관리-도구

편집 파일: 112_hardened_php.py

import contextlib import logging import os import os.path from defence360agent.utils import importer chattr = importer.get( module="imav.malwarelib.utils", name="chattr", default=None ) logger = logging.getLogger(__name__) ALT_PHP = "imunify360-alt-php.repo" EA_PHP = "imunify360-ea-php-hardened.repo" REPOS_DIR = "/etc/yum.repos.d/" def irrelevant_repos(release): if "cloudlinux" in release: # CloudLinux doesn't need either return {ALT_PHP, EA_PHP} elif os.path.exists("/usr/local/cpanel/cpanel"): # cPanel does not need alt-php return set([ALT_PHP]) else: # ea-php is only for cPanel return set([EA_PHP]) def fix_permissions(): for repo_name in [ALT_PHP, EA_PHP]: path = REPOS_DIR + repo_name if not os.path.exists(path): continue with open(path) as f: chattr.subtract_flags(f.fileno(), chattr.FS_IMMUTABLE_FL) os.chmod(f.fileno(), 0o644) def do_migrate(): if not os.path.exists("/etc/redhat-release"): # we do not have to do anything on Ubuntu systems return with open("/etc/redhat-release") as f: release = f.read().lower() fix_permissions() for repo_name in irrelevant_repos(release): with contextlib.suppress(FileNotFoundError): os.unlink(REPOS_DIR + repo_name) def migrate(migrator, database, fake=False, **kwargs): if fake: return try: do_migrate() except Exception: logger.exception("Failed to clean up HardenedPHP repositories") def rollback(migrator, database, fake=False, **kwargs): pass