def saveTuningDetails(maxConnections, maxSSLConnections, connectionTimeOut, keepAliveTimeOut, cacheSizeInMemory, gzipCompression): if ProcessUtilities.decideServer() == ProcessUtilities.OLS: try: datas = open( "/usr/local/lsws/conf/httpd_config.conf").readlines() writeDataToFile = open( "/usr/local/lsws/conf/httpd_config.conf", "w") if gzipCompression == "Enable": gzip = 1 else: gzip = 0 for items in datas: if items.find("maxConnections") > -1: data = " maxConnections " + str( maxConnections) + "\n" writeDataToFile.writelines(data) continue elif items.find("maxSSLConnections") > -1: data = " maxSSLConnections " + str( maxSSLConnections) + "\n" writeDataToFile.writelines(data) continue elif items.find("connTimeout") > -1: data = " connTimeout " + str( connectionTimeOut) + "\n" writeDataToFile.writelines(data) continue elif items.find("keepAliveTimeout") > -1: data = " keepAliveTimeout " + str( keepAliveTimeOut) + "\n" writeDataToFile.writelines(data) continue elif items.find("totalInMemCacheSize") > -1: data = " totalInMemCacheSize " + str( cacheSizeInMemory) + "\n" writeDataToFile.writelines(data) continue elif items.find("enableGzipCompress") > -1: data = " enableGzipCompress " + str(gzip) + "\n" writeDataToFile.writelines(data) continue else: writeDataToFile.writelines(items) writeDataToFile.close() print "1,None" except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [saveTuningDetails]") print "0," + str(msg)
def enableRuleFile(fileName, packName): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: conf.write(items.lstrip('#')) else: conf.writelines(items) conf.close() else: path = '/usr/local/lsws/conf/comodo_litespeed/' completePath = path + fileName completePathBak = path + fileName + '.bak' command = 'mv ' + completePathBak + ' ' + completePath ProcessUtilities.executioner(command) installUtilities.reStartLiteSpeed() print "1,None" except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [enableRuleFile]") print "0," + str(msg)
def disableComodo(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsec/comodo') > -1: continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print "1,None" else: try: shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed') except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + ' [disableComodo]') installUtilities.reStartLiteSpeed() print "1,None" except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [disableComodo]") print "0," + str(msg)
def saveModSecRules(): try: rulesFile = open(modSec.tempRulesFile, 'r') data = rulesFile.read() rulesFile.close() if ProcessUtilities.decideServer() == ProcessUtilities.OLS: rulesFilePath = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/rules.conf") else: rulesFilePath = os.path.join(virtualHostUtilities.Server_root, "conf/rules.conf") rulesFile = open(rulesFilePath, 'w') rulesFile.write(data) rulesFile.close() installUtilities.reStartLiteSpeed() print "1,None" return except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [saveModSecRules]") print "0," + str(msg)
def stopLiteSpeedSocket(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: command = "sudo systemctl stop lsws" else: command = "sudo /usr/local/lsws/bin/lswsctrl stop" return ProcessUtilities.executioner(command) except OSError, msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [reStartLiteSpeed]") return 0
def reStartLiteSpeed(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: command = "systemctl restart lsws" else: command = "/usr/local/lsws/bin/lswsctrl restart" ProcessUtilities.normalExecutioner(command) except OSError, msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [reStartLiteSpeed]") return 0
def setupComodoRules(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: pathTOOWASPFolder = os.path.join( virtualHostUtilities.Server_root, "conf/modsec/comodo") extractLocation = os.path.join( virtualHostUtilities.Server_root, "conf/modsec") if os.path.exists(pathTOOWASPFolder): shutil.rmtree(pathTOOWASPFolder) if os.path.exists('comodo.tar.gz'): os.remove('comodo.tar.gz') command = "wget https://" + modSec.mirrorPath + "/modsec/comodo.tar.gz" result = subprocess.call(shlex.split(command)) if result == 1: return 0 tar = tarfile.open('comodo.tar.gz') tar.extractall(extractLocation) tar.close() return 1 else: if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'): shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed') extractLocation = os.path.join( virtualHostUtilities.Server_root, "conf") if os.path.exists('cpanel_litespeed_vendor'): os.remove('cpanel_litespeed_vendor') command = "wget https://waf.comodo.com/api/cpanel_litespeed_vendor" result = subprocess.call(shlex.split(command)) if result == 1: return 0 command = "unzip cpanel_litespeed_vendor -d " + extractLocation subprocess.call(shlex.split(command)) return 1 except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [setupComodoRules]") return 0
def fetchPHPDetails(virtualHost): if ProcessUtilities.decideServer() == ProcessUtilities.OLS: try: path = installUtilities.Server_root_path + "/conf/vhosts/" + virtualHost + "/vhost.conf" command = "sudo cat " + path datas = ProcessUtilities.outputExecutioner(command).split("\n") dataToReturn = {} for items in datas: if items.find("maxConns") > -1: data = items.split() dataToReturn['maxConns'] = data[1] if items.find("initTimeout") > -1: data = items.split() dataToReturn['initTimeout'] = data[1] if items.find("persistConn") > -1: data = items.split() dataToReturn['persistConn'] = data[1] if items.find("memSoftLimit") > -1: data = items.split() dataToReturn['memSoftLimit'] = data[1] if items.find("memHardLimit") > -1: data = items.split() dataToReturn['memHardLimit'] = data[1] if items.find("procSoftLimit") > -1: data = items.split() dataToReturn['procSoftLimit'] = data[1] if items.find("procHardLimit") > -1: data = items.split() dataToReturn['procHardLimit'] = data[1] return dataToReturn except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [fetchPHPDetails]") return 0
def fetchTuningDetails(): if ProcessUtilities.decideServer() == ProcessUtilities.OLS: try: dataToReturn = {} command = "sudo cat /usr/local/lsws/conf/httpd_config.conf" datas = ProcessUtilities.outputExecutioner(command).split("\n") for items in datas: if items.find("maxConnections") > -1: data = items.split() dataToReturn['maxConnections'] = data[1] if items.find("maxSSLConnections") > -1: data = items.split() dataToReturn['maxSSLConnections'] = data[1] if items.find("connTimeout") > -1: data = items.split() dataToReturn['connTimeout'] = data[1] if items.find("maxConnections") > -1: data = items.split() dataToReturn['maxConnections'] = data[1] if items.find("keepAliveTimeout") > -1: data = items.split() dataToReturn['keepAliveTimeout'] = data[1] if items.find("totalInMemCacheSize") > -1: data = items.split() dataToReturn['totalInMemCacheSize'] = data[1] if items.find("enableGzipCompress") > -1: data = items.split() dataToReturn['enableGzipCompress'] = data[1] return dataToReturn except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [fetchTuningDetails]") return 0
def reStartOpenLiteSpeed(restart,orestart): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: command = "sudo systemctl restart lsws" else: command = "sudo /usr/local/lsws/bin/lswsctrl restart" cmd = shlex.split(command) res = subprocess.call(cmd) if res == 1: print("###############################################") print(" Could not restart Litespeed serve ") print("###############################################") sys.exit() else: print("###############################################") print(" Litespeed Re-Started ") print("###############################################") except OSError, msg: logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [reStartOpenLiteSpeed]") return 0
def tunePHP(virtualHost, maxConns, initTimeout, persistConn, memSoftLimit, memHardLimit, procSoftLimit, procHardLimit): if ProcessUtilities.decideServer() == ProcessUtilities.OLS: try: path = installUtilities.Server_root_path + "/conf/vhosts/" + virtualHost + "/vhost.conf" datas = open(path).readlines() writeDataToFile = open(path, "w") for items in datas: if items.find("maxConns") > -1: data = " maxConns " + str( maxConns) + "\n" writeDataToFile.writelines(data) continue elif items.find("initTimeout") > -1: data = " initTimeout " + str( initTimeout) + "\n" writeDataToFile.writelines(data) continue elif items.find("memSoftLimit") > -1: data = " memSoftLimit " + str( memSoftLimit) + "\n" writeDataToFile.writelines(data) continue elif items.find("memHardLimit") > -1: data = " memHardLimit " + str( memHardLimit) + "\n" writeDataToFile.writelines(data) continue elif items.find("procSoftLimit") > -1: data = " procSoftLimit " + str( procSoftLimit) + "\n" writeDataToFile.writelines(data) continue elif items.find("procHardLimit") > -1: data = " procHardLimit " + str( procHardLimit) + "\n" writeDataToFile.writelines(data) continue elif items.find("persistConn") > -1: if persistConn == "Enable": persist = 1 else: persist = 0 data = " persistConn " + str( persist) + "\n" writeDataToFile.writelines(data) continue else: writeDataToFile.writelines(items) writeDataToFile.close() print "1,None" except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [saveTuningDetails]") print "0," + str(msg)
def installComodo(): try: if ProcessUtilities.decideServer() == ProcessUtilities.OLS: if modSec.setupComodoRules() == 0: print '0, Unable to download Comodo Rules.' return owaspRulesConf = """modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/modsecurity.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/01_Init_AppsInitialization.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/03_Global_Agents.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/04_Global_Domains.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/05_Global_Backdoor.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/06_XSS_XSS.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/07_Global_Other.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/08_Bruteforce_Bruteforce.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/09_HTTP_HTTP.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/10_HTTP_HTTPDoS.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/11_HTTP_Protocol.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/12_HTTP_Request.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/13_Outgoing_FilterGen.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/14_Outgoing_FilterASP.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/15_Outgoing_FilterPHP.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/16_Outgoing_FilterSQL.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/17_Outgoing_FilterOther.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/18_Outgoing_FilterInFrame.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/19_Outgoing_FiltersEnd.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/20_PHP_PHPGen.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/21_SQL_SQLi.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/22_Apps_Joomla.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/23_Apps_JComponent.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/24_Apps_WordPress.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/25_Apps_WPPlugin.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/26_Apps_WHMCS.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/27_Apps_Drupal.conf modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_OtherApps.conf """ confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find( '/usr/local/lsws/conf/modsec/rules.conf') > -1: conf.writelines(items) conf.write(owaspRulesConf) continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print "1,None" return else: if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'): shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed') extractLocation = os.path.join( virtualHostUtilities.Server_root, "conf") if os.path.exists('cpanel_litespeed_vendor'): os.remove('cpanel_litespeed_vendor') command = "wget https://waf.comodo.com/api/cpanel_litespeed_vendor" result = subprocess.call(shlex.split(command)) if result == 1: return 0 command = "unzip cpanel_litespeed_vendor -d " + extractLocation result = subprocess.call(shlex.split(command)) command = 'sudo chown -R lsadm:lsadm /usr/local/lsws/conf' subprocess.call(shlex.split(command)) installUtilities.reStartLiteSpeed() print "1,None" return except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [installComodo]") print "0," + str(msg)
def saveModSecConfigs(tempConfigPath): try: data = open(tempConfigPath).readlines() os.remove(tempConfigPath) if ProcessUtilities.decideServer() == ProcessUtilities.OLS: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('modsecurity ') > -1: conf.writelines(data[0]) continue elif items.find('SecAuditEngine ') > -1: conf.writelines(data[1]) continue elif items.find('SecRuleEngine ') > -1: conf.writelines(data[2]) continue elif items.find('SecDebugLogLevel') > -1: conf.writelines(data[3]) continue elif items.find('SecAuditLogRelevantStatus ') > -1: conf.writelines(data[5]) continue elif items.find('SecAuditLogParts ') > -1: conf.writelines(data[4]) continue elif items.find('SecAuditLogType ') > -1: conf.writelines(data[6]) continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print "1,None" return else: confFile = os.path.join(virtualHostUtilities.Server_root, "conf/modsec.conf") confData = open(confFile).readlines() conf = open(confFile, 'w') for items in confData: if items.find('SecAuditEngine ') > -1: conf.writelines(data[0]) continue elif items.find('SecRuleEngine ') > -1: conf.writelines(data[1]) continue elif items.find('SecDebugLogLevel') > -1: conf.writelines(data[2]) continue elif items.find('SecAuditLogRelevantStatus ') > -1: conf.writelines(data[4]) continue elif items.find('SecAuditLogParts ') > -1: conf.writelines(data[3]) continue elif items.find('SecAuditLogType ') > -1: conf.writelines(data[5]) continue else: conf.writelines(items) conf.close() installUtilities.reStartLiteSpeed() print "1,None" return except BaseException, msg: logging.CyberCPLogFileWriter.writeToFile( str(msg) + " [saveModSecConfigs]") print "0," + str(msg)