%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/modules/csf.pyc

�
���^c@@s�dZddlmZmZmZddlZddlZddlm	Z	m
Z
ddlmZd�Z
d�Zd�Zdd	d
ddddd
�Zd�Zd�Zd�Zd�Zddd	d
dddd�Zd�Zd	d
dddd�Zd�Zd�Zd�Zd�Zed�Zed�Zed�Z d	d
ddddd�Z!dddd
dddd�Z"d�Z#d�Z$d �Z%d!�Z&d"�Z'dddddd#�Z(dddddd$�Z)dd	d
dd%ddd&�Z*dd	d
ddddd'�Z+d(�Z,d)�Z-d*�Z.dd	d
dd%ddd+�Z/d	d
d,�Z0d	d
d-�Z1d.�Z2d/�Z3d	d0d1�Z4d2�Z5d3�Z6d4�Z7d5�Z8dS(6u�
Support for Config Server Firewall (CSF)
========================================
:maintainer: Mostafa Hussein <mostafa.hussein91@gmail.com>
:maturity: new
:platform: Linux
i(tabsolute_importtprint_functiontunicode_literalsN(tCommandExecutionErrortSaltInvocationError(tsixcC@s-tjjjd�dkr%tdfStSdS(u/
    Only load if csf exists on the system
    ucsfu;The csf execution module cannot be loaded: csf unavailable.N(tsalttutilstpathtwhichtNonetFalsetTrue(((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt__virtual__scC@sO|jdd�j�}djd|d|�}td|�}t|d�S(un
    Checks if the ip exists as a temporary rule based
    on the method supplied, (tempallow, tempdeny).
    utempuu_csf -t | awk -v code=1 -v type=_type -v ip=ip '$1==type && $2==ip {{code=0}} END {{exit code}}'t_typetipucmd.run_alluretcode(treplacetuppertformatt__salt__tbool(tmethodRRtcmdtexists((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_temp_existsscC@s dj|�}td||�S(Nu/etc/csf/csf.{0}u
file.contains(RR(RtruleR((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_exists_with_port*sutcpuinuduc	C@sx|jd�rt||�S|rMt|||||||�}	t||	�Stddj||��}
t|
d�S(u�
    Returns true a rule for the ip already exists
    based on the method supplied. Returns false if
    not found.
    CLI Example:

    .. code-block:: bash

        salt '*' csf.exists allow 1.2.3.4
        salt '*' csf.exists tempdeny 1.2.3.4
    utempucmd.run_alluegrep ^'{0} +' /etc/csf/csf.{1}uretcode(t
startswithRt_build_port_ruleRRRR(RRtporttprotot	directiontport_origint	ip_origintttltcommentRR((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyR/s

cC@s�djtjjjd�|�}td|�}|ddkrz|dsX|d}n
|d}tdj|���n
|d}|S(	u
    Execute csf command
    u{0} {1}ucsfucmd.run_alluretcodeiustderrustdoutucsf failed: {0}(RRRRR	RR(Rtcsf_cmdtouttret((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt	__csf_cmdLs!



cC@s$d}td|�}t|d�S(u>
    Return True if csf is running otherwise return False
    utest -e /etc/csf/csf.disableucmd.run_alluretcode(RR(RR%((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_status_csf`scC@s?idd6dd6dd6dd6d	d
6dd6d
d6}||S(u?
    Returns the cmd option based on a long form argument.
    u-auallowu-dudenyu-aruunallowu-druundenyu-tau	tempallowu-tdutempdenyu-trutemprm((Rtopts((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_get_optis
cC@s>t|�}dj||�}|r:|dj|�7}n|S(uA
    Returns the cmd args for csf basic allow/deny commands.
    u{0} {1}u {0}(R*R(RRR#topttargs((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_build_argsys
c	C@s�t�r�|dkr idd6S|dkrHt|||�}t|�S|dkr_idd6Std|d|d|d	|d
|d|d|d
|�SndS(u@
    Handles the cmd execution for allow and deny commands.
    u&You must supply an ip address or CIDR.uerroruallowudenyu=Only allow and deny rules are allowed when specifying a port.RRRRRR R!R#N(uallowudeny(R(R
R-R't_access_rule_with_port(	RRRRRR R!R#R,((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_access_rule�s 	
c	C@s_i|d6|d6|d6|d6|d6|d6}dj|�}|r[|dj|�7}n|S(	Nuipuportuprotou	directionuport_originu	ip_originu9{proto}|{direction}|{port_origin}={port}|{ip_origin}={ip}u #{0}(R(	RRRRR R!R#tkwargsR((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyR�s
c
C@s�t|d|d|d|d|d|dd�}|jdd	�}|jd
d�}tdd
j|�ddj|�dd�}	|	S(NRRRR R!R#uu|u[|]u.u[.]ufile.replaceu/etc/csf/csf.{0}tpatternu^{0}(( +)?\#.*)?$
trepl(RRRR(
RRRRRR R!R"Rtresult((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_remove_access_rule_with_port�s				cC@sYg}t|�}|rU|jd�djdd�jdd�}|jd�}n|S(uV
    Extract comma-separated values from a csf.conf
    option and return a list.
    u=iu uu"u,(t
get_optiontsplitR(toptionR3tlinetcsv((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_csf_to_list�s+cC@stjd|�}|S(Nu(?: +)?\=(?: +)?(treR6(R7tl((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytsplit_option�scC@sMdj|�}tdd|d�}d|krI|drI|d}|SdS(Nu^{0}(\ +)?\=(\ +)?".*"$u	file.grepu/etc/csf/csf.confu-Eustdout(RRR
(R7R1tgrepR8((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyR5�s
cC@sRt|�}|sidd6Stddddj|�ddj||��}|S(	Nu!No such option exists in csf.confuerrorufile.replaceu/etc/csf/csf.confR1u^{0}(\ +)?\=(\ +)?".*"R2u{0} = "{1}"(R5RR(R7tvaluetcurrent_optionR3((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt
set_option�s
cC@s%|rd}nd}t|�}|S(NuETH6_DEVICE_SKIPuETH_DEVICE_SKIP(R:(tipv6R7tskipped_nics((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytget_skipped_nics�s
	cC@s)td|�}|j|�t||�S(NRB(RDtappendt	skip_nics(tnicRBtnics((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytskip_nic�s
cC@sk|rd}nd}djtjjtj|��}tddddj|�dd	j||��}|S(
Nu6uu,ufile.replaceu/etc/csf/csf.confR1u%^ETH{0}_DEVICE_SKIP(\ +)?\=(\ +)?".*"R2uETH{0}_DEVICE_SKIP = "{1}"(tjoinRtmovestmapt	text_typeRR(RHRBtnics_csvR3((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyRFs	!
c	C@s�i}	|dkr!ddg}
n	|g}
x�|
D]�}t||d|d|d|d|d|d	|d
|�}|s1t|d|d|d|d|d|d
|�}dj|�}
td|
|�|	|<q1q1W|	S(
NubothuinuoutRRRR R!R"R#u/etc/csf/csf.{0}ufile.append(RRRR(RRRRRR R!R"R#tresultst
directionst_existsRR((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyR.s2
	
			c	C@s`t�r\|dkr idd6S|dkr7idd6St||||||�}t|�SdS(uH
    Handles the cmd execution for tempdeny and tempallow commands.
    u&You must supply an ip address or CIDR.uerroruYou must supply a ttl.N(R(R
t_build_tmp_access_argsR'(	RRR"RRR R!R#R,((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_tmp_access_rule5s	cC@syt|�}dj|||�}|r=|dj|�7}n|rY|dj|�7}n|ru|dj|�7}n|S(u=
    Builds the cmd args for temporary access/deny opts.
    u{0} {1} {2}u -p {0}u -d {0}u #{0}(R*R(RRR"RRR#R+R,((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyRRIscC@st�S(uc
    Check csf status
    CLI Example:

    .. code-block:: bash

        salt '*' csf.running
    (R((((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytrunningXs	cC@st�rtd�SdS(uj
    Disable csf permanently
    CLI Example:

    .. code-block:: bash

        salt '*' csf.disable
    u-xN(R(R'(((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytdisableds		cC@st�std�SdS(um
    Activate csf if not running
    CLI Example:

    .. code-block:: bash

        salt '*' csf.enable
    u-eN(R(R'(((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytenableqs		cC@s
td�S(u]
    Restart csf
    CLI Example:

    .. code-block:: bash

        salt '*' csf.reload
    u-r(R'(((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytreload~s	cC@std|||||�S(u�
    Add an rule to the temporary ip allow list.
    See :func:`_access_rule`.
    1- Add an IP:
    CLI Example:

    .. code-block:: bash

        salt '*' csf.tempallow 127.0.0.1 3600 port=22 direction='in' comment='# Temp dev ssh access'
    u	tempallow(RS(RR"RRR#((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt	tempallow�scC@std|||||�S(u�
    Add a rule to the temporary ip deny list.
    See :func:`_access_rule`.
    1- Add an IP:
    CLI Example:

    .. code-block:: bash

        salt '*' csf.tempdeny 127.0.0.1 300 port=22 direction='in' comment='# Brute force attempt'
    utempdeny(RS(RR"RRR#((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyttempdeny�suscC@s1td|d|d|d|d|d|d|�S(u�
    Add an rule to csf allowed hosts
    See :func:`_access_rule`.
    1- Add an IP:
    CLI Example:

    .. code-block:: bash

        salt '*' csf.allow 127.0.0.1
        salt '*' csf.allow 127.0.0.1 comment="Allow localhost"
    uallowRRRR R!R#(R/(RRRRR R!R"R#((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytallow�sc	C@std|||||||�S(u�
    Add an rule to csf denied hosts
    See :func:`_access_rule`.
    1- Deny an IP:
    CLI Example:

    .. code-block:: bash

        salt '*' csf.deny 127.0.0.1
        salt '*' csf.deny 127.0.0.1 comment="Too localhosty"
    udeny(R/(RRRRR R!R"R#((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytdeny�scC@s(td�}dj||�}t|�S(Nutemprmu{0} {1}(R*RR'(RR+R,((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytremove_temp_rule�scC@s
td|�S(u�
    Remove a rule from the csf denied hosts
    See :func:`_access_rule`.
    1- Deny an IP:
    CLI Example:

    .. code-block:: bash

        salt '*' csf.unallow 127.0.0.1
    uunallow(R/(R((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytunallow�scC@s
td|�S(u�
    Remove a rule from the csf denied hosts
    See :func:`_access_rule`.
    1- Deny an IP:
    CLI Example:

    .. code-block:: bash

        salt '*' csf.undeny 127.0.0.1
    uundeny(R/(R((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytundeny�sc		C@s�|jd�s|rt|�S|sT|dkr;t|�S|dkrTt|�Sn|r�td|d|d|d|d|d	|d
|�SdS(NutempuallowudenyRRRRRR R!(RR\R]R^R4(	RRRRRR R!R"R#((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytremove_rule�s



c
C@s�g}t|�}t|�}|j�}|j�}t||�djtjjtj|��}t	|�}xR|D]J}t
ddddj||�ddj|||��}|j|�qwW|S(u

    Fully replace the incoming or outgoing ports
    line in the csf.conf file - e.g. TCP_IN, TCP_OUT,
    UDP_IN, UDP_OUT, etc.

    CLI Example:

    .. code-block:: bash

        salt '*' csf.allow_ports ports="[22,80,443,4505,4506]" proto='tcp' direction='in'
    u,ufile.replaceu/etc/csf/csf.confR1u^{0}_{1}(\ +)?\=(\ +)?".*"$R2u{0}_{1} = "{2}"(
tsettlistRt_validate_direction_and_protoRJRRKRLRMtbuild_directionsRRRE(tportsRRROt	ports_csvRPR3((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytallow_portss

!

cC@sn|j�}|j�}i}t||�t|�}x0|D](}dj||�}t|�||<q>W|S(u�
    Lists ports from csf.conf based on direction and protocol.
    e.g. - TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, etc..

    CLI Example:

    .. code-block:: bash

        salt '*' csf.allow_port 22 proto='tcp' direction='in'
    u{0}_{1}(RRbRcRR:(RRRORPR7((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt	get_ports7s

cC@sF|j�d
kr!td��n|j�dkrBtd	��ndS(NuINuOUTuBOTHu/You must supply a direction of in, out, or bothuTCPuUDPuTCP6uUDP6u=You must supply tcp, udp, tcp6, or udp6 for the proto keyword(uINuOUTuBOTH(uTCPuUDPuTCP6uUDP6(RR(RR((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyRbOscC@s4|j�}|dkr'ddg}n	|g}|S(NuBOTHuINuOUT(R(RRP((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyRc[s
	ubothcC@s�td|d|�}|j�}t||�t|�}g}xA|D]9}||}|j|�|t|d|d|�7}qGW|S(u
    Like allow_ports, but it will append to the
    existing entry instead of replacing it.
    Takes a single port instead of a list of ports.

    CLI Example:

    .. code-block:: bash

        salt '*' csf.allow_port 22 proto='tcp' direction='in'
    RR(RgRRbRcRERf(RRRRdRPROt_ports((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt
allow_portds




 cC@std�d}|S(NuTESTINGi(R:(ttesting((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytget_testing_status}scC@s_|dkrd}n!|dkr*d}ntd��tdddd	d
dj|��}|S(Nuonu1uoffu0u%Only valid arg is 'on' or 'off' here.ufile.replaceu/etc/csf/csf.confR1u^TESTING(\ +)?\=(\ +)?".*"R2uTESTING = "{0}"(RRR(tvalR3((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt_toggle_testing�s			
cC@s
td�S(Nuon(Rm(((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytenable_testing_mode�scC@s
td�S(Nuoff(Rm(((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pytdisable_testing_mode�s(9t__doc__t
__future__RRRR;tsalt.utils.pathRtsalt.exceptionsRRtsalt.extRR
RRR
RR'R(R*R-R/RR4R:R=R5RARRDRIRFR.RSRRRTRURVRWRXRYRZR[R\R]R^R_RfRgRbRcRiRkRmRnRo(((s4/usr/lib/python2.7/site-packages/salt/modules/csf.pyt<module>s�										
				

			
	
										

Zerion Mini Shell 1.0