diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index d3d2151..2a5bdc5 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -97,12 +97,9 @@ def pre_pref(self, apt_packages): # add nginx repository if set(WOVar.wo_nginx).issubset(set(apt_packages)): if (WOVar.wo_distro == 'ubuntu'): - if not os.path.isfile( - 'wordops-ubuntu-nginx-wo-{0}.list' - .format(WOVar.wo_platform_codename)): - Log.info(self, "Adding repository for NGINX, please wait...") - WORepo.add(self, ppa=WOVar.wo_nginx_repo) - Log.debug(self, 'Adding ppa for Nginx') + Log.info(self, "Adding repository for NGINX, please wait...") + WORepo.add(self, ppa=WOVar.wo_nginx_repo) + Log.debug(self, 'Adding ppa for Nginx') else: if not WOFileUtils.grepcheck( self, '/etc/apt/sources.list/wo-repo.list', @@ -117,11 +114,8 @@ def pre_pref(self, apt_packages): ('php7.2-fpm' in apt_packages) or ('php7.4-fpm' in apt_packages)): if (WOVar.wo_distro == 'ubuntu'): Log.debug(self, 'Adding ppa for PHP') - if not os.path.isfile( - '/etc/apt/sources.list.d/ondrej-ubuntu-php-{0}.list' - .format(WOVar.wo_platform_codename)): - Log.info(self, "Adding repository for PHP, please wait...") - WORepo.add(self, ppa=WOVar.wo_php_repo) + Log.info(self, "Adding repository for PHP, please wait...") + WORepo.add(self, ppa=WOVar.wo_php_repo) else: # Add repository for php if (WOVar.wo_platform_codename == 'buster'): @@ -144,13 +138,9 @@ def pre_pref(self, apt_packages): # add redis repository if set(WOVar.wo_redis).issubset(set(apt_packages)): if WOVar.wo_distro == 'ubuntu': - if not os.path.isfile( - '/etc/apt/sources.list.d/' - 'chris-lea-ubuntu-redis-server-{0}.list' - .format(WOVar.wo_platform_codename)): - Log.info(self, "Adding repository for Redis, please wait...") - Log.debug(self, 'Adding ppa for redis') - WORepo.add(self, ppa=WOVar.wo_redis_repo) + Log.info(self, "Adding repository for Redis, please wait...") + Log.debug(self, 'Adding ppa for redis') + WORepo.add(self, ppa=WOVar.wo_redis_repo) else: if not WOFileUtils.grepcheck( self, '/etc/apt/sources.list/wo-repo.list', @@ -164,12 +154,8 @@ def pre_pref(self, apt_packages): if WOVar.wo_distro == 'ubuntu': if (WOVar.wo_platform_codename == 'bionic' or WOVar.wo_platform_codename == 'xenial'): - if not os.path.exists( - '/etc/apt/sources.list.d/' - 'jonathonf-ubuntu-backports-{0}.list' - .format(WOVar.wo_platform_codename)): - Log.debug(self, 'Adding ppa for nano') - WORepo.add(self, ppa=WOVar.wo_ubuntu_backports) + Log.debug(self, 'Adding ppa for nano') + WORepo.add(self, ppa=WOVar.wo_ubuntu_backports) def post_pref(self, apt_packages, packages, upgrade=False): @@ -997,35 +983,34 @@ def post_pref(self, apt_packages, packages, upgrade=False): WOGit.add(self, ["/etc/mysql"], msg="Adding MySQL into Git") # create fail2ban configuration files - if set(WOVar.wo_fail2ban).issubset(set(apt_packages)): + if "fail2ban" in apt_packages: WOService.restart_service(self, 'fail2ban') WOGit.add(self, ["/etc/fail2ban"], msg="Adding Fail2ban into Git") - if not os.path.isfile("/etc/fail2ban/jail.d/custom.conf"): - Log.info(self, "Configuring Fail2Ban") - data = dict(release=WOVar.wo_version) - WOTemplate.deploy( - self, - '/etc/fail2ban/jail.d/custom.conf', - 'fail2ban.mustache', - data, overwrite=False) - WOTemplate.deploy( - self, - '/etc/fail2ban/filter.d/wo-wordpress.conf', - 'fail2ban-wp.mustache', - data, overwrite=False) - WOTemplate.deploy( - self, - '/etc/fail2ban/filter.d/nginx-forbidden.conf', - 'fail2ban-forbidden.mustache', - data, overwrite=False) + Log.info(self, "Configuring Fail2Ban") + data = dict(release=WOVar.wo_version) + WOTemplate.deploy( + self, + '/etc/fail2ban/jail.d/custom.conf', + 'fail2ban.mustache', + data, overwrite=False) + WOTemplate.deploy( + self, + '/etc/fail2ban/filter.d/wo-wordpress.conf', + 'fail2ban-wp.mustache', + data, overwrite=False) + WOTemplate.deploy( + self, + '/etc/fail2ban/filter.d/nginx-forbidden.conf', + 'fail2ban-forbidden.mustache', + data, overwrite=False) - if not WOService.reload_service(self, 'fail2ban'): - WOGit.rollback( - self, ['/etc/fail2ban'], msg="Rollback f2b config") - else: - WOGit.add(self, ["/etc/fail2ban"], - msg="Adding Fail2ban into Git") + if not WOService.reload_service(self, 'fail2ban'): + WOGit.rollback( + self, ['/etc/fail2ban'], msg="Rollback f2b config") + else: + WOGit.add(self, ["/etc/fail2ban"], + msg="Adding Fail2ban into Git") # Proftpd configuration if "proftpd-basic" in apt_packages: diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index 7df87fe..2d8592c 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -26,6 +26,8 @@ class WOStackUpgradeController(CementBaseController): dict(help='Upgrade web stack', action='store_true')), (['--admin'], dict(help='Upgrade admin tools stack', action='store_true')), + (['--security'], + dict(help='Upgrade security stack', action='store_true')), (['--nginx'], dict(help='Upgrade Nginx stack', action='store_true')), (['--php'], @@ -44,6 +46,8 @@ class WOStackUpgradeController(CementBaseController): dict(help='Upgrade Redis', action='store_true')), (['--netdata'], dict(help='Upgrade Netdata', action='store_true')), + (['--fail2ban'], + dict(help='Upgrade Fail2Ban', action='store_true')), (['--dashboard'], dict(help='Upgrade WordOps Dashboard', action='store_true')), (['--composer'], @@ -71,18 +75,15 @@ class WOStackUpgradeController(CementBaseController): packages = [] self.msg = [] pargs = self.app.pargs - if ((not pargs.web) and (not pargs.nginx) and - (not pargs.php) and - (not pargs.php72) and (not pargs.php73) and - (not pargs.php74) and - (not pargs.mysql) and (not pargs.ngxblocker) and - (not pargs.all) and (not pargs.wpcli) and - (not pargs.netdata) and (not pargs.composer) and - (not pargs.phpmyadmin) and (not pargs.adminer) and - (not pargs.dashboard) and (not pargs.mysqltuner) and - (not pargs.redis)): + if not (pargs.web or pargs.nginx or pargs.php or + pargs.php72 or pargs.php73 or pargs.php74 or pargs.mysql or + pargs.ngxblocker or pargs.all or pargs.netdata or + pargs.wpcli or pargs.composer or pargs.phpmyadmin or + pargs.adminer or pargs.dashboard or pargs.mysqltuner or + pargs.redis or pargs.fail2ban or pargs.security): pargs.web = True pargs.admin = True + pargs.security = True if pargs.php: pargs.php72 = True @@ -90,8 +91,8 @@ class WOStackUpgradeController(CementBaseController): if pargs.all: pargs.web = True pargs.admin = True + pargs.security = True pargs.redis = True - pargs.ngxblocker = True if pargs.web: pargs.nginx = True @@ -110,6 +111,10 @@ class WOStackUpgradeController(CementBaseController): pargs.adminer = True pargs.mysqltuner = True + if pargs.security: + pargs.ngxblocker = True + pargs.fail2ban = True + # nginx if pargs.nginx: if WOAptGet.is_installed(self, 'nginx-custom'): @@ -149,6 +154,11 @@ class WOStackUpgradeController(CementBaseController): if WOAptGet.is_installed(self, 'redis-server'): apt_packages = apt_packages + ['redis-server'] + # fail2ban + if pargs.fail2ban: + if WOAptGet.is_installed(self, 'fail2ban'): + apt_packages = apt_packages + ['fail2ban'] + # wp-cli if pargs.wpcli: if os.path.isfile('/usr/local/bin/wp'): @@ -267,26 +277,26 @@ class WOStackUpgradeController(CementBaseController): else: pre_stack(self) if (apt_packages): - if (("php7.2-fpm" not in apt_packages) and - ("php7.3-fpm" not in apt_packages) and - ("php7.4-fpm" not in apt_packages) and - ("redis-server" not in apt_packages) and - ("nginx-custom" not in apt_packages) and - ("mariadb-server" not in apt_packages)): + if not ("php7.2-fpm" in apt_packages or + "php7.3-fpm" in apt_packages or + "php7.4-fpm" in apt_packages or + "redis-server" in apt_packages or + "nginx-custom" in apt_packages or + "mariadb-server" in apt_packages): pass else: - Log.info( + Log.warn( self, "Your sites may be down for few seconds if " "you are upgrading Nginx, PHP-FPM, MariaDB or Redis") # Check prompt - if ((not pargs.no_prompt) and (not pargs.force)): + if not (pargs.no_prompt or pargs.force): start_upgrade = input("Do you want to continue:[y/N]") if start_upgrade != "Y" and start_upgrade != "y": Log.error(self, "Not starting package update") - Log.wait(self, "Updating APT packages") + Log.wait(self, "Updating APT cache") # apt-get update WOAptGet.update(self) - Log.valide(self, "Updating APT packages") + Log.valide(self, "Updating APT cache") # additional pre_pref if "nginx-custom" in apt_packages: diff --git a/wo/core/apt_repo.py b/wo/core/apt_repo.py index 470ac4e..e260e4f 100644 --- a/wo/core/apt_repo.py +++ b/wo/core/apt_repo.py @@ -48,9 +48,21 @@ class WORepo(): Log.debug(self, "{0}".format(e)) Log.error(self, "Unable to add repo") if ppa is not None: + ppa_split = ppa.split(':')[1] + ppa_author = ppa_split.split('/')[0] + Log.debug(self, "ppa_author = {0}".format(ppa_author)) + ppa_package = ppa_split.split('/')[1] + Log.debug(self, "ppa_package = {0}".format(ppa_package)) + if os.path.exists( + '/etc/apt/sources.list.d/{0}-ubuntu-{1}-{2}.list' + .format(ppa_author, + ppa_package, WOVar.wo_platform_codename)): + Log.debug(self, "ppa already added") + return True if WOShellExec.cmd_exec( self, "LC_ALL=C.UTF-8 add-apt-repository -y '{ppa_name}'" .format(ppa_name=ppa)): + Log.debug(self, "Added PPA {0}".format(ppa)) return True return False