v3.4.5

WAF and overview improved, bugs fixed
5 years ago · a44f272cb9
parent eea89dc4c6
commit a44f272cb9
8 changed files with 90 additions and 22 deletions
--- a/app/options.py
+++ b/app/options.py
@ -646,4 +646,13 @@ if form.getvalue('get_ldap_email'):
 		except:
 			print('error: user not found')
 	finally:
-		l.unbind()
+		l.unbind()
+		
+
+if form.getvalue('change_waf_mode'):
+	waf_mode = form.getvalue('change_waf_mode')
+	server_hostname = form.getvalue('server_hostname')
+	haproxy_dir  = sql.get_setting('haproxy_dir')
+	serv = sql.select_server_by_name(server_hostname)
+	commands = [ "sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine %s/' %s/waf/modsecurity.conf " % (waf_mode, haproxy_dir) ]
+	funct.ssh_command(serv, commands)
--- a/app/sql.py
+++ b/app/sql.py
@ -235,6 +235,21 @@ def select_user_name_group(id):
 	cur.close()    
 	con.close()  
 	
+	
+def select_server_by_name(name):
+	con, cur = create_db.get_cur()
+	sql = """select ip from servers where hostname='%s' """ % name
+	try:    
+		cur.execute(sql)
+	except sqltool.Error as e:
+		out_error(e)
+	else:
+		for name in cur.fetchone():
+			return name
+	cur.close()    
+	con.close()
+	
+	
 def select_servers(**kwargs):
 	con, cur = create_db.get_cur()
 	sql = """select * from servers where enable = '1' ORDER BY groups """
--- a/app/templates/ajax/overivewWaf.html
+++ b/app/templates/ajax/overivewWaf.html
@ -2,7 +2,7 @@
 {% for service in service_status %}
 	{% if service.3 == "On" or service.3 == "Off" or service.3 == "DetectionOnly" or url == "waf.py" %}
 		{% do waf_servers.append(1) %}
-		<tr class="{{ loop.cycle('odd', 'even') }}">
+		<tr class="{{ loop.cycle('odd', 'even') }}" id="{{service.0}}-select-line">
 			<td class="padding10 first-collumn">
 				<a href="#{{ service.0 }}" title="Go to {{ service.0 }} status" style="color: #000">{{ service.0 }}</a>
 			</td>
@ -27,14 +27,30 @@
 			{% endif %}
 			</td>
 			<td>
+			{% if role <= 1 %}
 				{% if service.3 == "On" or service.3 == "Off" or service.3 == "DetectionOnly" %}
-					{{ service.3 }}
+					<select class="waf_mode" id="{{ service.0 }}_select">
+						{% set waf_modes = [] %}
+						{% do waf_modes.append("On") %}
+						{% do waf_modes.append("Off") %}
+						{% do waf_modes.append("DetectionOnly") %}
+						{% for waf_mode in waf_modes %}
+							{% if service.3 == waf_mode %} 
+								<option value={{waf_mode}} selected="selected">{{waf_mode}}</option>
+							{% else %}
+								<option value={{waf_mode}}>{{waf_mode}}</option>
+							{% endif %}
+						{% endfor %}
+					</select>
 				{%else %}
 					<a title="Install WAF"><button onclick="installWaf('{{ service.1 }}')">Install</button></a>
 				{% endif %}
+			{% else %}
+				{{ service.3 }}
+			{% endif %}
 			</td>
 			{% if url == "waf.py" %}
-			<td>
+			<td style="padding-top: 2px;">
 				{% if service.3 == "On" or service.3 == "Off" or service.3 == "DetectionOnly" %}
 					{% if service.4|int() == 1 %}
 						<label for="{{ service.0 }}"></label><input type="checkbox" id="{{ service.0 }}" checked>
@ -54,4 +70,16 @@
 			You have not installed the WAF server yet
 		</td>
 	</tr>
-{% endif %}
+{% endif %}
+<script>
+	$( "select" ).selectmenu();
+	{% if role <= 1 %}
+		$( "select" ).on('selectmenuchange',function() {
+			var id = $(this).attr('id');
+			changeWafMode(id)
+		});	
+	{% endif %}
+</script>
+<style>
+.ui-selectmenu-button.ui-button {width: 10em;}
+</style>
--- a/app/templates/ajax/overview.html
+++ b/app/templates/ajax/overview.html
@ -45,7 +45,11 @@
 			</a>			
 		</td>
 		<td>
-			{{ service.3 }}
+			{% if "ls: cannot access" in service.3 %}
+				Cannot find HAProxy config
+			{% else %}
+				{{ service.3 }}
+			{% endif %}
 		</td>
 		<td></td>
 	</tr>
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -115,7 +115,7 @@
 					</ul>
 				</nav>
 				<div class="copyright-menu">
-					<a href="https://github.com/aidaho12/haproxy-wi/" title="Github repo" target="_blank" style="color: #fff">HAproxy-WI v3.4.4.8</a>
+					<a href="https://github.com/aidaho12/haproxy-wi/" title="Github repo" target="_blank" style="color: #fff">HAproxy-WI v3.4.5</a>
 					<br>
 					<a href="https://www.patreon.com/haproxy_wi" title="Donate" target="_blank" style="color: #fff; margin-left: 30px; color: red;" class="patreon">  Patreon</a>
 				</div>
--- a/inc/script.js
+++ b/inc/script.js
@ -1507,4 +1507,24 @@ function saveList(action, list, color) {
 			$("#ajax").html(data); 
 		}
 	} );	
+}
+function changeWafMode(id) {
+	var waf_mode = $('#'+id+' option:selected').val();
+	var server_hostname = id.split('_')[0];
+	 $.ajax( {
+		url: "options.py",
+		data: {
+			change_waf_mode: waf_mode,
+			server_hostname: server_hostname,
+			token: $('#token').val()
+		},
+		type: "GET",
+		success: function( data ) {
+			alert('Do not forget restart WAF server: '+server_hostname)
+			$( '#'+server_hostname+'-select-line' ).addClass( "update", 1000 );										
+			setTimeout(function() {
+				$( '#'+server_hostname+'-select-line' ).removeClass( "update" );
+			}, 2500 );
+		}
+	} ); 
 }
--- a/install.sh
+++ b/install.sh
@ -299,7 +299,6 @@ sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf
 sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf

 systemctl daemon-reload      
-systemctl restart logrotate
 systemctl restart rsyslog
 systemctl restart metrics_haproxy.service
 systemctl restart checker_haproxy.service
@ -353,8 +352,7 @@ echo -e "Installing required Python Packages"
 echo ""
 echo ""
 echo "################################"
-sudo -H pip3 install --upgrade pip
-sudo pip3 install -r /var/www/$HOME_HAPROXY_WI/requirements.txt
+sudo -H pip3.5 install --upgrade pip
 sudo pip3.5 install -r /var/www/$HOME_HAPROXY_WI/requirements.txt

 if [ $? -eq 1 ]
--- a/update.sh
+++ b/update.sh
@ -1,27 +1,21 @@
 #!/bin/bash

-# set -x 
-
 cp app/haproxy-wi.cfg  /tmp/

 mv -f /tmp/haproxy-wi.cfg app/haproxy-wi.cfg 

-mkdir keys
-mkdir app/certs
-
-if hash apt-get 2>/dev/null; then
-	apt-get install git  net-tools lshw dos2unix apache2 gcc netcat mod_ssl python3-pip gcc-c++ openldap-devel libpq-dev python-dev libxml2-dev libxslt1-dev libldap2-dev libsasl2-dev libffi-dev python3-dev -y
-else
-	yum -y install https://centos7.iuscommunity.org/ius-release.rpm
-	yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip mod_ssl httpd python35u-devel gcc-c++ openldap-devel 
-fi
-
 git reset --hard
 git pull  https://github.com/Aidaho12/haproxy-wi.git

 chmod +x app/*py
 chmod +x app/tools/*py

+if hash apt-get 2>/dev/null; then
+	sudo chown -R www-data:www-data app/
+else
+	sudo chown -R apache:apache app/
+fi
+
 cd app/
 ./create_db.py