def saveTuningDetails(maxConnections, maxSSLConnections, connectionTimeOut,
keepAliveTimeOut, cacheSizeInMemory,
gzipCompression):
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
try:
datas = open(
"/usr/local/lsws/conf/httpd_config.conf").readlines()
writeDataToFile = open(
"/usr/local/lsws/conf/httpd_config.conf", "w")
if gzipCompression == "Enable":
gzip = 1
else:
gzip = 0
for items in datas:
if items.find("maxConnections") > -1:
data = " maxConnections " + str(
maxConnections) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("maxSSLConnections") > -1:
data = " maxSSLConnections " + str(
maxSSLConnections) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("connTimeout") > -1:
data = " connTimeout " + str(
connectionTimeOut) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("keepAliveTimeout") > -1:
data = " keepAliveTimeout " + str(
keepAliveTimeOut) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("totalInMemCacheSize") > -1:
data = " totalInMemCacheSize " + str(
cacheSizeInMemory) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("enableGzipCompress") > -1:
data = " enableGzipCompress " + str(gzip) + "\n"
writeDataToFile.writelines(data)
continue
else:
writeDataToFile.writelines(items)
writeDataToFile.close()
print "1,None"
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [saveTuningDetails]")
print "0," + str(msg)
def enableRuleFile(fileName, packName):
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join(virtualHostUtilities.Server_root,
"conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/' +
packName) > -1 and items.find(fileName) > -1:
conf.write(items.lstrip('#'))
else:
conf.writelines(items)
conf.close()
else:
path = '/usr/local/lsws/conf/comodo_litespeed/'
completePath = path + fileName
completePathBak = path + fileName + '.bak'
command = 'mv ' + completePathBak + ' ' + completePath
ProcessUtilities.executioner(command)
installUtilities.reStartLiteSpeed()
print "1,None"
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [enableRuleFile]")
print "0," + str(msg)
def disableComodo():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join(virtualHostUtilities.Server_root,
"conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/comodo') > -1:
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print "1,None"
else:
try:
shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed')
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + ' [disableComodo]')
installUtilities.reStartLiteSpeed()
print "1,None"
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [disableComodo]")
print "0," + str(msg)
def saveModSecRules():
try:
rulesFile = open(modSec.tempRulesFile, 'r')
data = rulesFile.read()
rulesFile.close()
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
rulesFilePath = os.path.join(virtualHostUtilities.Server_root,
"conf/modsec/rules.conf")
else:
rulesFilePath = os.path.join(virtualHostUtilities.Server_root,
"conf/rules.conf")
rulesFile = open(rulesFilePath, 'w')
rulesFile.write(data)
rulesFile.close()
installUtilities.reStartLiteSpeed()
print "1,None"
return
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [saveModSecRules]")
print "0," + str(msg)
def stopLiteSpeedSocket():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
command = "sudo systemctl stop lsws"
else:
command = "sudo /usr/local/lsws/bin/lswsctrl stop"
return ProcessUtilities.executioner(command)
except OSError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [reStartLiteSpeed]")
return 0
def reStartLiteSpeed():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
command = "systemctl restart lsws"
else:
command = "/usr/local/lsws/bin/lswsctrl restart"
ProcessUtilities.normalExecutioner(command)
except OSError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [reStartLiteSpeed]")
return 0
def setupComodoRules():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
pathTOOWASPFolder = os.path.join(
virtualHostUtilities.Server_root, "conf/modsec/comodo")
extractLocation = os.path.join(
virtualHostUtilities.Server_root, "conf/modsec")
if os.path.exists(pathTOOWASPFolder):
shutil.rmtree(pathTOOWASPFolder)
if os.path.exists('comodo.tar.gz'):
os.remove('comodo.tar.gz')
command = "wget https://" + modSec.mirrorPath + "/modsec/comodo.tar.gz"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
tar = tarfile.open('comodo.tar.gz')
tar.extractall(extractLocation)
tar.close()
return 1
else:
if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'):
shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed')
extractLocation = os.path.join(
virtualHostUtilities.Server_root, "conf")
if os.path.exists('cpanel_litespeed_vendor'):
os.remove('cpanel_litespeed_vendor')
command = "wget https://waf.comodo.com/api/cpanel_litespeed_vendor"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
command = "unzip cpanel_litespeed_vendor -d " + extractLocation
subprocess.call(shlex.split(command))
return 1
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [setupComodoRules]")
return 0
def fetchPHPDetails(virtualHost):
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
try:
path = installUtilities.Server_root_path + "/conf/vhosts/" + virtualHost + "/vhost.conf"
command = "sudo cat " + path
datas = ProcessUtilities.outputExecutioner(command).split("\n")
dataToReturn = {}
for items in datas:
if items.find("maxConns") > -1:
data = items.split()
dataToReturn['maxConns'] = data[1]
if items.find("initTimeout") > -1:
data = items.split()
dataToReturn['initTimeout'] = data[1]
if items.find("persistConn") > -1:
data = items.split()
dataToReturn['persistConn'] = data[1]
if items.find("memSoftLimit") > -1:
data = items.split()
dataToReturn['memSoftLimit'] = data[1]
if items.find("memHardLimit") > -1:
data = items.split()
dataToReturn['memHardLimit'] = data[1]
if items.find("procSoftLimit") > -1:
data = items.split()
dataToReturn['procSoftLimit'] = data[1]
if items.find("procHardLimit") > -1:
data = items.split()
dataToReturn['procHardLimit'] = data[1]
return dataToReturn
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [fetchPHPDetails]")
return 0
def fetchTuningDetails():
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
try:
dataToReturn = {}
command = "sudo cat /usr/local/lsws/conf/httpd_config.conf"
datas = ProcessUtilities.outputExecutioner(command).split("\n")
for items in datas:
if items.find("maxConnections") > -1:
data = items.split()
dataToReturn['maxConnections'] = data[1]
if items.find("maxSSLConnections") > -1:
data = items.split()
dataToReturn['maxSSLConnections'] = data[1]
if items.find("connTimeout") > -1:
data = items.split()
dataToReturn['connTimeout'] = data[1]
if items.find("maxConnections") > -1:
data = items.split()
dataToReturn['maxConnections'] = data[1]
if items.find("keepAliveTimeout") > -1:
data = items.split()
dataToReturn['keepAliveTimeout'] = data[1]
if items.find("totalInMemCacheSize") > -1:
data = items.split()
dataToReturn['totalInMemCacheSize'] = data[1]
if items.find("enableGzipCompress") > -1:
data = items.split()
dataToReturn['enableGzipCompress'] = data[1]
return dataToReturn
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [fetchTuningDetails]")
return 0
def reStartOpenLiteSpeed(restart,orestart):
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
command = "sudo systemctl restart lsws"
else:
command = "sudo /usr/local/lsws/bin/lswsctrl restart"
cmd = shlex.split(command)
res = subprocess.call(cmd)
if res == 1:
print("###############################################")
print(" Could not restart Litespeed serve ")
print("###############################################")
sys.exit()
else:
print("###############################################")
print(" Litespeed Re-Started ")
print("###############################################")
except OSError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [reStartOpenLiteSpeed]")
return 0
def tunePHP(virtualHost, maxConns, initTimeout, persistConn, memSoftLimit,
memHardLimit, procSoftLimit, procHardLimit):
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
try:
path = installUtilities.Server_root_path + "/conf/vhosts/" + virtualHost + "/vhost.conf"
datas = open(path).readlines()
writeDataToFile = open(path, "w")
for items in datas:
if items.find("maxConns") > -1:
data = " maxConns " + str(
maxConns) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("initTimeout") > -1:
data = " initTimeout " + str(
initTimeout) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("memSoftLimit") > -1:
data = " memSoftLimit " + str(
memSoftLimit) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("memHardLimit") > -1:
data = " memHardLimit " + str(
memHardLimit) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("procSoftLimit") > -1:
data = " procSoftLimit " + str(
procSoftLimit) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("procHardLimit") > -1:
data = " procHardLimit " + str(
procHardLimit) + "\n"
writeDataToFile.writelines(data)
continue
elif items.find("persistConn") > -1:
if persistConn == "Enable":
persist = 1
else:
persist = 0
data = " persistConn " + str(
persist) + "\n"
writeDataToFile.writelines(data)
continue
else:
writeDataToFile.writelines(items)
writeDataToFile.close()
print "1,None"
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [saveTuningDetails]")
print "0," + str(msg)
def installComodo():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
if modSec.setupComodoRules() == 0:
print '0, Unable to download Comodo Rules.'
return
owaspRulesConf = """modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/modsecurity.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/01_Init_AppsInitialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/03_Global_Agents.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/04_Global_Domains.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/05_Global_Backdoor.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/06_XSS_XSS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/07_Global_Other.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/08_Bruteforce_Bruteforce.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/09_HTTP_HTTP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/10_HTTP_HTTPDoS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/11_HTTP_Protocol.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/12_HTTP_Request.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/13_Outgoing_FilterGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/14_Outgoing_FilterASP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/15_Outgoing_FilterPHP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/16_Outgoing_FilterSQL.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/17_Outgoing_FilterOther.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/18_Outgoing_FilterInFrame.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/19_Outgoing_FiltersEnd.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/20_PHP_PHPGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/21_SQL_SQLi.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/22_Apps_Joomla.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/23_Apps_JComponent.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/24_Apps_WordPress.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/25_Apps_WPPlugin.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/26_Apps_WHMCS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/27_Apps_Drupal.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_OtherApps.conf
"""
confFile = os.path.join(virtualHostUtilities.Server_root,
"conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find(
'/usr/local/lsws/conf/modsec/rules.conf') > -1:
conf.writelines(items)
conf.write(owaspRulesConf)
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print "1,None"
return
else:
if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'):
shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed')
extractLocation = os.path.join(
virtualHostUtilities.Server_root, "conf")
if os.path.exists('cpanel_litespeed_vendor'):
os.remove('cpanel_litespeed_vendor')
command = "wget https://waf.comodo.com/api/cpanel_litespeed_vendor"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
command = "unzip cpanel_litespeed_vendor -d " + extractLocation
result = subprocess.call(shlex.split(command))
command = 'sudo chown -R lsadm:lsadm /usr/local/lsws/conf'
subprocess.call(shlex.split(command))
installUtilities.reStartLiteSpeed()
print "1,None"
return
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [installComodo]")
print "0," + str(msg)
def saveModSecConfigs(tempConfigPath):
try:
data = open(tempConfigPath).readlines()
os.remove(tempConfigPath)
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join(virtualHostUtilities.Server_root,
"conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsecurity ') > -1:
conf.writelines(data[0])
continue
elif items.find('SecAuditEngine ') > -1:
conf.writelines(data[1])
continue
elif items.find('SecRuleEngine ') > -1:
conf.writelines(data[2])
continue
elif items.find('SecDebugLogLevel') > -1:
conf.writelines(data[3])
continue
elif items.find('SecAuditLogRelevantStatus ') > -1:
conf.writelines(data[5])
continue
elif items.find('SecAuditLogParts ') > -1:
conf.writelines(data[4])
continue
elif items.find('SecAuditLogType ') > -1:
conf.writelines(data[6])
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print "1,None"
return
else:
confFile = os.path.join(virtualHostUtilities.Server_root,
"conf/modsec.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('SecAuditEngine ') > -1:
conf.writelines(data[0])
continue
elif items.find('SecRuleEngine ') > -1:
conf.writelines(data[1])
continue
elif items.find('SecDebugLogLevel') > -1:
conf.writelines(data[2])
continue
elif items.find('SecAuditLogRelevantStatus ') > -1:
conf.writelines(data[4])
continue
elif items.find('SecAuditLogParts ') > -1:
conf.writelines(data[3])
continue
elif items.find('SecAuditLogType ') > -1:
conf.writelines(data[5])
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print "1,None"
return
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [saveModSecConfigs]")
print "0," + str(msg)