# coding: utf-8 # ------------------------------------------------------------------- # yakpanel # ------------------------------------------------------------------- # Copyright (c) 2014-2099 yakpanel(http://www.yakpanel.com) All rights reserved. # ------------------------------------------------------------------- # Author: wzz # ------------------------------------------------------------------- # ------------------------------ # 系统防火墙模型 - 基类 # ------------------------------ import os import re from typing import Dict, Union, Any from xml.etree.ElementTree import ElementTree import public class Base(object): def __init__(self): self.config_path = "{}/class/firewallModel/config".format(public.get_panel_path()) self._isUfw = False self._isFirewalld = False self._isIptables = False if os.path.exists('/usr/sbin/ufw'): self._isUfw = True from firewallModel.app.ufw import Ufw self.firewall = Ufw() elif os.path.exists('/usr/sbin/firewalld'): self._isFirewalld = True from firewallModel.app.firewalld import Firewalld self.firewall = Firewalld() elif not self._isUfw and not self._isFirewalld: self._isIptables = True from firewallModel.app.iptables import Iptables self.firewall = Iptables() _months = {'Jan': '01', 'Feb': '02', 'Mar': '03', 'Apr': '04', 'May': '05', 'Jun': '06', 'Jul': '07', 'Aug': '08', 'Sep': '09', 'Sept': '09', 'Oct': '10', 'Nov': '11', 'Dec': '12'} # 2024/3/14 上午 11:27 获取防火墙运行状态 def get_firewall_status(self) -> bool: ''' @name 获取防火墙运行状态 @author wzz <2024/3/14 上午 11:27> @param @return bool True/False ''' if self._isUfw: res = public.ExecShell("systemctl is-active ufw")[0] if res == "active": return True res = public.ExecShell("systemctl list-units | grep ufw")[0] if res.find('active running') != -1: return True res = public.ExecShell('/lib/ufw/ufw-init status')[0] if res.find("Firewall is not running") != -1: return False res = public.ExecShell('ufw status verbose')[0] if res.find('inactive') != -1: return False return True if self._isFirewalld: res = public.ExecShell("ps -ef|grep firewalld|grep -v grep")[0] if res: return True res = public.ExecShell("systemctl is-active firewalld")[0] if res == "active": return True res = public.ExecShell("systemctl list-units | grep firewalld")[0] if res.find('active running') != -1: return True return False else: res = public.ExecShell("/etc/init.d/iptables status")[0] if res.find('not running') != -1: return False res = public.ExecShell("systemctl is-active iptables")[0] if res == "active": return True return True # 2024/3/14 上午 11:30 设置禁ping def set_ping(self, get) -> dict: ''' @name 设置禁ping @author wzz <2024/3/14 上午 11:31> @param "data":{"参数名":""} <数据类型> 参数描述 @return dict{"status":True/False,"msg":"提示信息"} ''' get.status = get.get("status", "1") get.status = str(get.status) if str(get.status) in ['0', '1'] else '1' filename = '/etc/sysctl.conf' conf = public.readFile(filename) if conf.find('net.ipv4.icmp_echo') != -1: rep = r"net\.ipv4\.icmp_echo.*" conf = re.sub(rep, 'net.ipv4.icmp_echo_ignore_all=' + get.status + "\n", conf) else: conf += "\nnet.ipv4.icmp_echo_ignore_all=" + get.status + "\n" if public.writeFile(filename, conf): public.ExecShell('sysctl -p') return public.returnMsg(True, public.lang("SUCCESS")) else: return public.returnMsg( False, '错误:设置失败,sysctl.conf不可写!
' '1、如果安装了[YakPanel 系统加固],请先关闭
' '2、如果安装了云锁,请关闭[系统加固]功能
' '3、如果安装了安全狗,请关闭[系统防护]功能
' '4、如果使用了其它安全软件,请先卸载
' ) # 2024/3/14 上午 11:37 获取网站日志目录的大小 def get_www_logs_size(self, get) -> Dict[str, Union[str, Any]]: ''' @name 获取网站日志目录的大小 @author wzz <2024/3/14 上午 11:37> @param @return dict{"status":True/False,"msg":"提示信息"} ''' path_size = public.get_size_total("/www/wwwlogs") if not path_size: return {"log_path": "/www/wwwlogs", "size": "0B"} return {"log_path": "/www/wwwlogs", "size": public.to_size(path_size["/www/wwwlogs"])} # 2024/3/25 上午 10:50 获取防火墙类型,firewall或ufw def _get_firewall_type(self) -> str: ''' @name 获取防火墙类型,firewall或ufw @return str firewall/ufw ''' import os if os.path.exists('/usr/sbin/ufw'): return 'ufw' if os.path.exists('/usr/sbin/firewalld'): return 'firewall' return 'iptables' # 2024/3/26 下午 5:01 获取指定域名的A记录 def get_a_ip(self, domain: str) -> str: ''' @name 获取指定域名的A记录 @param domain: 域名 @return str ''' try: import socket return socket.gethostbyname(domain) except Exception as e: return "" # 2024/3/26 下午 5:40 检查是否已添加计划任务,如果没有则添加 def check_resolve_crontab(self): ''' @name 检查是否已添加计划任务 @author wzz <2024/3/26 下午 5:41> @param "data":{"参数名":""} <数据类型> 参数描述 @return dict{"status":True/False,"msg":"提示信息"} ''' python_path = "{}/pyenv/bin/python".format(public.get_panel_path()) if not public.M('crontab').where('name=?', ('[勿删]系统防火墙域名解析检测任务',)).count(): cmd = '{} {}'.format(python_path, '/www/server/panel/script/firewall_domain.py') args = {"name": "[勿删]系统防火墙域名解析检测任务", "type": 'minute-n', "where1": '5', "hour": '', "minute": '', "sName": "", "sType": 'toShell', "notice": '', "notice_channel": '', "save": '', "save_local": '1', "backupTo": '', "sBody": cmd, "urladdress": ''} import crontab res = crontab.crontab().AddCrontab(args) if res and "id" in res.keys(): return True return False return True # 2024/3/26 下午 11:37 当没有域名解析时,删除域名解析的计划任务 def remove_resolve_crontab(self): ''' @name 当没有域名解析时,删除域名解析的计划任务 @author wzz <2024/3/26 下午 11:37> @param "data":{"参数名":""} <数据类型> 参数描述 @return dict{"status":True/False,"msg":"提示信息"} ''' if not public.M('firewall_domain').count(): pdata = public.M('crontab').where('name=?', '[勿删]系统防火墙域名解析检测任务').select() if pdata: import crontab for i in pdata: args = {"id": i['id']} crontab.crontab().DelCrontab(args) # 2024/3/26 下午 6:22 端口扫描 def CheckPort(self, port, protocol): ''' @name 端口扫描 @author wzz <2024/3/26 下午 6:22> @param "data":{"参数名":""} <数据类型> 参数描述 @return dict{"status":True/False,"msg":"提示信息"} ''' import socket localIP = '127.0.0.1' temp = {} temp['port'] = port temp['local'] = True try: if 'tcp' in protocol.lower(): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(0.01) s.connect((localIP, port)) s.close() if 'udp' in protocol.lower(): s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.settimeout(0.01) s.sendto(b'', (localIP, port)) s.close() except: temp['local'] = False result = 0 if temp['local']: result += 2 return result