Hugging Face's logo

Spaces:
GGSheng
/
test
Running

App Files Community
test
File size: 6,343 Bytes
08c964e
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/python
#coding: utf-8
# -------------------------------------------------------------------
# 宝塔Linux面板
# -------------------------------------------------------------------
# Copyright (c) 2015-2099 宝塔软件(http://bt.cn) All rights reserved.
# -------------------------------------------------------------------
# Author: hwliang <hwl@bt.cn>
# -------------------------------------------------------------------

# -------------------------------------------------------------------
# 系统防火墙检测
# -------------------------------------------------------------------


import os,public,psutil
import re

_title = '系统防火墙检测'
_version = 1.0                              # 版本
_ps = "检测是否开启系统防火墙"               # 描述
_level = 2                                  # 风险级别: 1.提示(低)  2.警告(中)  3.危险(高)
_date = '2022-08-18'                        # 最后更新时间
_ignore = os.path.exists("data/warning/ignore/sw_firewall_open.pl")
_tips = [
    "在安全-系统防火墙中打开防火墙开关",
    "建议开启系统防火墙,以避免所有服务器端口暴露在互联网上,如服务器有【安全组】功能,请忽略此提示",
    "注意:开启系统防火墙需提前将需要开放的端口,特别是SSH和面板端口加入放行列表,否则可能导致服务器无法访问"
    ]

_help = ''
_remind = '此方案可以降低服务器暴露的风险面,增强对网站的防护。但是需要在端口规则处添加需要开放的端口,否则会导致网站无法访问。'


def check_run():
    '''
        @name 开始检测
        @author hwliang<2022-08-18>
        @return tuple (status<bool>,msg<string>)
    '''
    # if os.path.exists('/usr/sbin/firewalld') and os.path.exists('/usr/bin/yum'):
    #     res = public.ExecShell("ps -ef|grep firewalld|grep -v grep")[0]
    #     if res: return True,'无风险'
    #     res = public.ExecShell("systemctl is-active firewalld")[0]
    #     if res == "active": return True,'无风险'
    #     res = public.ExecShell("systemctl list-units | grep firewalld")[0]
    #     if res.find('active running') != -1: return True,'无风险'
    #     return False,'未开启系统防火墙,存在安全风险'
    # elif os.path.exists('/usr/sbin/ufw') and os.path.exists('/usr/bin/apt-get'):
    #     res = public.ExecShell("systemctl is-active ufw")[0]
    #     if res == "active": return True,'无风险'
    #     res = public.ExecShell("systemctl list-units | grep ufw")[0]
    #     if res.find('active running') != -1: return True,'无风险'
    #     res = public.ExecShell('/lib/ufw/ufw-init status')[0]
    #     if res.find("Firewall is not running") != -1: return False,'未开启系统防火墙,存在安全风险'
    #     res = public.ExecShell('ufw status verbose')[0]
    #     if res.find('inactive') != -1: return False,'未开启系统防火墙,存在安全风险'
    #     return True,'无风险'
    # else:
    #     res = public.ExecShell("/etc/init.d/iptables status")[0]
    #     if res.find('not running') != -1: return False,'未开启系统防火墙,存在安全风险'
    #     res = public.ExecShell("systemctl is-active iptables")[0]
    #     if res == "active": return True,'无风险'
    #     return True,'无风险'
    # import psutil
    if os.path.exists('/usr/sbin/firewalld'):
        for pid in psutil.pids():
            try:
                p = psutil.Process(pid)
                if '/usr/sbin/firewalld' in p.cmdline():
                    return True,'无风险'
            except:
                pass
        return False,'未开启系统防火墙,存在安全风险'
    elif os.path.exists('/usr/bin/firewalld'):
        for pid in psutil.pids():
            try:
                p = psutil.Process(pid)
                if '/usr/bin/firewalld' in p.cmdline():
                    return True, '无风险'
            except:
                pass
        return False, '未开启系统防火墙,存在安全风险'
    elif os.path.exists('/usr/sbin/ufw'):
        res = public.ExecShell("ufw status verbose|grep -E '(Status: active|激活)'")
        if res[0].strip():
            return True, '无风险'
        else:
            return False, '未开启系统防火墙,存在安全风险'
    elif os.path.exists('/sbin/ufw'):
        res = public.ExecShell("/sbin/ufw status |grep -E '(Status: active|激活)'")
        if res[0].strip():
            return True, '无风险'
        else:
            return False, '未开启系统防火墙,存在安全风险'
    elif os.path.exists('/usr/sbin/iptables'):
        res = public.ExecShell("service iptables status|grep 'Chain INPUT'")
        if res[0].strip():
            return True, '无风险'
        else:
            return False, '未开启系统防火墙,存在安全风险'
    return False, '未安装系统防火墙,存在安全风险'

    # firewall_files = {'/usr/sbin/firewalld': "pid", '/usr/bin/firewalld': "pid",
    #                   '/usr/sbin/ufw': "ufw status verbose|grep -E '(Status: active|激活)'",
    #                   '/sbin/ufw': "/sbin/ufw status |grep -E '(Status: active|激活)'",
    #                   '/usr/sbin/iptables': "service iptables status|grep 'Chain INPUT'"}
    # for f in firewall_files.keys():
    #     if not os.path.exists(f): continue
    #     _cmd = firewall_files[f]
    #     if _cmd != "pid":
    #         res = public.ExecShell(_cmd)
    #         if res[0].strip():
    #             return True,'无风险'
    #         else:
    #             return False,'未开启系统防火墙,存在安全风险'
    #     for pid in psutil.pids():
    #         try:
    #             p = psutil.Process(pid)
    #             if f in p.cmdline():
    #                 return True,'无风险'
    #         except:
    #             pass
    #     return False,'未开启系统防火墙,存在安全风险'
    # return False,'未安装系统防火墙,存在安全风险'
    # status = public.get_firewall_status()
    # if status == 1:
    #     return True,'无风险'
    # elif status == -1:
    #     return False,'未安装系统防火墙,存在安全风险'
    # else:
    #     return False,'未开启系统防火墙,存在安全风险'