From 4109aaa25cae5f91d603b1e73a2c5e72a044fca4 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Sun, 8 Dec 2019 18:45:17 +0500 Subject: [PATCH] bug fix: add custom ssh port to csf --- firewall/firewallManager.py | 38 +++++++++++++++++++++---------------- firewall/views.py | 4 ++-- plogical/csf.py | 12 ++++++++++-- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/firewall/firewallManager.py b/firewall/firewallManager.py index 442e10db0..8da1bc374 100755 --- a/firewall/firewallManager.py +++ b/firewall/firewallManager.py @@ -378,21 +378,29 @@ class FirewallManager: if output.find("1,None") > -1: - try: - updateFW = FirewallRules.objects.get(name="SSHCustom") - FirewallUtilities.deleteRule("tcp", updateFW.port, "0.0.0.0/0") - updateFW.port = sshPort - updateFW.save() - FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0") - except: + csfPath = '/etc/csf' + + if os.path.exists(csfPath): + dataIn = {'protocol': 'TCP_IN', 'ports': sshPort} + self.modifyPorts(dataIn) + dataIn = {'protocol': 'TCP_OUT', 'ports': sshPort} + self.modifyPorts(dataIn) + else: try: - newFireWallRule = FirewallRules(name="SSHCustom", port=sshPort, proto="tcp") - newFireWallRule.save() + updateFW = FirewallRules.objects.get(name="SSHCustom") + FirewallUtilities.deleteRule("tcp", updateFW.port, "0.0.0.0/0") + updateFW.port = sshPort + updateFW.save() FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0") - command = 'firewall-cmd --permanent --remove-service=ssh' - ProcessUtilities.executioner(command) - except BaseException, msg: - logging.CyberCPLogFileWriter.writeToFile(str(msg)) + except: + try: + newFireWallRule = FirewallRules(name="SSHCustom", port=sshPort, proto="tcp") + newFireWallRule.save() + FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0") + command = 'firewall-cmd --permanent --remove-service=ssh' + ProcessUtilities.executioner(command) + except BaseException, msg: + logging.CyberCPLogFileWriter.writeToFile(str(msg)) final_dic = {'status': 1, 'saveStatus': 1} final_json = json.dumps(final_dic) @@ -1463,7 +1471,7 @@ class FirewallManager: final_json = json.dumps(final_dic) return HttpResponse(final_json) - def modifyPorts(self): + def modifyPorts(self, data = None): try: userID = self.request.session['userID'] @@ -1474,8 +1482,6 @@ class FirewallManager: else: return ACLManager.loadErrorJson() - data = json.loads(self.request.body) - protocol = data['protocol'] ports = data['ports'] diff --git a/firewall/views.py b/firewall/views.py index cc050b71d..4d7bf4d58 100755 --- a/firewall/views.py +++ b/firewall/views.py @@ -190,7 +190,7 @@ def saveSSHConfigs(request): if result != 200: return result - fm = FirewallManager() + fm = FirewallManager(request) coreResult = fm.saveSSHConfigs(userID, json.loads(request.body)) result = pluginManager.postSaveSSHConfigs(request, coreResult) @@ -520,7 +520,7 @@ def modifyPorts(request): return result fm = FirewallManager(request) - coreResult = fm.modifyPorts() + coreResult = fm.modifyPorts(json.loads(request.body)) result = pluginManager.postModifyPorts(request, coreResult) if result != 200: diff --git a/plogical/csf.py b/plogical/csf.py index 7ca4b13f8..32b416841 100755 --- a/plogical/csf.py +++ b/plogical/csf.py @@ -486,14 +486,22 @@ class CSF(multi.Thread): if protocol == 'TCP_IN': for items in data: if items.find('TCP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'): - writeToFile.writelines('TCP_IN = "' + ports + '"\n') + if ports.find(',') > -1: + writeToFile.writelines('TCP_IN = "' + ports + '"\n') + else: + content = '%s,%s\n' % (items, ports) + writeToFile.writelines(content) else: writeToFile.writelines(items) writeToFile.close() elif protocol == 'TCP_OUT': for items in data: if items.find('TCP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'): - writeToFile.writelines('TCP_OUT = "' + ports + '"\n') + if ports.find(',') > -1: + writeToFile.writelines('TCP_OUT = "' + ports + '"\n') + else: + content = '%s,%s\n' % (items, ports) + writeToFile.writelines(content) else: writeToFile.writelines(items) writeToFile.close()