Add UFW stack

2019-09-20 14:21:42 +02:00
parent bef95a0b75
commit 06a1e919da
5 changed files with 113 additions and 6 deletions
--- a/wo/cli/plugins/stack.py
+++ b/wo/cli/plugins/stack.py
@@ -88,6 +88,8 @@ class WOStackController(CementBaseController):
                dict(help='Install Fail2ban stack', action='store_true')),
            (['--clamav'],
                dict(help='Install ClamAV stack', action='store_true')),
+            (['--ufw'],
+                dict(help='Install UFW stack', action='store_true')),
            (['--sendmail'],
                dict(help='Install Sendmail stack', action='store_true')),
            (['--utils'],
@@ -129,11 +131,13 @@ class WOStackController(CementBaseController):
                (not pargs.adminer) and (not pargs.utils) and
                (not pargs.redis) and (not pargs.proftpd) and
                (not pargs.extplorer) and (not pargs.clamav) and
+                (not pargs.ufw) and
                (not pargs.phpredisadmin) and (not pargs.sendmail) and
                    (not pargs.php73)):
                pargs.web = True
                pargs.admin = True
                pargs.fail2ban = True
+                pargs.ufw = True

            if pargs.all:
                pargs.web = True
@@ -164,6 +168,7 @@ class WOStackController(CementBaseController):
            if pargs.security:
                pargs.fail2ban = True
                pargs.clamav = True
+                pargs.ufw = True

            # Nginx
            if pargs.nginx:
@@ -270,6 +275,11 @@ class WOStackController(CementBaseController):
                    Log.debug(self, "ClamAV already installed")
                    Log.info(self, "ClamAV already installed")

+            # UFW
+            if pargs.ufw:
+                Log.debug(self, "Setting apt_packages variable for UFW")
+                apt_packages = apt_packages + ["ufw"]
+
            # sendmail
            if pargs.sendmail:
                Log.debug(self, "Setting apt_packages variable for Sendmail")
@@ -518,6 +528,7 @@ class WOStackController(CementBaseController):
                (not pargs.adminer) and (not pargs.utils) and
                (not pargs.redis) and (not pargs.proftpd) and
                (not pargs.extplorer) and (not pargs.clamav) and
+                (not pargs.ufw) and
                (not pargs.phpredisadmin) and (not pargs.sendmail) and
                (not pargs.php73)):
            pargs.web = True
@@ -551,6 +562,7 @@ class WOStackController(CementBaseController):
        if pargs.security:
            pargs.fail2ban = True
            pargs.clamav = True
+            pargs.ufw = True

        # NGINX
        if pargs.nginx:
@@ -620,6 +632,11 @@ class WOStackController(CementBaseController):
                Log.debug(self, "Remove apt_packages variable for ProFTPd")
                apt_packages = apt_packages + ["proftpd-basic"]

+        # UFW
+        if pargs.ufw:
+            Log.debug(self, "Remove apt_packages variable for UFW")
+            apt_packages = apt_packages + ["ufw"]
+
        # WPCLI
        if pargs.wpcli:
            Log.debug(self, "Removing package variable of WPCLI ")
@@ -739,6 +756,7 @@ class WOStackController(CementBaseController):
                (not pargs.adminer) and (not pargs.utils) and
                (not pargs.redis) and (not pargs.proftpd) and
                (not pargs.extplorer) and (not pargs.clamav) and
+                (not pargs.ufw) and
                (not pargs.phpredisadmin) and (not pargs.sendmail) and
                (not pargs.php73)):
            pargs.web = True
@@ -771,6 +789,7 @@ class WOStackController(CementBaseController):
        if pargs.security:
            pargs.fail2ban = True
            pargs.clamav = True
+            pargs.ufw = True

        # NGINX
        if pargs.nginx:
@@ -829,6 +848,11 @@ class WOStackController(CementBaseController):
            if WOAptGet.is_installed(self, 'clamav'):
                apt_packages = apt_packages + WOVariables.wo_clamav

+        # UFW
+        if pargs.ufw:
+            Log.debug(self, "Remove apt_packages variable for UFW")
+            apt_packages = apt_packages + ["ufw"]
+
        # sendmail
        if pargs.sendmail:
            Log.debug(self, "Setting apt_packages variable for Sendmail")
--- a/wo/cli/plugins/stack_pref.py
+++ b/wo/cli/plugins/stack_pref.py
@@ -975,6 +975,24 @@ def post_pref(self, apt_packages, packages, upgrade=False):
                      msg="Adding ProFTPd into Git")
            WOService.reload_service(self, 'proftpd')

+        if "ufw" in apt_packages:
+            # check if ufw is already enabled
+            if not WOFileUtils.grep(self,
+                                    '/etc/ufw/ufw.conf', 'ENABLED=yes'):
+                Log.wait(self, "Configuring UFW")
+                # check if ufw script is already created
+                if not os.path.isfile("/opt/ufw.sh"):
+                    data = dict()
+                    WOTemplate.render(self, '/opt/ufw.sh',
+                                      'ufw.mustache',
+                                      data, overwrite=False)
+                    WOFileUtils.chmod(self, "/opt/ufw.sh", 0o700)
+                # setup ufw rules
+                WOShellExec.cmd_exec(self, "bash /opt/ufw.sh")
+                Log.valide(self, "Configuring UFW")
+            else:
+                Log.info(self, "UFW is already installed and enabled")
+
        # Redis configuration
        if "redis-server" in apt_packages:
            if os.path.isfile("/etc/nginx/conf.d/upstream.conf"):