Skip to content
Permalink
Browse files

bug fix: add custom ssh port to csf

  • Loading branch information
usmannasir committed Dec 8, 2019
1 parent ca6bd36 commit 4109aaa25cae5f91d603b1e73a2c5e72a044fca4
Showing with 34 additions and 20 deletions.
  1. +22 −16 firewall/firewallManager.py
  2. +2 −2 firewall/views.py
  3. +10 −2 plogical/csf.py
@@ -378,21 +378,29 @@ def saveSSHConfigs(self, userID = None, data = None):

if output.find("1,None") > -1:

try:
updateFW = FirewallRules.objects.get(name="SSHCustom")
FirewallUtilities.deleteRule("tcp", updateFW.port, "0.0.0.0/0")
updateFW.port = sshPort
updateFW.save()
FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0")
except:
csfPath = '/etc/csf'

if os.path.exists(csfPath):
dataIn = {'protocol': 'TCP_IN', 'ports': sshPort}
self.modifyPorts(dataIn)
dataIn = {'protocol': 'TCP_OUT', 'ports': sshPort}
self.modifyPorts(dataIn)
else:
try:
newFireWallRule = FirewallRules(name="SSHCustom", port=sshPort, proto="tcp")
newFireWallRule.save()
updateFW = FirewallRules.objects.get(name="SSHCustom")
FirewallUtilities.deleteRule("tcp", updateFW.port, "0.0.0.0/0")
updateFW.port = sshPort
updateFW.save()
FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0")
command = 'firewall-cmd --permanent --remove-service=ssh'
ProcessUtilities.executioner(command)
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg))
except:
try:
newFireWallRule = FirewallRules(name="SSHCustom", port=sshPort, proto="tcp")
newFireWallRule.save()
FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0")
command = 'firewall-cmd --permanent --remove-service=ssh'
ProcessUtilities.executioner(command)
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg))

final_dic = {'status': 1, 'saveStatus': 1}
final_json = json.dumps(final_dic)
@@ -1463,7 +1471,7 @@ def changeStatus(self):
final_json = json.dumps(final_dic)
return HttpResponse(final_json)

def modifyPorts(self):
def modifyPorts(self, data = None):
try:

userID = self.request.session['userID']
@@ -1474,8 +1482,6 @@ def modifyPorts(self):
else:
return ACLManager.loadErrorJson()

data = json.loads(self.request.body)

protocol = data['protocol']
ports = data['ports']

@@ -190,7 +190,7 @@ def saveSSHConfigs(request):
if result != 200:
return result

fm = FirewallManager()
fm = FirewallManager(request)
coreResult = fm.saveSSHConfigs(userID, json.loads(request.body))

result = pluginManager.postSaveSSHConfigs(request, coreResult)
@@ -520,7 +520,7 @@ def modifyPorts(request):
return result

fm = FirewallManager(request)
coreResult = fm.modifyPorts()
coreResult = fm.modifyPorts(json.loads(request.body))

result = pluginManager.postModifyPorts(request, coreResult)
if result != 200:
@@ -486,14 +486,22 @@ def modifyPorts(protocol, portsPath):
if protocol == 'TCP_IN':
for items in data:
if items.find('TCP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
writeToFile.writelines('TCP_IN = "' + ports + '"\n')
if ports.find(',') > -1:
writeToFile.writelines('TCP_IN = "' + ports + '"\n')
else:
content = '%s,%s\n' % (items, ports)
writeToFile.writelines(content)
else:
writeToFile.writelines(items)
writeToFile.close()
elif protocol == 'TCP_OUT':
for items in data:
if items.find('TCP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
writeToFile.writelines('TCP_OUT = "' + ports + '"\n')
if ports.find(',') > -1:
writeToFile.writelines('TCP_OUT = "' + ports + '"\n')
else:
content = '%s,%s\n' % (items, ports)
writeToFile.writelines(content)
else:
writeToFile.writelines(items)
writeToFile.close()

0 comments on commit 4109aaa

Please sign in to comment.
You can’t perform that action at this time.