Initial YakPanel commit

class/safe_warning/sw_dir_mode.py

@@ -0,0 +1,82 @@
+#!/usr/bin/python
+#coding: utf-8
+# -------------------------------------------------------------------
+# YakPanel
+# -------------------------------------------------------------------
+# Copyright (c) 2015-2099 YakPanel(www.yakpanel.com) All rights reserved.
+# -------------------------------------------------------------------
+# Author: hwliang <hwl@yakpanel.com>
+# -------------------------------------------------------------------
+
+# -------------------------------------------------------------------
+# 检测关键目录权限是否正确
+# -------------------------------------------------------------------
+
+
+import os,sys,re,public
+
+_title = 'System directory permissions'
+_version = 1.0                              # 版本
+_ps = "Checks if the System directory permissions are correct"              # 描述
+_level = 0                                  # 风险级别： 1.提示(低)  2.警告(中)  3.危险(高)
+_date = '2020-08-05'                        # 最后更新时间
+_ignore = os.path.exists("data/warning/ignore/sw_dir_mode.pl")
+_tips = [
+    "On the [ File ] page, set the correct permissions and owner for the specified directory or file",
+    "Note 1: When setting directory permissions through the [File] page, please cancel the [Apply to subdirectories] option",
+    "Note 2: Incorrect file permissions not only pose a security risk, but also may cause some software on the server to fail to work properly"
+    ]
+
+_help = ''
+
+
+def check_run():
+    '''
+        @name 开始检测
+        @author hwliang<2020-08-05>
+        @return tuple (status<bool>,msg<string>)
+    '''
+    dir_list = [
+        ['/usr',755,'root'],
+        ['/usr/bin',555,'root'],
+        ['/usr/sbin',555,'root'],
+        ['/usr/lib',555,'root'],
+        ['/usr/lib64',555,'root'],
+        ['/usr/local',755,'root'],
+        ['/etc',755,'root'],
+        ['/etc/passwd',644,'root'],
+        ['/etc/shadow',600,'root'],
+        ['/etc/gshadow',600,'root'],
+        ['/etc/cron.deny',600,'root'],
+        ['/etc/anacrontab',600,'root'],
+        ['/var',755,'root'],
+        ['/var/spool',755,'root'],
+        ['/var/spool/cron',700,'root'],
+        ['/var/spool/cron/root',600,'root'],
+        ['/var/spool/cron/crontabs/root',600,'root'],
+        ['/www',755,'root'],
+        ['/www/server',755,'root'],
+        ['/www/wwwroot',755,'root'],
+        ['/root',550,'root'],
+        ['/mnt',755,'root'],
+        ['/home',755,'root'],
+        ['/dev',755,'root'],
+        ['/opt',755,'root'],
+        ['/sys',555,'root'],
+        ['/run',755,'root'],
+        ['/tmp',777,'root']
+    ]
+
+    not_mode_list = []
+    # for d in dir_list:
+    #     if not os.path.exists(d[0]): continue
+    #     u_mode = public.get_mode_and_user(d[0])
+    #     if u_mode['user'] != d[2]:
+    #         not_mode_list.append("{} 当前权限: {} : {} 安全权限: {} : {}".format(d[0],u_mode['mode'],u_mode['user'],d[1],d[2]))
+    #     if int(u_mode['mode']) != d[1]:
+    #         not_mode_list.append("{} 当前权限: {} : {} 安全权限: {} : {}".format(d[0],u_mode['mode'],u_mode['user'],d[1],d[2]))
+    
+    # if not_mode_list:
+    #     return False,'以下关键文件或目录权限错误: <br />' + ("<br />".join(not_mode_list))
+
+    return True,'Risk-free'