Pavel Loginov 5 years ago
parent e0424af2e7
commit 8c9b471363

@ -1,4 +1,4 @@
# -*- coding: utf-8 -*-" # -*- coding: utf-8 -*-
import cgi import cgi
import os, sys import os, sys
@ -455,8 +455,8 @@ def waf_install(serv, **kwargs):
os.system("rm -f %s" % script) os.system("rm -f %s" % script)
stderr = ssh_command(serv, commands, print_out="1") stderr = ssh_command(serv, commands, print_out="1")
if stderr is None:
sql.insert_waf_metrics_enable(serv, "0") sql.insert_waf_metrics_enable(serv, "0")
def install_nginx(serv): def install_nginx(serv):
@ -960,4 +960,11 @@ def check_group(group, role_id):
return True return True
else: else:
logging('localhost', ' has tried to actions in not own group ', haproxywi=1, login=1) logging('localhost', ' has tried to actions in not own group ', haproxywi=1, login=1)
return False return False
def check_service(serv, service_name):
commands = [ "systemctl status "+service_name+" |grep Active |awk '{print $1}'" ]
return ssh_command(serv, commands)

@ -690,6 +690,10 @@ if form.getvalue('master'):
if ssh_enable == 0: if ssh_enable == 0:
ssh_key_name = '' ssh_key_name = ''
servers = sql.select_servers(server=master)
for server in servers:
ssh_port = str(server[10])
if proxy is not None and proxy != '' and proxy != 'None': if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy proxy_serv = proxy
@ -706,7 +710,7 @@ if form.getvalue('master'):
funct.install_nginx(master) funct.install_nginx(master)
funct.install_nginx(slave) funct.install_nginx(slave)
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" + proxy_serv+ commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" + proxy_serv+" SSH_PORT="+ssh_port+
" ETH="+ETH+" IP="+str(IP)+" MASTER=MASTER"+" SYN_FLOOD="+syn_flood+" HOST="+str(master)+ " ETH="+ETH+" IP="+str(IP)+" MASTER=MASTER"+" SYN_FLOOD="+syn_flood+" HOST="+str(master)+
" USER="+str(ssh_user_name)+" PASS="+str(ssh_user_password)+" KEY="+str(ssh_key_name) ] " USER="+str(ssh_user_name)+" PASS="+str(ssh_user_password)+" KEY="+str(ssh_key_name) ]
@ -733,8 +737,12 @@ if form.getvalue('master'):
if ssh_enable == 0: if ssh_enable == 0:
ssh_key_name = '' ssh_key_name = ''
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" +proxy_serv+ servers = sql.select_servers(server=slave)
for server in servers:
ssh_port = str(server[10])
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" +proxy_serv+" SSH_PORT="+ssh_port+
" ETH="+ETH+" IP="+IP+" MASTER=BACKUP"+" HOST="+str(slave)+ " ETH="+ETH+" IP="+IP+" MASTER=BACKUP"+" HOST="+str(slave)+
" USER="+str(ssh_user_name)+" PASS="+str(ssh_user_password)+" KEY="+str(ssh_key_name) ] " USER="+str(ssh_user_name)+" PASS="+str(ssh_user_password)+" KEY="+str(ssh_key_name) ]

@ -83,7 +83,7 @@
- name: Disble SELINUX in env - name: Disble SELINUX in env
shell: setenforce 0 shell: setenforce 0 2> /dev/null
ignore_errors: yes ignore_errors: yes
debugger: never debugger: never

@ -62,7 +62,7 @@
ignore_errors: yes ignore_errors: yes
- name: Disble SELINUX in env - name: Disble SELINUX in env
shell: setenforce 0 shell: setenforce 0 2> /dev/null
ignore_errors: yes ignore_errors: yes
debugger: never debugger: never

@ -65,7 +65,7 @@
ignore_errors: yes ignore_errors: yes
- name: Disble SELINUX in env - name: Disble SELINUX in env
shell: setenforce 0 shell: setenforce 0 2> /dev/null
ignore_errors: yes ignore_errors: yes
debugger: never debugger: never

@ -143,6 +143,8 @@ sudo sed -i 's/#SecAction/SecAction/' $HAPROXY_PATH/waf/rules/modsecurity_crs_10
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' $HAPROXY_PATH/waf/modsecurity.conf sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' $HAPROXY_PATH/waf/modsecurity.conf
sudo sed -i 's/SecAuditLogParts ABIJDEFHZ/SecAuditLogParts ABIJDEH/' $HAPROXY_PATH/waf/modsecurity.conf sudo sed -i 's/SecAuditLogParts ABIJDEFHZ/SecAuditLogParts ABIJDEH/' $HAPROXY_PATH/waf/modsecurity.conf
sudo rm -f /tmp/owasp.tar.gz sudo rm -f /tmp/owasp.tar.gz
sudo rm -f /tmp/owasp-modsecurity-crs-2.2.9
sudo rm -f /tmp/haproxy-$VERSION
sudo bash -c cat << EOF > /tmp/waf.service sudo bash -c cat << EOF > /tmp/waf.service
[Unit] [Unit]

Loading…
Cancel
Save