Your IP : 216.73.216.101


Current Path : /opt/sharedrads/__pycache__/
Upload File :
Current File : //opt/sharedrads/__pycache__/modsec_disable.cpython-313.pyc

�

iXMj�,��D�SrSSKrSSKrSSKrSSKJr SSKrSSKrSSKJ	r	J
r
Jr \"S5rS\
4SjrS\S	\\S
\S\S\\4
S
jrS\S\S\4SjrS\S\S\4SjrS\S\4SjrS\S\4SjrSrSrS\
4SjrSrSrS\4SjrSrSr\S:Xa\"5 gg)z?Disable modsec rules for Cpanel or PlatformI users and domains.�N)�Path)�red�green�yellowz!/etc/ansible/wordpress-ultrastack�returnc�(�[R"SS/SSSS9nSWR;aEURRS	5S
nUR5SnURS5S$[[	S
55 [
R"S5 g![a- [[	S55 [
R"S5 N�[Ra- [[	S55 [
R"S5 N�f=f)zGet Apache version�	apachectlz-vT)�capture_output�text�checkz7apachectl not found. Please ensure Apache is installed.�zFailed to get Apache version.zServer version�
r��/zUnable to parse Apache version.N)
�
subprocess�run�FileNotFoundError�printr�sys�exit�CalledProcessError�stdout�split)�result�version_line�versions   �!/opt/sharedrads/modsec_disable.py�get_apache_versionrs���	����
�$���4�t�
���6�=�=�(��}�}�*�*�4�0��3���$�$�&�q�)���}�}�S�!�!�$�$�	�#�/�
0�1��H�H�Q�K����
�c�K�L�M�������(�(��
�c�1�2�3�������s�B�4D�=D�D�modsec_file�rule_ids�disable_all�reset�remove_rule_idsc�2�URRSSS9 UR5(aU(aURSSS9 U(aURS5 gU(aUHn[	X5 M gU(aUHn[X5 M gg)z3Update modsec.conf file based on provided argumentsT��parents�exist_ok��utf-8��encoding�SecRuleEngine Off
N)�parent�mkdir�exists�
write_text�disable_rule�remove_rule)rr r!r"r#�rule_ids      r�update_modsec_configurationr4$s��������T�D��9������5����r�G��4�����4�5�	��G���.� �	�&�G���-�'�
�r3c��SU3n[R"[R"U5S35nURSSS9nUHynUR	S5(a%[[
SUSUS	355  S
S
S
5 gURU5(dMV[[
SUS
US	355  S
S
S
5 g S
S
S
5 URSSS9nURUS35 S
S
S
5 [[SUSU355 g!,(df   NV=f![a Nef=f!,(df   NJ=f)zKAdd rules to modsec.conf, checks if the rule exists and skips it if
it does�SecRuleRemoveById �\b�r+r)r*�SecRuleEngine Offz3Modsec is disabled for all rules, so not disabling z in �.NF�Rule z! already disabled, not adding to �arz added to file: T)�re�compile�escape�open�
startswithrr�matchr�writer)rr3�	rule_text�matcher�file�lines      rr1r1<sQ��%�W�I�.�I��j�j�R�Y�Y�y�1�2�"�5�6�G�
�
�
�
�d�W�
�
5�����?�?�#6�7�7���)�)0�	��k�]�!�E���!�6�
5��=�=��&�&���#�G�9�-)�)4�
�Q�8���!�#6�
5��6�(
�	�	�#��	�	0�D��
�
�i�[��#�$�
1�	�%�%��y� 0��
�>�
?�@��/6�
5��$�
��
��	0�	0�sY�D%�8D�<D%�D�D�9D%�D�D%�D5�
D"�D%�"D%�%
D2�1D2�5
Ec�(�SnSU3n[R"[R"U5S35nURSSS9nUR	5nURS5 UR
5 UH.nURU5(aSnMURU5 M0 S	S	S	5 U(a[[S
USU355 U$[[S
USU355 U$!,(df   NM=f![a N\f=f)
z"Remove a rule from the modsec fileFr7r8r9r)r*rTNr<z removed from file: z was not in file: )
r>r?r@rA�	readlines�seek�truncaterCrDrrrr)rr3�changedrErFrG�contentsrHs        rr2r2\s���G�$�W�I�.�I��j�j�R�Y�Y�y�1�2�"�5�6�G�
�
�
�
�d�W�
�
5���~�~�'�H��I�I�a�L��M�M�O� ���=�=��&�&�"�G��J�J�t�$�	!�	6��
�e�e�G�9�$8��
�F�G�H��N�	�f�u�W�I�%7��}�E�F�G��N�6�
5���
��
�s0�D�A&C3�,D�3
D�=D�D�
D�Dc�V�SnURSSS9nUR5nURS5 UR5 UHDnUR	S5(dUR	S5(aSnM3URU5 MF SSS5 U$!,(df   U$=f)	NFr9r)r*r�SecRuleRemoveByIdr:T)rArJrKrLrBrD)rrMrGrNrHs     r�_resetrQts����G�	�	�	�$��	�	1�T��>�>�#���	�	�!���
�
���D����2�3�3�t���#�8�8����
�
�4� �
�	
2��N�
2�	1��N�s�A<B�
B(c�~�[U5nU(a[[SU355 U$![a SnN.f=f)zKRemove all SecRuleRemoveById and SecRuleEngine entries from the modsec
fileFzCAll SecRuleRemoveById and SecRuleEngine entries removed from file: )rQrrr)rrMs  r�reset_modsec_configurationrS�sR�����%���
���)�]�,�
�	
��N�������s�-�<�<c��[R"/SQSS9 [R"/SQSS9 [[S55 g)zRebuild and restart Apache)�#/usr/local/cpanel/bin/servers_queue�queue�build_apache_confF�r)rUrV�apache_restartz/Apache configuration and service reload queued.N)rrrr�r5r�cpanel_restart_apacher[�s8���N�N�M����N�N�J���
�%�A�
B�Cr5c��[R"SS/SS9 [R"/SQSS9 [[S55 g![Ra- [[	S55 [
R"S5 Nmf=f![Ra- [[	S	55 [
R"S5 gf=f)
Nr	z-tTrXzSyntax failed apache checkr
)�	systemctl�restart�httpdzApache restarted correctly.zApache failed to restart)rrrrrrrrrZr5r�platform_i_restart_apacher`�s��������T�*�$�7�����8��E�
�e�1�2�3���(�(��
�c�.�/�0���������(�(��
�c�,�-�.�������s"�A�+B
�>B�B�
>C�
C�userc��[R"SSUS/SS9 g![a g[Ra [	[SUS355 gf=f)	zRun ngxconf if it existsz/usr/bin/ngxconf�-uz-rdTrXz/usr/bin/ngxconf -u z -rd failedN)rr�OSErrorrrr)ras r�cpanel_run_ngxconfre�sV��=����*�D�$��>�d�K���
���(�(�=�
�c�(���k�:�;�<�=�s��
A�+A�Ac���[S5n[UURURURUR
S9 UR(a[
U5 [5 g)z?Function to handle platformI check and set the modsec file pathz8/etc/httpd/modsecurity.d/activated_rules/z-mycustom.conf)rr r!r"r#N)rr4�rule�offr"�droprSr`)�args�modsec_file_paths  r�platform_i_modsecrl�sM���V�W���$�����H�H��j�j��	�	���z�z�"�#3�4��r5c��[5nURS5(a[S5n[S5nO[URS5(a[S5n[S5nO.[[	SUS355 [
R"S	5 UR(a?WUR-UR-S
-nWUR-UR-S
-nO$WUR-S
-nWUR-S
-nURRSSS9 URRSSS9 URSS
9 URSS
9 SnURH+n[XG5=(d Un[XW5=(d UnM- URH+n[XG5=(d Un[XW5=(d UnM- UR (a�UR(a)[#U5=(d Un[#U5=(d UnOF[#X R-S
-5=(d Un[#X0R-S
-5=(d UnUR$(aSn['U5 ['U5 U(a [)UR5 [+5 g[[-S55 g!W(a [)UR5 [+5 f[[-S55 f=f)z[Cpanel function that sets the modsec.conf file based on the flags/args
passed to the scriptz2.4z'/usr/local/apache/conf/userdata/std/2_4z'/usr/local/apache/conf/userdata/ssl/2_4z2.z%/usr/local/apache/conf/userdata/std/2z%/usr/local/apache/conf/userdata/ssl/2zUnsupported Apache version r;r
zmodsec.confTr%)r'Fz Skipping reload; nothing changedN)rrBrrrrr�domainrar-r.�touchrgr1rir2r"rSrh�disable_all_rulesrer[r)rj�apache_version�std_dir�ssl_dir�std_conf�ssl_confrMr3s        r�
cpanel_modsecrv�sl��5>�+�-���$�$�U�+�+��D�E�G��D�E�G�
�
&�
&�t�
,�
,��B�C�G��B�C�G��#�3�N�3C�1�E�F�G��H�H�Q�K��;�;�$�t�y�y�0�4�;�;�>��N�H�$�t�y�y�0�4�;�;�>��N�H�$�t�y�y�0�=�@�H�$�t�y�y�0�=�@�H������d�T��:������d�T��:������%������%����y�y�G�"�8�5�@��G�"�8�5�@��G�!��y�y�G�!�(�4�?��G�!�(�4�?��G�!��:�:��{�{�4�X�>�I�'��4�X�>�I�'��/�w���/B�]�/R�S����
/�w���/B�]�/R�S�����8�8��G��h�'��h�'���t�y�y�)�!�#��&�;�<�=��	��t�y�y�)�!�#��&�;�<�=�s�J
K�=Lc���[U5 URSSS9nURS5 SSS5 [[	SU355 g!,(df   N&=f![
a gf=f)z,Function to disable all rules in modsec.confr=r)r*r,NzAll rules disabled in file: )rQrArDrrr)rrGs  rrprpsg��
��{��
�
�
�c�G�
�
4���J�J�,�-�5�
�e�2�;�-�@�A�B�5�
4���
��
�s'�A �A�A �
A�A � 
A-�,A-c	��[R"[S9n[R	5(d?URSS[SSS9 URSS[S	S
9 URSSS
SS9 URSSS
SS9 URSS[S/SS9 URSSS
SS9 URSSS[/SS9 UR5$)zParse sys.argv)�descriptionrcz--userTzCPanel user this is for)�type�required�helpz-dz--domainzThe domain to modify rules for)rzr|z-az--all�
store_truez)Apply changes to all domains for the user)�actionr|z-oz--offzDisable all rulesz-rz--rule�+zSpecific rule IDs to disable)rz�nargs�defaultr|z-Rz--resetzReset the modsec configurationz-Dz--dropz<Drop/Remove a specific rule ID from the modsec configuration)r�rzr�r|)	�argparse�ArgumentParser�__doc__�
PLATFORM_Ir/�add_argument�str�int�
parse_args)�parsers rr�r�s���
$�
$��
9�F����������(��t�*�	�	
�	����*�3�1�	�	
�	����'�,�<�	�	
�����g�l�1D�������h�S��R�
+�������i��
-�������h�c��R�
K���
����r5c��[5n[R"5 [R	5(a
[U5 GOUR(d*[[S55 [R"S5 [R"UR5(d7[[URS355 [R"S5 UR(ag[R"UR5nXR:wa8[[SURS355 [R"S5 [U5 SSS5 g!,(df   g=f![Ra- [[S55 [R"S5 gf=f)zNMain function to parse arguments and run needed functions based on
server typez7The --user (-u) flag is required for CPanel operations.r
z is not a valid cPanel userz+The domain passed is not valid or owned by r;Nz=Another instance of the script is currently running. Exiting.)r��rads�lockr�r/rlrarrrr�	is_cpuserrn�whoownsrv�	LockError)rj�
verify_domains  r�mainr�3s���<�D��
�Y�Y�[�� � �"�"�!�$�'��	�	��#�W�X�Y��H�H�Q�K����t�y�y�1�1��#�����+F�G�H�I��H�H�Q�K��K�K�$(�L�L����$=�M�$�	�	�1��c�$O�PT�PY�PY�{�Z[�"\�]�^�������t�$��[�[��$�>�>��
�c�Q�R�S�������s/�E<�EE+�"E<�+
E9�5E<�9E<�<>F=�<F=�__main__) r�r>rr��pathlibrrr��
rads.colorrrrr�r�r�listr��boolr4r1r2rQrSr[r`rerlrvrpr�r��__name__rZr5r�<module>r�s��E�
����
��)�)�
�5�
6�
��C��(.��.��3�i�.��.��	.�
�#�Y�.�0�d��S��T��@�T��C��D��0
��
��
� �D��T��"
D��=�S�=� �8>�v
�4�
�!�H�8�z���F�r5