def check_run(): ''' @name 开始检测 @author hwliang<2020-08-03> @return tuple (status<bool>,msg<string>) @example status, msg = check_run() if status: print('OK') else: print('Warning: {}'.format(msg)) ''' mycnf_file = '/etc/my.cnf' if not os.path.exists(mycnf_file): return True,'MySQL is not installed' mycnf = public.readFile(mycnf_file) port_tmp = re.findall(r"port\s*=\s*(\d+)",mycnf) if not port_tmp: return True,'MySQL is not installed' if not public.ExecShell("lsof -i :{}".format(port_tmp[0]))[0]: return True,'MySQL is not installed' result = public.check_port_stat(int(port_tmp[0]),public.GetClientIp()) if result == 0: return True,'Risk-free' return False,'The current MySQL port: {}, which can be accessed by any server, which may cause MySQL to be cracked by brute force, posing security risks'.format(port_tmp[0])
def check_run(): ''' @name 开始检测 @author hwliang<2020-08-03> @return tuple (status<bool>,msg<string>) @example status, msg = check_run() if status: print('OK') else: print('Warning: {}'.format(msg)) ''' mycnf_file = '/etc/my.cnf' if not os.path.exists(mycnf_file): return True, 'MySQL is not installed' mycnf = public.readFile(mycnf_file) port_tmp = re.findall(r"port\s*=\s*(\d+)", mycnf) if not port_tmp: return True, 'MySQL is not installed' if not public.ExecShell("lsof -i :{}".format(port_tmp[0]))[0]: return True, 'MySQL is not installed' result = public.check_port_stat(int(port_tmp[0]), public.GetLocalIp()) if result == 0: return True, 'Risk-free' fail2ban_file = '/www/server/panel/plugin/fail2ban/config.json' if os.path.exists(fail2ban_file): try: fail2ban_config = json.loads(public.readFile(fail2ban_file)) if 'mysql' in fail2ban_config.keys(): if fail2ban_config['mysql']['act'] == 'true': return True, 'Fail2ban is enabled' except: pass return False, '当前MySQL端口: {},可被任意服务器访问,这可能导致MySQL被暴力破解,存在安全隐患'.format( port_tmp[0])
def check_run(): ''' @name 开始检测 @author hwliang<2020-08-03> @return tuple (status<bool>,msg<string>) ''' p_file = '/etc/init.d/memcached' p_body = public.readFile(p_file) if not p_body: return True, 'Risk-free' tmp = re.findall(r"^\s*IP=(0\.0\.0\.0)", p_body, re.M) if not tmp: return True, 'Risk-free' tmp = re.findall(r"^\s*PORT=(\d+)", p_body, re.M) result = public.check_port_stat(int(tmp[0]), public.GetClientIp()) if result == 0: return True, 'Risk-free' return False, 'The current Memcached port: {} allows arbitrary client access, which can lead to data leakage'.format( tmp[0])
def GetList(self,get = None): try: data = {} # 获取开放的端口 data['ports'] = self.__Obj.GetAcceptPortList(); #当前时间 #'2018-10-11 14:36:40' addtime = time.strftime('%Y-%m-%d %X',time.localtime()) # for i in range(len(data['ports'])): # tmp = self.CheckDbExists(data['ports'][i]['port'],data['ports'][i]['protocol']); # | id | port | ps | addtime | ports | protocol | address_ip | types | if not tmp: public.M('firewall').add('port,ps,addtime',(data['ports'][i]['port'],'',addtime)) data['iplist'] = self.__Obj.GetDropAddressList(); for i in range(len(data['iplist'])): try: tmp = self.CheckDbExists(data['iplist'][i]['address']); if not tmp: public.M('firewall').add('port,ps,addtime',(data['iplist'][i]['address'],'',addtime)) except: return public.get_error_info() # 添加到firewalls 数据表中 data['reject']=self.__Obj.GetrejectLIST() for i in range(len(data['reject'])): try: tmp=self.CheckDbExists2(data['reject'][i]['protocol'], data['reject'][i]['type'], data['reject'][i]['port'], data['reject'][i]['address']) if not tmp:public.M('firewall').add('protocol,types,ports,address_ip,addtime', (data['reject'][i]['protocol'], data['reject'][i]['type'], data['reject'][i]['port'], data['reject'][i]['address'],addtime)) except: return public.get_error_info() # 添加允许信息到firewalls 表中 data['accept'] = self.__Obj.Getacceptlist() #return data for i in range(len(data['accept'])): try: tmp = self.CheckDbExists2(data['accept'][i]['protocol'], data['accept'][i]['type'], data['accept'][i]['port'], data['accept'][i]['address']) if not tmp: public.M('firewall').add('protocol,types,ports,address_ip,addtime', (data['accept'][i]['protocol'], data['accept'][i]['type'], data['accept'][i]['port'], data['accept'][i]['address'],addtime)) except: return public.get_error_info() count = public.M('firewall').count(); data = {} data['page'] = public.get_page(count,int(get.p),12,get.collback) data['data'] = public.M('firewall').limit(data['page']['shift'] + ',' + data['page']['row']).order('id desc').select() for i in range(len(data['data'])): if data['data'][i]['port'].find(':') != -1 or data['data'][i]['port'].find('.') != -1 or data['data'][i]['port'].find('-') != -1: data['data'][i]['status'] = -1; else: data['data'][i]['status'] = public.check_port_stat(int(data['data'][i]['port'])); data['page'] = data['page']['page'] return data except Exception as ex: return public.get_error_info()
def check_run(): ''' @name 开始检测 @author hwliang<2020-08-03> @return tuple (status<bool>,msg<string>) @example status, msg = check_run() if status: print('OK') else: print('Warning: {}'.format(msg)) ''' file = '/etc/ssh/sshd_config' conf = public.readFile(file) if not conf: conf = '' rep = r"#*Port\s+([0-9]+)\s*\n" tmp1 = re.search(rep, conf) port = '22' if tmp1: port = tmp1.groups(0)[0] version = public.readFile('/etc/redhat-release') if not version: version = public.readFile('/etc/issue').strip().split("\n")[0].replace( '\\n', '').replace('\l', '').strip() else: version = version.replace('release ', '').replace('Linux', '').replace('(Core)', '').strip() if os.path.exists('/usr/bin/apt-get'): if os.path.exists('/etc/init.d/sshd'): status = public.ExecShell( "service sshd status | grep -P '(dead|stop)'|grep -v grep") else: status = public.ExecShell( "service ssh status | grep -P '(dead|stop)'|grep -v grep") else: if version.find(' 7.') != -1 or version.find( ' 8.') != -1 or version.find('Fedora') != -1: status = public.ExecShell( "systemctl status sshd.service | grep 'dead'|grep -v grep") else: status = public.ExecShell( "/etc/init.d/sshd status | grep -e 'stopped' -e '已停'|grep -v grep" ) fail2ban_file = '/www/server/panel/plugin/fail2ban/config.json' if os.path.exists(fail2ban_file): try: fail2ban_config = json.loads(public.readFile(fail2ban_file)) if 'sshd' in fail2ban_config.keys(): if fail2ban_config['sshd']['act'] == 'true': return True, 'Fail2ban is enable' except: pass if len(status[0]) > 3: status = False else: status = True if not status: return True, 'SSH service is not enabled' if port != '22': return True, 'The default SSH port has been modified' result = public.check_port_stat(int(port), public.GetLocalIp()) if result == 0: return True, 'Rick-free' return False, 'The default SSH port ({}) has not been modified, and the access IP limit configuration has not been done, there is a risk of SSH breaching'.format( port)