def refresh_policies():
svcs = get()
newpolicies = {}
for x in policies.get_all():
if x == "custom":
newpolicies["custom"] = policies.get_all("custom")
for y in svcs:
if x == y.type:
if not x in newpolicies:
newpolicies[x] = {}
for s in policies.get_all(x):
if s == y.id:
newpolicies[x][s] = policies.get(x, s)
policies.config = newpolicies
policies.save()
def save(self, fw=True):
"""
Save changes to a security policy to disk.
:param bool fw: Regenerate the firewall after save?
"""
if self.type == "custom":
for x in policies.get_all("custom"):
if self.id == x["id"]:
policies.remove_list("custom", x)
break
policies.append(
"custom", {
"id": self.id,
"name": self.name,
"icon": self.icon,
"ports": self.ports,
"policy": self.policy
})
else:
policies.set(self.type, self.id, self.policy)
policies.save()
storage.policies[self.id] = self
if config.get("general", "firewall") and fw:
security.regenerate_firewall(get())
def initialize():
"""Initialize security policy tracking."""
logger.debug("TrSv", "Initializing security policy tracking")
# arkOS
policy = policies.get("arkos", "arkos", 2)
port = [("tcp", int(config.get("genesis", "port")))]
pol = SecurityPolicy("arkos", "arkos", "System Management (Genesis/APIs)",
"server", port, policy)
storage.policies[pol.id] = pol
# uPNP
policy = policies.get("arkos", "upnp", 1)
pol = SecurityPolicy("arkos", "upnp", "uPnP Firewall Comms", "server",
[("udp", 1900)], policy)
if config.get("general", "enable_upnp"):
storage.policies[pol.id] = pol
# SSHd
policy = policies.get("arkos", "sshd", 1)
pol = SecurityPolicy("arkos", "sshd", "SSH", "server", [("tcp", 22)],
policy)
# ACME dummies
for x in glob.glob("/etc/nginx/sites-enabled/acme-*"):
acme_name = x.split("/etc/nginx/sites-enabled/acme-")[1]
pol = SecurityPolicy("acme", acme_name,
"{0} (ACME Validation)".format(acme_name),
"globe", [('tcp', 80)], 2)
storage.policies[pol.id] = pol
for x in policies.get_all("custom"):
pol = SecurityPolicy("custom", x["id"], x["name"], x["icon"],
x["ports"], x["policy"])
storage.policies[pol.id] = pol
def refresh_policies():
"""Recreate security policies based on what is stored in config."""
svcs = get()
newpolicies = {}
for x in policies.get_all():
if x == "custom":
newpolicies["custom"] = policies.get_all("custom")
for y in svcs:
if x == y.type:
if x not in newpolicies:
newpolicies[x] = {}
for s in policies.get_all(x):
if s == y.id:
newpolicies[x][s] = policies.get(x, s)
policies.config = newpolicies
policies.save()
def initialize():
policy = policies.get("arkos", "arkos", 2)
storage.policies.add("policies", SecurityPolicy("arkos", "arkos",
"System Management (Genesis/APIs)", "fa fa-desktop",
[("tcp", int(config.get("genesis", "port")))], policy))
for x in policies.get_all("custom"):
storage.policies.add("policies", SecurityPolicy("custom", x["id"],
x["name"], x["icon"], x["ports"], x["policy"]))
def remove(self, fw=True):
"""
Remove a security policy from the firewall and config.
You should probably use ``tracked_services.deregister()`` for this.
:param bool fw: Regenerate the firewall after save?
"""
if self.type == "custom":
for x in policies.get_all("custom"):
if self.id == x["id"]:
policies.remove_list("custom", x)
break
else:
policies.remove(self.type, self.id)
policies.save()
if self.id in storage.policies:
del storage.policies[self.id]
if config.get("general", "firewall") and fw:
security.regenerate_firewall(get())
