AlkantarClanX12
Your IP : 3.142.198.51

Current Path : /opt/cloudlinux/venv/lib64/python3.11/site-packages/__pycache__/
Current File : //opt/cloudlinux/venv/lib64/python3.11/site-packages/__pycache__/cldiaglib.cpython-311.pyc
�

".gE��
���ddlZddlZddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZddlm
Z
ddlmZddlmZmZmZmZddlZddlmZddlmZmZddlmZmZdd	lm Z m!Z!dd
l"m#Z#m$Z$ddl%m&Z&m'Z'ddl(m)Z)dd
l*m+Z+m,Z,ddl-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4ddl5m6Z6ddl7m8Z8dZ9dZ:dZ;dZ<dZ=dZ>dZ?dZ@de@��ZAdZBdZCdZDdZEeddd g��ZFd!d"d"d"d"d"d"d"d"d#�	ZGd$d%d&d%d%d%d%d%d%d#�	ZHiZId'd(eHd)�eId*<d+d,eGd)�eId-<d.ZJd/ZKd0�ZLd�d2�ZMd�d4�ZNd5�ZOd6�ZPd7�ZQeLd8��d9���ZRd:eeSeeTffd;�ZUd<�ZVeLd=��d>���ZWd?eTd@eTd:eFfdA�ZXeLdB��ePeVdC�������ZYeLdD��ePeVdE�������ZZeLdF��ePeVdG�������Z[eLdH��ePeVdI�������Z\eLdJ��dK���Z]eLdL��eQdM�����Z^dN�Z_eLdO��dP���Z`eLdQ��dR���ZaeLdS��dT���ZbeLdU��eQdV�����ZceLdW��dX���ZdeLdY��eQdZ�����ZeeLd[��ePd\�����ZfeLd]��ePd^�����Zgd_Zhd`Zigda�Zjgdb�Zkdc�Zldd�Zmde�ZneLdf��dg���ZoeLdh��di���ZpeLdj��dk���Zqdl�ZrdmeTd:eeTfdn�Zsd:etfdo�Zud:etfdp�ZvdqeTd:etfdr�Zwd:eeTfds�Zxdt�Zydu�ZzeLdv��ePdw�����Z{d�dy�Z|d:eSfdz�Z}d:eeefd{�Z~d|eeed:dfd}�ZeLd~��eQd�����Z�eLd���eQd:eFfd������Z�dS)��N)�
namedtuple��wraps)�Path)�AnyStr�List�Optional�Tuple)�get_hidepid_typing_from_mounts)�ClPwd�drop_privileges)�Feature�is_panel_feature_supported)�CLEditionDetectionError�is_cl_solo_edition)�is_client_enabled�is_cmt_disabled)�DEFAULT_JWT_ES_TOKEN_PATH�DISABLE_CMT_FILE)�jwt_token_check)�WhmApiError�
WhmApiRequest)�ExternalProgramFailed�demote�is_litespeed_running�	is_ubuntu�process_is_running�run_command�service_is_enabled_and_present)�LimitsValidator)�get_pkg_version�OK�FAILED�SKIPPED�INTERNAL_TEST_ERRORz/https://docs.cloudlinux.com/command-line_tools/�disabled_cldiag_cron_checkers�cldiag_cronz5https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2z Link to FAQ and troubleshooting zWPlease write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.zCentralized Monitoringz;This checker is not supported on CloudLinux OS Solo editionzAThis checker is not supported in environments without LVE support�	ChkResult�res�msgz/usr/local/apache/bin/suexecz/usr/sbin/suexec)	�cPanel�
cPanel_ea4�DirectAdmin�Plesk�
ISPManager�	InterWorxzH-Sphere�	HostingNG�Unknownz/opt/suphp/sbin/suphpz/usr/sbin/suphpz/usr/local/suphp/sbin/suphp�SuPHPzdetect.get_suPHP_status())�name�status_function�location�suphp�SuEXECzdetect.get_suEXEC_status()�suexecz/var/lve/cldiag_user�
cldiaguserc����fd�}|S)Nc����|_|S�N)�pretty_name)�func�name_of_checkers ��py/cldiaglib.py�	decoratorzpretty_name.<locals>.decoratorrs���*������)r@rBs` rAr>r>qs$���������rCFc	��d}d}|r%d�|D��}||d<tj|��Sg}|D]?\}}}|�d|j�d|j��}	|�|	�d|�d	|�d
|�d�}	|�|	���@d�|d
|�d�gz��}|S)z2
    Formatter of output from all of checkers
    z)Command for disabling this cron checker: zcldiag --disable-cron-checkersc�@�i|]\}}}||�����SrD)�_asdict)�.0�checker_pretty_name�_�
chk_results    rA�
<dictcomp>z_formatter.<locals>.<dictcomp>�s1��h�h�h�=_�=P�RS�U_�"�J�$6�$6�$8�$8�h�h�hrC�total_errorsz:
    �: N�
z "� �"z

z
There are z errors found.)�json�dumpsr)r*�append�join)
�data�error_count�to_jsonr*�cmd_tmpr)rI�checker_public_namerK�checker_results
          rA�
_formatterr\ys���
6�C�.�G���h�h�cg�h�h�h��)��N���z�#����
�C�@D�#�#�<��0�*�/�^�^�
��^�^�j�n�^�^���*� .�]�]�c�]�]�W�]�]�GZ�]�]�]�N��
�
�>�"�"�"�"�
�+�+�c�E�+�E�E�E�F�F�
G�
G�C��JrCTc���t|��r|g}g}d}|D]�}	|��}n9#t$r,}ttt	|����}Yd}~nd}~wwxYw|jttfvr|dz
}|�|jt|d��r|j
nd|f����t|||��}|r#t|��tj|��||fS)Nr��public_name)�callable�	Exceptionr(r%�reprr)r#rTr>�hasattrr_r\�print�sys�exit)	�checkersrX�do_exit�results�errors�frK�er)s	         rA�runnerrm�s-��������:���G�
�F�
�
�
��	A�����J�J���	A�	A�	A�"�#6��Q���@�@�J�J�J�J�J�J�����	A�����>���
�
�
�
�a�K�F�����
�!(��M�!:�!:�D��
�
���
�	
�	
�	
�	
��W�f�g�
.�
.�C���
�c�
�
�
��������3�;�s�
'�
A�"A�Ac�j�	t|��S#t$rtd|�d���YdSwxYw)NzWARNING
 missing z function in cldetectlib.F)�eval�AttributeErrorrd)r?s rA�wrapperrq�sO����D�z�z�������
�B�4�B�B�B�C�C�C��u�u����s��2�2c�<��t����fd���}|S)Nc���	td���}n#t$rd}YnwxYw|rttt��S�|i|��S)NT��skip_jwt_checkF)rrr(r$�SKIPPED_ON_SOLO_MSG)�args�kwargs�is_solo_editionrks   �rA�checkerz(skip_checker_on_cl_solo.<locals>.checker�sl���	$�0��E�E�E�O�O��&�	$�	$�	$�#�O�O�O�	$�����	;��W�&9�:�:�:��q�$�!�&�!�!�!s��#�#r�rkrzs` rA�skip_checker_on_cl_solor|�s3���
�1�X�X�"�"�"�"��X�"��NrCc�<��t����fd���}|S)Nc�z��ttj��sttt
��S�|i|��Sr=)rr�LVEr(r$�SKIPPED_WITHOUT_LVE_MSG)rwrxrks  �rArzz'skip_check_without_lve.<locals>.checker�s;���)�'�+�6�6�	?��W�&=�>�>�>��q�$�!�&�!�!�!rCrr{s` rA�skip_check_without_lver��s3���
�1�X�X�"�"�"�"��X�"�
�NrCzCheck cagefsc�,�ttd��S)NzuCagefs version is too old. Please run cagefsctl --sanity-check directly or upgrade it to have full cldiag integration)r(r$rDrCrA�fake_cagefs_checkerr��s����	8���rC�returnc��t�d�}dt�dt�d�}d}ddlm}|��}|�|d	sd
|fS|�t	��\}}}|s||fSt��rd
|fSt
��sd
|fSdS)am
    Check that a server is cl+, enabled and CM isn't disabled locally
    The function returns True if the client has CL+ license, didn't disable CM
        localy and activated CM on https://cm.cloudlinux.com. The function also
        returns True if we can't read or parse JWT token, because
        we want to continue and show to client CM related errors
    z. is not activated on https://cm.cloudlinux.comzThe z& is disabled localy by creating file "rQ�The server has no CL+ licenser��get_client_data_from_jwt_tokenN�cl_plusF)TN)�cm_full_namer�clsummary.utilsr�rrr)�cm_is_not_activated_msg�cm_is_disabled_localy_msg�no_cl_plus_license_msgr��	jwt_token�is_valid�messagerJs        rA�_is_cmt_allowed_for_serverr��s���".�`�`�`�� r�|� r� r�_o� r� r� r��<��>�>�>�>�>�>�.�.�0�0�I���Y�y�%9���,�,�,���.�0�0���'�1��	%��W�$�$����0��/�/�/����.��-�-�-��:rCc�<��t����fd���}|S)zi
    Decorator: Skip check if a server isn't cl+, disabled and
               CM is disabled locally
    c�d��t��\}}|r�|i|��Stt|��S)z$
        Decorated function
        )r�r(r$)rwrx�resultr�rks    �rA�decorated_functionz@skip_if_cmt_not_used_enabled_allowed.<locals>.decorated_functionsI���
5�6�6�����	&��1�d�%�f�%�%�%����
�
�	
rCr)rkr�s` rA�$skip_if_cmt_not_used_enabled_allowedr��s6����1�X�X�
�
�
�
��X�
��rCzCheck existing JWT tokenc��d}dt�dt�dt�dt��}d}ddlm}tj�t��stt||z��St��\}}}|r#|��}ttd	|�d
���S||krttd��S|dz}tt|�d|����S)
z%
    Check an existing JWT token
    zJ The absence of JWT tokens is normal for the clients with volume license. z$Please check for JWT token in path "zr". %sTry running "rhn_check" for getting a new token if it is absent. Server can't collect and send statistics to z( if you don't have a correct JWT token. �. z"JWT token doesn't have CL+ servicerr�zJWT token is valid: "rQr��)rr��cl_plus_doc_msg�write_to_support_msgr�r��os�path�existsr(r$rr"r#)�token_is_absent_msg�main_msg�token_is_not_cl_plusr�r�r�rJr�s        rA�check_jwt_tokenr�s3��
g��	"�%�	"�	"�+7�	"�	"�,;�		"�	"�
 �	"�	"�
�@��>�>�>�>�>�>�
�7�>�>�3�4�4�
����*�*�
�
�	
�
)�*�*��F�G�Q�
�C�2�2�4�4�	���A�Y�A�A�A�B�B�B��&�&�&���+�
�
�	
�
�"�}�H��V��5�5�8�5�5�6�6�6rC�service_name�process_file_pathc���t|��\}}	t|d��}n#t$rd}YnwxYw|r|r|rttd|�d���Sg}|s|�d��|s|�d��|s|�d��ttd�|���dt�d	|�d
t�dt��	��S)z�
    Check that a service is present, enabled and active
    :param service_name: name of a service
    :param process_file_path: path to a file which is run by a service
    Fz	Service "z " is present, enabled and activezService is not present.zService is not enabled.zService is not active.rPz1 The server can't collect and send statistics to z if service z$ isn't present, enabled and active. r�)rr�FileNotFoundErrorr(r"rTr#rUr�r�r�)r�r��
is_present�
is_enabled�	is_active�messagess      rA�_check_service_stater�8sF��<�L�I�I��J�
��&�'8�%�@�@�	�	�������	�	�	������
�j�
�Y�
���F��F�F�F�
�
�	
�
�H��3����1�2�2�2��3����1�2�2�2��2����0�1�1�1����8�8�H���	"�	"�%�	"�	"�3?�	"�	"�(7�	"�	"� �	"�	"���s�%�4�4z=Check service `cl_plus_sender` is present, enabled and activec�2�ddlm}d}t||��S)zL
    Check that service `cl_plus_sender` is present, enabled and active
    r)�CL_PLUS_SENDER_FILE_PATH�cl_plus_sender)r�r�r�)r�r�s  rA�check_cl_plus_sender_servicer�Ys,��9�8�8�8�8�8�#�L���.F�G�G�GrCz<Check service `node_exporter` is present, enabled and activec�(�d}d}tj�tj�|d����s=tj�tj�|d����rd}nd}t	||��S)a

    Check that service `node_exporter` or `cl_node_exporter` is present,
    enabled and active
    Since it was renamed node_exporter -> cl_node_exporter
    let`s handle both cases:
     - old `node_exporter` service
     - renamed `cl_node_exporter` service
    z&/usr/share/cloudlinux/cl_plus/service/z+/usr/share/cloudlinux/cl_plus/node_exporter�cl_node_exporterzcl_node_exporter.service�
node_exporter)r�r�r�rUr�)�base_service_pathr�r�s   rA�check_node_exporter_servicer�gs���A��E��	�w�~�~�b�g�l�l�#4�6H�I�I�J�J�'�b�g�n�n�
����&�(B�C�C�O�O�'�*���&����.?�@�@�@rCz7Check service `lvestats` is present, enabled and activec�*�d}d}t||��S)zF
    Check that service `lvestats` is present, enabled and active
    �lvestatsz'/usr/share/lve-stats/lvestats-server.py)r�)r�r�s  rA�check_lvestats_servicer�s ���L�A����.?�@�@�@rCzeCheck that the server has the minimal required packages for correct working of Centralized Monitoringc��dD]C}t|���2ttd|�dt�dt�dt
����cS�Dttd��S)zD
    Check that the server has minimal required packages for CM
    )zcl-end-server-toolszcl-node-exporterNz!System doesn't have the package "z". It's required for zA feature to work and it usually installed automatically by cron. r�zVSystem has the minimal required packages for correct working of Centralized Monitoring)r!r(r#r�r�r�r")�package_names rA�check_cmt_packagesr��s���D�	�	���<�(�(�0���*� �*�*�8D�*�*�+:�*�*�(�	*�*���
�
�
�1��R�q�r�r�rrCzACheck control panel and it's configuration (for DirectAdmin only)c��dtdz��}tj��tj��}|dkrt	t
d��Sd|�dtj�d�}td�	��sL|d
krFtj��rt	t|dz��St	t|dz|z��St	t|��S)
NzW Fixing the issue will provide CloudLinux support on your control panel. 
See details: z#diag-cpr2zCan't detect contol panelzControl Panel - z
; Version �;Trtr-z File "options.conf" is finez1 File "options.conf" has no line "cloudlinux=yes")�cldiag_doc_link�detect�getCP�	getCPNamer(r$�
CP_VERSIONr�da_check_optionsr"r#)�fix_motivation�cp_name�res_msgs   rA�
check_cp_diagr��s���	7�'�*�4�	7�	7���L�N�N�N��� � �G��)�����"=�>�>�>�H��H�H�F�4E�H�H�H�G��T�2�2�2�q�w�-�7O�7O��"�$�$�	K��R��+I�!I�J�J�J����+^�!^�ao�!o�p�p�p��R��!�!�!rCzDCheck fs.enforce_symlinksifowner is correctly enabled in sysctl confc
��dtdz��}tj��rttd��S	tj��}nM#t$r@}d}ttdtt|��|���d���cYd}~Sd}~wwxYw|dkrttd|z��Sttd	|����S)
Nz� Fixing that issue makes server more secure against symlink attacks and enables protection of PHP configs or other sensitive files. 
See details: z#symlinksifowner�$Not supported for OpenVZ environmentz+To see full error run /sbin/sysctl --systemz@Some parameter in sysctl config has wrong configuration. Error: z* It`s recommended to fix it and try again �zfs.enforce_symlinksifowner = 2zfs.enforce_symlinksifowner = )r�r��	is_openvzr(r$�get_symlinksifownerrr#�get_short_error_message�strr")r��symlinks_if_ownerrl�detailed_outs    rA�check_symlinksifownerr��s��	[�4C�FX�4X�	[�	[������J���"H�I�I�I�
�"�6�8�8���� �
�
�
�D����
p�-�c�!�f�f�l�C�C�
p�
p�
p�
�
�	
�	
�	
�	
�	
�	
�����
�����A�����!A�N�!R�S�S�S��R�L�9J�L�L�M�M�Ms�A�
B�5B�
B�Bc��|d���}tdz|z}d|�d|��}tj�d��sttd��St|d��stt|d�d���Stj	|d	��}|�ttd
|d�d���S|sttd|z��Sttd
��S)Nr4z#check-z{ Fix that issue to be sure that users run their sites inside CageFS and provide stable work of sites that are using apache z7 module. This may improve server security
See details: �/usr/sbin/cagefsctl�Cagefs is not installedr5z is not enabledr6zUnable to check zU module binary for custom control panel. This feature may be added in future updates.zBinary without CageFS jail zbinary has jail)�lowerr�r�r�r�r(r$rqr��check_binary_has_jailr#r")�params�module_name�linkr��has_jails     rA�binary_checkr��s(����.�&�&�(�(�K��Y�&��4�D�	!�/:�	!�	!��	!�	!��
�7�>�>�/�0�0�=���";�<�<�<��6�+�,�-�-�F���V�F�^�"D�"D�"D�E�E�E��+�F�:�,>�?�?�H�����
Q�v�f�~�
Q�
Q�
Q�
�
�	
�
�Q���!>��!O�P�P�P��R�*�+�+�+rCzCheck suexec has cagefs jailc��tj��r#t��rttd��Sttd��S)NzUCurrent PHP selector uses LiteSpeed, which doesn't require the patches in suEXEC bin.r9)r��detect_litespeedrr(r$r��BINARY_CHECK_PARAMETERSrDrCrA�check_suexecr��sQ���� � �
�%9�%;�%;�
���l�
�
�	
��/��9�:�:�:rCzCheck suphp has cagefs jailc�6�ttd��S)Nr7)r�r�rDrCrA�check_suphpr��s���/��8�9�9�9rCzCheck usepam in sshd configc���dtdz��}tj��}|�ttd��S|rtt
d��Sttd|z��S)NzgFix the issue to provide correct work of pam_lve module with sshd and CageFS ssh sessions
See details: z
#check-usepamz!Unable to run "/usr/sbin/sshd -T"zConfig is finez3There is "usepam no" in "/usr/sbin/sshd -T" output )r�r��check_SSHd_UsePAMr(r$r"r#)r��check_results  rA�
check_use_pamr��sx��	Q�-<��-N�	Q�	Q���+�-�-�L�����"E�F�F�F��/���-�.�.�.��V�R�Uc�c�d�d�drCz*Check the validity of LVE limits on serverc��d}d|z}d}t��}|���}|�tt|��Stt|dz|z��S)z
    Validate lve limits
    z6https://docs.cloudlinux.com/lve-limits-validation.htmlz'Invalid LVE limits on server. See doc: zValid LVE limits on server.NrO)r �validate_existing_limitsr(r"r#)�doc_link�failed_message�passed_message�limits_validatorr�s     rA�check_lve_limitsr�se��H�H�>��I�N�2�N�&�(�(��
�
6�
6�
8�
8�F�
�~���^�,�,�,��V�^�d�2�V�;�<�<�<rCz$Check compatibility for PHP Selectorc��d}dtdz�d�}t��}|rttd��Stj�d��sttd��Stj��r&t��rtt|dz��Sd	d	d	d
�}d}d}tj�|���rB	t|d
d���5}d�|D��}ddd��n#1swxYwYn8#t$r+}d|�d|�d�}	tt||	z��cYd}~Sd}~wwxYw|D]F}
|
�d��r/|
�d��d���}n�G|�d�}	tt||	z��S|D]G}
|
�|�d���r-|
�d��d���}�H|dvrd|�d�}	tt||	z��Stj��}|�1d|vrtt|dz��Sd|v|d<d|v|d <d!|v|d"<t%|d|d"g��stt|d#z��S|ds|d"rS|d$vrOd%|�d&d'�d(�|���D������}
tt||
z��Sd)|�d*n|�d+d'�d,�|���D�����d-�}	tt||	z��S).z�
    1. mod_ruid not present
    2. suphp
    3. mod_lsapi
    4. suexec and (fcgi or cgi)
    5. litespeed
    6. do not support other
    zIt looks ok [%s]z�Looks like your PHP handler doesn't support CloudLinux PHP Selector and as a result does not work http://docs.cloudlinux.com/index.html?compatiblity_matrix.html [%s]
Please, see: z#check-phpselectorz. and try to fix issue to have working selectorz-PHP Selector is not supported. Skipping checkz/etc/cpanel/ea4/is_ea4z+It is not cPanel with EA4, can diag nothing�	LitespeedF)r9r7�lsapiNz/etc/cpanel/ea4/php.conf�r�utf-8��encodingc�6�g|]}|�����SrD��strip)rH�lines  rA�
<listcomp>z%check_phpselector.<locals>.<listcomp>As ��5�5�5�4�$�*�*�,�,�5�5�5rCz
Can not read z (�)zdefault:�:r^z' config should have default php version)�cgi�fcgir7r�zdoesn't support z handler in ea4/php.conf�ruid2_modulez�It looks like you use mod_ruid. CloudLinux PHP Selector doesn't work properly with it. How to delete mod_ruid and install mod_suexec in cPanel https://docs.cloudlinux.com/cloudlinux_os_components/#installation-5�suphp_moduler7�lsapi_moduler��
suexec_moduler9zyIt looks like you do not have mod_suphp or mod_suexec installed. CloudLinux PHP Selector doesn't work properly without it)r7r�r�r�z	php.conf:z with z, c3�$K�|]\}}|�|V��dSr=rD�rH�module�is_installeds   rA�	<genexpr>z$check_phpselector.<locals>.<genexpr>is-����0s�0s�<P�F�L�fr�0s��0s�0s�0s�0s�0s�0srCzFSome unknown php handler, perhaps we don't support it [found handler: �-z and apache modules: c3�$K�|]\}}|�|V��dSr=rDrs   rArz$check_phpselector.<locals>.<genexpr>os-����(k�(k�4H�F�L�^j�(k��(k�(k�(k�(k�(k�(krC�])r�rr(r$r�r�r�r�r�rr"�open�IOErrorr#�
startswith�splitr��get_apache_modules�anyrU�items)�	ok_prefix�fail_prefix�is_ubuntu_os�status�handler�	conf_pathrk�configrl�errr��default_ver�modules�currents              rA�check_phpselectorrsP��#�I�	q�)�,@�@�	q�	q�	q���;�;�L��S���"Q�R�R�R��7�>�>�2�3�3�Q���"O�P�P�P��� � �6�%9�%;�%;�6���Y��4�5�5�5����
>�
>�F��G�*�I�	�w�~�~�i� � �8�	8��i��w�7�7�7�
6�1�5�5�1�5�5�5��
6�
6�
6�
6�
6�
6�
6�
6�
6�
6�
6����
6�
6�
6�
6����	8�	8�	8�3�)�3�3�q�3�3�3�C��V�[�3�%6�7�7�7�7�7�7�7�7�����	8�����	8�	8�D����z�*�*�
�#�z�z�#���q�1�8�8�:�:����
��G�G�G�C��V�[�3�%6�7�7�7��	7�	7�D����+�0�0�0�1�1�
7��:�:�c�?�?�1�-�4�4�6�6����;�;�;�F�W�F�F�F�C��V�[�3�%6�7�7�7��'�)�)�G����W�$�$����W�W���
�)�G�3��w��(�G�3��w��*�g�5��x����w����!1�2�3�3�
����G�
G�
�
�	
�
�g��2�&��*�2�w�:[�/[�/[�u��u�u�t�y�y�0s�0s�TZ�T`�T`�Tb�Tb�0s�0s�0s�'s�'s�u�u�	���Y��0�1�1�1�	o�")�/�3�3�w�	o�	o�#�y�y�(k�(k�F�L�L�N�N�(k�(k�(k�k�k�	o�	o�	o��
�V�[�3�.�/�/�/sB�D� 
C9�-D�9C=�=D�C=�D�
D:� D5�/D:�5D:zCheck fs.symlinkown_gidc�`�dtdz��}ttd��}d|z}d}tj��rtt
d��Stj��tj}	tj	|��n)#t$rtt
d|�d���cYSwxYw	t|d	�
��5}t|�
�������}ddd��n#1swxYwYn2#t$r%}tt d|�d|����cYd}~Sd}~wwxYwtj|kr|S	t%j|��j}n#t$rg}YnwxYw|r||vr|Stt |�||����S)
Nz|Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure. 
See details: z#check-symlinkowngidz>Web-server user is protected by Symlink Owner Match Protectionz@Web-server user '{}' is not in protected group specified in {}. z/proc/sys/fs/symlinkown_gidr�zThere is no web-server user [z] in system. Nothing to checkr�r�zCan't read GID from z
 with error: )r�r(r"r�r�r$�get_apache_gid�APACHE_UNAME�pwd�getpwnam�KeyErrorr	�int�readr�rar#�
APACHE_GID�grp�getgrgid�gr_mem�format)	r��ok_res�warn_msg_tpl�symlinkown_gid_file�apache_unamerk�current_symlinkown_gidrl�grp_memberss	         rA�check_symlinkowngidr/tsN��	E�)�,B�B�	E�	E��
�r�[�
\�
\�F�X�[i�i�L�7��
����J���"H�I�I�I�
������&�L�
���\�"�"�"�"���
�
�
���c�\�c�c�c�
�
�	
�	
�	
�
����
_�
�%��
8�
8�
8�	;�A�%(��������)9�)9�%:�%:�"�	;�	;�	;�	;�	;�	;�	;�	;�	;�	;�	;����	;�	;�	;�	;����_�_�_���!]�8K�!]�!]�Z[�!]�!]�^�^�^�^�^�^�^�^�����_������2�2�2��
���l�#9�:�:�A�������������������;�&�&��M��V�\�0�0��?R�S�S�T�T�Tsf�2B�#B-�,B-�1D�4D�6D�D�D�	D�
D�
D=�D8�2D=�8D=�E-�-E<�;E<z&Check existence of all user's packagesc����
��d�
d}d}gd��gd�}g�tj��dkrttd��St	j|��sttd��Stj�|��rt	j|���tj	|tj
tj
|d	�
��5}|���\}}|j}ddd��n#1swxYwY|dkrd
|��}tt|��S	d�|����d��D��}�fd�|D��}n1#t $r$}	d|	��}tt|��cYd}	~	Sd}	~	wwxYw�
fd�t	j�
��D�����fd�|D��}
|
r.dd�|
���d�}tt|��Stt$d��S)zL
    Return user's packages that do not exist in /var/cpanel/packages/

    z/var/cpanel/packages/z/var/cpanel/users/z/var/cpanel/suspended/)�	undefined�defaultz#cPanel Ticket System temporary user�Custom)z	/bin/grepz-ezPLAN=z-rr+�should be run on cPanel onlyzno users on this serverT)�stdout�stderr�cwd�textNrzerror getting user's packages: c���g|]c}|�d��d�d��d|�d��d���f��dS)�=rr�r^)rr�)rH�plans  rAr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sg��
�
�
�OS�T�Z�Z��_�_�Q�
�
%�
%�c�
*�
*�1�
-�t�z�z�#���q�/A�/G�/G�/I�/I�J�
�
�
rCrOc�&��g|]
\}}|�v�	||f��SrDrD)rH�user�pkg�suspended_userss   �rAr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�s-���m�m�m�i�d�C�QU�]l�Ql�Ql�t�S�k�Ql�Ql�QlrCz"error processing user's packages: c���g|]A}tj�tj��|�����?|��BSrD)r�r��isfilerU)rH�package�packages_dir_paths  �rAr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sN�����������r�w�|�|�\m�ov�Ow�Ow�@x�@x�����rCc�4��g|]\}}|�v�	|�v�
|�d|����S)rNrD)rHr=rB�excluded_packages_names�exists_packagess   ��rAr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sK���!�!�!��D�'��1�1�1�g�_�6T�6T����7���6T�6T�6TrCzXFound some nonexistent user's packages. List of "user: package" separated by semicolon: z; z�. If you want to apply package limits for those users - assign existing packages to them, otherwise limits will be applied incorrectly or not applied at all.z(nonexistent user's packages aren't found)r�r�r(r$r��listdirr�r��
subprocess�Popen�PIPE�communicate�
returncoder#r�rrarUr")�users_dir_path�suspended_dir_path�
user_plan_cmd�proc�std_out�std_err�ret_coder*�all_users_packagesrl�not_exists_users_packagesrErFrCr?s           @@@@rA�%check_existence_of_all_users_packagesrV�s�������0��)�N�1��g�g�g��6�6�6�M��O�
����X�%�%���"@�A�A�A�
�:�n�%�%�=���";�<�<�<�	�w�~�~�(�)�)�9��*�%7�8�8��
�	�������
�
�
�
�#�
��+�+�-�-�����?��#�#�#�#�#�#�#�#�#�#�#����#�#�#�#��1�}�}�9��9�9�����%�%�%�	&�
�
�W^�Wd�Wd�Wf�Wf�Wl�Wl�mq�Wr�Wr�
�
�
��n�m�m�m�;M�m�m�m�����&�&�&�6�1�6�6�����%�%�%�%�%�%�%�%�����&����
����!�z�*;�<�<����O�!�!�!�!�!�/�!�!�!��
!�&�
R�?C�y�y�Ib�?c�?c�
R�
R�
R�	����%�%�%��R�C�D�D�Ds0�
C5�5C9�<C9�!?E!�!
F�+F
�F�
Fz$Check all resellers's packages filesc��tj��dkrttd��SGd�d��}ddlm}	|��5|�����ddd��n#1swxYwYttd��S#t$r,}ttt|����cYd}~Sd}~wwxYw)	zT
    Check reseller packages files reading on any errors
    Caused by LU-2374

    r-z!should be run on DirectAdmin onlyc��eZdZdZd�Zd�ZdS)�7check_da_resellers_packages_files.<locals>.HiddenPrintsz=
        Redirect stdout to /dev/null to hide output
        c�t�tj|_ttjdd���t_dS)N�wr�r�)rer5�_original_stdoutr	r��devnull)�selfs rA�	__enter__zAcheck_da_resellers_packages_files.<locals>.HiddenPrints.__enter__�s(��$'�J�D�!��b�j�#��@�@�@�C�J�J�JrCc�d�tj���|jt_dSr=)rer5�closer\)r^�exc_type�exc_val�exc_tbs    rA�__exit__z@check_da_resellers_packages_files.<locals>.HiddenPrints.__exit__�s$���J�������.�C�J�J�JrCN)�__name__�
__module__�__qualname__�__doc__r_rerDrCrA�HiddenPrintsrY�s?������	�	�	A�	A�	A�	/�	/�	/�	/�	/rCrjr)r-Nz6all resellers packages are written in correct encoding)r�r�r(r$�clcontrollibr-�list_resellers_packagesr"rar#r�)rjr-rls   rA�!check_da_resellers_packages_filesrm�s8������]�*�*���"E�F�F�F�/�/�/�/�/�/�/�/�)�(�(�(�(�(�)�
�\�^�^�	4�	4��K�M�M�1�1�3�3�3�	4�	4�	4�	4�	4�	4�	4�	4�	4�	4�	4����	4�	4�	4�	4���U�V�V�V���)�)�)����Q���(�(�(�(�(�(�(�(�����)���sB�
B�A4�(B�4A8�8B�;A8�<B�
C
�!C�?C
�C
z/etc/cl.selector/defaults.cfgz/etc/cl.selector/php.conf)�	Directive�Default�Type�Comment�Range�Remark)�value�list�boolc���g}d}d}ttdd���5}|���}ddd��n#1swxYwY|D]�}|�d��r�t	|�����dkr_d}	||n%#t$r|�g��YnwxYw||�|�������|sd}|d	z
}��|S)
zL
    Parse php.conf and split it into blocks by empty line
    :return:
    rTr�r�r�N�#Fr^)r	�
PHP_CONF_PATH�	readlinesr�lenr�rarT)�line_blocks�block_index�	new_block�confrVr�s      rA�parse_php_confr�s_��
�K��K�
�I�	
�m�S�7�	3�	3�	3� �t��~�~���� � � � � � � � � � � ���� � � � ������?�?�3���	���t�z�z�|�|���q� � ��I�
'��K�(�(�(���
'�
'�
'��"�"�2�&�&�&�&�&�
'������$�+�+�D�J�J�L�L�9�9�9�9��	��I��1��K���s!�?�A�A�B�B7�6B7c�f�d}d}|D]�}|�d��}|d���tvrd}|dt|���d�z}|d���dkr9|d	���tvrd}|dt|���d
�z}��||gS)NTr�r:rFz
Block z has wrong param 
rpr^z has wrong directive 
)rr��PARAM_NAME_LIST�block_to_string�TYPES)�blockr�r*r��
line_partss     rA�check_blockr�4s���
�F�
�C��W�W���Z�Z��_�_�
��a�=��� � ��7�7��F��N�?�5�#9�#9�N�N�N�N�C��a�=��� � �F�*�*��!�}�"�"�$�$�E�1�1����V��u�'=�'=�V�V�V�V����C�=�rCc�>�d}|D]}|t|��zdz}�|S)NrO)r�)r��
res_stringr�s   rAr�r�Cs3���J��3�3���#�d�)�)�+�d�2�
�
��rCz"Checking /etc/cl.selector/php.confc�`�d}d|��}d}d}tj�t��st	t
dt�d���St
��}|D]"}t|��\}}|o|}|r|dz|z}�#|st	t||z��St	td��S)	Nz7https://docs.cloudlinux.com/custom_php_ini_options.htmlz�To fix the issue provide valid format for /etc/cl.selector/php.conf file. It is used for PHP Selector and invalid format lead to directives misconfiguration and as a result misconfiguration of selector
Please, read more about php.conf file in Tr�zFile z does not exist
rO�Ok)
r�r�r�ryr(r$r�r�r#r")�php_ini_doc_linkr�r�r*�blocksr��r1�msg1s        rA�check_php_confr�Js���P��	I�7G�	I�	I���F�
�C�
�7�>�>�-�(�(�L���"J�-�"J�"J�"J�K�K�K�
�
�
�F��$�$���u�%�%���D���B���	$���*�t�#�C���7����~�!5�6�6�6��R����rCz&Checking /etc/cl.selector/defaults.cfgc�D�dtdz��}tj�t��sttt�d���S	tjdd���}|�	t��n9#t$r,}ttt|����cYd}~Sd}~wwxYw	|�
dd��}n9#tjtjf$rttd|z��cYSwxYw|���D]�}|�d��r�|d	d�}	|�
|d
��}n#tj$rd}YnwxYw	|�
|d��}n#tj$rd
}YnwxYw||kr#|dkrttd|�d|����cS|rCd|vr?|�d��}|D]'}	|	s#t&j�d|�d����(��tt,d��S)Nz�Details: this config file is used by php selector and stores it`s global options, so it is important to keep needed configurations and valid syntax for PHP modules settings to avoid selector`s misconfiguration
See details: z#cldiagz does not existF��
interpolation�strict�versions�phpz!Default php version is undefined
��state�enablerr��disabledzDefault php version z
 is disabled
�,z"Warning: Modules list for version z is strange
r")r�r�r�r��DEFAULTS_CFG_PATHr(r$�configparser�ConfigParserr#rar#r��get�
NoOptionError�NoSectionError�sectionsrrrer6�writer")
r��defaults_cfgrl�default_php_version�section�php_versionr�r�module_namesr4s
          rA�check_defaults_cfgr�bs���	8�*�I�5�	8�	8���7�>�>�+�,�,�I���%6�"G�"G�"G�H�H�H�)�#�0�t�E�R�R�R�����+�,�,�,�,���)�)�)����Q���(�(�(�(�(�(�(�(�����)����X�*�.�.�z�5�A�A�����&��(C�D�X�X�X���!E��!V�W�W�W�W�W�X�����(�(�*�*�n�n�����e�$�$�	n�!�!�"�"�+�K�
!�$�(�(��'�:�:�����-�
!�
!�
!� ����
!����
�&�*�*�7�I�>�>�����-�
�
�
�����
����"�k�1�1�e�z�6I�6I� ��)k��)k�)k�[i�)k�)k�l�l�l�l�l��
n��'�>�>�#*�=�=��#5�#5�L� ,�n�n��#�n��J�,�,�-l�R]�-l�-l�-l�m�m�m����R����sT�0B�
B7�!B2�,B7�2B7�;C�3D�D�E�E,�+E,�0F�F�FzChecking domains compatibilityc���tj��dkrttd��Sd}d}t	��}|�tt
|��Stt|��S)Nr+r4z�Some domains/subdomains don't use PHP Selector because they have a non-system default version (in MultiPHP Manager) or PHP_FPM enabled. You can find their list on domains tab and pass control to PHP Selector if necessary.r�)r�r�r(r$�domains_compatibility_checkerr"r#)r�r�r�s   rA�check_domains_compatibilityr��sh��
����X�%�%���"@�A�A�A�	9��
�N�
*�
,�
,�F�
�~���^�,�,�,��V�^�,�,�,rCc�h�	td�����}td�����}n#t$rYdSwxYw|�d��D]F}|�d��|�d��ks|�d��rdS�GdS)N�php_get_vhost_versions�php_get_system_default_versionr��version�php_fpmzIncompatible version)r�callrr�)�domains�system_version�domains   rAr�r��s����� 8�9�9�>�>�@�@��&�'G�H�H�M�M�O�O���������t�t������+�+�j�)�)�*�*�����i�(�(�F�J�J�y�,A�,A�A�A�V�Z�Z�PY�EZ�EZ�A�)�)�)�B�*�*s�AA�
A�A�dirpathc��tj�|��sdSd|��}tj|�d��tjtjdd���}|jdkrdS	|j�d��d	�d��d
}n#t$rYdSwxYw|S)zZ
    Get mountpoint for dirpath directory from output of
    df -h {dirpath} utility.
    Nzdf -h rPTF)r5r6r8�checkrrOr^���)
r�r��isdirrH�runrrJrLr5�
IndexError)r��get_mountpoint_cmd�process�
mounted_ons    rA�get_dir_mountpointr��s���
�7�=�=��!�!���t�+�'�+�+���n�/�5�5�c�:�:�$.�O�J�O�RV�^c�e�e�e�G���Q����t���^�)�)�$�/�/��2�8�8��=�=�b�A�
�
�������t�t������s�59B/�/
B=�<B=c� �d}tj�d��rltdd���5}|D]?}|�d��r(t|�d��d��}�@	ddd��n#1swxYwY|S)	z[
    Returns maximum uid from /etc/login.defs
    If file does not exist returns 60000
    i`�z/etc/login.defsr�r�zUID_MAX rPr�N)r�r�rAr	rr"r)�max_uidrkr�s   rA�get_max_uidr��s���
�G�	�w�~�~�'�(�(�7�
�#�g�
6�
6�
6�	7�!��
7�
7���?�?�:�.�.�7�!�$�*�*�S�/�/�"�"5�6�6�G��
7�	7�	7�	7�	7�	7�	7�	7�	7�	7�	7�	7����	7�	7�	7�	7��Ns�AB�B�
Bc�p�d}t|�d��d���}t|��}|S)z 
    Returns min cagefs uid
    z!/usr/sbin/cagefsctl --get-min-uidrPT)�convert_to_str)rrr")�get_min_uid_cmdr5�min_uids   rA�get_min_uidr��s9��:�O�
��.�.�s�3�3�D�
I�
I�
I�F��&�k�k�G��NrC�usernamec�B�t��}t��}||krtd|�d|�d|�����t|���}||���vr|�|��S|���s|}n1|}|���}t||��D]
}||vr|}n�||krtd|�d|�d����d|�d|��}t|�	d	��d
���\}}	}
|dkrt|
���|S)
z�
    Creates user with max available uid that greater than min cagefs uid
    and less than max system uid.
    Does nothing if user already exists.
    z
Can't create z user: min_uid z is greater than max_uid )r�z user: uid z is too bigz#/usr/sbin/useradd -s /bin/false -u z -m rPT)�return_full_outputr)
r�r��RuntimeErrorr�get_user_full_dict�get_uid�get_uid_dict�rangerr)r�r�r��clpwd�
custom_uid�used_uids_dict�_uid�useradd_cmdrLrJrs           rA�useraddr��so���m�m�G��m�m�G������s�8�s�s��s�s�jq�s�s�t�t�t��'�"�"�"�E��5�+�+�-�-�-�-��}�}�X�&�&�&��������
�
��
��+�+�-�-���'�7�+�+�	�	�D��>�)�)�!�
���*��W����W�8�W�W�
�W�W�W�X�X�X�R�
�R�R��R�R�K�$�[�%6�%6�s�%;�%;�PT�U�U�U��J��3��Q����3�����rCc���	ttd���5}|������cddd��S#1swxYwYn#tt
f$rYnwxYwdS)zS
    Retrive cldiag username from file
    :return: username from file or None
    r�r�N)r	�_CLDIAG_USERNAME_FILEr#r��OSErrorr
)rks rA�get_username_from_filer��s���

�
�'�'�
:�
:�
:�	$�a��6�6�8�8�>�>�#�#�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$����	$�	$�	$�	$�	$���W��
�
�
���
�����4s3�A�&A�A�A�A�A�A�A+�*A+c�\�t��}tjd��}|���}|���D]`\}}|�|��s�	d|��}t
|�d�����D#tttf$rY�]wxYwdS)z3
    Remove all trash cldiag users from system
    z^cldiaguser_[a-f0-9]{21}$z/usr/sbin/userdel -r rPN)r�re�compiler�r�matchrrr�r
r)�cl_pwd�
re_pattern�
users_dictr�rJ�userdel_cmds      rA�remove_all_trash_cldiag_usersr�s����W�W�F���7�8�8�J��*�*�,�,�J�!�'�'�)�)�����!�����)�)�	��	�<�(�<�<�K���)�)�#�.�.�/�/�/�/����"7�8�	�	�	��D�	�����s�''B�B)�(B)c�^�d}|dg}	t|��}n#t$rYdSwxYw|sdSdS)z\
    Detect quota is activated
    :return: True/False - quotas activated/not activated
    z/usr/sbin/repquotaz-nvaFT)rr)�_REPQUOTA_PATH�cmdr5s   rA�is_quota_activer�s]��
*�N��6�
"�C���S�!�!���� �����u�u��������u��4s��
&�&zGChecking if /var/cagefs is located on partition with disk quota enabledc���d}d}d}d}d}td��}|�>tj�d��rtj�|��sttd��Stj�d	��sttd
��St��stt|��Sd}d}tj�t��rGt��}|�6	tj|��}|j
|j}
}	d}n#t$rYnwxYwnt!��|s�t"�d
t%j��j��dd�}t+|��tj|��}|j
|j}
}		t-tdd���5}|�|��ddd��n#1swxYwYn#t0t2f$rYnwxYw|�d|	��}|�d|�d|��}
|�d|�d|��}		|	dzd�}d|�d|�d�}t5t7j����}t9||��}tj�|��s"t;|�d����t;|
�d����t?j d|gt>j!t>j"dd|tG|	|
��itj$�ddi����5}|�%��\}}ddd��n#1swxYwYtM|��5|�'��sGd |vrCttP|��cddd��t;|�d����S|�'��st1|���|�)��ddd��n#1swxYwYt;|�d����n'#t;|�d����wxYwn%#tT$rtt|��cYSwxYwtt|��S)!a�
    Checker for check if /var/cagefs is located on partition
    with disk quota enabled.

    Algorithm for check: we trying to set cldiaguser's quota to 1 inode
    (so that this user can't create any file if the quota activated on
    this partition). Then we change uid of process to cldiaguser's uid,
    and try to create file with his permissions.
    If we can't create file (Disk quota exceeded) then it's alright and
    disc quota enabled. Else we warn user to enable quota on that partition.
    z3/var/cagefs located on partition with quota enabledz�Details: /var/cagefs located on partition with quota disabled.
Please, activate quota for /var/cagefs for better security.
See details: https://docs.cloudlinux.com/cloudlinux_os_components/#installation-and-update-2zYQuotas seems unworkable on this server. Please correctly setup quotas to run this checkerr�z/usr/sbin/setquotaz/var/cagefsNr�z/usr/share/cagefs-skeleton/binzCagefs is not initializedFTrJ� r[r�r�z	 --cpetc z -u z	 0 0 1 1 z	 0 0 0 0 �d�02dz/var/cagefs/�/z/etc/cl.selector/rPz
/bin/touch�LC_ALL�C)r5r6r8�start_new_sessionr7�
preexec_fn�envzDisk quota exceeded)+r�r�r�r�rAr(r$r�r#r�r�rr �pw_uid�pw_gidr!r��_CLDIAG_TEST_USENAME_PREFIX�uuid�uuid4�hexr�r	r�r�r
r��randomrrrrHrIrJ�STDOUTr�environrKr
r�r"�unlinkr)�
ok_messager��quota_unworkable_message�	cagefsctl�setquota�cagefs_mountpointr��is_testuser_exists�user_pw�user_uid�user_gidrk�create_cagefs_dir_cmd�set_quota_limit_cmd�reset_quota_limit_cmd�prefix�tempfile_dir�
tempfile_name�tempfile_full_pathrPr5rJs                      rA�!check_cagefs_partition_disk_quotar(s���G�J�	Z��	d��&�I�#�H�*�=�9�9��� ���
�
�m�(D�(D� �B�G�N�N�[d�Le�Le� ���";�<�<�<�
�7�=�=�9�:�:�?���"=�>�>�>����1����0�0�0��H���	�w�~�~�+�,�,�(�)�+�+����
*��,�x�0�0��%,�^�W�^�(��
&*�"�"��	�
�
�
���
����	 �	&�'�'�'��
�1�F�F�D�J�L�L�4D�F�F�s��s�K��������,�x�(�(��$�^�W�^�(��	��+�S�7�C�C�C�
"�q�����!�!�!�
"�
"�
"�
"�
"�
"�
"�
"�
"�
"�
"����
"�
"�
"�
"�����!�	�	�	��D�	����(�=�=�8�=�=��%�Q�Q�8�Q�Q�>O�Q�Q��'�S�S�X�S�S�@Q�S�S�� ;�	:� �3��,�,�F�N�&�N�N�8�N�N�N�L���
���0�0�M�!%�l�M�!B�!B���7�=�=��.�.�
>��1�7�7��<�<�=�=�=��+�1�1�#�6�6�7�7�7��!��}�-�!��!�(��"&� �!�(�H�5�5�5�r�z�5�h��_�5�	�	�	�

/�� �,�,�.�.�	���

/�

/�

/�

/�

/�

/�

/�

/�

/�

/�

/����

/�

/�

/�

/�!��*�*�
,�
,�)�0�0�2�2�5�7L�PV�7V�7V�$�R��4�4�
,�
,�
,�
,�
,�
,�
,�
�-�3�3�C�8�8�9�9�9�9�	*�0�0�2�2�*�!�&�/�/�)�"�)�)�+�+�+�
,�
,�
,�
,�
,�
,�
,�
,�
,�
,�
,����
,�
,�
,�
,�
�-�3�3�C�8�8�9�9�9�9��K�-�3�3�C�8�8�9�9�9�9����9�� �;�;�;���!9�:�:�:�:�:�;�����V�^�,�,�,s��?"D$�$
D1�0D1�!G&�8G�G&�G�G&�!G�"G&�&G:�9G:�C3P�
L1�%P�1L5�5P�8L5�9P�-O*�8P�"Q�'7O*�P�*O.�.P�1O.�2P�5#Q�$P<�<Q�Q"�!Q"�
c���|�d��}t|��|kr7d�|d|dz�dgz||dzd�z|gz��S|S)a.
    Handles error message making it shorter, if it is bigger than max limit
    :param error: error message to make shorter
    :param detailed_out: way for user to get full error manually
    :param max_error_lines: max lines for error
    :return: initial error (less than 10 lines) short error
    rONr�z...)rr{rU)�errorr��max_error_lines�error_liness    rAr�r��s����+�+�d�#�#�K�
�;���/�)�)��y�y��.�/�Q�.�.�/�5�'�9�K��HX�\]�H]�H_�H_�<`�`�dp�cq�q�
�
�	
��LrCc�J�tjtjddd���}|S)zY
    Return true if automatic cldiag email notifications
    about problems enabled.
    �
ENABLE_CLDIAGr:T)�	separator�default_val)r��get_boolean_param�CL_CONFIG_FILE)�
enable_cldiags rA�is_email_notification_enabledr�s(��
�,�V�-B�O�_b�pt�u�u�u�M��rCc�P�	tjddtdi���}|�tj��|�tt��}n#tj$rgcYSwxYwd�|�	���
d��D��S)zc
    Get list of disabled cldiag checkers which run by cron
    from /etc/sysconfig/cloudlinux
    NFr�)r�r��defaultsc�:�g|]}|�|�����SrDr�)rH�items  rAr�z6get_list_of_disabled_cron_checkers.<locals>.<listcomp>�s%��G�G�G�T�$�G�D�J�J�L�L�G�G�GrCr�)r�r��cron_cldiag_checkers_param_namer#r�rr��cron_cldiag_section_name�Errorr�r)rr�s  rA�"get_list_of_disabled_cron_checkersr!�s�����*���/���
�
�
��	���F�)�*�*�*����$�+�
�
����������	�	�	�����H�G�V�\�\�^�^�%9�%9�#�%>�%>�G�G�G�Gs�AA � A4�3A4�disabled_cron_cherkersc�$�	tjdd���}|�tj��t
|���vr|�t
��t��}|r|�	|��|�
t
td�|����ttjdd���5}|�|��ddd��dS#1swxYwYdS#tjt t"f$rb}t%dtj�d	|�d
���t%d��t%t&��t)jd��Yd}~dSd}~wwxYw)
z`
    Set list of disabled cldiag checker which run by cron
    in /etc/sysconfig/cloudlinux
    NFr�r�zw+r�r�z3Can't set list of disabled cron checkers to config"z" because "rQz:Please check config's existence, integrity and permissionsr^)r�r�r#r�rrr��add_sectionr!�extend�setrrUr	r�r r
r�rdr�rerf)r"r�current_disabled_checkersrkrs     rA�"set_list_of_disabled_cron_checkersr(�s���
��*���
�
�
��	���F�)�*�*�*�#�6�?�?�+<�+<�<�<����7�8�8�8�$F�$H�$H�!�!�	E�"�)�)�*C�D�D�D��
�
�$�+��H�H�+�,�,�	
�	
�	
�
�&�'���
@�
@�
@�	�A��L�L��O�O�O�	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�	�	������1����
�p��H]�p�p�jm�p�p�p�q�q�q�
�J�K�K�K�
�"�#�#�#�����������������	���s=�CD�!D�7D�D�D�D�D�F�-AF
�
Fz!Check mount with hidepid=2 optionc��d}d|��}d}d}tj�d��stt|��St��dkrtt|��Stt|��S)z7
    Check if system mounted with hidepid=2 option
    zWhttps://docs.cloudlinux.com/cloudlinux_os_kernel/#remounting-procfs-with-hidepid-optionz�Details: hidepid protection disabled.
Please, mount system with hidepid=2 for better security.
Read more about hidepid option here: zhidepid protection enabledr�r�r�)r�r�rAr(r$rr#r")�hidepid_doc_linkr�r��skipped_messages    rA�
check_hidepidr,�s���q��	C�0@�	C�	C��
2�N�/�O��7�>�>�/�0�0�3���/�2�2�2�&�'�'�1�,�,����0�0�0��R��(�(�(rCzCheck user's low PMEM limitsc��d}d|z}d}tj��}|rtt|��Stt|��S)z7
    Checks low PMEM limits availability on server
    z5https://docs.cloudlinux.com/limits/#limits-validationzLSome user(s) on server has low PMEM LVE limit (lower than 512 MB). See doc: zCheck low PMEM limits passed)r �is_low_pmem_limit_presentr(r#r")r�r�r�r�s    rA�check_low_pmem_limitsr/�sP��G�H�c�fn�n�N�3�N�
�
6�
8�
8�F�
�1����0�0�0��R��(�(�(rC)F)FT)r
)�r�r%rRr�rr�r�rHrer��collectionsr�	functoolsr�pathlibr�typingrrr	r
�cldetectlibr��cl_proc_hidepidr�clcommon.clpwdrr
�clcommon.cpapirr�clcommon.lib.cleditionrr�clcommon.lib.cmt_utilsrr�clcommon.lib.constsrr�clcommon.lib.jwt_tokenr�clcommon.lib.whmapi_librr�clcommon.utilsrrrrrrr�cllimits_validatorr �clsentry.utilsr!r"r#r$r%r�rr�cl_plus_doc_linkr�r�r�rvr�r(�SUEXEC_PATH�
SUPHP_PATHr�r�r�r>r\rmrqr|r�r�rvr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rr/rVrmr�ryr�r�r�r�r�r�r�r�r�r�r"r�r�r�r�r�r�rr�rr!r(r,r/rDrCrA�<module>rCs�	������
�
�
�
�����	�	�	�	�
�
�
�
�
�
�
�
�	�	�	�	�����
�
�
�
�����"�"�"�"�"�"�������������0�0�0�0�0�0�0�0�0�0�0�0�����:�:�:�:�:�:�1�1�1�1�1�1�1�1�>�>�>�>�>�>�>�>�N�N�N�N�N�N�N�N���������L�K�K�K�K�K�K�K�2�2�2�2�2�2�>�>�>�>�>�>�>�>�������������������/�.�.�.�.�.�*�*�*�*�*�*�
��	��
��+��C��"A��(��J��G�5E�G�G��p��'��S��]��
�J��
�
��
�
�	�-�$�%�
�$�#�"�#�!�
�
��&�#�0�
�#�"�!�"� �
�
�
����2��$�$��� �
�3��%�%���!�/��*���������,����@���������
��^���������E�$���
�*=�$>�����D���.
��
'�(�(�"7�"7�)�(�"7�J�s��s��y�����B
��
L�M�M��%�H�H�&�%���N�M�H�
��
K�L�L��%�A�A�&�%���M�L�A�*
��
F�G�G��%�A�A�&�%���H�G�A�
��
t�u�u��%�s�s�&�%���v�u�s�"
��
P�Q�Q�"�"�R�Q�"�(
��
S�T�T��N�N���U�T�N�0,�,�,�2
��
+�,�,�;�;�-�,�;�
��
*�+�+�:�:�,�+�:�
��
*�+�+�e�e�,�+�e�
��
9�:�:��=�=���;�:�=�$
��
3�4�4�V0�V0�5�4�V0�r
��
&�'�'��*U�*U���(�'�*U�Z
��
5�6�6��BE�BE���7�6�BE�J
��
3�4�4��)�)���5�4�)�@4��+�
�P�P�P��!�!�!�����D������
��
1�2�2���3�2��.
��
5�6�6�%�%�7�6�%�P
��
-�.�.�-�-�/�.�-�"*�*�*������
�����.�S������S������c��c�����@���
��������$���"
��
V�W�W��c-�c-���X�W�c-�L
�
�
�
� �t�����H�D��&�1A�,B�H�H�H�H�2�t�H�V�DT�?U��Z^�����<
��
0�1�1��)�)���2�1�)�2
��
+�,�,��)�y�)�)�)���-�,�)�)�)rC