From 888aec2d7cd3cf24c461c2e9bc605d96a6463d5d Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Wed, 30 Jun 2021 00:25:52 +0500 Subject: [PATCH] added support for LiteSpeed Ent for OWASP and updated the rules, ref https://github.com/usmannasir/cyberpanel/issues/653?fbclid=IwAR12yOLL24w98NjLnkoi44hcJtLGzwpz-P6nW9qx-6irTOXpz18xqE5gnMM --- firewall/firewallManager.py | 180 ++++++++++++++++++++++-------------- plogical/modSec.py | 112 +++++++++++++--------- 2 files changed, 176 insertions(+), 116 deletions(-) diff --git a/firewall/firewallManager.py b/firewall/firewallManager.py index 7fea2e511..b97ce8c11 100755 --- a/firewall/firewallManager.py +++ b/firewall/firewallManager.py @@ -1048,6 +1048,14 @@ class FirewallManager: except subprocess.CalledProcessError: pass + try: + command = 'cat /usr/local/lsws/conf/modsec.conf' + output = ProcessUtilities.outputExecutioner(command) + if output.find('modsec/owasp') > -1: + owaspInstalled = 1 + except: + pass + final_dic = { 'modSecInstalled': 1, 'owaspInstalled': owaspInstalled, @@ -1089,9 +1097,9 @@ class FirewallManager: json_data = json.dumps(data_ret) return HttpResponse(json_data) else: - if packName == 'disableOWASP' or packName == 'installOWASP': - final_json = json.dumps({'installStatus': 0, 'error_message': "OWASP will be available later.", }) - return HttpResponse(final_json) + # if packName == 'disableOWASP' or packName == 'installOWASP': + # final_json = json.dumps({'installStatus': 0, 'error_message': "OWASP will be available later.", }) + # return HttpResponse(final_json) execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" execPath = execPath + " " + packName @@ -1122,70 +1130,26 @@ class FirewallManager: packName = data['packName'] - if ProcessUtilities.decideServer() == ProcessUtilities.OLS: - confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') + confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') - command = "sudo cat " + confPath - httpdConfig = ProcessUtilities.outputExecutioner(command).splitlines() + command = "sudo cat " + confPath + httpdConfig = ProcessUtilities.outputExecutioner(command).splitlines() - json_data = "[" - checker = 0 - counter = 0 + json_data = "[" + checker = 0 + counter = 0 - for items in httpdConfig: + for items in httpdConfig: - if items.find('modsec/' + packName) > -1: - counter = counter + 1 - if items[0] == '#': - status = False - else: - status = True - - fileName = items.lstrip('#') - fileName = fileName.split('/')[-1] - - dic = { - 'id': counter, - 'fileName': fileName, - 'packName': packName, - 'status': status, - - } - - if checker == 0: - json_data = json_data + json.dumps(dic) - checker = 1 - else: - json_data = json_data + ',' + json.dumps(dic) - - json_data = json_data + ']' - final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) - return HttpResponse(final_json) - else: - if packName == 'owasp': - final_json = json.dumps({'fetchStatus': 0, 'error_message': "OWASP will be available later.", }) - return HttpResponse(final_json) - - comodoPath = '/usr/local/lsws/conf/comodo_litespeed' - command = 'sudo chown -R cyberpanel:cyberpanel /usr/local/lsws/conf' - ProcessUtilities.executioner(command) - - json_data = "[" - - counter = 0 - checker = 0 - for fileName in os.listdir(comodoPath): - - if fileName == 'categories.conf': - continue - - if fileName.endswith('bak'): - status = 0 - fileName = fileName.rstrip('.bak') - elif fileName.endswith('conf'): - status = 1 + if items.find('modsec/' + packName) > -1: + counter = counter + 1 + if items[0] == '#': + status = False else: - continue + status = True + + fileName = items.lstrip('#') + fileName = fileName.split('/')[-1] dic = { 'id': counter, @@ -1195,20 +1159,96 @@ class FirewallManager: } - counter = counter + 1 - if checker == 0: json_data = json_data + json.dumps(dic) checker = 1 else: json_data = json_data + ',' + json.dumps(dic) - command = 'sudo chown -R lsadm:lsadm /usr/local/lsws/conf' - ProcessUtilities.executioner(command) + json_data = json_data + ']' + final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) + return HttpResponse(final_json) - json_data = json_data + ']' - final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) - return HttpResponse(final_json) + # if ProcessUtilities.decideServer() == ProcessUtilities.OLS: + # confPath = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') + # + # command = "sudo cat " + confPath + # httpdConfig = ProcessUtilities.outputExecutioner(command).splitlines() + # + # json_data = "[" + # checker = 0 + # counter = 0 + # + # for items in httpdConfig: + # + # if items.find('modsec/' + packName) > -1: + # counter = counter + 1 + # if items[0] == '#': + # status = False + # else: + # status = True + # + # fileName = items.lstrip('#') + # fileName = fileName.split('/')[-1] + # + # dic = { + # 'id': counter, + # 'fileName': fileName, + # 'packName': packName, + # 'status': status, + # + # } + # + # if checker == 0: + # json_data = json_data + json.dumps(dic) + # checker = 1 + # else: + # json_data = json_data + ',' + json.dumps(dic) + # + # json_data = json_data + ']' + # final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) + # return HttpResponse(final_json) + # else: + # + # command = 'cat /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf' + # files = ProcessUtilities.outputExecutioner(command).splitlines() + # + # json_data = "[" + # + # counter = 0 + # checker = 0 + # for fileName in files: + # + # if fileName == 'categories.conf': + # continue + # + # if fileName.endswith('bak'): + # status = 0 + # fileName = fileName.rstrip('.bak') + # elif fileName.endswith('conf'): + # status = 1 + # else: + # continue + # + # dic = { + # 'id': counter, + # 'fileName': fileName, + # 'packName': packName, + # 'status': status, + # + # } + # + # counter = counter + 1 + # + # if checker == 0: + # json_data = json_data + json.dumps(dic) + # checker = 1 + # else: + # json_data = json_data + ',' + json.dumps(dic) + # + # json_data = json_data + ']' + # final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) + # return HttpResponse(final_json) except BaseException as msg: final_dic = {'fetchStatus': 0, 'error_message': str(msg)} @@ -1235,7 +1275,7 @@ class FirewallManager: execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" - execPath = execPath + " " + functionName + ' --packName ' + packName + ' --fileName ' + fileName + execPath = execPath + " " + functionName + ' --packName ' + packName + ' --fileName "%s"' % (fileName) output = ProcessUtilities.outputExecutioner(execPath) diff --git a/plogical/modSec.py b/plogical/modSec.py index cbd844bf9..69b28c3d6 100755 --- a/plogical/modSec.py +++ b/plogical/modSec.py @@ -493,25 +493,42 @@ include {pathToOWASFolderNew}/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf print('0, Unable to download OWASP Rules.') return - owaspRulesConf = """ + if ProcessUtilities.decideServer() == ProcessUtilities.OLS: + owaspRulesConf = """ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf """ - confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") + confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") - confData = open(confFile).readlines() + confData = open(confFile).readlines() - conf = open(confFile, 'w') + conf = open(confFile, 'w') - for items in confData: - if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1: - conf.writelines(items) - conf.write(owaspRulesConf) - continue - else: - conf.writelines(items) + for items in confData: + if items.find('/usr/local/lsws/conf/modsec/rules.conf') > -1: + conf.writelines(items) + conf.write(owaspRulesConf) + continue + else: + conf.writelines(items) + + conf.close() + else: + confFile = os.path.join('/usr/local/lsws/conf/modsec.conf') + confData = open(confFile).readlines() + + conf = open(confFile, 'w') + + for items in confData: + if items.find('/conf/comodo_litespeed/') > -1: + conf.writelines(items) + conf.write('Include /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/*.conf\n') + continue + else: + conf.writelines(items) + + conf.close() - conf.close() installUtilities.reStartLiteSpeed() print("1,None") @@ -549,26 +566,17 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas def disableRuleFile(fileName, packName): try: - if ProcessUtilities.decideServer() == ProcessUtilities.OLS: - confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') - confData = open(confFile).readlines() - conf = open(confFile, 'w') + confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') + confData = open(confFile).readlines() + conf = open(confFile, 'w') - for items in confData: - if items.find('modsec/'+packName) > -1 and items.find(fileName) > -1: - conf.write("#" + items) - else: - conf.writelines(items) + for items in confData: + if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: + conf.write("#" + items) + else: + conf.writelines(items) - conf.close() - - else: - path = '/usr/local/lsws/conf/comodo_litespeed/' - completePath = path + fileName - completePathBak = path + fileName + '.bak' - - command = 'mv ' + completePath + ' ' + completePathBak - ProcessUtilities.executioner(command) + conf.close() installUtilities.reStartLiteSpeed() @@ -583,25 +591,37 @@ modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-mas def enableRuleFile(fileName, packName): try: - if ProcessUtilities.decideServer() == ProcessUtilities.OLS: - confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') - confData = open(confFile).readlines() - conf = open(confFile, 'w') + confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') + confData = open(confFile).readlines() + conf = open(confFile, 'w') - for items in confData: - if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: - conf.write(items.lstrip('#')) - else: - conf.writelines(items) + for items in confData: + if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: + conf.write(items.lstrip('#')) + else: + conf.writelines(items) - conf.close() - else: - path = '/usr/local/lsws/conf/comodo_litespeed/' - completePath = path + fileName - completePathBak = path + fileName + '.bak' + conf.close() - command = 'mv ' + completePathBak + ' ' + completePath - ProcessUtilities.executioner(command) + # if ProcessUtilities.decideServer() == ProcessUtilities.OLS: + # confFile = os.path.join('/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf') + # confData = open(confFile).readlines() + # conf = open(confFile, 'w') + # + # for items in confData: + # if items.find('modsec/' + packName) > -1 and items.find(fileName) > -1: + # conf.write(items.lstrip('#')) + # else: + # conf.writelines(items) + # + # conf.close() + # else: + # path = '/usr/local/lsws/conf/comodo_litespeed/' + # completePath = path + fileName + # completePathBak = path + fileName + '.bak' + # + # command = 'mv ' + completePathBak + ' ' + completePath + # ProcessUtilities.executioner(command) installUtilities.reStartLiteSpeed()