From d9d3dd1149cef023a7ffdaa029b45d0f251aadfe Mon Sep 17 00:00:00 2001 From: usmannasir <01-134132-158@student.bahria.edu.pk> Date: Fri, 23 Mar 2018 23:05:55 +0500 Subject: [PATCH] Added clear log button and ModSec improvements. --- .../templates/baseTemplate/index.html | 3 + firewall/static/firewall/firewall.js | 162 +++++++ firewall/templates/firewall/modSecurity.html | 2 +- .../templates/firewall/modSecurityRules.html | 90 ++++ firewall/urls.py | 4 + firewall/views.py | 193 +++++++- plogical/modSec.py | 80 ++++ plogical/serverLogs.py | 28 ++ serverLogs/static/serverLogs/serverLogs.js | 430 +++++++++++++++++- .../templates/serverLogs/accessLogs.html | 5 +- .../templates/serverLogs/emailLogs.html | 5 +- .../templates/serverLogs/errorLogs.html | 5 +- serverLogs/templates/serverLogs/ftplogs.html | 5 +- .../templates/serverLogs/modSecAuditLog.html | 72 +++ serverLogs/urls.py | 2 + serverLogs/views.py | 57 ++- static/firewall/firewall.js | 162 +++++++ static/serverLogs/serverLogs.js | 430 +++++++++++++++++- websiteFunctions/views.py | 4 +- 19 files changed, 1721 insertions(+), 18 deletions(-) create mode 100644 firewall/templates/firewall/modSecurityRules.html create mode 100644 plogical/serverLogs.py create mode 100644 serverLogs/templates/serverLogs/modSecAuditLog.html diff --git a/baseTemplate/templates/baseTemplate/index.html b/baseTemplate/templates/baseTemplate/index.html index 92cfdea04..ae0e9d104 100755 --- a/baseTemplate/templates/baseTemplate/index.html +++ b/baseTemplate/templates/baseTemplate/index.html @@ -529,6 +529,7 @@
  • {% trans "Error Logs" %}
  • {% trans "Email Log" %}
  • {% trans "FTP Logs" %}
    • +
  • {% trans "ModSec Audit Logs" %}
    • @@ -545,6 +546,8 @@ diff --git a/firewall/static/firewall/firewall.js b/firewall/static/firewall/firewall.js index 294c965c7..73996960b 100644 --- a/firewall/static/firewall/firewall.js +++ b/firewall/static/firewall/firewall.js @@ -1072,6 +1072,168 @@ app.controller('modSec', function($scope, $http, $timeout, $window) { $scope.failedToSave = true; $scope.successfullySaved = true; + $scope.saveModSecConfigurations = function () { + + $scope.failedToSave = true; + $scope.successfullySaved = true; + $scope.modsecLoading = false; + $scope.couldNotConnect = true; + + + url = "/firewall/saveModSecConfigurations"; + + var data = { + modsecurity_status:modsecurity_status, + SecAuditEngine:SecAuditEngine, + SecRuleEngine:SecRuleEngine, + SecDebugLogLevel:$scope.SecDebugLogLevel, + SecAuditLogParts:$scope.SecAuditLogParts, + SecAuditLogRelevantStatus:$scope.SecAuditLogRelevantStatus, + SecAuditLogType:$scope.SecAuditLogType, + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + if(response.data.saveStatus === 1){ + + $scope.failedToSave = true; + $scope.successfullySaved = false; + $scope.modsecLoading = true; + $scope.couldNotConnect = true; + + } + else{ + $scope.errorMessage = response.data.error_message; + + $scope.failedToSave = false; + $scope.successfullySaved = true; + $scope.modsecLoading = true; + $scope.couldNotConnect = true; + } + + } + function cantLoadInitialDatas(response) { + $scope.failedToSave = true; + $scope.successfullySaved = false; + $scope.modsecLoading = true; + $scope.couldNotConnect = true; + } + + + }; + +}); + + +app.controller('modSecRules', function($scope, $http) { + + $scope.modsecLoading = true; + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + $scope.couldNotSave = true; + + + fetchModSecRules(); + function fetchModSecRules(){ + + $scope.modsecLoading = false; + $scope.modsecLoading = true; + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + + + url = "/firewall/fetchModSecRules"; + + var data = {}; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + $scope.modsecLoading = true; + + if(response.data.modSecInstalled === 1){ + + $scope.currentModSecRules = response.data.currentModSecRules; + + } + + } + function cantLoadInitialDatas(response) { + $scope.modsecLoading = true; + } + + } + + $scope.saveModSecRules = function(){ + + $scope.modsecLoading = false; + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + $scope.couldNotSave = true; + + + url = "/firewall/saveModSecRules"; + + var data = { + modSecRules:$scope.currentModSecRules + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + $scope.modsecLoading = true; + + if(response.data.saveStatus === 1){ + + $scope.rulesSaved = false; + $scope.couldNotConnect = true; + $scope.couldNotSave = true; + + }else{ + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + $scope.couldNotSave = false; + + $scope.errorMessage = response.data.error_message; + } + + } + function cantLoadInitialDatas(response) { + $scope.modsecLoading = true; + $scope.rulesSaved = true; + $scope.couldNotConnect = false; + $scope.couldNotSave = true; + } + } + }); /* Java script code for ModSec */ \ No newline at end of file diff --git a/firewall/templates/firewall/modSecurity.html b/firewall/templates/firewall/modSecurity.html index f319e5d59..ce57a6ef3 100644 --- a/firewall/templates/firewall/modSecurity.html +++ b/firewall/templates/firewall/modSecurity.html @@ -153,7 +153,7 @@
    - +
    diff --git a/firewall/templates/firewall/modSecurityRules.html b/firewall/templates/firewall/modSecurityRules.html new file mode 100644 index 000000000..57ca3d59f --- /dev/null +++ b/firewall/templates/firewall/modSecurityRules.html @@ -0,0 +1,90 @@ +{% extends "baseTemplate/index.html" %} +{% load i18n %} +{% block title %}{% trans "ModSecurity Rules - CyberPanel" %}{% endblock %} +{% block content %} + +{% load static %} +{% get_current_language as LANGUAGE_CODE %} + + + +
    +
    +

    {% trans "ModSecurity Rules!" %}

    +

    {% trans "On this page you can add/delete ModSecurity rules." %}

    +
    + +
    +
    +

    + {% trans "ModSecurity Rules" %} +

    + +
    +
    + + {% if modSecInstalled == 1 %} +
    + +
    + +
    +
    + +
    +
    + + + +
    + +
    + + +
    +
    + + +
    +

    {% trans "ModSecurity Rules Saved" %}

    +
    + +
    +

    {% trans "Could not connect. Please refresh this page." %}

    +
    + + +
    +

    {% trans "Could not save rules, Error message: " %} {$ errorMessage $}

    +
    + + + +
    + +
    + + {% else %} + +
    +

    {% trans "ModSecurity is not installed " %} +

    +
    + + {% endif %} + + + +
    +
    +
    +
    + + +
    + + +{% endblock %} \ No newline at end of file diff --git a/firewall/urls.py b/firewall/urls.py index 8f123116a..326eebb7d 100644 --- a/firewall/urls.py +++ b/firewall/urls.py @@ -29,6 +29,10 @@ urlpatterns = [ url(r'^installModSec', views.installModSec, name='installModSec'), url(r'^installStatusModSec', views.installStatusModSec, name='installStatusModSec'), url(r'^fetchModSecSettings', views.fetchModSecSettings, name='fetchModSecSettings'), + url(r'^saveModSecConfigurations', views.saveModSecConfigurations, name='saveModSecConfigurations'), + url(r'^modSecRules', views.modSecRules, name='modSecRules'), + url(r'^fetchModSecRules', views.fetchModSecRules, name='fetchModSecRules'), + url(r'^saveModSecRules', views.saveModSecRules, name='saveModSecRules'), ] \ No newline at end of file diff --git a/firewall/views.py b/firewall/views.py index 533d83b0d..21c98bff7 100644 --- a/firewall/views.py +++ b/firewall/views.py @@ -13,6 +13,7 @@ from plogical.virtualHostUtilities import virtualHostUtilities import thread from plogical.modSec import modSec from plogical.installUtilities import installUtilities +from random import randint # Create your views here. @@ -753,7 +754,9 @@ def fetchModSecSettings(request): if os.path.exists(modSecPath): - data = open(confPath, 'r').readlines() + command = "sudo cat " + confPath + + data = subprocess.check_output(shlex.split(command)).splitlines() for items in data: @@ -824,3 +827,191 @@ def fetchModSecSettings(request): return render(request,'managePHP/editPHPConfig.html') except KeyError: return redirect(loadLoginPage) + +def saveModSecConfigurations(request): + try: + val = request.session['userID'] + try: + if request.method == 'POST': + + data = json.loads(request.body) + + modsecurity = data['modsecurity_status'] + SecAuditEngine = data['SecAuditEngine'] + SecRuleEngine = data['SecRuleEngine'] + SecDebugLogLevel = data['SecDebugLogLevel'] + SecAuditLogParts = data['SecAuditLogParts'] + SecAuditLogRelevantStatus = data['SecAuditLogRelevantStatus'] + SecAuditLogType = data['SecAuditLogType'] + + if modsecurity == True: + modsecurity = "modsecurity on" + else: + modsecurity = "modsecurity off" + + if SecAuditEngine == True: + SecAuditEngine = "SecAuditEngine on" + else: + SecAuditEngine = "SecAuditEngine off" + + if SecRuleEngine == True: + SecRuleEngine = "SecRuleEngine On" + else: + SecRuleEngine = "SecRuleEngine off" + + SecDebugLogLevel = "SecDebugLogLevel " + str(SecDebugLogLevel) + SecAuditLogParts = "SecAuditLogParts " + str(SecAuditLogParts) + SecAuditLogRelevantStatus = "SecAuditLogRelevantStatus " + SecAuditLogRelevantStatus + SecAuditLogType = "SecAuditLogType " + SecAuditLogType + + + ## writing data temporary to file + + + tempConfigPath = "/home/cyberpanel/" + str(randint(1000, 9999)) + + confPath = open(tempConfigPath, "w") + + confPath.writelines(modsecurity + "\n") + confPath.writelines(SecAuditEngine + "\n") + confPath.writelines(SecRuleEngine + "\n") + confPath.writelines(SecDebugLogLevel + "\n") + confPath.writelines(SecAuditLogParts + "\n") + confPath.writelines(SecAuditLogRelevantStatus + "\n") + confPath.writelines(SecAuditLogType + "\n") + + confPath.close() + + ## save configuration data + + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" + + execPath = execPath + " saveModSecConfigs --tempConfigPath " + tempConfigPath + + output = subprocess.check_output(shlex.split(execPath)) + + if output.find("1,None") > -1: + installUtilities.reStartLiteSpeed() + data_ret = {'saveStatus': 1, 'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'saveStatus': 0, 'error_message': output} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + + except BaseException,msg: + data_ret = {'saveStatus': 0, 'error_message': str(msg)} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + except KeyError,msg: + logging.CyberCPLogFileWriter.writeToFile(str(msg)) + data_ret = {'saveStatus': 0, 'error_message': str(msg)} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + +def modSecRules(request): + try: + userID = request.session['userID'] + + admin = Administrator.objects.get(pk=userID) + + if admin.type == 3: + return HttpResponse("You don't have enough privileges to access this page.") + + modSecPath = os.path.join(virtualHostUtilities.Server_root,'modules','mod_security.so') + + modSecInstalled = 0 + + if os.path.exists(modSecPath): + modSecInstalled = 1 + + return render(request, 'firewall/modSecurityRules.html',{'modSecInstalled': modSecInstalled}) + + except KeyError: + return redirect(loadLoginPage) + + +def fetchModSecRules(request): + try: + userID = request.session['userID'] + + admin = Administrator.objects.get(pk=userID) + + if admin.type == 3: + return HttpResponse("You don't have enough privileges to access this page.") + + modSecPath = os.path.join(virtualHostUtilities.Server_root,'modules','mod_security.so') + + + rulesPath = os.path.join(virtualHostUtilities.Server_root + "/conf/modsec/rules.conf") + + if os.path.exists(modSecPath): + command = "sudo cat " + rulesPath + currentModSecRules = subprocess.check_output(shlex.split(command)) + + final_dic = {'modSecInstalled': 1, + 'currentModSecRules': currentModSecRules} + + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + else: + final_dic = {'modSecInstalled': 0} + + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + except KeyError: + return redirect(loadLoginPage) + + +def saveModSecRules(request): + try: + val = request.session['userID'] + try: + if request.method == 'POST': + + data = json.loads(request.body) + + newModSecRules = data['modSecRules'] + + ## writing data temporary to file + + rulesPath = open(modSec.tempRulesFile, "w") + + rulesPath.write(newModSecRules) + + rulesPath.close() + + ## save configuration data + + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/modSec.py" + + execPath = execPath + " saveModSecRules" + + output = subprocess.check_output(shlex.split(execPath)) + + if output.find("1,None") > -1: + installUtilities.reStartLiteSpeed() + data_ret = {'saveStatus': 1, 'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'saveStatus': 0, 'error_message': output} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + + except BaseException,msg: + data_ret = {'saveStatus': 0, 'error_message': str(msg)} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + except KeyError,msg: + logging.CyberCPLogFileWriter.writeToFile(str(msg)) + data_ret = {'saveStatus': 0, 'error_message': str(msg)} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + diff --git a/plogical/modSec.py b/plogical/modSec.py index 6085c29bf..e9a21b494 100644 --- a/plogical/modSec.py +++ b/plogical/modSec.py @@ -7,6 +7,7 @@ import os class modSec: installLogPath = "/home/cyberpanel/modSecInstallLog" + tempRulesFile = "/home/cyberpanel/tempModSecRules" @staticmethod def installModSec(install, modSecInstall): @@ -87,6 +88,79 @@ SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access' str(msg) + " [installModSecConfigs]") print "0," + str(msg) + @staticmethod + def saveModSecConfigs(tempConfigPath): + try: + + data = open(tempConfigPath).readlines() + os.remove(tempConfigPath) + + confFile = os.path.join(virtualHostUtilities.Server_root, "conf/httpd_config.conf") + + confData = open(confFile).readlines() + + conf = open(confFile, 'w') + + for items in confData: + + if items.find('modsecurity ') > -1: + conf.writelines(data[0]) + continue + elif items.find('SecAuditEngine ') > -1: + conf.writelines(data[1]) + continue + elif items.find('SecRuleEngine ') > -1: + conf.writelines(data[2]) + continue + elif items.find('SecDebugLogLevel') > -1: + conf.writelines(data[3]) + continue + elif items.find('SecAuditLogRelevantStatus ') > -1: + conf.writelines(data[5]) + continue + elif items.find('SecAuditLogParts ') > -1: + conf.writelines(data[4]) + continue + elif items.find('SecAuditLogType ') > -1: + conf.writelines(data[6]) + continue + else: + conf.writelines(items) + + conf.close() + + print "1,None" + return + + except BaseException, msg: + logging.CyberCPLogFileWriter.writeToFile( + str(msg) + " [saveModSecConfigs]") + print "0," + str(msg) + + @staticmethod + def saveModSecRules(): + try: + + rulesFile = open(modSec.tempRulesFile,'r') + data = rulesFile.read() + rulesFile.close() + + rulesFilePath = os.path.join(virtualHostUtilities.Server_root, "conf/modsec/rules.conf") + + rulesFile = open(rulesFilePath,'w') + rulesFile.write(data) + rulesFile.close() + + print data + + print "1,None" + return + + except BaseException, msg: + logging.CyberCPLogFileWriter.writeToFile( + str(msg) + " [saveModSecRules]") + print "0," + str(msg) + def main(): @@ -94,10 +168,16 @@ def main(): parser = argparse.ArgumentParser(description='CyberPanel Installer') parser.add_argument('function', help='Specific a function to call!') + parser.add_argument('--tempConfigPath', help='Temporary path to configurations data!') + args = parser.parse_args() if args.function == "installModSecConfigs": modSec.installModSecConfigs() + elif args.function == "saveModSecConfigs": + modSec.saveModSecConfigs(args.tempConfigPath) + elif args.function == "saveModSecRules": + modSec.saveModSecRules() if __name__ == "__main__": main() \ No newline at end of file diff --git a/plogical/serverLogs.py b/plogical/serverLogs.py new file mode 100644 index 000000000..9369d94a4 --- /dev/null +++ b/plogical/serverLogs.py @@ -0,0 +1,28 @@ +import CyberCPLogFileWriter as logging +import argparse + +class serverLogs: + + @staticmethod + def cleanLogFile(fileName): + try: + logFile = open(fileName,'w') + logFile.close() + print "1,None" + except BaseException,msg: + logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[cleanLogFile]") + +def main(): + + parser = argparse.ArgumentParser(description='CyberPanel Installer') + parser.add_argument('function', help='Specific a function to call!') + + parser.add_argument('--fileName', help='File to clean.') + + args = parser.parse_args() + + if args.function == "cleanLogFile": + serverLogs.cleanLogFile(args.fileName) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/serverLogs/static/serverLogs/serverLogs.js b/serverLogs/static/serverLogs/serverLogs.js index ab0857e83..053dc2e77 100644 --- a/serverLogs/static/serverLogs/serverLogs.js +++ b/serverLogs/static/serverLogs/serverLogs.js @@ -125,6 +125,65 @@ app.controller('readAccessLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/usr/local/lsws/logs/access.log" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); @@ -163,7 +222,7 @@ app.controller('readErrorLogs', function($scope,$http) { - if(response.data.logstatus == 1){ + if(response.data.logstatus === 1){ $scope.logFileLoading = true; $scope.logsFeteched = false; @@ -255,6 +314,65 @@ app.controller('readErrorLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/usr/local/lsws/logs/error.log" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); @@ -291,7 +409,7 @@ app.controller('readFTPLogs', function($scope,$http) { - if(response.data.logstatus == 1){ + if(response.data.logstatus === 1){ $scope.logFileLoading = true; $scope.logsFeteched = false; @@ -383,6 +501,65 @@ app.controller('readFTPLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/var/log/messages" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); @@ -419,7 +596,7 @@ app.controller('readEmailLogs', function($scope,$http) { - if(response.data.logstatus == 1){ + if(response.data.logstatus === 1){ $scope.logFileLoading = true; $scope.logsFeteched = false; @@ -511,8 +688,253 @@ app.controller('readEmailLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/var/log/maillog" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); -/* Java script code to read log file ends here */ \ No newline at end of file +/* Java script code to read log file ends here */ + + +/* Java script code to read modsec audit log file */ + + +app.controller('modSecAuditLogs', function($scope,$http) { + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/getLogsFromFile"; + + var data = { + type:"modSec" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.logstatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = false; + $scope.couldNotFetchLogs = true; + + $scope.logsData = response.data.logsdata; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + + + + $scope.fetchLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/getLogsFromFile"; + + var data = { + type:"modSec" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.logstatus == 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = false; + $scope.couldNotFetchLogs = true; + + $scope.logsData = response.data.logsdata; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/usr/local/lsws/logs/auditmodsec.log" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + +}); + + + +/* Java script code to read modsec audit log ends here */ \ No newline at end of file diff --git a/serverLogs/templates/serverLogs/accessLogs.html b/serverLogs/templates/serverLogs/accessLogs.html index b84b1d4af..427749e7e 100644 --- a/serverLogs/templates/serverLogs/accessLogs.html +++ b/serverLogs/templates/serverLogs/accessLogs.html @@ -37,9 +37,12 @@
    - +
    +
    +
    +
    diff --git a/serverLogs/templates/serverLogs/emailLogs.html b/serverLogs/templates/serverLogs/emailLogs.html index a31dcb4d6..c6b552196 100644 --- a/serverLogs/templates/serverLogs/emailLogs.html +++ b/serverLogs/templates/serverLogs/emailLogs.html @@ -34,9 +34,12 @@
    - +
    +
    +
    +
    diff --git a/serverLogs/templates/serverLogs/errorLogs.html b/serverLogs/templates/serverLogs/errorLogs.html index 36f9481a7..57f76cd16 100644 --- a/serverLogs/templates/serverLogs/errorLogs.html +++ b/serverLogs/templates/serverLogs/errorLogs.html @@ -34,9 +34,12 @@
    - +
    +
    +
    +
    diff --git a/serverLogs/templates/serverLogs/ftplogs.html b/serverLogs/templates/serverLogs/ftplogs.html index 706dc0cba..ab7f6a95d 100644 --- a/serverLogs/templates/serverLogs/ftplogs.html +++ b/serverLogs/templates/serverLogs/ftplogs.html @@ -34,9 +34,12 @@
    - +
    +
    +
    +
    diff --git a/serverLogs/templates/serverLogs/modSecAuditLog.html b/serverLogs/templates/serverLogs/modSecAuditLog.html new file mode 100644 index 000000000..6415ee8c3 --- /dev/null +++ b/serverLogs/templates/serverLogs/modSecAuditLog.html @@ -0,0 +1,72 @@ +{% extends "baseTemplate/index.html" %} +{% load i18n %} +{% block title %}{% trans "ModSecurity Audit Logs - CyberPanel" %}{% endblock %} +{% block content %} + +{% load static %} +{% get_current_language as LANGUAGE_CODE %} + + +
    + + +
    +

    {% trans "ModSecurity Audit Logs" %}

    +

    {% trans "ModSecurity Audit logs" %}

    +
    + + +
    +
    +
    +

    + {% trans "Last 50 Lines" %} +

    +
    + +
    +
    +
    + +
    +
    + + + +
    + +
    + +
    +
    + + +
    +
    + + + +
    +

    {% trans "Last 50 Lines Fetched" %}

    +
    + + +
    +

    {% trans "Could not fetch logs. Use the command line to view the log file." %}

    +
    + + + +
    + + +
    +
    +
    +
    + + +
    + + +{% endblock %} \ No newline at end of file diff --git a/serverLogs/urls.py b/serverLogs/urls.py index e87ed5ea5..bc7017a36 100644 --- a/serverLogs/urls.py +++ b/serverLogs/urls.py @@ -7,6 +7,8 @@ urlpatterns = [ url(r'^errorLogs', views.errorLogs, name='errorLogs'), url(r'^emaillogs', views.emailLogs, name='emaillogs'), url(r'^ftplogs', views.ftplogs, name='ftplogs'), + url(r'^modSecAuditLogs', views.modSecAuditLogs, name='modSecAuditLogs'), url(r'^getLogsFromFile',views.getLogsFromFile, name="getLogsFromFile"), + url(r'^clearLogFile',views.clearLogFile, name="clearLogFile"), ] \ No newline at end of file diff --git a/serverLogs/views.py b/serverLogs/views.py index 941a1a722..046f47562 100644 --- a/serverLogs/views.py +++ b/serverLogs/views.py @@ -10,6 +10,7 @@ from plogical.installUtilities import installUtilities from loginSystem.models import Administrator import subprocess import shlex +from plogical.virtualHostUtilities import virtualHostUtilities # Create your views here. @@ -88,6 +89,21 @@ def emailLogs(request): logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[accessLogs]") return redirect(loadLoginPage) +def modSecAuditLogs(request): + try: + val = request.session['userID'] + + admin = Administrator.objects.get(pk=val) + + if admin.type == 3: + return HttpResponse("You don't have enough priviliges to access this page.") + + + return render(request,'serverLogs/modSecAuditLog.html') + + except KeyError,msg: + logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[accessLogs]") + return redirect(loadLoginPage) def getLogsFromFile(request): @@ -105,6 +121,9 @@ def getLogsFromFile(request): fileName="/var/log/maillog" elif type=="ftp": fileName="/var/log/messages" + elif type == "modSec": + fileName = "/usr/local/lsws/logs/auditmodsec.log" + command = "sudo tail -50 " + fileName @@ -120,4 +139,40 @@ def getLogsFromFile(request): except KeyError, msg: status = {"logstatus":0,"error":"Could not fetch data from log file, please see CyberCP main log file through command line."} logging.CyberCPLogFileWriter.writeToFile(str(msg) + "[getLogsFromFile]") - return HttpResponse("Not Logged in as admin") \ No newline at end of file + return HttpResponse("Not Logged in as admin") + +def clearLogFile(request): + try: + val = request.session['userID'] + try: + if request.method == 'POST': + + data = json.loads(request.body) + + fileName = data['fileName'] + + execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/serverLogs.py" + + execPath = execPath + " cleanLogFile --fileName " + fileName + + output = subprocess.check_output(shlex.split(execPath)) + + if output.find("1,None") > -1: + data_ret = {'cleanStatus': 1, 'error_message': "None"} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + else: + data_ret = {'cleanStatus': 0, 'error_message': output} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + except BaseException,msg: + data_ret = {'cleanStatus': 0, 'error_message': str(msg)} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + except KeyError,msg: + logging.CyberCPLogFileWriter.writeToFile(str(msg)) + data_ret = {'cleanStatus': 0, 'error_message': str(msg)} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) \ No newline at end of file diff --git a/static/firewall/firewall.js b/static/firewall/firewall.js index 294c965c7..73996960b 100644 --- a/static/firewall/firewall.js +++ b/static/firewall/firewall.js @@ -1072,6 +1072,168 @@ app.controller('modSec', function($scope, $http, $timeout, $window) { $scope.failedToSave = true; $scope.successfullySaved = true; + $scope.saveModSecConfigurations = function () { + + $scope.failedToSave = true; + $scope.successfullySaved = true; + $scope.modsecLoading = false; + $scope.couldNotConnect = true; + + + url = "/firewall/saveModSecConfigurations"; + + var data = { + modsecurity_status:modsecurity_status, + SecAuditEngine:SecAuditEngine, + SecRuleEngine:SecRuleEngine, + SecDebugLogLevel:$scope.SecDebugLogLevel, + SecAuditLogParts:$scope.SecAuditLogParts, + SecAuditLogRelevantStatus:$scope.SecAuditLogRelevantStatus, + SecAuditLogType:$scope.SecAuditLogType, + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + if(response.data.saveStatus === 1){ + + $scope.failedToSave = true; + $scope.successfullySaved = false; + $scope.modsecLoading = true; + $scope.couldNotConnect = true; + + } + else{ + $scope.errorMessage = response.data.error_message; + + $scope.failedToSave = false; + $scope.successfullySaved = true; + $scope.modsecLoading = true; + $scope.couldNotConnect = true; + } + + } + function cantLoadInitialDatas(response) { + $scope.failedToSave = true; + $scope.successfullySaved = false; + $scope.modsecLoading = true; + $scope.couldNotConnect = true; + } + + + }; + +}); + + +app.controller('modSecRules', function($scope, $http) { + + $scope.modsecLoading = true; + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + $scope.couldNotSave = true; + + + fetchModSecRules(); + function fetchModSecRules(){ + + $scope.modsecLoading = false; + $scope.modsecLoading = true; + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + + + url = "/firewall/fetchModSecRules"; + + var data = {}; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + $scope.modsecLoading = true; + + if(response.data.modSecInstalled === 1){ + + $scope.currentModSecRules = response.data.currentModSecRules; + + } + + } + function cantLoadInitialDatas(response) { + $scope.modsecLoading = true; + } + + } + + $scope.saveModSecRules = function(){ + + $scope.modsecLoading = false; + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + $scope.couldNotSave = true; + + + url = "/firewall/saveModSecRules"; + + var data = { + modSecRules:$scope.currentModSecRules + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + $scope.modsecLoading = true; + + if(response.data.saveStatus === 1){ + + $scope.rulesSaved = false; + $scope.couldNotConnect = true; + $scope.couldNotSave = true; + + }else{ + $scope.rulesSaved = true; + $scope.couldNotConnect = true; + $scope.couldNotSave = false; + + $scope.errorMessage = response.data.error_message; + } + + } + function cantLoadInitialDatas(response) { + $scope.modsecLoading = true; + $scope.rulesSaved = true; + $scope.couldNotConnect = false; + $scope.couldNotSave = true; + } + } + }); /* Java script code for ModSec */ \ No newline at end of file diff --git a/static/serverLogs/serverLogs.js b/static/serverLogs/serverLogs.js index ab0857e83..053dc2e77 100644 --- a/static/serverLogs/serverLogs.js +++ b/static/serverLogs/serverLogs.js @@ -125,6 +125,65 @@ app.controller('readAccessLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/usr/local/lsws/logs/access.log" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); @@ -163,7 +222,7 @@ app.controller('readErrorLogs', function($scope,$http) { - if(response.data.logstatus == 1){ + if(response.data.logstatus === 1){ $scope.logFileLoading = true; $scope.logsFeteched = false; @@ -255,6 +314,65 @@ app.controller('readErrorLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/usr/local/lsws/logs/error.log" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); @@ -291,7 +409,7 @@ app.controller('readFTPLogs', function($scope,$http) { - if(response.data.logstatus == 1){ + if(response.data.logstatus === 1){ $scope.logFileLoading = true; $scope.logsFeteched = false; @@ -383,6 +501,65 @@ app.controller('readFTPLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/var/log/messages" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); @@ -419,7 +596,7 @@ app.controller('readEmailLogs', function($scope,$http) { - if(response.data.logstatus == 1){ + if(response.data.logstatus === 1){ $scope.logFileLoading = true; $scope.logsFeteched = false; @@ -511,8 +688,253 @@ app.controller('readEmailLogs', function($scope,$http) { }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/var/log/maillog" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + }); -/* Java script code to read log file ends here */ \ No newline at end of file +/* Java script code to read log file ends here */ + + +/* Java script code to read modsec audit log file */ + + +app.controller('modSecAuditLogs', function($scope,$http) { + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/getLogsFromFile"; + + var data = { + type:"modSec" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.logstatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = false; + $scope.couldNotFetchLogs = true; + + $scope.logsData = response.data.logsdata; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + + + + $scope.fetchLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/getLogsFromFile"; + + var data = { + type:"modSec" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.logstatus == 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = false; + $scope.couldNotFetchLogs = true; + + $scope.logsData = response.data.logsdata; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + $scope.clearLogs = function(){ + + + $scope.logFileLoading = false; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + var url = "/serverlogs/clearLogFile"; + + var data = { + fileName:"/usr/local/lsws/logs/auditmodsec.log" + }; + + var config = { + headers : { + 'X-CSRFToken': getCookie('csrftoken') + } + }; + + $http.post(url, data,config).then(ListInitialDatas, cantLoadInitialDatas); + + + function ListInitialDatas(response) { + + + + if(response.data.cleanStatus === 1){ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + $scope.logsData = ""; + + + + } + else{ + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = true; + + + } + + + } + function cantLoadInitialDatas(response) { + + $scope.logFileLoading = true; + $scope.logsFeteched = true; + $scope.couldNotFetchLogs = false; + + } + + }; + +}); + + + +/* Java script code to read modsec audit log ends here */ \ No newline at end of file diff --git a/websiteFunctions/views.py b/websiteFunctions/views.py index 0772dd93b..d4c2efbd4 100644 --- a/websiteFunctions/views.py +++ b/websiteFunctions/views.py @@ -1573,7 +1573,7 @@ def saveSSL(request): vhost = open(tempCertPath, "w") - vhost.write(data['key']) + vhost.write(data['cert']) vhost.close() @@ -1591,8 +1591,6 @@ def saveSSL(request): execPath = execPath + " saveSSL --virtualHostName " + domain + " --path " + pathToStoreSSL + " --tempKeyPath " + tempKeyPath + " --tempCertPath " + tempCertPath + " --sslCheck 0" - - output = subprocess.check_output(shlex.split(execPath)) if output.find("1,None") > -1: