ok
Direktori : /opt/imunify360/venv/lib64/python3.11/site-packages/im360/plugins/protector/ |
Current File : //opt/imunify360/venv/lib64/python3.11/site-packages/im360/plugins/protector/import_wblist.py |
import asyncio import logging import os from defence360agent.contracts.config import AcronisBackup from defence360agent.utils import ensure_line_in_file_bytes from im360 import files from im360.contracts.plugins import IDSAwareMessageSink from im360.internals import strategy from im360.subsys import csf from im360.utils.net import OUT, TCP logger = logging.getLogger(__name__) class ExportWBList(IDSAwareMessageSink): STRATEGY = strategy.Strategy.CSF_COOP_STRATEGY AVAILABLE_ON_FREEMIUM = False async def create_sink(self, loop): self._loop = loop async def _allow_acronis_ports(self) -> bool: """ Puts Acronis ports to TCP_IN and TCP_OUT lists in csf.conf :return: """ ports = AcronisBackup.PORTS ranges = AcronisBackup.RANGE return csf.add_ports(TCP, OUT, *ports, ranges=ranges) async def activate(self): """ When switching to CSF mode, some critical addresses added to csf allow list :return: """ prefix = files.Index.files_path(files.WHITELISTS) ALLOW_LIST = os.path.join(prefix, "imunify360.txt") try: # add captcha ports to csf.conf csf_config_changed = await self._allow_acronis_ports() # NOTE: it assumes ascii-based locale encoding/fs (very likely) csf_config_changed |= ensure_line_in_file_bytes( csf.CSF_ALLOW_FILE, b"Include " + os.fsencode(ALLOW_LIST) ) if csf_config_changed: await csf.restart_all() self._mark_as_active() except asyncio.CancelledError: pass except Exception: logger.exception("Failed to activate %r plugin", self)