ModSec Integration.

2026-05-07 01:07:05 +02:00 · 2018-03-21 03:04:56 +05:00
parent eeea2421ea
commit 1e16db3a05
9 changed files with 434 additions and 449 deletions
--- a/plogical/modSec.py
+++ b/plogical/modSec.py
@@ -1,6 +1,9 @@
 import CyberCPLogFileWriter as logging
 import subprocess
 import shlex
+import argparse
+from virtualHostUtilities import virtualHostUtilities
+import os

 class modSec:
    installLogPath = "/home/cyberpanel/modSecInstallLog"
@@ -29,4 +32,72 @@ class modSec:

            return 1
        except BaseException, msg:
-            logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[installModSec]")
+            logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[installModSec]")
+
+    @staticmethod
+    def installModSecConfigs():
+        try:
+            ## Try making a dir that will store ModSec configurations
+            path = os.path.join(virtualHostUtilities.Server_root,"conf/modsec")
+            try:
+                os.mkdir(path)
+            except:
+                logging.CyberCPLogFileWriter.writeToFile(
+                    "ModSecurity rules directory already exists." + "  [installModSecConfigs]")
+
+            initialConfigs = """
+module mod_security {
+modsecurity  on
+modsecurity_rules `
+SecDebugLogLevel 9
+SecDebugLog /usr/local/lsws/logs/modsec.log
+SecAuditEngine on
+SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+SecAuditLogParts ABIJDEFHZ
+SecAuditLogType Serial
+SecAuditLog /usr/local/lsws/logs/auditmodsec.log
+SecRuleEngine On
+`
+modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf
+}
+"""
+
+
+            confFile = os.path.join(virtualHostUtilities.Server_root,"conf/httpd_config.conf")
+
+            conf = open(confFile,'a+')
+            conf.write(initialConfigs)
+            conf.close()
+
+            rulesFilePath = os.path.join(virtualHostUtilities.Server_root,"conf/modsec/rules.conf")
+
+            if not os.path.exists(rulesFilePath):
+                initialRules = """
+SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access' ,log,auditlog,deny"
+"""
+                rule = open(rulesFilePath,'a+')
+                rule.write(initialRules)
+                rule.close()
+
+            print "1,None"
+            return
+
+        except BaseException, msg:
+            logging.CyberCPLogFileWriter.writeToFile(
+                str(msg) + "  [installModSecConfigs]")
+            print "0," + str(msg)
+
+
+
+def main():
+
+    parser = argparse.ArgumentParser(description='CyberPanel Installer')
+    parser.add_argument('function', help='Specific a function to call!')
+
+    args = parser.parse_args()
+
+    if args.function == "installModSecConfigs":
+        modSec.installModSecConfigs()
+
+if __name__ == "__main__":
+    main()