8i#t ddlZddlmZddlmZddlmZddlmZm Z m Z m Z m Z ddl mZddlmZdZd e jd e jd ZGd d ZGddZGddZGddZGddZGddZGddZGddZGddZGddZGd d!ZGd"d#ZGd$d%Z Gd&d'Z!Gd(d)Z"Gd*d+Z#Gd,d-Z$Gd.d/Z%Gd0d1Z&Gd2d3Z'Gd4d5Z(Gd6d7Z)Gd8d9Z*Gd:d;Z+Gd<d=Z,Gd>d?Z-Gd@dAZ.dBdCe/dDdEdCe/dFdEdGidHdBdIdJidBdCe/dKdIdJidCe/dLdMdNdOdPdQdRZ0GdSdTeZ1GdUdVZ2e dWdXe _3e dWdYe _4dS)ZN) timedelta)partial)Any)ConfigCore FilesUpdate FromConfigint_from_envvar) RulesLock)IP rbl_whitelistz/var//z-ipsetlists.dbcjeZdZeddZedZeddZedZdS) AutoWhiteListAUTO_WHITELISTtimeoutc|jdzSN<) TTL_VALUEclss K/opt/imunify360/venv/lib/python3.11/site-packages/im360/contracts/config.py ttl_valuezAutoWhiteList.ttl_values}r!!after_unblock_timeoutc|jdzSr)UNBLOCK_WHITELIST_TTLrs runblock_whitelist_ttlz#AutoWhiteList.unblock_whitelist_ttl&s(2--rN) __name__ __module__ __qualname__r r classmethodrrrrrrrs{ I ""["'J ..[...rrcreZdZdZeddZeddZeddZeddZdS) CaptchaDOSz X = TIMEFRAME T = MAX_COUNT N = TIMEOUT were taken from this doc: https://docs.google.com/a/cloudlinux.com/document/d/1uYMwy89dbF7FxKSzUehhJYcDadWhk0l5YRKuvZpSeq0/edit?usp=sharing CAPTCHA_DOSenabled time_frame max_countrN) r r!r"__doc__r ENABLED TIME_FRAME MAX_COUNTTIMEOUTr$rrr&r&+s^j 22GM<88J =+66Ij 22GGGrr&c(eZdZeddZdS)CSFIntegrationCSF_INTEGRATIONcatch_lfd_eventssectionoptionN)r r!r"r r,r$rrr1r1;s*j!!GGGrr1c(eZdZeddZdS)ProactiveDefencePROACTIVE_DEFENCE php_immunityr4N)r r!r"r PHP_IMMUNITYr$rrr8r8Bs*:#LLLrr8cneZdZeddZeddZeddZeddZdS)DOSr(interval port_limits default_limitN)r r!r"r r,INTERVALPER_PORT DEFAULT_LIMITr$rrr=r=IsRj **Gz%,,Hz%//HJuo66MMMrr=ceZdZeddZeddZeddZeddZeddZe de e e ffdZ d S) EnhancedDOS ENHANCED_DOSr( timeframer?r@actionreturnc>dttDS)Nci|]E}|ds.||k/|tt|FS)_) startswithuppergetattrrE).0names r z'EnhancedDOS.as_dict..YsW   ??3'' -1JJLLD,@,@ '+t,,,@,@,@r)dirrEr$rras_dictzEnhancedDOS.as_dictWs+  K((    rN)r r!r"r r, TIMEFRAMErBrCACTION staticmethoddictstrrrTr$rrrErEPsj33G >;77Iz.-88HJ~??M Z 1 1F T#s(^   \   rrEceZdZeddZeddZeddZedZ dS)IncidentLoggingINCIDENT_LOGGING min_log_levelnum_dayslimit)daysN) r r!r"r MIN_LOG_LEVELNUM_DAYSLIMITr total_seconds FREQUENCYr$rrr[r[`sbJ1?CCMz,j99H J)7 3 3E q!!!//11IIIrr[c&eZdZeddZdS)LocalIncidentReporting#IMUNIFY360_NOIP_MIN_REPORT_SEVERITYN)r r!r"r MIN_SEVERITYr$rrrhrhis"#?#H!LLLLLrrhcVeZdZeddZeddZeddZdS)ModsecMOD_SECruleset!cms_account_compromise_preventionapp_specific_rulesetN)r r!r"r RULESET!CMS_ACCOUNT_COMPROMISE_PREVENTIONAPP_SPECIFIC_RULESETr$rrrmrmosNjI..G(2 6))%&:i1GHHrrmc*eZdZdZeddZdS) ModsecSensormodsecSEND_ADDITIONAL_DATAenableN)r r!r" PLUGIN_IDr rxr$rrrvrvxs(I%:&33EFFFrN) r r!r"r rrrr#rrr$rrr|r|}sk J5 6 6ENPP[PGG[GGGrr|ceZdZeddZeddZeddZeddZeddZdS)ModsecBlockBySeverityMOD_SEC_BLOCK_BY_SEVERITYryrrseverity_limitdenied_num_limitN) r r!r"r r, CHECK_PERIODMAX_REPETITIONSEVERITY_LIMITDENIED_NUM_LIMITr$rrrrsj#G:#L Z#N Z#N"z#rrceZdZdZdZdZdZdS)ModSecurityDirectivesz4Values for `{check,fix} modsec directives` commands. RelevantOnlyOffOnN)r r!r"r+SecAuditEngine SecConnEngine SecRuleEnginer$rrrrs%>>$NMMMMrrcteZdZdZeddZeddZeddZdZe dZ dS) NetworkInterfacez[ Applies or ignores Imunify360's firewall rules to specific network interfaces NETWORK_INTERFACE eth_device eth6_deviceeth_device_skip device_skipcbtj|jtj|j|j|jiS)N)r V4 ETH_DEVICEV6 ETH6_DEVICE DEVICE_SKIPETH_DEVICE_SKIPrs rget_interface_confz#NetworkInterface.get_interface_confs* E3> E3? OS0  rN) r r!r"r+r rrrrr#rr$rrrrsu />>J*0-@@K j!46GHHOK  [   rrceZdZdZdS) OssecSensorossecNr r!r"rzr$rrrrsIIIrrceZdZdZdS)ControlPanelProtectorcontrol_panel_protectorNrr$rrrrs)IIIrrceZdZdZdS) CpHulkSensorCPHULKNrr$rrrrsIIIrrc"eZdZeZdS) ProtectorN)r r!r"r RULE_EDIT_LOCKr$rrrrsY[[NNNrrceZdZdZdZdS)Subsys)cPHulkfail2banN)r r!r"THIRD_PARTY_IDSTHIRD_PARTY_IDS_CHECK_TIMEOUTr$rrrrs,O$&!!!rrcreZdZeddZeddZeddZdZeddZdS) Webshield WEBSHIELDryknown_proxies_support splash_screenipanel_protectionN) r r!r"r ENABLEKNOWN_PROXIES_SUPPORT SPLASH_SCREEN#SPLASH_CAPTCHA_SHOWN_LOG_ENTRY_RULEPANEL_PROTECTIONr$rrrrs^ Z X . .F&J{4KLLJ{O<eZdZeddZeddZdS) WebServices WEB_SERVICES http_ports https_portsN)r r!r"r HTTP_PORTS HTTPS_PORTSr$rrrrs8J*^];;KKKrrceZdZeddZeddZeddZeddZeddZeddZ eddZ edd Z edd Z d Z d S) FirewallFIREWALLport_blocking_mode TCP_IN_IPv4 TCP_OUT_IPv4 UDP_IN_IPv4 UDP_OUT_IPv4 TCP_IN_IPv6 TCP_OUT_IPv6 UDP_IN_IPv6 UDP_OUT_IPv6z(/var/imunify360/disable_iptables_loggingN)r r!r"r r TCP_IN_IPV4 TCP_OUT_IPV4 UDP_IN_IPV4 UDP_OUT_IPV4 TCP_IN_IPV6 TCP_OUT_IPV6 UDP_IN_IPV6 UDP_OUT_IPV6LOGGING_DISABLE_FLAGr$rrrrs#J0DEE*Z77K:j.99L*Z77K:j.99L*Z77K:j.99L*Z77K:j.99LErrceZdZeedZedZedZedZedZ edZ edZ dS) SMTPBlocking SMTP_BLOCKINGryports allow_groups allow_users allow_localredirectN) r r!r"rr getoptr,PORTS ALLOW_GROUPS ALLOW_USERS ALLOW_LOCALREDIRECTr$rrrrsw WZ 1 1FfXG F7OOE6.))L&''K&''Kvj!!HHHrrc,eZdZdZeddZdS) StopManagingz:Categories to ignore by {validate,reset} agent's commands. STOP_MANAGINGmodsec_directivesr4N)r r!r"r+r MODSEC_DIRECTIVESr$rrrrs3DD" "rrcBeZdZdZeddZeddZdS) ControlPanelz^ Relates to actions to be performed by a host admin for compromised user accounts CONTROL_PANEL#compromised_user_admin_notificationcompromised_user_password_resetN)r r!r"r+r #COMPROMISED_USER_ADMIN_NOTIFICATIONCOMPROMISED_USER_PASSWORD_RESETr$rrrr sN +5*>++''1j:''###rrcBeZdZeddZeddZdS) Permissions PERMISSIONSallow_local_rules_management)r6allow_local_ip_managementN)r r!r"r ALLOW_LOCAL_RULES_MANAGEMENTALLOW_LOCAL_IP_MANAGEMENTr$rrrrsL#-:<$$$ !+ 9!!!rrrXintegeri)typecoercedefaulti)ipv4ipv6)r schemarr string)r r r`)r r minmax)idrQseverity)r r)r  keysrules valuesrules)groupsrulescpeZdZdZejejej e dfd Z xZ S)UnifiedAccessLoggerConfigaV# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # DO NOT EDIT. INTERNAL USAGE ONLY. # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # # Direct modifications to this file prohibited. # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # pathvalidation_schemacNt||dS)Nr)super__init__)selfrr  __class__s rr#z"UnifiedAccessLoggerConfig.__init__Xs) d6GHHHHHr) r r!r" DISCLAIMERosrjoinr CONFIG_DIR$UNIFIED_ACCESS_LOGGER_CONFIGFILENAME#CONFIG_SCHEMA_UNIFIED_ACCESS_LOGGERr# __classcell__)r%s@rrrKsx JW\\ OTF  > IIIIIIIIIIIrrcreZdZeddZedeZdxZ\ZZ Z Z Z Z ZedeZdS)UnifiedAccessLoggerrunified_access_loggerr) config_cls)zim360-whitelistzim360-blacklistzim360-graylistzim360-blocked-by-portzim360-whitelisted-countryzim360-blacklisted-countryzim360-outgoing-blockedrN)r r!r"r r,r NFLOG_GROUPS _RULES_NAMES WHITELIST BLACKLISTGRAYLISTBLOCKED_BY_PORTWHITELIST_COUNTRYBLACKLIST_COUNTRYSMTPrr$rrr.r.csrj%<==G:h3LMMML L  Jw+D E E EEEErr. FILES_UPDATEdisabled_types days_to_keep)5r'datetimer functoolsrtypingr defence360agent.contracts.configrrrr r im360.utilsr defence360agent.utils.validater RBL_WHITELIST_FILEPRODUCTIPSET_LISTS_PATHrr&r1r8r=rEr[rhrmrvr|rrrrrrrrrrrrrrrrintr+rr.DISABLED DAYS_TO_KEEPr$rrrIs "!!!!!------$LLLLLL ........( 3 3 3 3 3 3 3 3 77777777         22222222MMMMMMMM IIIIIIIIHHHHHHHH G G G G G G G G.        (********!!!!!!!!'''''''' CCCCCCCC........<<<<<<<< F F F F F F F F""""""""        "  "    " H &! *%!     #''''#TIIIIIIII0FFFFFFFF."z.2BCC %:nnEE r