midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #815 from midoks/dev

Browse Source 
禁止root登陆 功能添加
dev
Mr Chen 2 days ago committed by GitHub
parent 3ff1124c30 9bcb41ab5d
commit 55c315eb98
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 91 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      web/admin/firewall/__init__.py
  2. 43
      web/static/app/firewall.js
  3. 44
      web/utils/firewall.py

8
web/admin/firewall/__init__.py
Unescape View File

@ -93,6 +93,14 @@ def set_fw():
status = request.form.get('status', '1')
return MwFirewall.instance().setFw(status)
@blueprint.route('/set_ssh_root_status', endpoint='set_ssh_root_status', methods=['POST'])
@panel_login_required
def set_ssh_root_status():
if mw.isAppleSystem():
return mw.returnData(True, '开发机不能设置!')
status = request.form.get('status', '1')
return MwFirewall.instance().setSshRootStatus(status)
@blueprint.route('/set_ssh_pass_status', endpoint='set_ssh_pass_status', methods=['POST'])
@panel_login_required
def set_ssh_pass_status():

43
web/static/app/firewall.js
Unescape View File

@ -53,6 +53,7 @@ function sshMgr(){
var ssh_status = rdata.status ? 'checked':'';
var pass_prohibit_status = rdata.pass_prohibit_status ? 'checked':'';
var pubkey_prohibit_status = rdata.pubkey_prohibit_status ? 'checked':'';
var root_prohibit_status = rdata.root_prohibit_status ? 'checked':'';
var con = '<div class="pd15">\
<div class="divtable">\
<table class="table table-hover waftable">\
@ -67,6 +68,15 @@ function sshMgr(){
</div>\
</td>\
</tr>\
<tr>\
<td>禁止root登陆</td>\
<td>\
<div class="ssh-item" style="margin-left:0">\
<input class="btswitch btswitch-ios" id="root_status" type="checkbox" '+root_prohibit_status+'>\
<label class="btswitch-btn" for="root_status" onclick=\'setSshRootStatus()\'></label>\
</div>\
</td>\
</tr>\
<tr>\
<td>禁止密码登陆</td>\
<td>\
@ -92,7 +102,7 @@ function sshMgr(){
layer.open({
type: 1,
title: "SSH管理",
area: ['300px', '260px'],
area: ['300px', '310px'],
closeBtn: 1,
shadeClose: false,
content: '<div id="ssh_list">'+con+'</div>',
@ -252,6 +262,35 @@ function setMstscStatus(){
});
}
/**
* 设置远程服务状态
* @param {Int} state 0.启用 1.关闭
*/
function setSshRootStatus(){
status = $("#root_status").prop("checked")==true?1:0;
var msg = status==1?'开启密码登陆,继续吗?':'确定禁止密码登陆吗?';
layer.confirm(msg,{title:'警告',closeBtn:2,cancel:function(){
if(status == 0){
$("#root_status").prop("checked",false);
} else {
$("#root_status").prop("checked",true);
}
}},function(index){
if(index > 0){
layer.msg('正在处理,请稍候...',{icon:16,time:20000});
$.post('/firewall/set_ssh_root_status','status='+status,function(rdata){
layer.msg(rdata.msg,{icon:rdata.status?1:2});
},'json');
}
},function(){
if(status == 0){
$("#root_status").prop("checked",false);
} else {
$("#root_status").prop("checked",true);
}
});
}
/**
* 设置远程服务状态
* @param {Int} state 0.启用 1.关闭
@ -281,6 +320,8 @@ function setSshPassStatus(){
});
}
/**
* 设置远程服务状态
* @param {Int} state 0.启用 1.关闭

44
web/utils/firewall.py
Unescape View File

@ -196,13 +196,14 @@ class Firewall(object):
if ssh_status[0] != '':
status = False
cmd = "systemctl status sshd.service | grep 'dead'|grep -v grep"
cmd = "systemctl status sshd | grep 'dead'|grep -v grep"
ssh_status = mw.execShell(cmd)
if ssh_status[0] != '':
status = False
data['pubkey_prohibit_status'] = False
data['pass_prohibit_status'] = False
data['root_prohibit_status'] = False
port = '22'
sshd_file = '/etc/ssh/sshd_config'
if os.path.exists(sshd_file):
@ -228,6 +229,15 @@ class Firewall(object):
else:
data['pubkey_prohibit_status'] = True
# root登陆配置检查
root_rep = r"PermitRootLogin\s+(\w*)\s*\n"
root_status = re.search(root_rep, conf)
if root_status:
if root_status and root_status.groups(0)[0].strip() == 'no':
data['root_prohibit_status'] = True
else:
data['root_prohibit_status'] = True
data['port'] = port
data['status'] = status
data['ping'] = isPing
@ -440,6 +450,34 @@ class Firewall(object):
self.reload()
return True
def setSshRootStatus(self, status):
msg = '禁止root登陆成功'
if status == "1":
msg = '开启root登陆成功'
file = '/etc/ssh/sshd_config'
if not os.path.exists(file):
return mw.returnJson(False, '无法设置!')
conf = mw.readFile(file)
root_rep = r"PermitRootLogin\s+(\w*)\s*\n"
root_status = re.search(root_rep, conf)
if not root_status:
rep = r"(#)?PermitRootLogin\s+(\w*)\s*\n"
conf = re.sub(rep, "PermitRootLogin yes\n", conf)
if status == '1':
rep = r"PermitRootLogin\s+(\w*)\s*\n"
conf = re.sub(rep, "PermitRootLogin yes\n", conf)
else:
rep = r"PermitRootLogin\s+(\w*)\s*\n"
conf = re.sub(rep, "PermitRootLogin no\n", conf)
mw.writeFile(file, conf)
mw.execShell("systemctl restart sshd")
mw.writeLog("SSH管理", msg)
return mw.returnData(True, msg)
def setSshPassStatus(self, status):
msg = '禁止密码登陆成功'
if status == "1":
@ -464,7 +502,7 @@ class Firewall(object):
rep = r"PasswordAuthentication\s+(\w*)\s*\n"
conf = re.sub(rep, "PasswordAuthentication no\n", conf)
mw.writeFile(file, conf)
mw.execShell("systemctl restart sshd.service")
mw.execShell("systemctl restart sshd")
mw.writeLog("SSH管理", msg)
return mw.returnData(True, msg)
@ -492,7 +530,7 @@ class Firewall(object):
rep = r"PubkeyAuthentication\s+(\w*)\s*\n"
content = re.sub(rep, "PubkeyAuthentication no\n", content)
mw.writeFile(file, content)
mw.execShell("systemctl restart sshd.service")
mw.execShell("systemctl restart sshd")
mw.writeLog("SSH管理", msg)
return mw.returnData(True, msg)

Write Preview
Loading…
Cancel
Save