diff --git a/dns/dnsManager.py b/dns/dnsManager.py index 7920544fd..bd019b93a 100755 --- a/dns/dnsManager.py +++ b/dns/dnsManager.py @@ -1350,8 +1350,7 @@ def ResetDNSConfigurations(self): logging.CyberCPLogFileWriter.statusWriter(self.extraArgs['tempStatusPath'], 'Fixing permissions..,90') - from plogical.upgrade import Upgrade - Upgrade.fixPermissions() + ACLManager.fixPermissions() logging.CyberCPLogFileWriter.statusWriter(self.extraArgs['tempStatusPath'], 'Completed [200].') except BaseException as msg: diff --git a/ftp/ftpManager.py b/ftp/ftpManager.py index 0def4262c..f71f47dbb 100755 --- a/ftp/ftpManager.py +++ b/ftp/ftpManager.py @@ -628,8 +628,7 @@ def ResetFTPConfigurations(self): logging.CyberCPLogFileWriter.statusWriter(self.extraArgs['tempStatusPath'], 'Fixing permissions..,90') - from plogical.upgrade import Upgrade - Upgrade.fixPermissions() + ACLManager.fixPermissions() logging.CyberCPLogFileWriter.statusWriter(self.extraArgs['tempStatusPath'], 'Completed [200].') except BaseException as msg: diff --git a/plogical/acl.py b/plogical/acl.py index c20537719..e6d82da30 100644 --- a/plogical/acl.py +++ b/plogical/acl.py @@ -1,5 +1,7 @@ #!/usr/local/CyberCP/bin/python import os,sys +import random +import string from ApachController.ApacheVhosts import ApacheVhost from manageServices.models import PDNSStatus @@ -1096,6 +1098,250 @@ def ISARM(): else: return False + #### if you update this function needs to update this function on plogical.acl.py as well + @staticmethod + def fixPermissions(): + try: + + try: + def generate_pass(length=14): + chars = string.ascii_uppercase + string.ascii_lowercase + string.digits + size = length + return ''.join(random.choice(chars) for x in range(size)) + + content = """SetPassword('%s'); +echo $oConfig->Save() ? 'Done' : 'Error'; + +?>""" % (generate_pass()) + + writeToFile = open('/usr/local/CyberCP/public/snappymail.php', 'w') + writeToFile.write(content) + writeToFile.close() + + command = "chown -R lscpd:lscpd /usr/local/lscp/cyberpanel/snappymail/data" + ProcessUtilities.executioner(command, 'root', True) + + except: + pass + + + command = "usermod -G lscpd,lsadm,nobody lscpd" + ProcessUtilities.executioner(command, 'root', True) + + command = "usermod -G lscpd,lsadm,nogroup lscpd" + ProcessUtilities.executioner(command, 'root', True) + + ###### fix Core CyberPanel permissions + + command = "find /usr/local/CyberCP -type d -exec chmod 0755 {} \;" + ProcessUtilities.executioner(command, 'root', True) + + command = "find /usr/local/CyberCP -type f -exec chmod 0644 {} \;" + ProcessUtilities.executioner(command, 'root', True) + + command = "chmod -R 755 /usr/local/CyberCP/bin" + ProcessUtilities.executioner(command, 'root', True) + + ## change owner + + command = "chown -R root:root /usr/local/CyberCP" + ProcessUtilities.executioner(command, 'root', True) + + ########### Fix LSCPD + + command = "find /usr/local/lscp -type d -exec chmod 0755 {} \;" + ProcessUtilities.executioner(command, 'root', True) + + command = "find /usr/local/lscp -type f -exec chmod 0644 {} \;" + ProcessUtilities.executioner(command, 'root', True) + + command = "chmod -R 755 /usr/local/lscp/bin" + ProcessUtilities.executioner(command, 'root', True) + + command = "chmod -R 755 /usr/local/lscp/fcgi-bin" + ProcessUtilities.executioner(command, 'root', True) + + command = "chown -R lscpd:lscpd /usr/local/CyberCP/public/phpmyadmin/tmp" + ProcessUtilities.executioner(command, 'root', True) + + ## change owner + + command = "chown -R root:root /usr/local/lscp" + ProcessUtilities.executioner(command, 'root', True) + + command = "chown -R lscpd:lscpd /usr/local/lscp/cyberpanel/rainloop" + ProcessUtilities.executioner(command, 'root', True) + + command = "chmod 700 /usr/local/CyberCP/cli/cyberPanel.py" + ProcessUtilities.executioner(command, 'root', True) + + command = "chmod 700 /usr/local/CyberCP/plogical/upgradeCritical.py" + ProcessUtilities.executioner(command, 'root', True) + + command = "chmod 755 /usr/local/CyberCP/postfixSenderPolicy/client.py" + ProcessUtilities.executioner(command, 'root', True) + + command = "chmod 640 /usr/local/CyberCP/CyberCP/settings.py" + ProcessUtilities.executioner(command, 'root', True) + + command = "chown root:cyberpanel /usr/local/CyberCP/CyberCP/settings.py" + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod +x /usr/local/CyberCP/CLManager/CLPackages.py' + ProcessUtilities.executioner(command, 'root', True) + + files = ['/etc/yum.repos.d/MariaDB.repo', '/etc/pdns/pdns.conf', '/etc/systemd/system/lscpd.service', + '/etc/pure-ftpd/pure-ftpd.conf', '/etc/pure-ftpd/pureftpd-pgsql.conf', + '/etc/pure-ftpd/pureftpd-mysql.conf', '/etc/pure-ftpd/pureftpd-ldap.conf', + '/etc/dovecot/dovecot.conf', '/usr/local/lsws/conf/httpd_config.xml', + '/usr/local/lsws/conf/modsec.conf', '/usr/local/lsws/conf/httpd.conf'] + + for items in files: + command = 'chmod 644 %s' % (items) + ProcessUtilities.executioner(command, 'root', True) + + impFile = ['/etc/pure-ftpd/pure-ftpd.conf', '/etc/pure-ftpd/pureftpd-pgsql.conf', + '/etc/pure-ftpd/pureftpd-mysql.conf', '/etc/pure-ftpd/pureftpd-ldap.conf', + '/etc/dovecot/dovecot.conf', '/etc/pdns/pdns.conf', '/etc/pure-ftpd/db/mysql.conf', + '/etc/powerdns/pdns.conf'] + + for items in impFile: + command = 'chmod 600 %s' % (items) + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 640 /etc/postfix/*.cf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 640 /etc/dovecot/*.conf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 640 /etc/dovecot/dovecot-sql.conf.ext' + ProcessUtilities.executioner(command, 'root', True) + + fileM = ['/usr/local/lsws/FileManager/', '/usr/local/CyberCP/install/FileManager', + '/usr/local/CyberCP/serverStatus/litespeed/FileManager', + '/usr/local/lsws/Example/html/FileManager'] + + import shutil + for items in fileM: + try: + shutil.rmtree(items) + except: + pass + + command = 'chmod 755 /etc/pure-ftpd/' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 644 /etc/dovecot/dovecot.conf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 644 /etc/postfix/main.cf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 644 /etc/postfix/dynamicmaps.cf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod +x /usr/local/CyberCP/plogical/renew.py' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod +x /usr/local/CyberCP/CLManager/CLPackages.py' + ProcessUtilities.executioner(command, 'root', True) + + clScripts = ['/usr/local/CyberCP/CLScript/panel_info.py', + '/usr/local/CyberCP/CLScript/CloudLinuxPackages.py', + '/usr/local/CyberCP/CLScript/CloudLinuxUsers.py', + '/usr/local/CyberCP/CLScript/CloudLinuxDomains.py' + , '/usr/local/CyberCP/CLScript/CloudLinuxResellers.py', + '/usr/local/CyberCP/CLScript/CloudLinuxAdmins.py', + '/usr/local/CyberCP/CLScript/CloudLinuxDB.py', '/usr/local/CyberCP/CLScript/UserInfo.py'] + + for items in clScripts: + command = 'chmod +x %s' % (items) + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 600 /usr/local/CyberCP/plogical/adminPass.py' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 600 /etc/cagefs/exclude/cyberpanelexclude' + ProcessUtilities.executioner(command, 'root', True) + + command = "find /usr/local/CyberCP/ -name '*.pyc' -delete" + ProcessUtilities.executioner(command, 'root', True) + + if ProcessUtilities.decideDistro() == ProcessUtilities.centos or ProcessUtilities.decideDistro() == ProcessUtilities.cent8: + command = 'chown root:pdns /etc/pdns/pdns.conf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 640 /etc/pdns/pdns.conf' + ProcessUtilities.executioner(command, 'root', True) + else: + command = 'chown root:pdns /etc/powerdns/pdns.conf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 640 /etc/powerdns/pdns.conf' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 640 /usr/local/lscp/cyberpanel/logs/access.log' + ProcessUtilities.executioner(command, 'root', True) + + command = '/usr/local/lsws/lsphp72/bin/php /usr/local/CyberCP/public/snappymail.php' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 600 /usr/local/CyberCP/public/snappymail.php' + ProcessUtilities.executioner(command, 'root', True) + + ### + + WriteToFile = open('/etc/fstab', 'a') + WriteToFile.write('proc /proc proc defaults,hidepid=2 0 0\n') + WriteToFile.close() + + command = 'mount -o remount,rw,hidepid=2 /proc' + ProcessUtilities.executioner(command, 'root', True) + + ### + + CentOSPath = '/etc/redhat-release' + openEulerPath = '/etc/openEuler-release' + + if not os.path.exists(CentOSPath) or not os.path.exists(openEulerPath): + group = 'nobody' + else: + group = 'nogroup' + + command = 'chown root:%s /usr/local/lsws/logs' % (group) + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 750 /usr/local/lsws/logs' + ProcessUtilities.executioner(command, 'root', True) + + ## symlink protection + + writeToFile = open('/usr/lib/sysctl.d/50-default.conf', 'a') + writeToFile.writelines('fs.protected_hardlinks = 1\n') + writeToFile.writelines('fs.protected_symlinks = 1\n') + writeToFile.close() + + command = 'sysctl --system' + ProcessUtilities.executioner(command, 'root', True) + + command = 'chmod 700 %s' % ('/home/cyberpanel') + ProcessUtilities.executioner(command, 'root', True) + + destPrivKey = "/usr/local/lscp/conf/key.pem" + + command = 'chmod 600 %s' % (destPrivKey) + ProcessUtilities.executioner(command, 'root', True) + + + + except BaseException as msg: + logging.writeToFile(str(msg) + " [fixPermissions]") diff --git a/plogical/upgrade.py b/plogical/upgrade.py index c8e417edb..0546c22a2 100755 --- a/plogical/upgrade.py +++ b/plogical/upgrade.py @@ -2314,6 +2314,7 @@ def FixRSPAMDConfig(): command = 'systemctl restart postfix && systemctl restart rspamd' Upgrade.executioner(command, 'postfix and rspamd restart', 0, True) + #### if you update this function needs to update this function on plogical.acl.py as well @staticmethod def fixPermissions(): try: