update

web/admin/firewall/__init__.py

@@ -93,6 +93,14 @@ def set_fw():
     status = request.form.get('status', '1')
     return MwFirewall.instance().setFw(status)
 
+@blueprint.route('/set_ssh_root_status', endpoint='set_ssh_root_status', methods=['POST'])
+@panel_login_required
+def set_ssh_root_status():
+    if mw.isAppleSystem():
+        return mw.returnData(True, '开发机不能设置!')
+    status = request.form.get('status', '1')
+    return MwFirewall.instance().setSshRootStatus(status)
+
 @blueprint.route('/set_ssh_pass_status', endpoint='set_ssh_pass_status', methods=['POST'])
 @panel_login_required
 def set_ssh_pass_status():

web/static/app/firewall.js

@@ -53,6 +53,7 @@ function sshMgr(){
 		var ssh_status = rdata.status ? 'checked':'';
 		var pass_prohibit_status = rdata.pass_prohibit_status ? 'checked':'';
 		var pubkey_prohibit_status = rdata.pubkey_prohibit_status ? 'checked':'';
+		var root_prohibit_status = rdata.root_prohibit_status ? 'checked':'';
 		var con = '<div class="pd15">\
             <div class="divtable">\
                 <table class="table table-hover waftable">\
@@ -67,6 +68,15 @@ function sshMgr(){
                                 </div>\
                             </td>\
                         </tr>\
+                        <tr>\
+                            <td>禁止Root登陆</td>\
+                            <td>\
+                                <div class="ssh-item" style="margin-left:0">\
+                                    <input class="btswitch btswitch-ios" id="pass_status" type="checkbox" '+root_prohibit_status+'>\
+                                    <label class="btswitch-btn" for="pass_status" onclick=\'setSshRootStatus()\'></label>\
+                                </div>\
+                            </td>\
+                        </tr>\
                         <tr>\
                             <td>禁止密码登陆</td>\
                             <td>\
@@ -252,6 +262,35 @@ function setMstscStatus(){
 	});
 }
 
+/**
+ * 设置远程服务状态
+ * @param {Int} state 0.启用 1.关闭
+ */
+function setSshRootStatus(){
+	status = $("#root_status").prop("checked")==true?1:0;
+	var msg = status==1?'开启密码登陆,继续吗？':'确定禁止密码登陆吗？';
+	layer.confirm(msg,{title:'警告',closeBtn:2,cancel:function(){
+		if(status == 0){
+			$("#root_status").prop("checked",false);
+		} else {
+			$("#root_status").prop("checked",true);
+		}
+	}},function(index){
+		if(index > 0){
+			layer.msg('正在处理,请稍候...',{icon:16,time:20000});
+			$.post('/firewall/set_ssh_root_status','status='+status,function(rdata){
+				layer.msg(rdata.msg,{icon:rdata.status?1:2});
+			},'json');
+		}
+	},function(){
+		if(status == 0){
+			$("#root_status").prop("checked",false);
+		} else {
+			$("#root_status").prop("checked",true);
+		}
+	});
+}
+
 /**
  * 设置远程服务状态
  * @param {Int} state 0.启用 1.关闭
@@ -281,6 +320,8 @@ function setSshPassStatus(){
 	});
 }
 
+
+
 /**
  * 设置远程服务状态
  * @param {Int} state 0.启用 1.关闭

web/utils/firewall.py

@@ -203,6 +203,7 @@ class Firewall(object):
 
         data['pubkey_prohibit_status'] = False
         data['pass_prohibit_status'] = False
+        data['root_prohibit_status'] = False
         port = '22'
         sshd_file = '/etc/ssh/sshd_config'
         if  os.path.exists(sshd_file):
@@ -228,6 +229,15 @@ class Firewall(object):
             else:
                 data['pubkey_prohibit_status'] = True
 
+            # root登陆配置检查
+            root_rep = r"PermitRootLogin\s+(\w*)\s*\n"
+            root_status = re.search(pass_rep, conf)
+            if root_status:
+                if root_status and root_status.groups(0)[0].strip() == 'no':
+                    data['root_prohibit_status'] = True
+            else:
+                data['root_prohibit_status'] = True
+
         data['port'] = port
         data['status'] = status
         data['ping'] = isPing
@@ -440,6 +450,34 @@ class Firewall(object):
         self.reload()
         return True
 
+    def setSshRootStatus(self, status):
+        msg = '禁止root登陆成功'
+        if status == "1":
+            msg = '开启root登陆成功'
+
+        file = '/etc/ssh/sshd_config'
+        if not os.path.exists(file):
+            return mw.returnJson(False, '无法设置!')
+
+        conf = mw.readFile(file)
+
+        pass_rep = r"PermitRootLogin\s+(\w*)\s*\n"
+        pass_status = re.search(pass_rep, conf)
+        if not pass_status:
+            rep = r"(#)?PermitRootLogin\s+(\w*)\s*\n"
+            conf = re.sub(rep, "PermitRootLogin yes\n", conf)
+
+        if status == '1':
+            rep = r"PermitRootLogin\s+(\w*)\s*\n"
+            conf = re.sub(rep, "PermitRootLogin yes\n", conf)
+        else:
+            rep = r"PermitRootLogin\s+(\w*)\s*\n"
+            conf = re.sub(rep, "PermitRootLogin no\n", conf)
+        mw.writeFile(file, conf)
+        mw.execShell("systemctl restart sshd.service")
+        mw.writeLog("SSH管理", msg)
+        return mw.returnData(True, msg)
+
     def setSshPassStatus(self, status):
         msg = '禁止密码登陆成功'
         if status == "1":