Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-02-07 23:29:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
211571a4dbdcf9a4e1d0edf6df46ebeaf1e24efc
CyberPanel/plogical/modSec.py

819 lines
33 KiB
Python
Raw Normal View History

Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
import sys
sys.path.append('/usr/local/CyberCP')
from plogical import CyberCPLogFileWriter as logging
import subprocess
import shlex
import argparse
from plogical.virtualHostUtilities import virtualHostUtilities
import os
import tarfile
import shutil
from plogical.mailUtilities import mailUtilities
from plogical.processUtilities import ProcessUtilities
from plogical.installUtilities import installUtilities
class modSec:
installLogPath = "/home/cyberpanel/modSecInstallLog"
tempRulesFile = "/home/cyberpanel/tempModSecRules"
mirrorPath = "cyberpanel.net"
Implement Catch-All Email Configuration Management - Added new model `CatchAllEmail` to store catch-all email configurations per domain. - Implemented views for fetching, saving, and deleting catch-all email configurations, enhancing email management capabilities. - Updated URL routing to include endpoints for catch-all email operations. - Enhanced error handling and permission checks for email forwarding actions. These changes improve the flexibility and user experience of email management within CyberPanel.
2025-12-31 22:18:33 +01:00
# Compatible ModSecurity binaries (built against custom OLS headers)
# These prevent ABI incompatibility crashes (Signal 11/SIGSEGV)
MODSEC_COMPATIBLE = {
'rhel8': {
'url': 'https://cyberpanel.net/mod_security-compatible-rhel8.so',
'sha256': 'bbbf003bdc7979b98f09b640dffe2cbbe5f855427f41319e4c121403c05837b2'
},
'rhel9': {
'url': 'https://cyberpanel.net/mod_security-compatible-rhel.so',
'sha256': '19deb2ffbaf1334cf4ce4d46d53f747a75b29e835bf5a01f91ebcc0c78e98629'
},
'ubuntu': {
'url': 'https://cyberpanel.net/mod_security-compatible-ubuntu.so',
'sha256': 'ed02c813136720bd4b9de5925f6e41bdc8392e494d7740d035479aaca6d1e0cd'
}
}
@staticmethod
def detectPlatform():
"""Detect OS platform for compatible binary selection"""
try:
# Check for Ubuntu/Debian
if os.path.exists('/etc/lsb-release'):
with open('/etc/lsb-release', 'r') as f:
content = f.read()
if 'Ubuntu' in content or 'ubuntu' in content:
return 'ubuntu'
# Check for Debian
if os.path.exists('/etc/debian_version'):
return 'ubuntu' # Use Ubuntu binary for Debian
# Check for RHEL-based distributions
if os.path.exists('/etc/os-release'):
with open('/etc/os-release', 'r') as f:
content = f.read().lower()
# Check for version 8.x
if 'version="8.' in content or 'version_id="8' in content:
return 'rhel8'
# Check for version 9.x
if 'version="9.' in content or 'version_id="9' in content:
return 'rhel9'
return 'rhel9' # Default to rhel9
except:
return 'rhel9'
@staticmethod
def downloadCompatibleModSec(platform):
"""Download and install compatible ModSecurity binary"""
try:
config = modSec.MODSEC_COMPATIBLE.get(platform)
if not config:
logging.CyberCPLogFileWriter.writeToFile(f"No compatible ModSecurity for platform {platform}")
return False
modsec_path = "/usr/local/lsws/modules/mod_security.so"
tmp_path = "/tmp/mod_security-compatible.so"
# Download compatible binary
command = f"wget -q {config['url']} -O {tmp_path}"
result = subprocess.call(shlex.split(command))
if result != 0:
logging.CyberCPLogFileWriter.writeToFile("Failed to download compatible ModSecurity")
return False
# Verify checksum
import hashlib
sha256_hash = hashlib.sha256()
with open(tmp_path, "rb") as f:
for byte_block in iter(lambda: f.read(4096), b""):
sha256_hash.update(byte_block)
actual_sha256 = sha256_hash.hexdigest()
if actual_sha256 != config['sha256']:
logging.CyberCPLogFileWriter.writeToFile(f"ModSecurity checksum mismatch: expected {config['sha256']}, got {actual_sha256}")
os.remove(tmp_path)
return False
# Backup original if exists
if os.path.exists(modsec_path):
shutil.copy2(modsec_path, f"{modsec_path}.stock")
# Install compatible version
shutil.move(tmp_path, modsec_path)
os.chmod(modsec_path, 0o644)
logging.CyberCPLogFileWriter.writeToFile("Installed compatible ModSecurity binary")
return True
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [downloadCompatibleModSec]")
return False
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
@staticmethod
def installModSec():
try:
mailUtilities.checkHome()
if ProcessUtilities.decideDistro() == ProcessUtilities.centos or ProcessUtilities.decideDistro() == ProcessUtilities.cent8:
command = 'sudo yum install ols-modsecurity -y'
else:
command = 'sudo DEBIAN_FRONTEND=noninteractive apt-get install ols-modsecurity -y'
cmd = shlex.split(command)
with open(modSec.installLogPath, 'w') as f:
res = subprocess.call(cmd, stdout=f)
if res == 1:
writeToFile = open(modSec.installLogPath, 'a')
writeToFile.writelines("Can not be installed.[404]\n")
writeToFile.close()
logging.CyberCPLogFileWriter.writeToFile("[Could not Install]")
return 0
else:
writeToFile = open(modSec.installLogPath, 'a')
writeToFile.writelines("ModSecurity Installed.[200]\n")
writeToFile.close()
Fix ModSecurity LMDB dependency crash (Issue #1626) - Always download compatible ModSecurity binary after installation - Removes conditional check for custom_ols_marker - Fixes undefined symbol: mdb_env_create error - Prevents OpenLiteSpeed crashes with SIGSEGV signal 11 - Compatible with Ubuntu 24.04, RHEL 8/9, Debian 11/12 The fix ensures that compatible ModSecurity binaries (built without LMDB dependency or with LMDB statically linked) are always used, preventing the runtime symbol lookup errors that cause crashes. Related: https://github.com/usmannasir/cyberpanel/issues/1626
2026-01-10 03:22:45 +01:00
# Always download and install compatible ModSecurity binary to prevent LMDB dependency crashes
# This fixes the "undefined symbol: mdb_env_create" error that causes OpenLiteSpeed to crash
writeToFile = open(modSec.installLogPath, 'a')
writeToFile.writelines("Downloading compatible ModSecurity binary to prevent LMDB dependency issues...\n")
writeToFile.close()
platform = modSec.detectPlatform()
if modSec.downloadCompatibleModSec(platform):
Implement Catch-All Email Configuration Management - Added new model `CatchAllEmail` to store catch-all email configurations per domain. - Implemented views for fetching, saving, and deleting catch-all email configurations, enhancing email management capabilities. - Updated URL routing to include endpoints for catch-all email operations. - Enhanced error handling and permission checks for email forwarding actions. These changes improve the flexibility and user experience of email management within CyberPanel.
2025-12-31 22:18:33 +01:00
writeToFile = open(modSec.installLogPath, 'a')
Fix ModSecurity LMDB dependency crash (Issue #1626) - Always download compatible ModSecurity binary after installation - Removes conditional check for custom_ols_marker - Fixes undefined symbol: mdb_env_create error - Prevents OpenLiteSpeed crashes with SIGSEGV signal 11 - Compatible with Ubuntu 24.04, RHEL 8/9, Debian 11/12 The fix ensures that compatible ModSecurity binaries (built without LMDB dependency or with LMDB statically linked) are always used, preventing the runtime symbol lookup errors that cause crashes. Related: https://github.com/usmannasir/cyberpanel/issues/1626
2026-01-10 03:22:45 +01:00
writeToFile.writelines("Compatible ModSecurity binary installed successfully.\n")
Implement Catch-All Email Configuration Management - Added new model `CatchAllEmail` to store catch-all email configurations per domain. - Implemented views for fetching, saving, and deleting catch-all email configurations, enhancing email management capabilities. - Updated URL routing to include endpoints for catch-all email operations. - Enhanced error handling and permission checks for email forwarding actions. These changes improve the flexibility and user experience of email management within CyberPanel.
2025-12-31 22:18:33 +01:00
writeToFile.close()
Fix ModSecurity LMDB dependency crash (Issue #1626) - Always download compatible ModSecurity binary after installation - Removes conditional check for custom_ols_marker - Fixes undefined symbol: mdb_env_create error - Prevents OpenLiteSpeed crashes with SIGSEGV signal 11 - Compatible with Ubuntu 24.04, RHEL 8/9, Debian 11/12 The fix ensures that compatible ModSecurity binaries (built without LMDB dependency or with LMDB statically linked) are always used, preventing the runtime symbol lookup errors that cause crashes. Related: https://github.com/usmannasir/cyberpanel/issues/1626
2026-01-10 03:22:45 +01:00
logging.CyberCPLogFileWriter.writeToFile("Compatible ModSecurity binary installed to prevent LMDB dependency crashes [installModSec]")
else:
writeToFile = open(modSec.installLogPath, 'a')
writeToFile.writelines("WARNING: Could not install compatible ModSecurity binary. Using package-manager binary instead.\n")
writeToFile.writelines("WARNING: If you experience crashes (SIGSEGV signal 11), manually download compatible binary.\n")
writeToFile.close()
logging.CyberCPLogFileWriter.writeToFile("WARNING: Could not install compatible ModSecurity binary - may experience LMDB dependency crashes [installModSec]")
Implement Catch-All Email Configuration Management - Added new model `CatchAllEmail` to store catch-all email configurations per domain. - Implemented views for fetching, saving, and deleting catch-all email configurations, enhancing email management capabilities. - Updated URL routing to include endpoints for catch-all email operations. - Enhanced error handling and permission checks for email forwarding actions. These changes improve the flexibility and user experience of email management within CyberPanel.
2025-12-31 22:18:33 +01:00
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
return 1
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[installModSec]")
@staticmethod
def installModSecConfigs():
try:
## Try making a dir that will store ModSec configurations
path = os.path.join(virtualHostUtilities.Server_root,"conf/modsec")
try:
os.mkdir(path)
except:
logging.CyberCPLogFileWriter.writeToFile(
"ModSecurity rules directory already exists." + " [installModSecConfigs]")
initialConfigs = """
module mod_security {
modsecurity on
modsecurity_rules `
SecDebugLogLevel 0
SecDebugLog /usr/local/lsws/logs/modsec.log
SecAuditEngine on
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts AFH
SecAuditLogType Serial
SecAuditLog /usr/local/lsws/logs/auditmodsec.log
SecRuleEngine On
`
modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf
}
"""
confFile = os.path.join(virtualHostUtilities.Server_root,"conf/httpd_config.conf")
confData = open(confFile).readlines()
confData.reverse()
modSecConfigFlag = False
for items in confData:
if items.find('module mod_security') > -1:
modSecConfigFlag = True
break
if modSecConfigFlag == False:
conf = open(confFile,'a+')
conf.write(initialConfigs)
conf.close()
rulesFilePath = os.path.join(virtualHostUtilities.Server_root,"conf/modsec/rules.conf")
if not os.path.exists(rulesFilePath):
initialRules = """SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access' ,log,auditlog,deny"
"""
rule = open(rulesFilePath,'a+')
rule.write(initialRules)
rule.close()
print("1,None")
return
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [installModSecConfigs]")
print("0," + str(msg))
@staticmethod
def saveModSecConfigs(tempConfigPath):
try:
data = open(tempConfigPath).readlines()
os.remove(tempConfigPath)
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
Refactor configuration modification methods for improved safety and validation - Introduced a `safeModifyHttpdConfig` method in `installUtilities` to handle modifications to the OpenLiteSpeed configuration file with backup, validation, and rollback capabilities. - Updated various modules (`modSec.py`, `sslUtilities.py`, `tuning.py`, `vhost.py`, etc.) to utilize the new safe modification method, enhancing reliability and preventing configuration corruption. - Improved error handling and logging throughout the configuration modification processes to ensure better traceability and debugging.
2025-12-31 23:13:53 +01:00
def modify_config(lines):
"""Update ModSecurity configuration parameters"""
modified = []
for line in lines:
if line.find('modsecurity ') > -1:
modified.append(data[0])
continue
elif line.find('SecAuditEngine ') > -1:
modified.append(data[1])
continue
elif line.find('SecRuleEngine ') > -1:
modified.append(data[2])
continue
elif line.find('SecDebugLogLevel') > -1:
modified.append(data[3])
continue
elif line.find('SecAuditLogRelevantStatus ') > -1:
modified.append(data[5])
continue
elif line.find('SecAuditLogParts ') > -1:
modified.append(data[4])
continue
elif line.find('SecAuditLogType ') > -1:
modified.append(data[6])
continue
else:
modified.append(line)
return modified
# Use safe modification with backup and validation
success, error = installUtilities.installUtilities.safeModifyHttpdConfig(
modify_config,
"Update ModSecurity configuration parameters"
)
if not success:
error_msg = error if error else "Unknown error"
logging.writeToFile(f"[saveModSecConfigs] Failed: {error_msg}")
print(f"0,{error_msg}")
return
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
installUtilities.reStartLiteSpeed()
print("1,None")
return
else:
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/modsec.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('SecAuditEngine ') > -1:
conf.writelines(data[0])
continue
elif items.find('SecRuleEngine ') > -1:
conf.writelines(data[1])
continue
elif items.find('SecDebugLogLevel') > -1:
conf.writelines(data[2])
continue
elif items.find('SecAuditLogRelevantStatus ') > -1:
conf.writelines(data[4])
continue
elif items.find('SecAuditLogParts ') > -1:
conf.writelines(data[3])
continue
elif items.find('SecAuditLogType ') > -1:
conf.writelines(data[5])
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print("1,None")
return
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [saveModSecConfigs]")
print("0," + str(msg))
@staticmethod
def saveModSecRules():
try:
rulesFile = open(modSec.tempRulesFile,'r')
data = rulesFile.read()
rulesFile.close()
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
rulesFilePath = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/rules.conf")
else:
rulesFilePath = os.path.join(virtualHostUtilities.Server_root, "conf/rules.conf")
rulesFile = open(rulesFilePath,'w')
rulesFile.write(data)
rulesFile.close()
installUtilities.reStartLiteSpeed()
print("1,None")
return
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [saveModSecRules]")
print("0," + str(msg))
@staticmethod
def setupComodoRules():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
pathTOOWASPFolder = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/comodo")
extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf/modsec")
if os.path.exists(pathTOOWASPFolder):
shutil.rmtree(pathTOOWASPFolder)
if os.path.exists('comodo.tar.gz'):
os.remove('comodo.tar.gz')
command = "wget https://" + modSec.mirrorPath + "/modsec/comodo.tar.gz"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
tar = tarfile.open('comodo.tar.gz')
tar.extractall(extractLocation)
tar.close()
return 1
else:
if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'):
shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed')
extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf")
if os.path.exists('cpanel_litespeed_vendor'):
os.remove('cpanel_litespeed_vendor')
command = "wget https://waf.comodo.com/api/cpanel_litespeed_vendor"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
command = "unzip cpanel_litespeed_vendor -d " + extractLocation
subprocess.call(shlex.split(command))
return 1
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [setupComodoRules]")
return 0
@staticmethod
def installComodo():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
if modSec.setupComodoRules() == 0:
print('0, Unable to download Comodo Rules.')
return
owaspRulesConf = """modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/modsecurity.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/01_Init_AppsInitialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/03_Global_Agents.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/04_Global_Domains.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/05_Global_Backdoor.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/06_XSS_XSS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/07_Global_Other.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/08_Bruteforce_Bruteforce.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/09_HTTP_HTTP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/10_HTTP_HTTPDoS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/11_HTTP_Protocol.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/12_HTTP_Request.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/13_Outgoing_FilterGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/14_Outgoing_FilterASP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/15_Outgoing_FilterPHP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/16_Outgoing_FilterSQL.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/17_Outgoing_FilterOther.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/18_Outgoing_FilterInFrame.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/19_Outgoing_FiltersEnd.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/20_PHP_PHPGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/21_SQL_SQLi.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/22_Apps_Joomla.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/23_Apps_JComponent.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/24_Apps_WordPress.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/25_Apps_WPPlugin.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/26_Apps_WHMCS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/27_Apps_Drupal.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_OtherApps.conf
"""
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1:
conf.write(owaspRulesConf)
conf.writelines(items)
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print("1,None")
return
else:
if os.path.exists('/usr/local/lsws/conf/comodo_litespeed'):
shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed')
extractLocation = os.path.join(virtualHostUtilities.Server_root, "conf")
if os.path.exists('cpanel_litespeed_vendor'):
os.remove('cpanel_litespeed_vendor')
command = "wget --no-check-certificate https://waf.comodo.com/api/cpanel_litespeed_vendor"
result = subprocess.call(shlex.split(command))
if result == 1:
return 0
command = "unzip cpanel_litespeed_vendor -d " + extractLocation
result = subprocess.call(shlex.split(command))
command = 'sudo chown -R lsadm:lsadm /usr/local/lsws/conf'
subprocess.call(shlex.split(command))
installUtilities.reStartLiteSpeed()
print("1,None")
return
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [installComodo]")
print("0," + str(msg))
@staticmethod
def disableComodo():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/comodo') > -1:
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print("1,None")
else:
try:
shutil.rmtree('/usr/local/lsws/conf/comodo_litespeed')
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + ' [disableComodo]')
installUtilities.reStartLiteSpeed()
print("1,None")
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [disableComodo]")
print("0," + str(msg))
@staticmethod
def setupOWASPRules():
try:
pathTOOWASPFolder = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/owasp")
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
pathToOWASFolderNew = '%s/modsec/owasp-modsecurity-crs-4.18.0' % (virtualHostUtilities.vhostConfPath)
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
command = 'mkdir -p /usr/local/lsws/conf/modsec'
result = subprocess.call(shlex.split(command))
if result != 0:
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
logging.CyberCPLogFileWriter.writeToFile("Failed to create modsec directory: " + str(result) + " [setupOWASPRules]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
return 0
if os.path.exists(pathToOWASFolderNew):
shutil.rmtree(pathToOWASFolderNew)
if os.path.exists(pathTOOWASPFolder):
shutil.rmtree(pathTOOWASPFolder)
if os.path.exists('owasp.tar.gz'):
os.remove('owasp.tar.gz')
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
# Clean up any existing zip file
if os.path.exists('/usr/local/lsws/conf/modsec/owasp.zip'):
os.remove('/usr/local/lsws/conf/modsec/owasp.zip')
command = "wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.18.0.zip -O /usr/local/lsws/conf/modsec/owasp.zip"
logging.CyberCPLogFileWriter.writeToFile("Downloading OWASP rules: " + command + " [setupOWASPRules]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
result = subprocess.call(shlex.split(command))
if result != 0:
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
logging.CyberCPLogFileWriter.writeToFile("Failed to download OWASP rules: " + str(result) + " [setupOWASPRules]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
return 0
command = "unzip -o /usr/local/lsws/conf/modsec/owasp.zip -d /usr/local/lsws/conf/modsec/"
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
logging.CyberCPLogFileWriter.writeToFile("Extracting OWASP rules: " + command + " [setupOWASPRules]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
result = subprocess.call(shlex.split(command))
if result != 0:
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
logging.CyberCPLogFileWriter.writeToFile("Failed to extract OWASP rules: " + str(result) + " [setupOWASPRules]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
return 0
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
command = 'mv /usr/local/lsws/conf/modsec/coreruleset-4.18.0 /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.18.0'
logging.CyberCPLogFileWriter.writeToFile("Moving OWASP rules: " + command + " [setupOWASPRules]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
result = subprocess.call(shlex.split(command))
if result != 0:
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
logging.CyberCPLogFileWriter.writeToFile("Failed to move OWASP rules: " + str(result) + " [setupOWASPRules]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
return 0
command = 'mv %s/crs-setup.conf.example %s/crs-setup.conf' % (pathToOWASFolderNew, pathToOWASFolderNew)
result = subprocess.call(shlex.split(command))
if result != 0:
return 0
command = 'mv %s/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %s/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf' % (pathToOWASFolderNew, pathToOWASFolderNew)
result = subprocess.call(shlex.split(command))
if result != 0:
return 0
command = 'mv %s/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %s/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf' % (
pathToOWASFolderNew, pathToOWASFolderNew)
result = subprocess.call(shlex.split(command))
if result != 0:
return 0
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
# CRS v4.0.0 uses a different structure - it has a main crs.conf file
content = """include {pathToOWASFolderNew}/crs.conf
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
"""
writeToFile = open('%s/owasp-master.conf' % (pathToOWASFolderNew), 'w')
writeToFile.write(content.replace('{pathToOWASFolderNew}', pathToOWASFolderNew))
writeToFile.close()
return 1
except BaseException as msg:
print(str(msg))
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [setupOWASPRules]")
return 0
@staticmethod
def installOWASP():
try:
if modSec.setupOWASPRules() == 0:
print('0, Unable to download OWASP Rules.')
return
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
owaspRulesConf = """
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.18.0/owasp-master.conf
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
"""
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1:
conf.writelines(items)
conf.write(owaspRulesConf)
continue
else:
conf.writelines(items)
conf.close()
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
# Verify the installation
owaspPath = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/owasp-modsecurity-crs-4.18.0")
if not os.path.exists(owaspPath) or not os.path.exists(os.path.join(owaspPath, "owasp-master.conf")):
logging.CyberCPLogFileWriter.writeToFile("OWASP installation verification failed - files not found [installOWASP]")
print("0, OWASP installation verification failed")
return
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
else:
confFile = os.path.join('/usr/local/lsws/conf/modsec.conf')
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('/conf/comodo_litespeed/') > -1:
conf.writelines(items)
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
conf.write('Include /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.18.0/*.conf\n')
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
Enhance ModSecurity rule installation and verification: Update OWASP rules to version 4.18.0, improving detection for installed rules in the FirewallManager. Add checks to verify the existence of OWASP and Comodo configuration files. Update JavaScript to reflect installation status and improve user feedback. Ensure proper logging for installation processes and errors. https://www.facebook.com/groups/cyberpanel/permalink/3983852698593015/
2025-09-22 18:05:55 +02:00
logging.CyberCPLogFileWriter.writeToFile("OWASP ModSecurity rules installed successfully [installOWASP]")
Initial commit for v2.4.3
2025-08-01 14:56:30 +05:00
print("1,None")
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [installOWASP]")
print("0," + str(msg))
@staticmethod
def disableOWASP():
try:
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/owasp') > -1:
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print("1,None")
else:
confFile = os.path.join("/usr/local/lsws/conf/modsec.conf")
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/owasp') > -1:
continue
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print("1,None")
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [disableOWASP]")
print("0," + str(msg))
@staticmethod
def disableRuleFile(fileName, packName):
try:
confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
conf.write("#" + items)
else:
conf.writelines(items)
conf.close()
installUtilities.reStartLiteSpeed()
print("1,None")
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [disableRuleFile]")
print("0," + str(msg))
@staticmethod
def enableRuleFile(fileName, packName):
try:
confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
confData = open(confFile).readlines()
conf = open(confFile, 'w')
for items in confData:
if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
conf.write(items.lstrip('#'))
else:
conf.writelines(items)
conf.close()
# if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
# confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf')
# confData = open(confFile).readlines()
# conf = open(confFile, 'w')
#
# for items in confData:
# if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1:
# conf.write(items.lstrip('#'))
# else:
# conf.writelines(items)
#
# conf.close()
# else:
# path = '/usr/local/lsws/conf/comodo_litespeed/'
# completePath = path + fileName
# completePathBak = path + fileName + '.bak'
#
# command = 'mv ' + completePathBak + ' ' + completePath
# ProcessUtilities.executioner(command)
installUtilities.reStartLiteSpeed()
print("1,None")
except BaseException as msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [enableRuleFile]")
print("0," + str(msg))
def main():
parser = argparse.ArgumentParser(description='CyberPanel Installer')
parser.add_argument('function', help='Specific a function to call!')
parser.add_argument('--tempConfigPath', help='Temporary path to configurations data!')
parser.add_argument('--packName', help='ModSecurity supplier name!')
parser.add_argument('--fileName', help='Filename to enable or disable!')
args = parser.parse_args()
if args.function == "installModSecConfigs":
modSec.installModSecConfigs()
elif args.function == "installModSec":
modSec.installModSec()
elif args.function == "saveModSecConfigs":
modSec.saveModSecConfigs(args.tempConfigPath)
elif args.function == "saveModSecRules":
modSec.saveModSecRules()
elif args.function == "setupOWASPRules":
modSec.setupOWASPRules()
elif args.function == "installOWASP":
modSec.installOWASP()
elif args.function == "disableOWASP":
modSec.disableOWASP()
elif args.function == "setupComodoRules":
modSec.setupComodoRules()
elif args.function == "installComodo":
modSec.installComodo()
elif args.function == "disableComodo":
modSec.disableComodo()
elif args.function == "disableRuleFile":
modSec.disableRuleFile(args.fileName, args.packName)
elif args.function == "enableRuleFile":
modSec.enableRuleFile(args.fileName, args.packName)
if __name__ == "__main__":
main()
Reference in New Issue Copy Permalink