def refresh_policies(): svcs = get() newpolicies = {} for x in policies.get_all(): if x == "custom": newpolicies["custom"] = policies.get_all("custom") for y in svcs: if x == y.type: if not x in newpolicies: newpolicies[x] = {} for s in policies.get_all(x): if s == y.id: newpolicies[x][s] = policies.get(x, s) policies.config = newpolicies policies.save()
def save(self, fw=True): """ Save changes to a security policy to disk. :param bool fw: Regenerate the firewall after save? """ if self.type == "custom": for x in policies.get_all("custom"): if self.id == x["id"]: policies.remove_list("custom", x) break policies.append( "custom", { "id": self.id, "name": self.name, "icon": self.icon, "ports": self.ports, "policy": self.policy }) else: policies.set(self.type, self.id, self.policy) policies.save() storage.policies[self.id] = self if config.get("general", "firewall") and fw: security.regenerate_firewall(get())
def initialize(): """Initialize security policy tracking.""" logger.debug("TrSv", "Initializing security policy tracking") # arkOS policy = policies.get("arkos", "arkos", 2) port = [("tcp", int(config.get("genesis", "port")))] pol = SecurityPolicy("arkos", "arkos", "System Management (Genesis/APIs)", "server", port, policy) storage.policies[pol.id] = pol # uPNP policy = policies.get("arkos", "upnp", 1) pol = SecurityPolicy("arkos", "upnp", "uPnP Firewall Comms", "server", [("udp", 1900)], policy) if config.get("general", "enable_upnp"): storage.policies[pol.id] = pol # SSHd policy = policies.get("arkos", "sshd", 1) pol = SecurityPolicy("arkos", "sshd", "SSH", "server", [("tcp", 22)], policy) # ACME dummies for x in glob.glob("/etc/nginx/sites-enabled/acme-*"): acme_name = x.split("/etc/nginx/sites-enabled/acme-")[1] pol = SecurityPolicy("acme", acme_name, "{0} (ACME Validation)".format(acme_name), "globe", [('tcp', 80)], 2) storage.policies[pol.id] = pol for x in policies.get_all("custom"): pol = SecurityPolicy("custom", x["id"], x["name"], x["icon"], x["ports"], x["policy"]) storage.policies[pol.id] = pol
def refresh_policies(): """Recreate security policies based on what is stored in config.""" svcs = get() newpolicies = {} for x in policies.get_all(): if x == "custom": newpolicies["custom"] = policies.get_all("custom") for y in svcs: if x == y.type: if x not in newpolicies: newpolicies[x] = {} for s in policies.get_all(x): if s == y.id: newpolicies[x][s] = policies.get(x, s) policies.config = newpolicies policies.save()
def initialize(): policy = policies.get("arkos", "arkos", 2) storage.policies.add("policies", SecurityPolicy("arkos", "arkos", "System Management (Genesis/APIs)", "fa fa-desktop", [("tcp", int(config.get("genesis", "port")))], policy)) for x in policies.get_all("custom"): storage.policies.add("policies", SecurityPolicy("custom", x["id"], x["name"], x["icon"], x["ports"], x["policy"]))
def remove(self, fw=True): """ Remove a security policy from the firewall and config. You should probably use ``tracked_services.deregister()`` for this. :param bool fw: Regenerate the firewall after save? """ if self.type == "custom": for x in policies.get_all("custom"): if self.id == x["id"]: policies.remove_list("custom", x) break else: policies.remove(self.type, self.id) policies.save() if self.id in storage.policies: del storage.policies[self.id] if config.get("general", "firewall") and fw: security.regenerate_firewall(get())