ok

Mini Shell

Direktori : /opt/imunify360/venv/lib/python3.11/site-packages/im360/plugins/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/im360/plugins/export_wblist.py

import asyncio
import logging
import os

from defence360agent.contracts.config import AcronisBackup
from defence360agent.utils import ensure_line_in_file_bytes
from im360 import files
from im360.contracts.plugins import IDSAwareMessageSink
from im360.internals import strategy
from im360.simple_rpc.resident_socket import send_to_socket
from im360.plugins.protector import RULES_CHECK_IN_PROGRESS
from im360.subsys import csf
from im360.utils.net import OUT, TCP

logger = logging.getLogger(__name__)


class ExportWBList(IDSAwareMessageSink):
    STRATEGY = strategy.Strategy.CSF_COOP_STRATEGY
    AVAILABLE_ON_FREEMIUM = False

    async def create_sink(self, loop):
        self._loop = loop

    async def _allow_acronis_ports(self) -> bool:
        """
        Puts Acronis ports to TCP_IN and TCP_OUT lists in csf.conf
        :return:
        """
        ports = AcronisBackup.PORTS
        ranges = AcronisBackup.RANGE
        return csf.add_ports(TCP, OUT, *ports, ranges=ranges)

    async def activate(self):
        """
        When switching to CSF mode, some critical addresses added to csf
        allow list
        :return:
        """
        prefix = files.Index.files_path(files.WHITELISTS)
        ALLOW_LIST = os.path.join(prefix, "imunify360.txt")
        try:
            # add captcha ports to csf.conf
            csf_config_changed = await self._allow_acronis_ports()
            if csf_config_changed:
                logger.info("Need to restart CSF to add acronis ports")

            # NOTE: it assumes ascii-based locale encoding/fs (very likely)
            if include_added := ensure_line_in_file_bytes(
                csf.CSF_ALLOW_FILE, b"Include " + os.fsencode(ALLOW_LIST)
            ):
                logger.info("Need to restart CSF to include imunify360.txt")
            csf_config_changed |= include_added

            if csf_config_changed:
                logger.info("CSF config was changed, restarting CSF")
                while RULES_CHECK_IN_PROGRESS.exists():
                    await asyncio.sleep(1)
                await csf.restart_all()
                # on CSF restart we need to recheck rules immediately
                await send_to_socket(
                    msg={
                        "method": "RECREATE_RULES",
                    },
                    wait_for_response=False,
                )
            self._mark_as_active()
        except asyncio.CancelledError:
            pass
        except Exception:
            logger.exception("Failed to activate %r plugin", self)

Zerion Mini Shell 1.0