Initial YakPanel commit

2026-04-07 02:04:22 +05:30
commit 2826d3e7f3
5359 changed files with 1390724 additions and 0 deletions
--- a/class/safe_warning/sw_file_lock.py
+++ b/class/safe_warning/sw_file_lock.py
@@ -0,0 +1,44 @@
+#!/usr/bin/python
+# coding: utf-8
+
+import os, sys, re, public
+
+
+_title = '设置关键文件底层属性'
+_version = 1.0  # 版本
+_ps = "检查关键文件的底层属性是否配置"  # 描述
+_level = 0  # 风险级别： 1.提示(低)  2.警告(中)  3.危险(高)
+_date = '2023-03-10'  # 最后更新时间
+_ignore = os.path.exists("data/warning/ignore/sw_file_lock.pl")
+_tips = [
+    "给系统日志文件【/var/log/messages】添加只可追加属性chattr +a",
+    "给关键文件【/etc/passwd /etc/shadow /etc/group /etc/gshadow】添加锁属性chattr +i"
+]
+_help = ''
+
+
+def check_run():
+    '''
+        @name 开始检测
+        @return tuple (status<bool>,msg<string>)
+    '''
+    result_list = []
+    result_str1 = public.ExecShell('lsattr -l /var/log/messages*')[0].strip()
+    tmp_list1 = result_str1.split('\n')
+    # 执行lsattr -l查看文件特殊属性，若存在特殊属性，则判断是否为“追加属性”，若为否，则加入到result_list，最终显示到面板中
+    for tl1 in tmp_list1:
+        if not "Append_Only" in tl1:
+            log1 = re.search(r'.*?\s', tl1)
+            result_list.append(log1.group().strip())
+    result_str2 = public.ExecShell('lsattr -l /etc/passwd /etc/shadow /etc/group /etc/gshadow')[0].strip()
+    tmp_list2 = result_str2.split('\n')
+    # immutable判断是否为锁属性
+    for tl2 in tmp_list2:
+        if not "Immutable" in tl2:
+            log2 = re.search(r'.*?\s', tl2)
+            result_list.append(log2.group().strip())
+    if result_list:
+        return False, '以下文件未配置适当的底层属性：{}'.format('、'.join(result_list))
+    else:
+        return True, 'Risk-free'
+