CloudLinux, CageFS and security improvements

usmannasir · Jul 16, 2019 · 44983fa · 44983fa
1 parent 5c8e25e
commit 44983fa
Show file tree

Hide file tree

Showing 85 changed files with 7,512 additions and 3,248 deletions.
diff --git a/CLManager/CLManagerMain.py b/CLManager/CLManagerMain.py
@@ -0,0 +1,191 @@
+import threading as multi
+from plogical.acl import ACLManager
+import plogical.CyberCPLogFileWriter as logging
+from plogical.processUtilities import ProcessUtilities
+from django.shortcuts import render
+import os
+from serverStatus.serverStatusUtil import ServerStatusUtil
+import json
+from django.shortcuts import HttpResponse
+from math import ceil
+from websiteFunctions.models import Websites
+from .models import CLPackages
+
+
+class CLManagerMain(multi.Thread):
+
+    def __init__(self, request=None, templateName=None, function=None, data=None):
+        multi.Thread.__init__(self)
+        self.request = request
+        self.templateName = templateName
+        self.function = function
+        self.data = data
+
+    def run(self):
+        try:
+            if self.function == 'submitCageFSInstall':
+                self.submitCageFSInstall()
+            elif self.function == 'enableOrDisable':
+                self.enableOrDisable()
+
+        except BaseException, msg:
+            logging.CyberCPLogFileWriter.writeToFile(str(msg) + ' [ContainerManager.run]')
+
+    def renderC(self):
+
+        userID = self.request.session['userID']
+        currentACL = ACLManager.loadedACL(userID)
+
+        if currentACL['admin'] == 1:
+            pass
+        else:
+            return ACLManager.loadError()
+
+        data = {}
+        data['CL'] = 0
+        data['CAGEFS'] = 0
+        CLPath = '/etc/sysconfig/cloudlinux'
+        CageFSPath = '/usr/sbin/cagefsctl'
+
+        if os.path.exists(CLPath):
+            data['CL'] = 1
+
+        if os.path.exists(CageFSPath):
+            data['CAGEFS'] = 1
+
+        if data['CL']  == 0:
+            return render(self.request, 'CLManager/notAvailable.html', data)
+        elif data['CAGEFS']  == 0:
+            return render(self.request, 'CLManager/notAvailable.html', data)
+        else:
+            return render(self.request, self.templateName, self.data)
+
+    def submitCageFSInstall(self):
+        try:
+            userID = self.request.session['userID']
+            currentACL = ACLManager.loadedACL(userID)
+
+            if currentACL['admin'] == 1:
+                pass
+            else:
+                logging.CyberCPLogFileWriter.statusWriter(ServerStatusUtil.lswsInstallStatusPath,
+                                                          'Not authorized to install container packages. [404].',
+                                                          1)
+                return 0
+
+            execPath = "sudo python /usr/local/CyberCP/CLManager/CageFS.py"
+            execPath = execPath + " --function submitCageFSInstall"
+            ProcessUtilities.outputExecutioner(execPath)
+
+        except BaseException, msg:
+            logging.CyberCPLogFileWriter.statusWriter(ServerStatusUtil.lswsInstallStatusPath, str(msg) + ' [404].', 1)
+
+    def findWebsitesJson(self, currentACL, userID, pageNumber):
+        finalPageNumber = ((pageNumber * 10)) - 10
+        endPageNumber = finalPageNumber + 10
+        websites = ACLManager.findWebsiteObjects(currentACL, userID)[finalPageNumber:endPageNumber]
+
+        json_data = "["
+        checker = 0
+
+        command = '/usr/sbin/cagefsctl --list-enabled'
+        Enabled = ProcessUtilities.outputExecutioner(command)
+
+        for items in websites:
+            if Enabled.find(items.externalApp) > -1:
+                status = 1
+            else:
+                status = 0
+            dic = {'domain': items.domain, 'externalApp': items.externalApp, 'status': status}
+
+            if checker == 0:
+                json_data = json_data + json.dumps(dic)
+                checker = 1
+            else:
+                json_data = json_data + ',' + json.dumps(dic)
+
+        json_data = json_data + ']'
+
+        return json_data
+
+    def websitePagination(self, currentACL, userID):
+        websites = ACLManager.findAllSites(currentACL, userID)
+
+        pages = float(len(websites)) / float(10)
+        pagination = []
+
+        if pages <= 1.0:
+            pages = 1
+            pagination.append('<li><a href="\#"></a></li>')
+        else:
+            pages = ceil(pages)
+            finalPages = int(pages) + 1
+
+            for i in range(1, finalPages):
+                pagination.append('<li><a href="\#">' + str(i) + '</a></li>')
+
+        return pagination
+
+    def getFurtherAccounts(self, userID=None, data=None):
+        try:
+            currentACL = ACLManager.loadedACL(userID)
+            pageNumber = int(data['page'])
+            json_data = self.findWebsitesJson(currentACL, userID, pageNumber)
+            pagination = self.websitePagination(currentACL, userID)
+
+            cageFSPath = '/home/cyberpanel/cagefs'
+
+            if os.path.exists(cageFSPath):
+                default = 'On'
+            else:
+                default = 'Off'
+
+            final_dic = {'status': 1, 'listWebSiteStatus': 1, 'error_message': "None", "data": json_data,
+                         'pagination': pagination, 'default': default}
+            final_json = json.dumps(final_dic)
+            return HttpResponse(final_json)
+        except BaseException, msg:
+            dic = {'status': 1, 'listWebSiteStatus': 0, 'error_message': str(msg)}
+            json_data = json.dumps(dic)
+            return HttpResponse(json_data)
+
+    def enableOrDisable(self):
+        try:
+            websites = Websites.objects.all()
+            if self.data['mode'] == 1:
+                for items in websites:
+                    command = '/usr/sbin/cagefsctl --enable %s' % (items.externalApp)
+                    ProcessUtilities.executioner(command)
+            else:
+                for items in websites:
+                    command = '/usr/sbin/cagefsctl --disable %s' % (items.externalApp)
+                    ProcessUtilities.executioner(command)
+        except BaseException, msg:
+            logging.CyberCPLogFileWriter.writeToFile(str(msg))
+
+    def fetchPackages(self, currentACL):
+
+        if currentACL['admin'] == 1:
+            pass
+        else:
+            return ACLManager.loadErrorJson()
+
+        json_data = "["
+        checker = 0
+
+        for items in CLPackages.objects.all():
+            dic = {'name': items.name, 'SPEED': items.speed, 'VMEM': items.vmem, 'PMEM': items.pmem, 'IO': items.io, 'IOPS': items.iops, 'EP': items.ep,
+                   'NPROC': items.nproc, 'inodessoft': items.inodessoft, 'inodeshard': items.inodeshard}
+
+            if checker == 0:
+                json_data = json_data + json.dumps(dic)
+                checker = 1
+            else:
+                json_data = json_data + ',' + json.dumps(dic)
+
+        json_data = json_data + ']'
+
+        final_dic = {'status': 1, 'error_message': "None", "data": json_data}
+        final_json = json.dumps(final_dic)
+        return HttpResponse(final_json)
+
diff --git a/CLManager/CLPackages.py b/CLManager/CLPackages.py
@@ -0,0 +1,82 @@
+#!/usr/local/CyberCP/bin/python2
+import os
+import os.path
+import sys
+import django
+sys.path.append('/usr/local/CyberCP')
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings")
+django.setup()
+import argparse
+from websiteFunctions.models import Websites
+from CLManager.models import CLPackages
+import pwd
+
+class CLinuxPackages:
+
+    @staticmethod
+    def listAll():
+        for items in Websites.objects.all():
+            itemPackage = items.package
+            try:
+                clPackage = CLPackages.objects.get(owner=itemPackage)
+                statement = '%s %s' % (pwd.getpwnam(items.externalApp).pw_uid, clPackage.name)
+                print statement
+            except:
+                pass
+
+
+    @staticmethod
+    def listPackages():
+        for items in CLPackages.objects.all():
+            print items.name
+
+    @staticmethod
+    def userIDPackage(user):
+        website = Websites.objects.get(externalApp=user)
+        itemPackage = website.package
+        try:
+            clPackage = CLPackages.objects.get(owner=itemPackage)
+            print clPackage
+        except:
+            pass
+
+
+    @staticmethod
+    def packageForUser(package):
+        for items in Websites.objects.all():
+            itemPackage = items.package
+            try:
+                clPackage = CLPackages.objects.get(owner=itemPackage)
+                if clPackage.name == package:
+                    print pwd.getpwnam(items.externalApp).pw_uid
+            except:
+                pass
+
+def main():
+
+    parser = argparse.ArgumentParser(description='CyberPanel Container Manager')
+    parser.add_argument('--userid', help='User ID')
+    parser.add_argument('--package', help='Package')
+    parser.add_argument('--function', help='Function')
+    parser.add_argument('--list-all', help='List all users/packages.', action='store_true')
+    parser.add_argument('--list-packages', help='List all packages.', action='store_true')
+
+
+    args = vars(parser.parse_args())
+
+    if args['userid']:
+        CLinuxPackages.userIDPackage(args['userid'])
+    elif args['package']:
+        CLinuxPackages.packageForUser(args['package'])
+    elif args['list_all']:
+        CLinuxPackages.listAll()
+    elif args['list_packages']:
+        CLinuxPackages.listPackages()
+
+
+
+
+
+if __name__ == "__main__":
+    main()
+
diff --git a/CLManager/CageFS.py b/CLManager/CageFS.py
@@ -0,0 +1,60 @@
+#!/usr/local/CyberCP/bin/python2
+import sys
+sys.path.append('/usr/local/CyberCP')
+import plogical.CyberCPLogFileWriter as logging
+import argparse
+from plogical.mailUtilities import mailUtilities
+from serverStatus.serverStatusUtil import ServerStatusUtil
+
+
+class CageFS:
+    packages = ['talksho']
+    users = ['5001']
+
+    @staticmethod
+    def submitCageFSInstall():
+        try:
+
+            mailUtilities.checkHome()
+
+            statusFile = open(ServerStatusUtil.lswsInstallStatusPath, 'w')
+
+            logging.CyberCPLogFileWriter.statusWriter(ServerStatusUtil.lswsInstallStatusPath,
+                                                      "Starting Packages Installation..\n", 1)
+
+            command = 'sudo yum install cagefs -y'
+            ServerStatusUtil.executioner(command, statusFile)
+
+            command = 'sudo /usr/sbin/cagefsctl --init'
+            ServerStatusUtil.executioner(command, statusFile)
+
+            command = 'sudo /usr/sbin/cagefsctl --update-etc'
+            ServerStatusUtil.executioner(command, statusFile)
+
+            command = 'sudo /usr/sbin/cagefsctl --force-update'
+            ServerStatusUtil.executioner(command, statusFile)
+
+            logging.CyberCPLogFileWriter.statusWriter(ServerStatusUtil.lswsInstallStatusPath,
+                                                      "Packages successfully installed.[200]\n", 1)
+
+        except BaseException, msg:
+            logging.CyberCPLogFileWriter.statusWriter(ServerStatusUtil.lswsInstallStatusPath, str(msg) + ' [404].', 1)
+
+def main():
+
+    parser = argparse.ArgumentParser(description='CyberPanel CageFS Manager')
+    parser.add_argument('--function', help='Function')
+
+
+    args = vars(parser.parse_args())
+
+    if args["function"] == "submitCageFSInstall":
+        CageFS.submitCageFSInstall()
+
+
+
+
+
+if __name__ == "__main__":
+    main()
+
diff --git a/CLManager/__init__.py b/CLManager/__init__.py
diff --git a/CLManager/admin.py b/CLManager/admin.py
@@ -0,0 +1,6 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.contrib import admin
+
+# Register your models here.
diff --git a/CLManager/apps.py b/CLManager/apps.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.apps import AppConfig
+
+
+class ClmanagerConfig(AppConfig):
+    name = 'CLManager'
diff --git a/CLManager/migrations/__init__.py b/CLManager/migrations/__init__.py
diff --git a/CLManager/models.py b/CLManager/models.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models
+from packages.models import Package
+
+# Create your models here.
+
+class CLPackages(models.Model):
+    owner = models.ForeignKey(Package)
+    name = models.CharField(max_length=50,unique=True)
+    speed = models.CharField(max_length=50)
+    vmem = models.CharField(max_length=50)
+    pmem = models.CharField(max_length=50)
+    io = models.CharField(max_length=50)
+    iops = models.CharField(max_length=50)
+    ep = models.CharField(max_length=50)
+    nproc = models.CharField(max_length=50)
+    inodessoft = models.CharField(max_length=50)
+    inodeshard = models.CharField(max_length=50)