimedia_template_path")) self.add_folder(CONF_MAP("site", "typo3_template_path")) self.add_folder(CONF_MAP("site", "vhost_path")) self.add_file("/etc/uwsa/uwsa.conf", fix_func=self.fix_uwsa_conf) self.add_file("/etc/logrotate.d/uwsa", fix_func=self.fix_logrotate) self.add_file("/var/log/uwsa/*.log", perm={"u": "rw", "g": "r", "o": ""}) self.add_file("/var/lib/uwsa/user_scripts/*.py", ck_func=self.check_user_scripts) self.add_file( "/var/lib/uwsa/auto_mount/*", ck_func=self.check_user_scripts, perm={"u": "rx", "g": "rx", "o": ""} )
def __init__(self): InstallCommand.__init__(self) self.packages = "ntp ntpdate" self.add_package(self.packages)
def __init__(self): InstallCommand.__init__(self) self.packages = "awstats" self.add_package(self.packages)
def __init__(self): InstallCommand.__init__(self) self.packages = "iotop htop jnettop nethogs apachetop sysstat dstat ifstat latencytop mytop ntop iperf" self.add_package(self.packages)
def __init__(self): InstallCommand.__init__(self) self.packages = "fail2ban" self.add_package(self.packages)
def __init__(self): InstallCommand.__init__(self) self.packages = "mysql-server" self.add_package(self.packages, ck_func=self.check_mysql, fix_func=self.fix_mysql)
def __init__(self): InstallCommand.__init__(self) self.add_file('/etc/default/grub', ck_func=self.check_grub, fix_func=self.fix_grub)