midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

up

Browse Source
pull/109/head
midoks 6 years ago
parent 35204badf8
commit 59dfad1ca2
5 changed files with 363 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. BIN
      plugins/op_firewall/ico.png
  2. 17
      plugins/op_firewall/index.html
  3. 299
      plugins/op_firewall/index.py
  4. 15
      plugins/op_firewall/info.json
  5. 32
      plugins/op_firewall/install.sh

BIN
plugins/op_firewall/ico.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 344 B

17
plugins/op_firewall/index.html
Unescape View File

@ -0,0 +1,17 @@
<div class="bt-form">
<div class="bt-w-main">
<div class="bt-w-menu">
<p class="bgw" onclick="orPluginService('op_firewall');">服务</p>
<p onclick="pluginInitD('op_firewall');">自启动</p>
<p onclick="pluginConfig('op_firewall');">配置修改</p>
<!-- <p onclick="pluginLogs('op_firewall');">错误日志</p> -->
</div>
<div class="bt-w-con pd15">
<div class="soft-man-con"></div>
</div>
</div>
</div>
<script type="text/javascript">
$.getScript( "/plugins/file?name=openrop_firewallesty&f=js/op_firewall.js");
</script>

299
plugins/op_firewall/index.py
Unescape View File

@ -0,0 +1,299 @@
# coding:utf-8
import sys
import io
import os
import time
import subprocess
sys.path.append(os.getcwd() + "/class/core")
import public
app_debug = False
if public.isAppleSystem():
app_debug = True
def getPluginName():
return 'op_firewall'
def getPluginDir():
return public.getPluginDir() + '/' + getPluginName()
def getServerDir():
return public.getServerDir() + '/' + getPluginName()
def getInitDFile():
if app_debug:
return '/tmp/' + getPluginName()
return '/etc/init.d/' + getPluginName()
def getArgs():
args = sys.argv[2:]
tmp = {}
args_len = len(args)
if args_len == 1:
t = args[0].strip('{').strip('}')
t = t.split(':')
tmp[t[0]] = t[1]
elif args_len > 1:
for i in range(len(args)):
t = args[i].split(':')
tmp[t[0]] = t[1]
return tmp
def clearTemp():
path_bin = getServerDir() + "/nginx"
public.execShell('rm -rf ' + path_bin + '/client_body_temp')
public.execShell('rm -rf ' + path_bin + '/fastcgi_temp')
public.execShell('rm -rf ' + path_bin + '/proxy_temp')
public.execShell('rm -rf ' + path_bin + '/scgi_temp')
public.execShell('rm -rf ' + path_bin + '/uwsgi_temp')
def getConf():
path = getServerDir() + "/nginx/conf/nginx.conf"
return path
def getConfTpl():
path = getPluginDir() + '/conf/nginx.conf'
return path
def getOs():
data = {}
data['os'] = public.getOs()
ng_exe_bin = getServerDir() + "/nginx/sbin/nginx"
if checkAuthEq(ng_exe_bin, 'root'):
data['auth'] = True
else:
data['auth'] = False
return public.getJson(data)
def getInitDTpl():
path = getPluginDir() + "/init.d/nginx.tpl"
return path
def makeConf():
vhost = getServerDir() + '/nginx/conf/vhost'
if not os.path.exists(vhost):
os.mkdir(vhost)
php_status = getServerDir() + '/nginx/conf/php_status'
if not os.path.exists(php_status):
os.mkdir(php_status)
def getFileOwner(filename):
import pwd
stat = os.lstat(filename)
uid = stat.st_uid
pw = pwd.getpwuid(uid)
return pw.pw_name
def checkAuthEq(file, owner='root'):
fowner = getFileOwner(file)
if (fowner == owner):
return True
return False
def confReplace():
service_path = os.path.dirname(os.getcwd())
content = public.readFile(getConfTpl())
content = content.replace('{$SERVER_PATH}', service_path)
user = 'www'
user_group = 'www'
if public.getOs() == 'darwin':
# macosx do
user = public.execShell(
"who | sed -n '2, 1p' |awk '{print $1}'")[0].strip()
# user = 'root'
user_group = 'staff'
content = content.replace('{$EVENT_MODEL}', 'kqueue')
else:
content = content.replace('{$EVENT_MODEL}', 'epoll')
content = content.replace('{$OS_USER}', user)
content = content.replace('{$OS_USER_GROUP}', user_group)
public.writeFile(getServerDir() + '/nginx/conf/nginx.conf', content)
# give nginx root permission
ng_exe_bin = getServerDir() + "/nginx/sbin/nginx"
if not checkAuthEq(ng_exe_bin, 'root'):
args = getArgs()
sudoPwd = args['pwd']
cmd_own = 'chown -R ' + 'root:' + user_group + ' ' + ng_exe_bin
os.system('echo %s|sudo -S %s' % (sudoPwd, cmd_own))
cmd_mod = 'chmod 755 ' + ng_exe_bin
os.system('echo %s|sudo -S %s' % (sudoPwd, cmd_mod))
cmd_s = 'chmod u+s ' + ng_exe_bin
os.system('echo %s|sudo -S %s' % (sudoPwd, cmd_s))
def initDreplace():
file_tpl = getInitDTpl()
service_path = os.path.dirname(os.getcwd())
initD_path = getServerDir() + '/init.d'
if not os.path.exists(initD_path):
os.mkdir(initD_path)
file_bin = initD_path + '/' + getPluginName()
# initd replace
content = public.readFile(file_tpl)
content = content.replace('{$SERVER_PATH}', service_path)
public.writeFile(file_bin, content)
public.execShell('chmod +x ' + file_bin)
# config replace
confReplace()
# make nginx vhost or other
makeConf()
return file_bin
def status():
data = public.execShell(
"ps -ef|grep nginx |grep -v grep | grep -v python | awk '{print $2}'")
if data[0] == '':
return 'stop'
return 'start'
def start():
file = initDreplace()
data = public.execShell(file + ' start')
if data[1] == '':
return 'ok'
return data[1]
def stop():
file = initDreplace()
data = public.execShell(file + ' stop')
clearTemp()
if data[1] == '':
return 'ok'
return data[1]
def restart():
file = initDreplace()
data = public.execShell(file + ' restart')
if data[1] == '':
return 'ok'
return data[1]
def reload():
file = initDreplace()
data = public.execShell(file + ' reload')
if data[1] == '':
return 'ok'
return data[1]
def initdStatus():
if not app_debug:
if public.isAppleSystem():
return "Apple Computer does not support"
initd_bin = getInitDFile()
if os.path.exists(initd_bin):
return 'ok'
return 'fail'
def initdInstall():
import shutil
if not app_debug:
if public.isAppleSystem():
return "Apple Computer does not support"
source_bin = initDreplace()
initd_bin = getInitDFile()
shutil.copyfile(source_bin, initd_bin)
public.execShell('chmod +x ' + initd_bin)
public.execShell('chkconfig --add ' + getPluginName())
return 'ok'
def initdUinstall():
if not app_debug:
if public.isAppleSystem():
return "Apple Computer does not support"
public.execShell('chkconfig --del ' + getPluginName())
initd_bin = getInitDFile()
os.remove(initd_bin)
return 'ok'
def runInfo():
# 取Openresty负载状态
try:
result = public.httpGet('http://127.0.0.1/nginx_status')
tmp = result.split()
data = {}
data['active'] = tmp[2]
data['accepts'] = tmp[9]
data['handled'] = tmp[7]
data['requests'] = tmp[8]
data['Reading'] = tmp[11]
data['Writing'] = tmp[13]
data['Waiting'] = tmp[15]
return public.getJson(data)
except Exception as e:
return 'oprenresty not started'
def errorLogPath():
return getServerDir() + '/nginx/logs/error.log'
if __name__ == "__main__":
func = sys.argv[1]
if func == 'status':
print status()
elif func == 'start':
print start()
elif func == 'stop':
print stop()
elif func == 'restart':
print restart()
elif func == 'reload':
print reload()
elif func == 'initd_status':
print initdStatus()
elif func == 'initd_install':
print initdInstall()
elif func == 'initd_uninstall':
print initdUinstall()
elif func == 'conf':
print getConf()
elif func == 'get_os':
print getOs()
elif func == 'run_info':
print runInfo()
elif func == 'error_log':
print errorLogPath()
else:
print 'error'

15
plugins/op_firewall/info.json
Unescape View File

@ -0,0 +1,15 @@
{
"title":"OP防火墙[dev]",
"tip":"soft",
"name":"op_firewall",
"type":"其他插件",
"ps":"有效防止sql注入/xss/一句话木马等常见渗透攻击",
"shell":"install.sh",
"checks":"server/op_firewall",
"path":"server/op_firewall",
"author":"loveshell",
"home":"https://github.com/loveshell/ngx_lua_waf",
"date":"2019-04-21",
"pid": "1",
"versions": ["0.1"]
}

32
plugins/op_firewall/install.sh
Unescape View File

@ -0,0 +1,32 @@
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
curPath=`pwd`
rootPath=$(dirname "$curPath")
rootPath=$(dirname "$rootPath")
serverPath=$(dirname "$rootPath")
action=$1
type=$2
if id www &> /dev/null ;then
echo "www UID is `id -u www`"
echo "www Shell is `grep "^www:" /etc/passwd |cut -d':' -f7 `"
else
groupadd www
useradd -g www -s /sbin/nologin www
fi
if [ "${2}" == "" ];then
echo '缺少安装脚本...' > $install_tmp
exit 0
fi
if [ ! -d $curPath/versions/$2 ];then
echo '缺少安装脚本2...' > $install_tmp
exit 0
fi
sh -x $curPath/versions/$2/install.sh $1
Write Preview
Loading…
Cancel
Save