diff --git a/class/core/firewall_api.py b/class/core/firewall_api.py index ed28d73c4..4358f3f68 100755 --- a/class/core/firewall_api.py +++ b/class/core/firewall_api.py @@ -178,6 +178,8 @@ class firewall_api: return self.getLogList(int(p), int(limit), search) def getSshInfoApi(self): + data = {} + file = '/etc/ssh/sshd_config' conf = mw.readFile(file) rep = "#*Port\s+([0-9]+)\s*\n" @@ -189,9 +191,9 @@ class firewall_api: isPing = True else: file = '/etc/sysctl.conf' - conf = mw.readFile(file) + sys_conf = mw.readFile(file) rep = "#*net\.ipv4\.icmp_echo_ignore_all\s*=\s*([0-9]+)" - tmp = re.search(rep, conf).groups(0)[0] + tmp = re.search(rep, sys_conf).groups(0)[0] if tmp == '1': isPing = False except: @@ -209,9 +211,14 @@ class firewall_api: if ssh_status[0] != '': status = False - data = {} - data['port'] = port + # 密码登陆配置检查 + pass_rep = "^(PasswordAuthentication)\s+(\w*)\s*\n" + pass_status = re.search(pass_rep, conf) + data['pass_prohibit_status'] = True + if pass_status and pass_status.groups(0)[0].strip() == 'yes': + data['pass_prohibit_status'] = False + data['port'] = port data['status'] = status data['ping'] = isPing if mw.isAppleSystem(): @@ -279,6 +286,32 @@ class firewall_api: mw.writeLog("防火墙管理", msg) return mw.returnJson(True, '操作成功!') + def setSshPassStatusApi(self): + # if mw.isAppleSystem(): + # return mw.returnJson(True, '开发机不能操作!') + + status = request.form.get('status', '1').strip() + msg = '禁止密码登陆' + if status == "1": + msg = '开始密码登陆' + + file = '/etc/ssh/sshd_config' + conf = mw.readFile(file) + + # print(conf) + if status == '1': + rep = "#PasswordAuthentication\s+(\w*)\s*\n" + conf = re.sub(rep, "PasswordAuthentication yes\n", conf) + else: + rep = "^(PasswordAuthentication)\s+(\w*)\s*\n" + conf = re.sub(rep, "#PasswordAuthentication yes\n", conf) + # print('......' * 10) + # print(conf) + mw.writeFile(file, conf) + mw.execShell("systemctl restart sshd.service") + mw.writeLog("SSH管理", msg) + return mw.returnJson(True, '操作成功!') + def setPingApi(self): if mw.isAppleSystem(): return mw.returnJson(True, '开发机不能操作!') diff --git a/route/static/app/firewall.js b/route/static/app/firewall.js index ac417e53c..05d8fb9aa 100755 --- a/route/static/app/firewall.js +++ b/route/static/app/firewall.js @@ -56,7 +56,7 @@ function sshMgr(){ $.post('/firewall/get_ssh_info', '', function(rdata){ var ssh_status = rdata.status ? 'checked':''; - var login_status = ''; + var pass_prohibit_status = rdata.pass_prohibit_status ? 'checked':''; var con = '
\
\ \ @@ -72,11 +72,11 @@ function sshMgr(){ \ \ \ - \ + \ \ \ @@ -235,10 +235,7 @@ function setMstscStatus(){ if(index > 0){ layer.msg('正在处理,请稍候...',{icon:16,time:20000}); $.post('/firewall/set_ssh_status','status='+status,function(rdata){ - // console.log(rdata); - layer.closeAll(); layer.msg(rdata.msg,{icon:rdata.status?1:2}); - setTimeout(function(){window.location.reload();},3000); },'json'); } },function(){ @@ -250,6 +247,36 @@ function setMstscStatus(){ }); } +/** + * 设置远程服务状态 + * @param {Int} state 0.启用 1.关闭 + */ +function setSshPassStatus(){ + status = $("#pass_status").prop("checked")==true?1:0; + var msg = status==1?'开启密码登陆,继续吗?':'确定禁止密码登陆吗?'; + layer.confirm(msg,{title:'警告',closeBtn:2,cancel:function(){ + if(status == 0){ + $("#pass_status").prop("checked",false); + } + else{ + $("#pass_status").prop("checked",true); + } + }},function(index){ + if(index > 0){ + layer.msg('正在处理,请稍候...',{icon:16,time:20000}); + $.post('/firewall/set_ssh_pass_status','status='+status,function(rdata){ + layer.msg(rdata.msg,{icon:rdata.status?1:2}); + },'json'); + } + },function(){ + if(status == 0){ + $("#pass_status").prop("checked",false); + } else { + $("#pass_status").prop("checked",true); + } + }); +} + /** * 取回数据 * @param {Int} page 分页号
禁止登陆禁止密码登陆\
\ - \ - \ + \ + \
\