D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
imunify360
/
venv
/
lib
/
python3.11
/
site-packages
/
defence360agent
/
migrations
/
Filename :
112_hardened_php.py
back
Copy
import contextlib import logging import os import os.path from defence360agent.utils import importer chattr = importer.get( module="imav.malwarelib.utils", name="chattr", default=None ) logger = logging.getLogger(__name__) ALT_PHP = "imunify360-alt-php.repo" EA_PHP = "imunify360-ea-php-hardened.repo" REPOS_DIR = "/etc/yum.repos.d/" def irrelevant_repos(release): if "cloudlinux" in release: # CloudLinux doesn't need either return {ALT_PHP, EA_PHP} elif os.path.exists("/usr/local/cpanel/cpanel"): # cPanel does not need alt-php return set([ALT_PHP]) else: # ea-php is only for cPanel return set([EA_PHP]) def fix_permissions(): for repo_name in [ALT_PHP, EA_PHP]: path = REPOS_DIR + repo_name if not os.path.exists(path): continue with open(path) as f: chattr.subtract_flags(f.fileno(), chattr.FS_IMMUTABLE_FL) os.chmod(f.fileno(), 0o644) def do_migrate(): if not os.path.exists("/etc/redhat-release"): # we do not have to do anything on Ubuntu systems return with open("/etc/redhat-release") as f: release = f.read().lower() fix_permissions() for repo_name in irrelevant_repos(release): with contextlib.suppress(FileNotFoundError): os.unlink(REPOS_DIR + repo_name) def migrate(migrator, database, fake=False, **kwargs): if fake: return try: do_migrate() except Exception: logger.exception("Failed to clean up HardenedPHP repositories") def rollback(migrator, database, fake=False, **kwargs): pass