2017-04-25 16:45:34 +01:00
|
|
|
"""
|
|
|
|
|
security.py: defines security services (vpnclient, vpnserver, ipsec and
|
2013-08-29 15:21:13 +01:00
|
|
|
firewall)
|
2017-04-25 16:45:34 +01:00
|
|
|
"""
|
2013-08-29 15:21:13 +01:00
|
|
|
|
2017-04-25 16:45:34 +01:00
|
|
|
from core import constants
|
|
|
|
|
from core.misc import log
|
|
|
|
|
from core.service import CoreService
|
|
|
|
|
from core.service import ServiceManager
|
|
|
|
|
|
|
|
|
|
logger = log.get_logger(__name__)
|
2013-08-29 15:21:13 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class VPNClient(CoreService):
|
|
|
|
|
_name = "VPNClient"
|
|
|
|
|
_group = "Security"
|
2017-04-25 16:45:34 +01:00
|
|
|
_configs = ('vpnclient.sh',)
|
2013-08-29 15:21:13 +01:00
|
|
|
_startindex = 60
|
|
|
|
|
_startup = ('sh vpnclient.sh',)
|
|
|
|
|
_shutdown = ("killall openvpn",)
|
2017-04-25 16:45:34 +01:00
|
|
|
_validate = ("pidof openvpn",)
|
2013-08-29 15:21:13 +01:00
|
|
|
_custom_needed = True
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def generateconfig(cls, node, filename, services):
|
2017-04-25 16:45:34 +01:00
|
|
|
"""
|
|
|
|
|
Return the client.conf and vpnclient.sh file contents to
|
|
|
|
|
"""
|
2013-08-29 15:21:13 +01:00
|
|
|
cfg = "#!/bin/sh\n"
|
|
|
|
|
cfg += "# custom VPN Client configuration for service (security.py)\n"
|
2017-04-25 16:45:34 +01:00
|
|
|
fname = "%s/examples/services/sampleVPNClient" % constants.CORE_DATA_DIR
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
try:
|
|
|
|
|
cfg += open(fname, "rb").read()
|
2017-04-25 16:45:34 +01:00
|
|
|
except IOError:
|
|
|
|
|
logger.exception("Error opening VPN client configuration template (%s)", fname)
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
return cfg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class VPNServer(CoreService):
|
|
|
|
|
_name = "VPNServer"
|
|
|
|
|
_group = "Security"
|
2017-04-25 16:45:34 +01:00
|
|
|
_configs = ('vpnserver.sh',)
|
2013-08-29 15:21:13 +01:00
|
|
|
_startindex = 50
|
|
|
|
|
_startup = ('sh vpnserver.sh',)
|
|
|
|
|
_shutdown = ("killall openvpn",)
|
2017-04-25 16:45:34 +01:00
|
|
|
_validate = ("pidof openvpn",)
|
2013-08-29 15:21:13 +01:00
|
|
|
_custom_needed = True
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def generateconfig(cls, node, filename, services):
|
2017-04-25 16:45:34 +01:00
|
|
|
"""
|
|
|
|
|
Return the sample server.conf and vpnserver.sh file contents to
|
|
|
|
|
GUI for user customization.
|
|
|
|
|
"""
|
2013-08-29 15:21:13 +01:00
|
|
|
cfg = "#!/bin/sh\n"
|
|
|
|
|
cfg += "# custom VPN Server Configuration for service (security.py)\n"
|
2017-04-25 16:45:34 +01:00
|
|
|
fname = "%s/examples/services/sampleVPNServer" % constants.CORE_DATA_DIR
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
try:
|
|
|
|
|
cfg += open(fname, "rb").read()
|
2017-04-25 16:45:34 +01:00
|
|
|
except IOError:
|
|
|
|
|
logger.exception("Error opening VPN server configuration template (%s)", fname)
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
return cfg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class IPsec(CoreService):
|
|
|
|
|
_name = "IPsec"
|
|
|
|
|
_group = "Security"
|
2017-04-25 16:45:34 +01:00
|
|
|
_configs = ('ipsec.sh',)
|
2013-08-29 15:21:13 +01:00
|
|
|
_startindex = 60
|
|
|
|
|
_startup = ('sh ipsec.sh',)
|
|
|
|
|
_shutdown = ("killall racoon",)
|
|
|
|
|
_custom_needed = True
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def generateconfig(cls, node, filename, services):
|
2017-04-25 16:45:34 +01:00
|
|
|
"""
|
|
|
|
|
Return the ipsec.conf and racoon.conf file contents to
|
|
|
|
|
GUI for user customization.
|
|
|
|
|
"""
|
2013-08-29 15:21:13 +01:00
|
|
|
cfg = "#!/bin/sh\n"
|
|
|
|
|
cfg += "# set up static tunnel mode security assocation for service "
|
|
|
|
|
cfg += "(security.py)\n"
|
2017-04-25 16:45:34 +01:00
|
|
|
fname = "%s/examples/services/sampleIPsec" % constants.CORE_DATA_DIR
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
try:
|
|
|
|
|
cfg += open(fname, "rb").read()
|
2017-04-25 16:45:34 +01:00
|
|
|
except IOError:
|
|
|
|
|
logger.exception("Error opening IPsec configuration template (%s)", fname)
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
return cfg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Firewall(CoreService):
|
|
|
|
|
_name = "Firewall"
|
|
|
|
|
_group = "Security"
|
2017-04-25 16:45:34 +01:00
|
|
|
_configs = ('firewall.sh',)
|
2013-08-29 15:21:13 +01:00
|
|
|
_startindex = 20
|
|
|
|
|
_startup = ('sh firewall.sh',)
|
|
|
|
|
_custom_needed = True
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def generateconfig(cls, node, filename, services):
|
2017-04-25 16:45:34 +01:00
|
|
|
"""
|
|
|
|
|
Return the firewall rule examples to GUI for user customization.
|
|
|
|
|
"""
|
2013-08-29 15:21:13 +01:00
|
|
|
cfg = "#!/bin/sh\n"
|
|
|
|
|
cfg += "# custom node firewall rules for service (security.py)\n"
|
2017-04-25 16:45:34 +01:00
|
|
|
fname = "%s/examples/services/sampleFirewall" % constants.CORE_DATA_DIR
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
try:
|
|
|
|
|
cfg += open(fname, "rb").read()
|
2017-04-25 16:45:34 +01:00
|
|
|
except IOError:
|
|
|
|
|
logger.exception("Error opening Firewall configuration template (%s)", fname)
|
|
|
|
|
|
2013-08-29 15:21:13 +01:00
|
|
|
return cfg
|
|
|
|
|
|
|
|
|
|
|
2017-04-25 16:45:34 +01:00
|
|
|
def load_services():
|
|
|
|
|
# this line is required to add the above class to the list of available services
|
|
|
|
|
ServiceManager.add(VPNClient)
|
|
|
|
|
ServiceManager.add(VPNServer)
|
|
|
|
|
ServiceManager.add(IPsec)
|
|
|
|
|
ServiceManager.add(Firewall)
|
