Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

403WebShell
403Webshell
Server IP : 66.29.132.124  /  Your IP : 3.145.110.145
Web Server : LiteSpeed
System : Linux business141.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : wavevlvu ( 1524)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /opt/cloudlinux/venv/lib/python3.11/site-packages/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /opt/cloudlinux/venv/lib/python3.11/site-packages/clsetuplib.py
# -*- coding: utf-8 -*-

# CLSETUP python lib

#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

# Classes:
#
# Kernel
# check min kernel for securelinks

# Setup:
#
# setup apache gid for securelinks
# setup nagios

import grp
import os
import pwd
import subprocess
import sys

import cldetectlib
from cl_proc_hidepid import remount_proc
from clcommon.sysctl import SYSCTL_CL_CONF_FILE, SysCtlConf


# Kernel Version Class
class KernelVersion:
    _SECURELINKS_MIN_KERNEL = ['1','1','95']
    _system_kernel = ''
    _cl_kernel = True

    def __init__(self):
        with subprocess.Popen(
            ['uname', '-r'],
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
        ) as proc:
            out, _ = proc.communicate()
            if proc.returncode != 0:
                print('error: subprocess call error. Cant\'t get current kernel version')
                sys.exit(1)
            if out.find('lve') != -1:
                self._system_kernel = out.split('lve')[1].split('el')[0][:-1].strip().split('.')
                print(self._system_kernel)
            else:
                self._cl_kernel = False

    # Check if system kernel newer then securelinks min kernel
    def securelinks_kernel_requirement(self):
        if self._cl_kernel:
            return (
                self._system_kernel >= self._SECURELINKS_MIN_KERNEL
                and os.path.isfile('/proc/sys/fs/symlinkown_gid')
            )
        print('error: Feature is not supported on non CL kernel.')
        sys.exit(1)


    # return _SECURELINKS_MIN_KERNEL
    def get_securelinks_min_kernel(self):
        return 'lve' + '.'.join(self._SECURELINKS_MIN_KERNEL)


sysctl = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE)


def set_securelinks_gid(apache_gid):
    """
    Change /etc/sysctl.conf for apache gid
    :param apache_gid: id of apache's group
    :return: None
    """

    symlink_command = 'fs.symlinkown_gid'
    sysctl.set(symlink_command, apache_gid)


def _add_to_super_gid(user):
    """
    Add user to the group specified by fs.proc_super_gid.
    If fs.proc_super_gid is 0 (means undefined) or group doesn't really exists
    then create "clsupergid" group, configure it as fs.proc_super_gid and
    add user to this group
    """
    sgid_key = 'fs.proc_super_gid'
    try:
        # sysctl.get may return empty string in some cases like cldeploy
        # when CL kernel is not loaded yet and proc has no such param
        proc_super_gid = int(sysctl.get(sgid_key))
    except ValueError:
        proc_super_gid = 0

    try:
        # Check that group with this gid really exists, and if not, then reset
        # it to undefined so it will be replaced with clsupergid below
        grp.getgrgid(proc_super_gid).gr_name
    except KeyError:
        proc_super_gid = 0

    if proc_super_gid == 0:
        # Create and configure group if it was undefined
        sgid_name = 'clsupergid'
        subprocess.run(f'groupadd -f {sgid_name}',
                       shell=True, executable='/bin/bash', check=False)
        proc_super_gid = grp.getgrnam(sgid_name).gr_gid
        sysctl.set(sgid_key, proc_super_gid)
    # If user already in this group or it's primary group == proc_super_gid
    # this will do nothing
    subprocess.run(f'usermod -a -G {proc_super_gid} {user}',
                   shell=True, executable='/bin/bash', check=False)


def setup_nagios(do_remount_proc=True):
    """
    Add nagios to configured fs.proc_super_gid group
    """
    if not cldetectlib.get_nagios():
        return  # Nothing to do

    _add_to_super_gid('nagios')

    # CAG-796: use hidepid=2 when mounting /proc
    if do_remount_proc:
        remount_proc()


def setup_mailman():
    """
    Detect "mailman" and add it to fs.proc_super_gid group
    """
    if not os.path.isdir('/usr/local/cpanel/3rdparty/mailman'):
        return

    try:
        pwd.getpwnam('mailman')
    except KeyError:
        return

    _add_to_super_gid('mailman')


def setup_supergids():
    """
    Configure "special" users to be in fs.proc_super_gid group, if it's
    necessary.
    If this GID was undefined(0) then create and setup special clsupergid group
    """
    setup_nagios(do_remount_proc=False)
    setup_mailman()

    # CAG-796: use hidepid=2 when mounting /proc
    remount_proc()

Youez - 2016 - github.com/yon3zu
LinuXploit