%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /proc/self/root/opt/alt/python37/lib/python3.7/site-packages/__pycache__/
Upload File :
Create Path :
Current File : //proc/self/root/opt/alt/python37/lib/python3.7/site-packages/__pycache__/cldiaglib.cpython-37.pyc

B

L#LbQ��
@sddlmZddlmZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlmZddl
mZddlZddlmZddlmZmZmZmZddlZddlmZmZdd	lmZmZdd
lm Z ddl!m"Z"ddl#m$Z$dd
l%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddlm2Z2ddl3m4Z4ddl5m6Z6m7Z7ddl8Z8dZ9dZ:dZ;dZ<dZ=dZ>dZ?dZ@de@��ZAdZBdZCdZDedd d!g�ZEd"d#d#d#d#d#d#d#d#d$�	ZFd%d&d'd&d&d&d&d&d&d$�	ZGeH�ZId(d)eGd*�eId+<d,d-eFd*�eId.<d/ZJd0ZKd1d2�ZLd�d4d5�ZMd�d7d8�ZNd9d:�ZOd;d<�ZPeLd=�ePd>d?���ZQeeReeSfd@�dAdB�ZTdCdD�ZUeLdE�dFdG��ZVeSeSeEdH�dIdJ�ZWeLdK�ePeUdLdM����ZXeLdN�ePeUdOdP����ZYeLdQ�ePeUdRdS����ZZeLdT�ePeUdUdV����Z[eLdW�dXdY��Z\eLdZ�ePd[d\���Z]d]d^�Z^eLd_�ePd`da���Z_eLdb�ePdcdd���Z`eLde�ePdfdg���ZaeLdh�ePdidj���ZbeLdk�ePdldm���ZceLdn�ePdodp���ZdeLdq�ePdrds���ZeeLdt�ePdudv���ZfdwZgdxZhdydzd{d|d}d~gZidd�d�gZjd�d��Zkd�d��Zld�d��ZmeLd��ePd�d����ZneLd��ePd�d����ZoeLd��ePd�d����Zpd�d��ZqeSeeSd��d�d��Zresd@�d�d��Ztesd@�d�d��ZueSesd��d�d��ZveeSd@�d�d��Zwd�d��Zxd�d��ZyeLd��ePd�d����Zzd�d�d��Z{eRd@�d�d��Z|eeed@�d�d��Z}eeedd��d�d��Z~eLd��ePd�d����ZeLd��ePeEd@�d�d����Z�dS)��)�print_function)�absolute_importN)�
namedtuple)�Path)�wraps)�AnyStr�List�Optional�Tuple)�DEFAULT_JWT_ES_TOKEN_PATH�DISABLE_CMT_FILE)�is_cl_solo_edition�CLEditionDetectionError)�jwt_token_check)�RHN_CHECK_FILE)�LimitsValidator)�ExternalProgramFailed�service_is_enabled_and_present�run_command�process_is_running�is_litespeed_running�demote)�is_cmt_disabled�is_client_enabled)�
WhmApiRequest�WhmApiError)�	is_ubuntu)�get_pkg_version)�ClPwd�drop_privileges�OK�FAILED�SKIPPED�INTERNAL_TEST_ERRORz/https://docs.cloudlinux.com/command-line_tools/Zdisabled_cldiag_cron_checkersZcldiag_cronz5https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2z Link to FAQ and troubleshooting zWPlease write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.zCentralized Monitoringz;This checker is not supported on CloudLinux OS Solo edition�	ChkResult�res�msgz/usr/local/apache/bin/suexecz/usr/sbin/suexec)	�cPanelZ
cPanel_ea4�DirectAdminZPleskZ
ISPManagerZ	InterWorxzH-SphereZ	HostingNG�Unknownz/opt/suphp/sbin/suphpz/usr/sbin/suphpz/usr/local/suphp/sbin/suphpZSuPHPzdetect.get_suPHP_status())�name�status_function�location�suphpZSuEXECzdetect.get_suEXEC_status()�suexecz/var/lve/cldiag_userZ
cldiagusercs�fdd�}|S)Ncs
�|_|S)N)�pretty_name)�func)�name_of_checker��:/opt/alt/python37/lib/python3.7/site-packages/cldiaglib.py�	decoratorsszpretty_name.<locals>.decoratorr2)r1r4r2)r1r3r/rsr/Fc
	Cs�d}d}|r,dd�|D�}||d<t�|�Sg}xX|D]P\}}}|�d|j�d|j��}	|dk	r||	�d	|�d
|�d|�d�}	|�|	�q6Wd
�|d|�d�g�}|S)z2
    Formatter of output from all of checkers
    z)Command for disabling this cron checker: zcldiag --disable-cron-checkerscSsi|]\}}}|��|�qSr2)�_asdict)�.0�checker_pretty_name�_�
chk_resultr2r2r3�
<dictcomp>�sz_formatter.<locals>.<dictcomp>Ztotal_errorsz:
    z: N�
z "� �"z

z
There are z errors found.)�json�dumpsr%r&�append�join)
�dataZerror_count�to_jsonr&Zcmd_tmpr%r7Zchecker_public_namer9Zchecker_resultr2r2r3�
_formatterys
rDTc	Cs�t|�r|g}g}d}x�|D]x}y
|�}Wn0tk
rZ}zttt|��}Wdd}~XYnX|jttfkrr|d7}|�|jt	|d�r�|j
nd|f�qWt|||�}|r�t|�t
|�||fS)Nr��public_name)�callable�	Exceptionr$r#�reprr%r!r@r/�hasattrrFrD�print�exit)	ZcheckersrCZdo_exit�results�errors�fr9�er%r2r2r3�runner�s(

 rQcCs0yt|�Stk
r*td�|��dSXdS)Nz,WARNING
 missing {} function in cldetectlib.F)�eval�AttributeErrorrK�format)r0r2r2r3�wrapper�s
rUcst���fdd��}|S)Ncs@ytdd�}Wntk
r&d}YnX|r6ttt�S�||�S)NT)�skip_jwt_checkF)r
rr$r"�SKIPPED_ON_SOLO_MSG)�args�kwargsZis_solo_edition)rOr2r3�checker�s

z(skip_checker_on_cl_solo.<locals>.checker)r)rOrZr2)rOr3�skip_checker_on_cl_solo�s	r[zCheck cagefscCs
ttd�S)NzuCagefs version is too old. Please run cagefsctl --sanity-check directly or upgrade it to have full cldiag integration)r$r"r2r2r2r3�fake_cagefs_checker�sr\)�returncCs�t�d�}dt�dt�d�}d}ddlm}|�}|dk	rJ|d	sJd
|fS|dkrjt�\}}}|sj||fSt�rxd
|fSt�s�d
|fSdS)am
    Check that a server is cl+, enabled and CM isn't disabled locally
    The function returns True if the client has CL+ license, didn't disable CM
        localy and activated CM on https://cm.cloudlinux.com. The function also
        returns True if we can't read or parse JWT token, because
        we want to continue and show to client CM related errors
    z. is not activated on https://cm.cloudlinux.comzThe z& is disabled localy by creating file "r=zThe server has no CL+ licenser)�get_client_data_from_jwt_tokenNZcl_plusF)TN)�cm_full_namer�clsummary.cl_summary_utilsr^rrr)Zcm_is_not_activated_msgZcm_is_disabled_localy_msgZno_cl_plus_license_msgr^�	jwt_tokenZis_valid�messager8r2r2r3�_is_cmt_allowed_for_server�s 
rccst���fdd��}|S)zi
    Decorator: Skip check if a server isn't cl+, disabled and
               CM is disabled locally
    cs&t�\}}|r�||�Stt|�SdS)z$
        Decorated function
        N)rcr$r")rXrY�resultrb)rOr2r3�decorated_function�s

z@skip_if_cmt_not_used_enabled_allowed.<locals>.decorated_function)r)rOrer2)rOr3�$skip_if_cmt_not_used_enabled_allowed�s
rfzCheck existing JWT tokencCs�d}dt�dt�dt�dt��}d}ddlm}tj�t�r�t	�\}}}|rd|�}t
td	|�d
��S||krvt
td�S|d}t
t
|�d|���Snt
t||�Sd
S)z%
    Check an existing JWT token
    zR Absence of JWT token is normal for the clients with volume license like GoDaddy. z$Please check for JWT token in path "zr". %sTry running "rhn_check" for getting a new token if it is absent. Server can't collect and send statistics to z( if you don't have a correct JWT token. z. z"JWT token doesn't have CL+ servicer)r^zJWT token is valid: "r=zThe server has no CL+ license�N)rr_�cl_plus_doc_msg�write_to_support_msgr`r^�os�path�existsrr$r r"r!)Ztoken_is_absent_msgZmain_msgZtoken_is_not_cl_plusr^rdrbr8rar2r2r3�check_jwt_tokens(rm)�service_name�process_file_pathr]cCs�t|�\}}yt|d�}Wntk
r2d}YnX|rR|rR|rRttd|�d��Sg}|sd|�d�|sr|�d�|s�|�d�ttd�|��dt�d	|�d
t	�dt
��	�SdS)
z�
    Check that a service is present, enabled and active
    :param service_name: name of a service
    :param process_file_path: path to a file which is run by a service
    Fz	Service "z " is present, enabled and activezService is not present.zService is not enabled.zService is not active.r<z1 The server can't collect and send statistics to z if service z$ isn't present, enabled and active. z. N)rr�FileNotFoundErrorr$r r@r!rAr_rhri)rnroZ
is_presentZ
is_enabledZ	is_activeZmessagesr2r2r3�_check_service_state+s&	



rqz=Check service `cl_plus_sender` is present, enabled and activecCsddlm}d}t||�S)zL
    Check that service `cl_plus_sender` is present, enabled and active
    r)�CL_PLUS_SENDER_FILE_PATHZcl_plus_sender)r`rrrq)rrrnr2r2r3�check_cl_plus_sender_serviceOsrsz<Check service `node_exporter` is present, enabled and activecCsHd}d}tj�tj�|d��s4tj�tj�|d��r:d}nd}t||�S)a

    Check that service `node_exporter` or `cl_node_exporter` is present,
    enabled and active
    Since it was renamed node_exporter -> cl_node_exporter
    let`s handle both cases:
     - old `node_exporter` service
     - renamed `cl_node_exporter` service
    z&/usr/share/cloudlinux/cl_plus/service/z+/usr/share/cloudlinux/cl_plus/node_exporterZcl_node_exporterzcl_node_exporter.serviceZ
node_exporter)rjrkrlrArq)Zbase_service_pathrornr2r2r3�check_node_exporter_service\srtz7Check service `lvestats` is present, enabled and activecCsd}d}t||�S)zF
    Check that service `lvestats` is present, enabled and active
    Zlvestatsz'/usr/share/lve-stats/lvestats-server.py)rq)rnror2r2r3�check_lvestats_servicessruzeCheck that the server has the minimal required packages for correct working of Centralized MonitoringcCsFx:dD]2}t|�dkrttd|�dt�dt�dt���SqWttd�S)zD
    Check that the server has minimal required packages for CM
    )zcl-end-server-toolszcl-node-exporterNz!System doesn't have the package "z". It's required for zA feature to work and it usually installed automatically by cron. z. zVSystem has the minimal required packages for correct working of Centralized Monitoring)rr$r!r_rhrir )Zpackage_namer2r2r3�check_cmt_packagess

"rvzACheck control panel and it's configuration (for DirectAdmin only)cCs�d�td�}t��t��}|dkr0ttd�Sd�|tj�}tdd�sz|dkrzt�	�rftt
|d	�Stt|d
|�Sn
tt
|�SdS)NzY Fixing the issue will provide CloudLinux support on your control panel. 
See details: {}z#diag-cpr)zCan't detect contol panelzControl Panel - {}; Version {};T)rVr(z File "options.conf" is finez1 File "options.conf" has no line "cloudlinux=yes")rT�cldiag_doc_link�detectZgetCP�	getCPNamer$r"Z
CP_VERSIONr
Zda_check_optionsr r!)�fix_motivationZcp_nameZres_msgr2r2r3�
check_cp_diag�s


r{zDCheck fs.enforce_symlinksifowner is correctly enabled in sysctl confc
Cs�d�td�}t��r ttd�Syt��}Wn<tk
rh}zd}ttd�t	t
|�|���Sd}~XYnX|dkr�ttd|�Sttd�|��S)	Nz� Fixing that issue makes server more secure against symlink attacks and enables protection of PHP configs or other sensitive files. 
See details: {}z#symlinksifownerz$Not supported for OpenVZ environmentz+To see full error run /sbin/sysctl --systemzlSome parameter in sysctl config has wrong configuration. Error: {} It`s recommended to fix it and try again �zfs.enforce_symlinksifowner = 2zfs.enforce_symlinksifowner = {})rTrwrx�	is_openvzr$r"Zget_symlinksifownerrr!�get_short_error_message�strr )rzZsymlinks_if_ownerrP�detailed_outr2r2r3�check_symlinksifowner�s

 r�cCs�|d��}td|}d�||�}tj�d�s:ttd�St|d�sZttd�|d��St	�
|d�}|dkr�ttd	�|d��S|s�ttd
|�Sttd�S)Nr*z#check-z� Fix that issue to be sure that users run their sites inside CageFS and provide stable work of sites that are using apache {} module. This may improve server security
See details: {}z/usr/sbin/cagefsctlzCagefs is not installedr+z{} is not enabledr,zgUnable to check {} module binary for custom control panel. This feature may be added in future updates.zBinary without CageFS jail zbinary has jail)
�lowerrwrTrjrkrlr$r"rUrxZcheck_binary_has_jailr!r )ZparamsZmodule_name�linkrzZhas_jailr2r2r3�binary_check�s
r�zCheck suexec has cagefs jailcCs(t��rt�rttd�Sttd�SdS)NuVСurrent PHP selector uses LiteSpeed, which doesn't require the patches in suEXEC bin.r.)rx�detect_litespeedrr$r"r��BINARY_CHECK_PARAMETERSr2r2r2r3�check_suexec�s
r�zCheck suphp has cagefs jailcCsttd�S)Nr-)r�r�r2r2r2r3�check_suphp�sr�z$Check UsePAM in /etc/ssh/sshd_configcCsHd�td�}t��}|dkr(ttd�S|r6ttd�Sttd|�SdS)NziFix the issue to provide correct work of pam_lve module with sshd and CageFS ssh sessions
See details: {}z
#check-usepamz&Unable to open SSHd configuration filezConfig is finezLine "UsePAM yes" is missing )rTrwrxZcheck_SSHd_UsePAMr$r"r r!)rzZcheck_resultr2r2r3�
check_use_pam�s


r�z*Check the validity of LVE limits on servercCsFd}d|}d}t�}|��}|dkr0tt|�Stt|d|�SdS)z
    Validate lve limits
    z6https://docs.cloudlinux.com/lve-limits-validation.htmlz'Invalid LVE limits on server. See doc: zValid LVE limits on server.Nr;)rZvalidate_existing_limitsr$r r!)�doc_link�failed_message�passed_messageZlimits_validatorrdr2r2r3�check_lve_limits�s
r�z$Check compatibility for PHP Selectorc

snd}d�td�}t�}|r&ttd�Stj�d�s<ttd�St�	�rXt
�rXtt|d�Sdddd	��d
}d}tj�|��rty(t|d�}d
d�|�
�D�}|��Wn<tk
r�}zd|t|�f}tt||�Sd
}~XYnXx@|D]"}	|	�d�r�|	�d�d��}
Pq�Wd|}tt||�Sx0|D](}	|	�d|
��r(|	�d�d��}�q(W|dk�rtd|}tt||�St��}|d
k	�r�d|k�r�tt|d�Sd|k�d<d|k�d<d|k�d<t�d�dg��s�tt|d�S�d�s�d�r2|d k�r2d!|d"��fd#d$��D��f}tt||�Sd%|d
k�rBd&n|d"��fd'd$��D��f}tt||�S)(z�
    1. mod_ruid not present
    2. suphp
    3. mod_lsapi
    4. suexec and (fcgi or cgi)
    5. litespeed
    6. do not support other
    zIt looks ok [%s]z�Looks like your PHP handler doesn't support CloudLinux PHP Selector and as a result does not work http://docs.cloudlinux.com/index.html?compatiblity_matrix.html [%s]
Please, see: {} and try to fix issue to have working selectorz#check-phpselectorz-PHP Selector is not supported. Skipping checkz/etc/cpanel/ea4/is_ea4z+It is not cPanel with EA4, can diag nothingZ	LitespeedF)r.r-�lsapiNz/etc/cpanel/ea4/php.conf�rcSsg|]}|���qSr2)�strip)r6�xr2r2r3�
<listcomp>;sz%check_phpselector.<locals>.<listcomp>zCan not read %s (%s)zdefault:�:rEz)%s config should have default php versionz%s:)�cgi�fcgir-r�z*doesn't support %s handler in ea4/php.confZruid2_modulez�It looks like you use mod_ruid. CloudLinux PHP Selector doesn't work properly with it. How to delete mod_ruid and install mod_suexec in cPanel https://docs.cloudlinux.com/cloudlinux_os_components/#installation-5Zsuphp_moduler-Zlsapi_moduler�Z
suexec_moduler.zyIt looks like you do not have mod_suphp or mod_suexec installed. CloudLinux PHP Selector doesn't work properly without it)r-r�r�r�zphp.conf:%s with %sz, c3s|]}�|r|VqdS)Nr2)r6�s)�statusr2r3�	<genexpr>csz$check_phpselector.<locals>.<genexpr>z`Some unknown php handler, perhaps we don't support it [found handler: %s and apache modules: %s]�-c3s|]}�|r|VqdS)Nr2)r6�module)r�r2r3r�gs)rTrwrr$r"rjrkrlrxr�rr �open�	readlines�close�IOErrorrr!�
startswith�splitr�Zget_apache_modules�anyrA)
Z	ok_prefixZfail_prefixZis_ubuntu_osZhandlerZ	conf_path�fd�configrP�err�lineZdefault_ver�modulesZcurrentr2)r�r3�check_phpselectorsn











 r�zCheck fs.symlinkown_gidc
Cs"d�td�}ttd�}d|}d}t��r6ttd�St��tj}yt	�
|�Wn tk
rrttd�|��SXytt
|������}Wn4tk
r�}zttd�|t|���Sd}~XYnXtj|kr�|Syt�|�j}Wntk
�r�g}YnX|�r||k�r|Stt|�||��S)	Nz~Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure. 
See details: {}z#check-symlinkowngidz>Web-server user is protected by Symlink Owner Match Protectionz@Web-server user '{}' is not in protected group specified in {}. z/proc/sys/fs/symlinkown_gidz$Not supported for OpenVZ environmentz<There is no web-server user [{}] in system. Nothing to checkz%Can't read GID from {} with error: {})rTrwr$r rxr}r"Zget_apache_gidZAPACHE_UNAME�pwd�getpwnam�KeyError�intr��readr�rHr!rIZ
APACHE_GID�grpZgetgrgidZgr_mem)rzZok_resZwarn_msg_tplZsymlinkown_gid_fileZapache_unameZcurrent_symlinkown_gidrPZgrp_membersr2r2r3�check_symlinkowngidks@






r�z&Check existence of all user's packagesc
sld�d}d}ddddg�dd	d
dg}g�t��dkr>ttd
�St�|�sRttd�Stj�|�rht�|��tj	|tj
tj
|dd�}|��\}}|j}|dkr�d�
|�}tt|�Sy.dd�|���d�D�}�fdd�|D�}Wn4tk
�r}	zd�
|	�}tt|�Sd}	~	XYnX�fdd�t���D����fdd�|D�}
|
�r^d�
d�|
��}tt|�Sttd�SdS)zL
    Return user's packages that do not exist in /var/cpanel/packages/

    z/var/cpanel/packages/z/var/cpanel/users/z/var/cpanel/suspended/Z	undefined�defaultz#cPanel Ticket System temporary userZCustomz	/bin/grepz-ezPLAN=z-rr'zshould be run on cPanel onlyzno users on this serverT)�stdout�stderr�cwd�textrz!error getting user's packages: {}cSs6g|].}|�d�d�d�d|�d�d��f�qS)�=rr�rE)r�r�)r6Zplanr2r2r3r��sz9check_existence_of_all_users_packages.<locals>.<listcomp>r;cs g|]\}}|�kr||f�qSr2r2)r6�userZpkg)�suspended_usersr2r3r��sz$error processing user's packages: {}Ncs&g|]}tj�tj��|��r|�qSr2)rjrk�isfilerA)r6�package)�packages_dir_pathr2r3r��scs,g|]$\}}|�kr|�krd�||��qS)z{}: {})rT)r6r�r�)�excluded_packages_names�exists_packagesr2r3r��sz�Found some nonexistent user's packages. List of "user: package" separated by semicolon: {}. If you want to apply package limits for those users - assign existing packages to them, otherwise limits will be applied incorrectly or not applied at all.z; z(nonexistent user's packages aren't found)rxryr$r"rj�listdirrkrl�
subprocess�Popen�PIPE�communicate�
returncoderTr!r�r�rHrAr )Zusers_dir_pathZsuspended_dir_pathZ
user_plan_cmd�processZstd_outZstd_errZret_coder&Zall_users_packagesrPZnot_exists_users_packagesr2)r�r�r�r�r3�%check_existence_of_all_users_packages�sN







r�z$Check all resellers's packages filesc
Cs�t��dkrttd�SGdd�d�}ddlm}y&|��|���WdQRXttd�Stk
r�}ztt	t
|��Sd}~XYnXdS)	zT
    Check reseller packages files reading on any errors
    Caused by LU-2374

    r(z!should be run on DirectAdmin onlyc@s eZdZdZdd�Zdd�ZdS)z7check_da_resellers_packages_files.<locals>.HiddenPrintsz=
        Redirect stdout to /dev/null to hide output
        cSstj|_ttjd�t_dS)N�w)�sysr��_original_stdoutr�rj�devnull)�selfr2r2r3�	__enter__�szAcheck_da_resellers_packages_files.<locals>.HiddenPrints.__enter__cSstj��|jt_dS)N)r�r�r�r�)r��exc_typeZexc_valZexc_tbr2r2r3�__exit__�s
z@check_da_resellers_packages_files.<locals>.HiddenPrints.__exit__N)�__name__�
__module__�__qualname__�__doc__r�r�r2r2r2r3�HiddenPrints�sr�r)r(Nz6all resellers packages are written in correct encoding)rxryr$r"Zclcontrollibr(Zlist_resellers_packagesr rHr!r)r�r(rPr2r2r3�!check_da_resellers_packages_files�s

r�z/etc/cl.selector/defaults.cfgz/etc/cl.selector/php.confZ	DirectiveZDefault�Type�CommentZRangeZRemark�value�list�boolc	Cs�g}d}d}ttd��}|��}WdQRXxt|D]l}|�d�r@q0t|���dkr�d}y||Wn|�g�YnX||�|���q0|s0d}|d7}q0W|S)zL
    Parse php.conf and split it into blocks by empty line
    :return:
    rTr�N�#FrE)r��
PHP_CONF_PATHr�r��lenr�r@)Zline_blocksZblock_indexZ	new_blockZconfrBr�r2r2r3�parse_php_confs&

r�cCs�d}d}xv|D]n}|�d�}|d��tkrDd}|ddt|�}|d��dkr|d	��tkrd}|dd
t|�}qW||gS)NTrgr�rFr;zBlock %s has wrong param 
r�rEzBlock %s has wrong directive 
)r�r��PARAM_NAME_LIST�block_to_string�TYPES)�blockrdr&r�Z
line_partsr2r2r3�check_block's

r�cCs&d}x|D]}|t|�d}q
W|S)Nr;)r)r�Z
res_stringr�r2r2r3r�6s
r�z"Checking /etc/cl.selector/php.confcCs�d}d�|�}d}d}tj�t�s0ttdt�St�}x0|D](}t|�\}}|oR|}|r<|d|}q<W|sztt	||�Stt
d�SdS)Nz7https://docs.cloudlinux.com/custom_php_ini_options.htmlz�To fix the issue provide valid format for /etc/cl.selector/php.conf file. It is used for PHP Selector and invalid format lead to directives misconfiguration and as a result misconfiguration of selector
Please, read more about php.conf file in {}TrgzFile %s does not exist
r;�Ok)rTrjrkrlr�r$r"r�r�r!r )Zphp_ini_doc_linkrzrdr&Zblocksr�Zr1Zmsg1r2r2r3�check_php_conf=s 
r�z&Checking /etc/cl.selector/defaults.cfgc

Cs�d�td�}tj�t�s(ttdt�Sytj	ddd�}|�
t�Wn,tk
rp}zttt
|��Sd}~XYnXy|�dd�}Wn&tjtjfk
r�ttd|�SXx�|��D]�}|�d�r�|d	d�}y|�|d
�}Wntjk
�r�d}YnXy|�|d�}Wntjk
�r(d
}YnX||k�rP|dk�rPttd�||��S|r�d|kr�|�d�}x$|D]}	|	�sltj�d|��qlWq�Wttd�S)Nz�Details: this config file is used by php selector and stores it`s global options, so it is important to keep needed configurations and valid syntax for PHP modules settings to avoid selector`s misconfiguration
See details: {}z#cldiagz%s does not existF)�
interpolation�strict�versionsZphpz!Default php version is undefined
��stateZenabler�rgZdisabledz%Default php version {} is disabled
{}�,z0Warning: Modules list for version %s is strange
r )rTrwrjrkrl�DEFAULTS_CFG_PATHr$r"�configparser�ConfigParserr�rHr!r�getZ
NoOptionErrorZNoSectionError�sectionsr�r�r�r��writer )
rzZdefaults_cfgrPZdefault_php_versionZsectionZphp_versionr�r�Zmodule_namesr*r2r2r3�check_defaults_cfgUsF






r�zChecking domains compatibilitycCsDt��dkrttd�Sd}d}t�}|dkr6tt|�Stt|�SdS)Nr'zshould be run on cPanel onlyz�Some domains/subdomains don't use PHP Selector because they have a non-system default version (in MultiPHP Manager) or PHP_FPM enabled. You can find their list on domains tab and pass control to PHP Selector if necessary.r�)rxryr$r"�domains_compatibility_checkerr r!)r�r�rdr2r2r3�check_domains_compatibilitys

r�cCslytd���}td���}Wntk
r0dSXx4|�d�D]&}|�d�|�d�ks`|�d�r>dSq>WdS)NZphp_get_vhost_versionsZphp_get_system_default_versionr��versionZphp_fpmzIncompatible version)rZcallrr�)ZdomainsZsystem_versionZdomainr2r2r3r��sr�)�dirpathr]cCs|tj�|�sdSd|��}tj|�d�tjtjdd�}|jdkrDdSy|j�d�d�d�d	}Wnt	k
rvdSX|S)
zZ
    Get mountpoint for dirpath directory from output of
    df -h {dirpath} utility.
    Nzdf -h r<T)r�r�r�rr;rE���)
rjrk�isdirr��runr�r�r�r��
IndexError)r�Zget_mountpoint_cmdr�Z
mounted_onr2r2r3�get_dir_mountpoint�s

r�c	CsRd}tj�d�rNtd��0}x(|D] }|�d�r t|�d�d�}q WWdQRX|S)z[
    Returns maximum uid from /etc/login.defs
    If file does not exist returns 60000
    i`�z/etc/login.defszUID_MAX r<r�N)rjrkr�r�r�r�r�)�max_uidrOr�r2r2r3�get_max_uid�s


 r�cCsDd}yt|�d�dd�}Wntk
r6td��YnXt|�}|S)z 
    Returns min cagefs uid
    z!/usr/sbin/cagefsctl --get-min-uidr<T)Zconvert_to_strz/usr/sbin/cagefsctl not found)rr�rrHr�)Zget_min_uid_cmdr��min_uidr2r2r3�get_min_uid�sr�)�usernamer]cCs�t�}t�}||kr.td|�d|�d|����t|d�}||��krN|�|�S|��s\|}n.|}|��}x t||�D]}||krt|}PqtW||kr�td|�d|�d���d|�d|��}t|�	d	�d
d�\}}	}
|dkr�t|
��|S)
z�
    Creates user with max available uid that greater than min cagefs uid
    and less than max system uid.
    Does nothing if user already exists.
    z
Can't create z user: min_uid z is greater than max_uid )r�z user: uid z is too bigz#/usr/sbin/useradd -s /bin/false -u z -m r<T)Zreturn_full_outputr)
r�r�rHr�get_user_full_dictZget_uidZget_uid_dict�rangerr�)r�r�r�ZclpwdZ
custom_uidZused_uids_dictZ_uidZuseradd_cmdr�r8r�r2r2r3�useradd�s,

r�c	CsDy&ttd��}|��}WdQRX|��Sttfk
r>YnXdS)zS
    Retrive cldiag username from file
    :return: username from file or None
    r�N)r��_CLDIAG_USERNAME_FILEr�r��OSErrorr�)rOZcontentr2r2r3�get_username_from_file�srcCsvt�}t�d�}|��}xX|��D]L\}}|�|�s6q"yd|��}t|�d��Wq"tt	t
fk
rlYq"Xq"WdS)z3
    Remove all trash cldiag users from system
    z^cldiaguser_[a-f0-9]{21}$z/usr/sbin/userdel -r r<N)r�re�compiler��items�matchrr�rr�r)Zcl_pwdZ
re_patternZ
users_dictr�r8Zuserdel_cmdr2r2r3�remove_all_trash_cldiag_userss


rcCs:d}|dg}yt|�}Wntk
r,dSX|s6dSdS)z\
    Detect quota is activated
    :return: True/False - quotas activated/not activated
    z/usr/sbin/repquotaz-nvaFT)rr)Z_REPQUOTA_PATH�cmdr�r2r2r3�is_quota_activesr	zGChecking if /var/cagefs is located on partition with disk quota enabledcCs�d}d}d}d}d}td�}|dks<tj�d�r<tj�|�sFttd�Stj�d	�s\ttd
�St�sltt|�Sd}d}tj�t	�r�t
�}|dk	r�yt�|�}|j
|j}	}
Wntk
r�Yq�Xd}nt�|�sLd
�tt��j�dd�}t|�t�|�}|j
|j}	}
y$tt	d��}|�|�WdQRXWnttfk
�rJYnX|�d|	��}|�d|�d|��}
|�d|�d|��}�yz�d|	d}d|�d|�d�}tt���}t||�}tj�|��s�t|�d��t|
�d��t j!d|gt j"t j#dd|t$|	|
�tj%ddi�d�}|�&�\}}t'|��@|�(��sLd|k�rLtt)|�S|�(��s`t|��n|�*�WdQRXWdt|�d��XWnt+k
�r�tt|�SXtt|�S)a�
    Checker for check if /var/cagefs is located on partition
    with disk quota enabled.

    Algorithm for check: we trying to set cldiaguser's quota to 1 inode
    (so that this user can't create any file if the quota activated on
    this partition). Then we change uid of process to cldiaguser's uid,
    and try to create file with his permissions.
    If we can't create file (Disk quota exceeded) then it's alright and
    disc quota enabled. Else we warn user to enable quota on that partition.
    z3/var/cagefs located on partition with quota enabledz�Details: /var/cagefs located on partition with quota disabled.
Please, activate quota for /var/cagefs for better security.
See details: https://docs.cloudlinux.com/cloudlinux_os_components/#installation-and-update-2zYQuotas seems unworkable on this server. Please correctly setup quotas to run this checkerz/usr/sbin/cagefsctlz/usr/sbin/setquotaz/var/cagefsNzCagefs is not installedz/usr/share/cagefs-skeleton/binzCagefs is not initializedFTz{}_{}� r�z	 --cpetc z -u z	 0 0 1 1 z	 0 0 0 0 z%02d�dz/var/cagefs/�/z/etc/cl.selector/r<z
/bin/touch�LC_ALL�C)r�r�r�Zstart_new_sessionr�Z
preexec_fn�envzDisk quota exceeded),r�rjrkr�r�r$r"r	r!rrr�r�Zpw_uidZpw_gidr�rrT�_CLDIAG_TEST_USENAME_PREFIX�uuidZuuid4�hexr�r�r�rr�r�randomrrr�r�r�r�ZSTDOUTr�environr�rrlr �unlinkr)Z
ok_messager�Zquota_unworkable_messageZ	cagefsctlZsetquotaZcagefs_mountpointr�Zis_testuser_existsZuser_pwZuser_uidZuser_gidrOZcreate_cagefs_dir_cmdZset_quota_limit_cmdZreset_quota_limit_cmd�prefixZtempfile_dirZ
tempfile_nameZtempfile_full_path�pr�r8r2r2r3�!check_cagefs_partition_disk_quota#s�










r�
cCsN|�d�}t|�|krJd�|d|d�dg||dd�|g�S|S)a.
    Handles error message making it shorter, if it is bigger than max limit
    :param error: error message to make shorter
    :param detailed_out: way for user to get full error manually
    :param max_error_lines: max lines for error
    :return: initial error (less than 10 lines) short error
    r;Nr|z...)r�r�rA)�errorr�Zmax_error_linesZerror_linesr2r2r3r~�s

*
r~cCstjtjdddd�}|S)zY
    Return true if automatic cldiag email notifications
    about problems enabled.
    Z
ENABLE_CLDIAGr�T)Z	separatorZdefault_val)rxZget_boolean_param�CL_CONFIG_FILE)Z
enable_cldiagr2r2r3�is_email_notification_enabled�s
rcCs`y0tjddtdid�}|�tj�|�tt�}Wntjk
rFgSXdd�|�	��
d�D�S)zc
    Get list of disabled cldiag checkers which run by cron
    from /etc/sysconfig/cloudlinux
    NFrg)r�r��defaultscSsg|]}|r|���qSr2)r�)r6�itemr2r2r3r��sz6get_list_of_disabled_cron_checkers.<locals>.<listcomp>r�)r�r��cron_cldiag_checkers_param_namer�rxrr��cron_cldiag_section_name�Errorr�r�)r�rdr2r2r3�"get_list_of_disabled_cron_checkers�s
r")�disabled_cron_cherkersr]c
Cs�y~tjddd�}|�tj�t|��kr2|�t�t�}|rF|�	|�|�
ttd�|��t
tjd��}|�|�WdQRXWn\tjttfk
r�}z6tdtj�d|�d��td	�tt�t�d
�Wdd}~XYnXdS)z`
    Set list of disabled cldiag checker which run by cron
    in /etc/sysconfig/cloudlinux
    NF)r�r�r�zw+z3Can't set list of disabled cron checkers to config"z" because "r=z:Please check config's existence, integrity and permissionsrE)r�r�r�rxrr r�Zadd_sectionr"�extend�setrrAr�r�r!r�rrKrir�rL)r#r�Zcurrent_disabled_checkersrOr�r2r2r3�"set_list_of_disabled_cron_checkers�s*

r&z!Check mount with hidepid=2 optionc	Cs|d}d|��}d}d}tj�d�s,tt|�Stdd��6}x.|D]&}|�d�r>|�d	�d
kr>tt|�Sq>WWdQRXtt	|�S)z7
    Check if system mounted with hidepid=2 option
    zWhttps://docs.cloudlinux.com/cloudlinux_os_kernel/#remounting-procfs-with-hidepid-optionz�Details: hidepid protection disabled.
Please, mount system with hidepid=2 for better security.
Read more about hidepid option here: zhidepid protection enabledzCagefs is not installedz/usr/sbin/cagefsctlz/proc/mountsr�zproc z
,hidepid=2r�N)
rjrkr�r$r"r�r��findr!r )Zhidepid_doc_linkrzr�Zskipped_messagerOr�r2r2r3�
check_hidepid�s


r(zCheck user's low PMEM limitscCs0d}d|}d}t��}|r&tt|�Stt|�S)z7
    Checks low PMEM limits availability on server
    z5https://docs.cloudlinux.com/limits/#limits-validationzLSome user(s) on server has low PMEM LVE limit (lower than 512 MB). See doc: zCheck low PMEM limits passed)rZis_low_pmem_limit_presentr$r!r )r�r�r�rdr2r2r3�check_low_pmem_limits�s
r))F)FT)r)�Z
__future__rrr�r�r�r>rjrr�r��collectionsrZpathlibrr�	functoolsr�typingrrr	r
ZcldetectlibrxZclcommon.lib.constsrrZclcommon.lib.cleditionr
rZclcommon.lib.jwt_tokenrZcllicenselibrZcllimits_validatorrZclcommon.utilsrrrrrrZclcommon.lib.cmt_utilsrrZclcommon.lib.whmapi_librrrZclsentry.utilsrZclcommon.clpwdrrrr r!r"r#rwrr Zcl_plus_doc_linkrhrir_rWr$ZSUEXEC_PATHZ
SUPHP_PATH�dictr�rrr/rDrQrUr[r\r�rrcrfrmrqrsrtrurvr{r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrr	rr~rr"r&r(r)r2r2r2r3�<module>s& 



#'!

Z-E
")
!c


Zerion Mini Shell 1.0