【已完成】我升级成了企业版后,安装了插件后,第二天NGINX
为了能快速了解并处理您的问题,请提供以下基础信息:面板、插件版本:Linux面板8.0.56 测试版系统版本:CentOS 8.2.2004 x86_64(Py3.7.9)
问题描述:我升级成了企业版后,安装了插件后,第二天NGINX就自动停止了,怎么重新启动也没用
相关截图(日志、错误):运行日志# 检查必选项参数是否为空 if path_id == None or type == None or content == None: return public.returnMsg(False, "参数错误") tamper_paths = self.get_tamper_paths() ''' 根据所传入的path_id, 在所有保护路径中找到对应的路径名 ''' for p in tamper_paths: if p["pid"] == int(path_id): path = p["path"] if path == None: return public.returnMsg(False, "未找到路径配置") # 获取web根目录 path_list = content.split('/') webpath = '/' + path_list + '/' + path_list + '/' + path_list + '/' public.print_log(path_list) public.print_log("webpath: " + webpath) public.print_log("content: " + content) if os.path.isfile(content): self.add_white_files(None, path_id, webpath, path_list[-1]) elif os.path.isdir(content): # 目录后面加一个/ if content[-1] != '/': content = content + '/' self.add_white_dirs(None, path_id, webpath, content) else: return public.returnMsg(False, "文件或目录不存在") return public.returnMsg(True, "加入白名单成功") def get_tamper_processes(self, args=None): ''' @brief 获取进程配置列表 @return list ''' tamper_config = self.read_config() if 'processes' not in tamper_config: return [] return tamper_config['processes'] def get_tamper_process_by_pid(self, args=None): ''' @brief 根据传入的关联的pid获取对应的进程配置 @param pid<int> 关联路径ID @return list ''' pid = -1 if args: if 'pid' in args: pid = args.get('pid') if pid == -1: return public.returnMsg(False, "传入参数错误, 关联路径不存在") result = [] tamper_config = self.read_config() if 'processes' not in tamper_config: return [] for item in tamper_config['processes']: if item['pid'] == int(args.pid): result.append(item) return result def get_ppid(self, tamper_config): ''' @brief 根据tamper.config中的已有的进程配置id获取一个新的ppid @param tamper_config<dict> 配置文件内容 @return 新的ppid ''' if 'processes' not in tamper_config: return 1 max_ppid = 1 for process_config in tamper_config['processes']: if max_ppid < process_config['ppid']: max_ppid = process_config['ppid'] return max_ppid + 1 def get_rid(self, process_config): ''' @brief 根据进程配置中已有的规则获取一个新的rid @param process_config 进程配置 @return 新的rid ''' if len(process_config['rules']) == 0: return 1 max_rid = 1 for rule in process_config['rules']: if max_rid < rule['rid']: max_rid = rule['rid'] return max_rid + 1 def get_path_by_pid(self, tamper_config, pid): ''' @brief 通过pid获得保护路径 @param tamper_config<string> 配置文件内容 @param pid<int> 路径ID ''' if not pid: return None relevant_path = None for item in tamper_config['paths']: if pid == item['pid']: relevant_path = item['path'] break return relevant_path def add_process_rule(self, args=None): ''' @brief 添加高级配置的单项规则 @param pattern<list> 子路径模式列表 @param rule_type<int> 匹配模式 1. 匹配后缀 2. 匹配中间路径 #param process<list> 受限进程列表 @param pid<int> 关联保护路径 @param is_read<int> 是否允许读 1. 不允许 0. 允许 @param is_modify<int> 是否允许修改 1. 不允许 0. 允许 @param is_chmod<int> 是否允许修改权限 1. 不允许 0. 允许 @param is_chown<int> 是否允许修改拥有者 1. 不允许 0. 允许 @param is_rename<int> 是否允许重命名1. 不允许 0. 允许 @param is_link<int> 是否允许创建软连接1. 不允许 0. 允许 @param ps<string> 规则备注 ''' ppid = None rid = None rule_type = None pattern = None process = None pid = None is_read = 1 is_modify = 1 is_chmod = 1 is_chown = 1 is_rename = 1 is_link = 1 ps = "" if args: if 'pattern' in args: pattern = json.loads(args.get('pattern')) if 'rule_type' in args: rule_type = int(args.get('rule_type')) if 'process' in args: process = json.loads(args.get('process')) if 'pid' in args: pid = int(args.get('pid')) if 'is_read' in args: is_read = int(args.get('is_read')) if 'is_modify' in args: is_modify = int(args.get('is_modify')) if 'is_chmod' in args: is_chmod = int(args.get('is_chmod')) if 'is_chown' in args: is_chown = int(args.get('is_chown')) if 'is_rename' in args: is_rename = int(args.get('is_rename')) if 'is_link' in args: is_link = int(args.get('is_link')) if 'ps' in args: ps = args.get('ps') if not pattern: return public.returnMsg(False, "参数错误, 子路径不存在") if not rule_type: return public.returnMsg(False, "参数错误, 匹配模式未指定") if not process: return public.returnMsg(False, "参数错误, 受限进程不存在") if not pid: return public.returnMsg(False, "参数错误, 关联路径不存在") tamper_config = self.read_config() # 判断关联的路径是否存在 relevant_path = self.get_path_by_pid(tamper_config, pid) if (not relevant_path): return public.returnMsg(False, "关联路径不存在") # 通过探查已有的ppid获取一个未被使用ppid ppid = self.get_ppid(tamper_config) # 由于只有一条规则,rid有且只有为1 rid = 1 process_rule = { "ppid": ppid, "process_id": 0, "process_name": process, "pid": pid, "status": 1, "rules": [ { "rid": rid, "rule_type": rule_type, "pattern": pattern, "is_read": is_read, "is_modify": is_modify, "is_chown": is_chown, "is_rename": is_rename, "is_link": is_link } ], "ps": ps } if 'processes' not in tamper_config: tamper_config['processes'] = [] tamper_config['processes'].append(process_rule) self.save_config(tamper_config) public.WriteLog("防篡改", "添加子目录配置:关联路径: {} 子目录: {} 受限进程: {}".format(relevant_path, pattern, str(process))) return public.returnMsg(True, "安全规则添加成功") def remove_process_rule(self, args=None): ''' @brief 删除安全规则 @param ppid<int> 规则标识符 ''' pid = None relevant_path = None ppid = None pattern = None process = None if args: if 'ppid' in args: ppid = int(args.get('ppid')) if not ppid: return public.returnMsg(False, "参数错误, 规则标识符不存在") tamper_config = self.read_config() new_processes = [] for item in tamper_config['processes']: if item['ppid'] != ppid: new_processes.append(item) else: pid = item['pid'] pattern = str(item['rules']['pattern']) process = str(item['process_name']) relevant_path = self.get_path_by_pid(tamper_config, pid) tamper_config['processes'] = new_processes self.save_config(tamper_config) if relevant_path: public.WriteLog("防篡改", "删除子目录配置: 关联路径: {} 子目录: {} 受限进程: {}".format(relevant_path, pattern, process)) return public.returnMsg(True, "删除规则成功") def modify_process_rule(self, args=None): ''' @brief 修改安全规则 @param ppid<int> 规则标识符 @param pattern<list> 子路径模式列表 @param rule_type<int> 匹配模式 1. 匹配后缀 2. 匹配中间路径 #param process<list> 受限进程列表 @param pid<int> 关联保护路径 @param is_read<int> 是否允许读 1. 不允许 0. 允许 @param is_modify<int> 是否允许修改 1. 不允许 0. 允许 @param is_chmod<int> 是否允许修改权限 1. 不允许 0. 允许 @param is_chown<int> 是否允许修改拥有者 1. 不允许 0. 允许 @param is_rename<int> 是否允许重命名1. 不允许 0. 允许 @param is_link<int> 是否允许创建软连接1. 不允许 0. 允许 @param ps<string> 规则备注 ''' ppid = None rid = 1 rule_type = None pattern = None process = None pid = None is_read = 1 is_modify = 1 is_chmod = 1 is_chown = 1 is_rename = 1 is_link = 1 ps = "" if args: if 'ppid' in args: ppid = int(args.get('ppid')) if 'pattern' in args: pattern = json.loads(args.get('pattern')) if 'rule_type' in args: rule_type = int(args.get('rule_type')) if 'process' in args: process = json.loads(args.get('process')) # if 'pid' in args: pid = args.get('pid') if 'is_read' in args: is_read = int(args.get('is_read')) if 'is_modify' in args: is_modify = int(args.get('is_modify')) if 'is_chmod' in args: is_chmod = int(args.get('is_chmod')) if 'is_chown' in args: is_chown = int(args.get('is_chown')) if 'is_rename' in args: is_rename = int(args.get('is_rename')) if 'is_link' in args: is_link = int(args.get('is_link')) if "ps" in args: ps = args.get('ps') if not ppid: return public.returnMsg(False, "参数错误,规则标识符不存在") if not pattern: return public.returnMsg(False, "参数错误, 子路径不存在") if not rule_type: return public.returnMsg(False, "参数错误, 匹配模式未指定") if not process: return public.returnMsg(False, "参数错误, 受限进程不存在") # if not pid: return public.returnMsg(False, "参数错误, 关联路径不存在") rule = { 'rid': rid, 'rule_type': rule_type, 'pattern': pattern, 'is_read': is_read, 'is_modify': is_modify, 'is_chmod': is_chmod, 'is_chown': is_chown, 'is_rename': is_rename, 'is_link': is_link } tamper_config = self.read_config() for item in tamper_config['processes']: if item['ppid'] == ppid: public.print_log(rule) pid = item['pid'] item['process_name'] = process item['rules'] = [ rule ] item['ps'] = ps relevant_path = self.get_path_by_pid(tamper_config, pid) self.save_config(tamper_config) public.WriteLog("防篡改", "修改子目录配置: 关联目录:{} 子目录: {} 受限进程: {}".format(relevant_path, pattern, process)) return public.returnMsg(True, "修改安全规则成功") def modify_process_status(self, args=None): ''' @brief 修改安全规则的状态 1. 开启防护 2. 关闭防护 @param ppid<int> 规则标识符 @param status<int> 规则状态 ''' ppid = None status = None if args: if 'ppid' in args: ppid = int(args.get('ppid')) if 'status' in args: status = int(args.get('status')) if not ppid: return public.returnMsg(False, "参数错误,规则标识符不存在") tamper_config = self.read_config() for item in tamper_config['processes']: if item['ppid'] == ppid: item['status'] = status self.save_config(tamper_config) return public.returnMsg(True, "安全规则状态修改成功") def set_temp_close(self, args=None): ''' @brief 设置临时关闭 @param expire<int> 过期时间 @param unit<string> 单位(minute/hour/day) @return dict ''' if not args: return public.returnMsg(False, '参数错误') if not 'expire' in args: return public.returnMsg(False, '缺少expire参数') if not 'unit' in args: return public.returnMsg(False, '缺少unit参数') unit = args.unit.strip() unit_dict = { 'minute': 60, 'hour': 3600, 'day': 86400 } if not unit in unit_dict.keys(): return public.returnMsg(False, 'unit参数范围错误,仅仅支持:minute/hour/day') try: expire = int(args.expire) except: public.returnMsg(False, 'expire参数必需是整数') end_time = int(time.time() + expire * unit_dict) filename = "{}/close_temp.pl".format(self.__tamper_path) public.writeFile(filename, str(end_time)) unit_dict_unit = { 'minute': '分钟', 'hour': '小时', 'day': '天' } public.WriteLog("防篡改", "临时关闭防篡改: {}{}".format(expire, unit_dict_unit)) return public.returnMsg(True, '已临时关闭防篡改,{}{}后将自动恢复防护'.format(expire, unit_dict_unit)) def get_temp_close(self, args=None): ''' @brief 获取临时关闭到期时间 @return int 到期时间戳 ''' filename = "{}/close_temp.pl".format(self.__tamper_path) if not os.path.exists(filename): return 0 close_time = public.readFile(filename) if not close_time: return 0 return int(close_time) def del_temp_close(self, args=None): ''' @brief 取消临时关闭 @return dict ''' filename = "{}/close_temp.pl".format(self.__tamper_path) public.writeFile(filename, '-1') public.WriteLog('防篡改', '取消上一次临时关闭防篡改操作!') return public.returnMsg(True, '重新开启防护,已生效!') def export_config(self, get=None): ''' @brief 导出防篡改配置 @return dict ''' ps_path = "{}/config_ps.json".format(self.__tamper_path) export_path = "/tmp/tamper.conf" data = self.read_config() if not os.path.exists(ps_path): return public.returnMsg(False, '防篡改配置文件不存在') ps_data = public.readFile(ps_path) data['ps_data'] = json.loads(ps_data) public.writeFile(export_path, json.dumps(data)) public.WriteLog('防篡改', '导出防篡改配置!') return public.returnMsg(True, export_path) def import_config(self, get): ''' @name 导入配置 @author law<2023-11-13> @paramargs @return ''' try: data_path = "/tmp/tamper.conf" if not hasattr(get, 'type'): return public.returnMsg(False, '参数错误') from files import files fileObj = files() ff = fileObj.upload(get) try: data = json.loads(public.readFile(data_path)) if not data: return public.returnMsg(False, '导入失败,配置文件为空!') except: return public.returnMsg(False, '导入失败,请不要修改配置文件!') config = self.read_config() if ff["status"]: types = json.loads(get.type) for i in types: if i == "basics": config["is_create"] = data["is_create"] config["is_modify"] = data["is_modify"] config["is_unlink"] = data["is_unlink"] config["is_mkdir"] = data["is_mkdir"] config["is_rmdir"] = data["is_rmdir"] config["is_rename"] = data["is_rename"] config["is_chmod"] = data["is_chmod"] config["is_chown"] = data["is_chown"] config["is_link"] = data["is_link"] elif i == "servername": if "process_names" in types: continue server_list = ["BT-Panel", "pure-ftpd", "sftp-server"] for j in server_list: if j not in config["process_names"] and i in data["process_names"]: config["process_names"].append(i) else: config = data self.save_config(config) public.writeFile(self.__config_ps_file, json.dumps(data["ps_data"])) public.WriteLog('防篡改', '导入防篡改配置!') return public.returnMsg(True, '导入成功') return public.returnMsg(False, '导入失败') except Exception as e: return public.returnMsg(False, "导入失败,错误详情:" + str(e))def _random_name(): from uuid import uuid4 return uuid4().hex[::4]
您好,私信发下您的todesk或者向日葵给我,我远程过去看看是什么问题 大炮运维V587 发表于 2024-3-4 09:15
您好,私信发下您的todesk或者向日葵给我,我远程过去看看是什么问题
有技术帮我处理了,谢谢
页:
[1]