smecontribs/smeserver-denyhosts
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for smeserver-denyhosts on Sat Sep 7 19:51:06 AEST 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-09-07 19:51:06 +10:00
parent 0752bb2038
commit 52e223dd5f
72 changed files with 2173 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
root/usr/lib/systemd/system/denyhosts.service.d/49-koozali.conf Normal file
View File

@@ -0,0 +1,8 @@
[Service]
ExecStartPre=
ExecStartPre=/sbin/e-smith/service-status denyhosts
TimeoutStartSec=300
Restart=always
[Install]
WantedBy=sme-server-target

305
root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/denyhosts.pm Executable file
View File

@@ -0,0 +1,305 @@
#!/usr/bin/perl -w
package esmith::FormMagick::Panel::denyhosts;
use strict;
use esmith::ConfigDB;
use esmith::FormMagick;
use esmith::util;
use esmith::cgi;
use File::Basename;
use Exporter;
use Carp;
use Data::Validate::IP;
our @ISA = qw(esmith::FormMagick Exporter);
our @EXPORT = qw(get_value get_prop change_settings RemoveIP);
my $scriptname = basename($0);
our $VERSION = sprintf '%d.%03d', q$Revision: 1.00 $ =~ /: (\d+).(\d+)/;
our $db = esmith::ConfigDB->open
|| warn "Couldn't open configuration database (permissions problems?)";
sub new {
shift;
my $self = esmith::FormMagick->new();
$self->{calling_package} = (caller)[0];
bless $self;
return $self;
}
sub get_prop
{
my $fm = shift;
my $item = shift;
my $prop = shift;
return $db->get_prop($item, $prop) || '';
}
sub get_value {
my $fm = shift;
my $item = shift;
return ($db->get($item)->value());
}
sub ip_number_or_blank
{
my $self = shift;
my $ip = shift;
if (!defined($ip) || $ip eq "")
{
return 'OK';
}
return CGI::FormMagick::Validator::ip_number($self, $ip);
}
sub _get_valid_from
{
my $self = shift;
my $rec = $db->get('denyhosts');
return undef unless($rec);
my @vals = (split ',', ($rec->prop('ValidFrom') || ''));
return @vals;
}
sub ip_sort(@)
{
return esmith::util::IPquadToAddr($a) <=> esmith::util::IPquadToAddr($b);
}
sub show_valid_from_list
{
my $self = shift;
my $q = $self->{cgi};
print '<tr><td colspan=2>',$q->p($self->localise('VALIDFROM_DESC')),'</td></tr>';
my @vals = $self->_get_valid_from();
if (@vals)
{
print '<tr><td colspan=2>',
$q->start_table({class => "sme-border"}),"\n";
print $q->Tr(
esmith::cgi::genSmallCell($q, $self->localise('IP_ADDRESS'),"header"),
esmith::cgi::genSmallCell($q, $self->localise('REMOVE'),"header"));
my @vals_sorted= sort ip_sort @vals;
my @cbGroup = $q->checkbox_group(-name => 'validFromRemove',
-values => [@vals_sorted], -labels => { map {$_ => ''} @vals_sorted });
foreach my $val (@vals_sorted)
{
print $q->Tr(
esmith::cgi::genSmallCell($q, $val, "normal"),
esmith::cgi::genSmallCell($q, shift(@cbGroup),
"normal"));
}
print '</table></td></tr>';
}
else
{
print $q->Tr($q->td($q->b($self->localise('NO_ENTRIES_YET'))));
}
return '';
}
sub show_current_deny
{
my $self = shift;
my $q = $self->{cgi};
print '<tr><td colspan=2>',$q->p($self->localise('CURRENT_DENY_DESC')),'</td></tr>';
my %vals = ();
if (open(DENY, "/etc/hosts.deny_ssh") ) {
%vals = map { m{DenyHosts: (.*) \| (.*)$}; $2 => $1; } grep /DenyHosts:/, <DENY>;
close DENY;
}
if (%vals)
{
print '<tr><td colspan=2>',
$q->start_table({class => "sme-border"}),"\n";
print $q->Tr(
esmith::cgi::genSmallCell($q, $self->localise('IP_ADDRESS'),"header"),
esmith::cgi::genSmallCell($q, $self->localise('FIRST_SEEN'),"header"),
esmith::cgi::genSmallCell($q, $self->localise('ACTION'),"header"));
foreach my $val (sort ip_sort keys %vals)
{
my $action3 ="<a href=\"$scriptname?page=0&page_stack=&Next=Next&action=RemoveIP&IP=$val&wherenext=Second\">".$self->localise('REMOVE')."</a>" .
" <a href=\"$scriptname?page=0&page_stack=&Next=Next&action=RemoveIP&IP=$val&wherenext=Second&Whitelist=true\">".$self->localise('WHITELIST')."</a>" ;
print $q->Tr(
esmith::cgi::genSmallCell($q, $val, "normal"),
esmith::cgi::genSmallCell($q, $vals{$val}, "normal"),
esmith::cgi::genSmallCell($q, $action3, "normal"));
}
print '</table></td></tr>';
}
else
{
print $q->Tr($q->td($q->b($self->localise('NO_ENTRIES_YET'))));
}
return '';
}
sub add_new_valid_from
{
my $self = shift;
my $q = $self->{cgi};
my $ip = $q->param('ip');
# do nothing if no ip was added
return 1 unless ($ip);
my $rec = $db->get('denyhosts');
unless ($rec)
{
return $self->error('ERR_NO_RECORD');
}
my $prop = $rec->prop('ValidFrom') || '';
my @vals = split /,/, $prop;
return '' if (grep /^$ip$/, @vals); # already have this entry
if ($prop ne '')
{
$prop .= ",$ip";
}
else
{
$prop = "$ip";
}
$rec->set_prop('ValidFrom', $prop);
$q->delete('ip');
return 1;
}
sub remove_valid_from
{
my $self = shift;
my $q = $self->{cgi};
my @remove = $q->param('validFromRemove');
my @vals = $self->_get_valid_from();
foreach my $entry (@remove)
{
return undef unless $entry;
unless (@vals)
{
print STDERR "ERROR: unable to load ValidFrom property from conf db\n";
return undef;
}
@vals = (grep { $entry ne $_ } @vals);
}
my $prop;
if (@vals)
{
$prop = join ',',@vals;
}
else
{
$prop = '';
}
$db->get('denyhosts')->set_prop('ValidFrom', $prop);
$q->delete('validFromRemove');
return 1;
}
sub change_settings {
my ($fm) = @_;
my $q = $fm->{'cgi'};
my %conf;
# Don't process the form unless we clicked the Save button. The event is
# called even if we chose the Remove link or the Add link.
return unless($q->param('Next') eq $fm->localise('SAVE'));
my $ip = ($q->param ('ip') || '');
my $status = ($q->param ('status') || 'status');
#------------------------------------------------------------
# Looks good; go ahead and change the access.
#------------------------------------------------------------
my $rec = $db->get('denyhosts');
$rec->set_prop('status', $status) if $rec;
return '' unless $fm->add_new_valid_from;
return '' unless $fm->remove_valid_from;
unless ( system( "/sbin/e-smith/signal-event", "conf-denyhosts" ) == 0 )
{
$fm->error('ERROR_UPDATING');
return undef;
}
if ( $rec->prop('status') eq 'disabled' )
{
unless ( `/etc/init.d/denyhosts stop` )
{
$fm->error('ERROR_STOPPING');
return undef;
}
}
$fm->success('SUCCESS');
}
# validate subnet
# RemoveIP after validation
sub RemoveIP {
my $fm = shift;
my $q = $fm->{'cgi'};
# my ($fm) = @_;
# my $q = $fm->{'cgi'};
# use Data::Dumper;
#warn Dumper($fm);
my %conf;
my $ip = ($q->param('IP') || '');
my $whitelist = ($q->param('Whitelist'))? "true" : '';
#check ip
my $validator=Data::Validate::IP->new;
unless ($validator->is_ipv4($ip))
{
$fm->error('ERROR_STOPPING');
return undef;
}
$ip = $validator->is_ipv4($ip);
unless ( system( "/etc/e-smith/events/actions/denyhost-purge none $ip $whitelist".' >/dev/null 2>&1' ) == 0 )
{
$fm->error('ERROR_UPDATING');
return undef;
}
if ($whitelist ne "" ) {
$fm->success($fm->localise('SUCCESS_IP_WHITE').": $ip",'First');
}
else
{
$fm->success($fm->localise('SUCCESS_IP').": $ip",'First');
}
}
sub back {
my $fm = shift;
my $q = $fm->{'cgi'};
print "<a href='$scriptname'>".$fm->localise('Back')."</a>";
return;
}
1;