# coding:utf-8 # --------------------------------------------------------------------------------- # MW-Linux面板 # --------------------------------------------------------------------------------- # copyright (c) 2018-∞(https://github.com/midoks/mdserver-web) All rights reserved. # --------------------------------------------------------------------------------- # Author: midoks # --------------------------------------------------------------------------------- import os import re import threading import core.mw as mw class Firewall(object): __isFirewalld = False __isIptables = False __isUfw = False __isMac = False # lock _instance_lock = threading.Lock() @classmethod def instance(cls, *args, **kwargs): if not hasattr(Firewall, "_instance"): with Firewall._instance_lock: if not hasattr(Firewall, "_instance"): Firewall._instance = Firewall(*args, **kwargs) return Firewall._instance def __init__(self): iptables_file = mw.systemdCfgDir() + '/iptables.service' if os.path.exists('/usr/sbin/firewalld'): self.__isFirewalld = True elif os.path.exists('/usr/sbin/ufw'): self.__isUfw = True elif os.path.exists(iptables_file): self.__isIptables = True elif mw.isAppleSystem(): self.__isMac = True def getFwStatus(self): if self.__isUfw: cmd = "/usr/sbin/ufw status| grep Status | awk -F ':' '{print $2}'" data = mw.execShell(cmd) if data[0].strip() == 'inactive': return False return True elif self.__isIptables: cmd = "systemctl status iptables | grep 'inactive'" data = mw.execShell(cmd) if data[0] != '': return False return True elif self.__isFirewalld: cmd = "ps -ef|grep firewalld |grep -v grep | awk '{print $2}'" data = mw.execShell(cmd) if data[0] == '': return False return True else: return False def getSshInfo(self): data = {} file = '/etc/ssh/sshd_config' conf = mw.readFile(file) rep = r"#*Port\s+([0-9]+)\s*\n" port = re.search(rep, conf).groups(0)[0] isPing = True try: if mw.isAppleSystem(): isPing = True else: file = '/etc/sysctl.conf' sys_conf = mw.readFile(file) rep = r"#*net\.ipv4\.icmp_echo_ignore_all\s*=\s*([0-9]+)" tmp = re.search(rep, sys_conf).groups(0)[0] if tmp == '1': isPing = False except: isPing = True # sshd 检测 status = True cmd = "service sshd status | grep -P '(dead|stop)'|grep -v grep" ssh_status = mw.execShell(cmd) if ssh_status[0] != '': status = False cmd = "systemctl status sshd.service | grep 'dead'|grep -v grep" ssh_status = mw.execShell(cmd) if ssh_status[0] != '': status = False data['pass_prohibit_status'] = False # 密码登陆配置检查 pass_rep = r"PasswordAuthentication\s+(\w*)\s*\n" pass_status = re.search(pass_rep, conf) if pass_status: if pass_status and pass_status.groups(0)[0].strip() == 'no': data['pass_prohibit_status'] = True else: data['pass_prohibit_status'] = True data['port'] = port data['status'] = status data['ping'] = isPing if mw.isAppleSystem(): data['firewall_status'] = False else: data['firewall_status'] = self.getFwStatus() return mw.getJson(data) def setPing(self): if mw.isAppleSystem(): return mw.returnData(True, '开发机不能操作!') status = request.form.get('status') filename = '/etc/sysctl.conf' conf = mw.readFile(filename) if conf.find('net.ipv4.icmp_echo') != -1: rep = r"net\.ipv4\.icmp_echo.*" conf = re.sub(rep, 'net.ipv4.icmp_echo_ignore_all=' + status, conf) else: conf += "\nnet.ipv4.icmp_echo_ignore_all=" + status mw.writeFile(filename, conf) mw.execShell('sysctl -p') return mw.returnData(True, '设置成功!')