AlkantarClanX12
Current Path : /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/subsys/ |
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/subsys/pure_ftpd.py |
""" This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see <https://www.imunify360.com/legal/eula> """ import logging import os import subprocess import psutil from defence360agent.utils import ( atomic_rewrite, is_systemd_boot, check_exit_code, check_run, retry_on, run, ) from defence360agent.utils.kwconfig import KWConfig logger = logging.getLogger(__name__) class PureFTPBaseConfig(KWConfig): SEARCH_PATTERN = r"^\s*?{}\s+(.*?)\s*?$" WRITE_PATTERN = "{} {}" DEFAULT_FILENAME = "/etc/pure-ftpd.conf" async def uploadscript_enable(): if not is_systemd_boot(): # for CentOS/CloudLinux 6 await run( ["start", "imunify360-pure"], stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, ) atomic_rewrite("/etc/init/imunify360-pure.override", "", backup=False) else: await check_run(["systemctl", "enable", "imunify360-pure"]) await check_run(["systemctl", "start", "imunify360-pure"]) async def uploadscript_disable(): if not is_systemd_boot(): # for CentOS/CloudLinux 6 await run( ["stop", "imunify360-pure"], stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, ) atomic_rewrite( "/etc/init/imunify360-pure.override", "start on manual\n", backup=False, ) else: await check_run(["systemctl", "stop", "imunify360-pure"]) await check_run(["systemctl", "disable", "imunify360-pure"]) async def uploadscript_status(): if not is_systemd_boot(): # for CentOS/CloudLinux 6 _, out, _ = await run(["status", "imunify360-pure"]) return "start/running" in out.decode() else: rc, _, _ = await run(["systemctl", "status", "imunify360-pure"]) return rc == 0 async def restart(): if not is_systemd_boot(): # for CentOS/CloudLinux 6 await check_exit_code(["/etc/init.d/pure-ftpd", "restart"]) else: try: await check_run(["systemctl", "restart", "pure-ftpd"]) except Exception as err: if err.args and err.args[0] == 5: logger.warning( "%s\nService pure-ftpd is probably deactivated.", repr(err) ) else: raise @retry_on(FileNotFoundError, max_tries=10) def thirdparty_uploadscript(): imunify_scripts = [ "/opt/alt/python35/share/imunify360/scripts/pure_scan.sh", "/opt/alt/python35/share/imunify360/scripts/pureftpd-on-upload", "/usr/share/imunify360/scripts/pureftpd-on-upload", ] it = psutil.process_iter(attrs=["exe", "cmdline"]) while True: try: proc = next(it) except StopIteration: break except FileNotFoundError as e: logger.warning("File not found during process iter: %s", e) raise else: if proc.info["exe"] == "/usr/sbin/pure-uploadscript" and all( proc.info["cmdline"] and script not in proc.info["cmdline"] for script in imunify_scripts ): return " ".join(proc.info["cmdline"]) return None # not found def detect(): return os.path.isfile("/usr/sbin/pure-ftpd") and os.access( "/usr/sbin/pure-ftpd", os.X_OK ) def get_pureftpd_configs(hosting_panel): configs = [PureFTPBaseConfig] if ( hosting_panel.is_installed() and hosting_panel.pure_ftp_conf_cls is not None ): configs.append(hosting_panel.pure_ftp_conf_cls) return configs async def enable_scan_in_config(hosting_panel): configs = get_pureftpd_configs(hosting_panel) for cls in configs: try: cls("CallUploadScript").set("yes") except OSError as e: logger.warning("Error when accessing pureftp config: %s", e) # this is required to update pure-ftpd config await restart() def scan_in_config_enabled(hosting_panel): configs = get_pureftpd_configs(hosting_panel) for cls in configs: try: value = cls("CallUploadScript").get() if value is None or value.strip() == "no": return False except OSError as e: logger.warning("Error when accessing pureftp config: %s", e) return False return True async def disable_purescan(hosting_panel): if thirdparty_uploadscript() is None: configs = get_pureftpd_configs(hosting_panel) for cls in configs: try: cls("CallUploadScript").set("no") except OSError as e: logger.warning("Error when accessing pureftp config: %s", e) # this is required to update pure-ftpd config await restart() await uploadscript_disable()