PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts
/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts/
Viewing File: /opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts/config.py
""" All the config settings for defence360 in one place """ import functools import logging import os from abc import abstractmethod from bisect import bisect_left, bisect_right from copy import deepcopy from datetime import datetime, timedelta from enum import Enum from pathlib import Path from typing import ( Any, Callable, Dict, List, Mapping, Optional, Protocol, Sequence, Tuple, Union, _ProtocolMeta, ) from cerberus import Validator from defence360agent.contracts.config_provider import ( CachedConfigReader, ConfigError, ConfigReader, UserConfigReader, WriteOnlyConfigReader, ) from defence360agent.feature_management.checkers import ( config_cleanup as fm_config_cleanup, ) from defence360agent.utils import Singleton, dict_deep_update, importer av_version = importer.get( module="imav._version", name="__version__", default=None ) logger = logging.getLogger(__name__) ANTIVIRUS_MODE = not importer.exists("im360") # feature flag for those clients who want to test Myimunify FREEMIUM_FEATURE_FLAG = "/var/imunify360/myimunify-freemium.flag" MY_IMUNIFY_KEY = "MY_IMUNIFY" _version = importer.get( module="im360._version", name="__version__", default=av_version ) AGENT_CONF = "../." CONFIG_VALIDATORS_DIR_PATH = Path( os.environ.get( "IM360_CONFIG_SCHEMA_PATH", "/opt/imunify360/venv/share/imunify360/config_schema/", ) ) # TODO: remove after av-7.16.0 release NOTIFY, CLEANUP = "notify", "cleanup" NONE, DAY, WEEK, MONTH = "none", "day", "week", "month" DEFAULT_INTENSITY_CPU = 2 DEFAULT_INTENSITY_IO = 2 DEFAULT_INTENSITY_RAM = 2048 DEFAULT_RESOURCE_MANAGEMENT_CPU_LIMIT = 2 DEFAULT_RESOURCE_MANAGEMENT_IO_LIMIT = 2 DEFAULT_RESOURCE_MANAGEMENT_RAM_LIMIT = 500 MODSEC_RULESET_FULL = "FULL" MODSEC_RULESET_MINIMAL = "MINIMAL" _DOS_DETECTOR_DEFAULT_LIMIT = 250 _DOS_DETECTOR_MIN_LIMIT = 1 _DOS_DETECTOR_MIN_INTERVAL = 1 PORT_BLOCKING_MODE_DENY = "DENY" PORT_BLOCKING_MODE_ALLOW = "ALLOW" DO_NOT_MODIFY_DISCLAMER = """\ ############################################################################ # DO NOT MODIFY THIS FILE!!! # # USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS # ############################################################################ """ DEFAULT_CONFIG_DISCLAMER = """\ ############################################################################ # DO NOT MODIFY THIS FILE!!! # # USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS # # This is an example of default values only # # Changing this file will have no effect # ############################################################################ """ CPANEL, PLESK, DIRECTADMIN = "cpanel", "plesk", "directadmin" ACRONIS, R1SOFT, CLUSTERLOGICS = "acronis", "r1soft", "clusterlogics" SAMPLE_BACKEND = "sample" CLOUDLINUX, CLOUDLINUX_ON_PREMISE = "cloudlinux", "cloudlinux_on_premise" GENERIC_SENSOR_SOCKET_PATH = "/var/run/defence360agent/generic_sensor.sock.2" def int_from_envvar(var: str, default: int, env: Mapping = os.environ) -> int: try: return int(env[var]) except KeyError: return default except ValueError as e: raise ValueError("{}: integer required".format(var)) from e def bool_from_envvar( var: str, default: bool, env: Mapping = os.environ ) -> bool: TRUE_VALS = ("true", "t", "yes", "y", "1") FALSE_VALS = ("false", "f", "no", "n", "0") try: val = env[var] except KeyError: return default else: val = val.lower() if val in TRUE_VALS: return True if val in FALSE_VALS: return False raise ValueError( "{}: should be one of {}".format(var, TRUE_VALS + FALSE_VALS) ) def _self_rel2abs(relpath): return os.path.join(os.path.dirname(__file__), relpath) def conf_rel2abs(relpath): return os.path.join(os.path.dirname(_self_rel2abs(AGENT_CONF)), relpath) def _slurp_file(path): """Returns content for existing file, otherwise None""" try: with open(path, "r") as f: return f.read().strip() except OSError: return None def choose_value_from_config( section, option, username: str | None = None ) -> Tuple[Any, str | None]: """ Choose action for config option by checking EndUser's Imunify360 config and Admin config. Admins config applies only if EndUser didn't set the default action """ user_config = ConfigFile(username=username).config_to_dict() user_section = user_config.get(section) if user_section is not None: user_value = user_section.get(option) if user_value is not None: return user_value, username logger.debug("Cannot read %s:%s from user config", section, option) root_config = ConfigFile().config_to_dict() return root_config[section][option], UserType.ROOT def is_mi_freemium_license(): """ Just checks if this is server with MyImunify Freemium license """ return os.path.exists(FREEMIUM_FEATURE_FLAG) class FromConfig: def __init__(self, section, option=None, config_cls=None): self.section = section self.option = option self._config_cls = config_cls self._config_instance = None def __get__(self, instance, owner): if self._config_instance is None: if self._config_cls is None: self._config_instance = ConfigFile() else: self._config_instance = self._config_cls() section_value = self._config_instance.config_to_dict()[self.section] if self.option is not None: return section_value[self.option] return section_value class FromFlagFile: LOCATION = Path("/var/imunify360") def __init__(self, name, *, coerce=bool, default=...): self.name = name self.coerce = coerce self.default = default def __get__(self, instance, owner): path = self.LOCATION / self.name if path.exists(): return self.coerce(path.read_text() or self.default) def _get_combined_validation_schema(*, root=True): func_name = "get_root_config" if root else "get_non_root_config" combined_schema = {} for module in importer.iter_modules([CONFIG_VALIDATORS_DIR_PATH]): get_schema = getattr(module, func_name, lambda: {}) schema = get_schema() dict_deep_update(combined_schema, schema, allow_overwrite=False) return combined_schema @functools.lru_cache(maxsize=1) def config_schema_root(): return _get_combined_validation_schema() @functools.lru_cache(maxsize=1) def config_schema_non_root(): return _get_combined_validation_schema(root=False) CONFIG_SCHEMA_CUSTOM_BILLING = { "CUSTOM_BILLING": { "type": "dict", "schema": { "upgrade_url": { "type": "string", "default": None, "nullable": True, }, "upgrade_url_360": { "type": "string", "default": None, "nullable": True, }, "billing_notifications": {"type": "boolean", "default": True}, "ip_license": {"type": "boolean", "default": True}, }, "default": {}, } } class ConfigValidationError(Exception): pass class Core: PRODUCT = "imunify360" NAME = "%s agent" % PRODUCT if not ANTIVIRUS_MODE else "imunify antivirus" AV_VERSION = av_version VERSION = _version # AV or IM360 API_BASE_URL = os.environ.get( "IMUNIFY360_API_URL", "https://api.imunify360.com" ) DEFAULT_SOCKET_TIMEOUT = 10 DIST = ".el8" FILE_UMASK = 0o007 TMPDIR = "/var/imunify360/tmp" MERGED_CONFIG_FILE_NAME = "imunify360-merged.config" USER_CONFIG_FILE_NAME = "imunify360.config" LOCAL_CONFIG_FILE_NAME = "imunify360.config" CONFIG_DIR = "/etc/imunify360" USER_CONFDIR = os.path.join(CONFIG_DIR, "user_config") GLOBAL_CONFDIR = "/etc/sysconfig/imunify360" MERGED_CONFIG_FILE_PATH = os.path.join( GLOBAL_CONFDIR, MERGED_CONFIG_FILE_NAME ) MERGED_CONFIG_FILE_PERMISSION = 0o644 LOCAL_CONFIG_FILE_PATH = os.path.join(GLOBAL_CONFDIR, "imunify360.config") CONFIG_D_NAME = "imunify360.config.d" BACKUP_CONFIGFILENAME = ".imunify360.backup_config" HOOKS_CONFIGFILENAME = "hooks.yaml" CUSTOM_BILLING_CONFIGFILENAME = "custom_billing.config" INBOX_HOOKS_DIR = "/var/imunify360/hooks" SVC_NAME = ( "imunify360-agent" if not ANTIVIRUS_MODE else "imunify-antivirus" ) UNIFIED_ACCESS_LOGGER_CONFIGFILENAME = "unified-access-logger.conf" GO_FLAG_FILE = Path("/etc/sysconfig/imunify360/.go_agent") SIGNAL_HANDLER_MIGRATION_TIMEOUT_SECS = 60 class IConfig(Protocol): @abstractmethod def config_to_dict( self, normalize: bool = True, force_read: bool = False ) -> dict: raise NotImplementedError @abstractmethod def dict_to_config( self, data: Mapping, validate: bool = True, normalize: bool = True, overwrite: bool = False, without_defaults: bool = False, ) -> None: raise NotImplementedError @abstractmethod def validate(self) -> None: raise NotImplementedError @abstractmethod def normalize( self, config: Mapping, without_defaults: bool = False ) -> dict: raise NotImplementedError @abstractmethod def modified_since(self, timestamp: Optional[float]) -> bool: raise NotImplementedError def get(self, section: str, option: Optional[str]) -> Any: if option: return self.config_to_dict().get(section, {}).get(option) return None def set(self, section: str, option: Optional[str], value: Any) -> None: if option: self.dict_to_config({section: {option: value}}) class IConfigFile(IConfig, Protocol): path: str class ProtocolSingleton(_ProtocolMeta, Singleton): """ Needed to avoid metaclass conflict when implementing protocols that are also Singletons """ class Normalizer: def __init__(self, validation_schema): self._config: Optional[Mapping] = None self._normalized_config: dict = {} self._schema = ConfigsValidator.get_validation_schema( validation_schema ) self._schema_without_defaults = self._get_schema_without_defaults( self._schema ) @classmethod def _get_schema_without_defaults(cls, _dict: Mapping) -> dict: return { key: cls._get_schema_without_defaults(value) if isinstance(value, dict) else value for key, value in _dict.items() if key not in ["default", "default_setter"] } @staticmethod def remove_null(config: Mapping) -> dict: new_config: Dict[str, Union[dict, List[Tuple]]] = {} for section, options in config.items(): # We only support dict for option removal if isinstance(options, dict): for option, value in options.items(): if value is not None: new_config.setdefault(section, {})[option] = value elif options: # Let cerberus coerce this to dict # and leave the None's as is new_config[section] = options return new_config @staticmethod def _normalize_with_schema(config: Mapping, schema) -> dict: validator = ConfigValidator(schema) normalized: Optional[dict] = validator.normalized(config) if validator.errors: raise ConfigValidationError(validator.errors) if normalized is None: raise ConfigValidationError(f"Cerberus returned None for {config}") return normalized def normalize(self, config: Mapping, without_defaults: bool) -> dict: schema = ( self._schema_without_defaults if without_defaults else self._schema ) if without_defaults: config = self.remove_null(config) return self._normalize_with_schema(config, schema) # Utilize cache if config == self._config: return self._normalized_config normalized = self._normalize_with_schema(config, schema) self._config = config self._normalized_config = normalized return self._normalized_config class Config(IConfig, metaclass=ProtocolSingleton): DISCLAIMER = "" def __init__( self, *, # FIXME: allow pathlib.Path path: str = None, config_reader: ConfigReader = None, validation_schema: Union[Mapping, Callable[[], Mapping]] = None, disclaimer: str = None, cached: bool = True, permissions: int = None, ): super().__init__() assert path or config_reader config_reader_cls = CachedConfigReader if cached else ConfigReader self._config_reader = config_reader or config_reader_cls( path, disclaimer=disclaimer or self.DISCLAIMER, permissions=permissions, ) self.path = self._config_reader.path self.validation_schema = validation_schema or config_schema_root self._normalizer = Normalizer(self.validation_schema) def __repr__(self): return ( "<{classname}(config_reader={config_reader!r}," " validation_schema={validation_schema!r})" ">" ).format( classname=self.__class__.__qualname__, config_reader=self._config_reader, validation_schema=self.validation_schema, ) def normalize(self, config: Mapping, without_defaults=False) -> dict: return self._normalizer.normalize(config, without_defaults) def config_to_dict(self, normalize=True, force_read: bool = False) -> dict: """ Converts config file to dict :return dict: dictionary (key (section) / value (options)) """ config = self._config_reader.read_config_file(force_read=force_read) if normalize: config = self.normalize(config) return deepcopy(config) def dict_to_config( self, data: Mapping, validate: bool = True, normalize: bool = True, overwrite: bool = False, without_defaults: bool = False, ) -> None: """ Converts dict to config file New options will be mixed in with old ones unless overwrite is specified :param dict data: dictionary (key (section) / value (options)) :param bool validate: indicates if we need validation :param bool normalize: normalize config :param overwrite: overwrite existing conf :param without_defaults: do not fill defaults :return: None """ if overwrite: self._dict_to_config_overwrite( data=data, validate=validate, normalize=normalize, without_defaults=without_defaults, ) else: self._dict_to_config( data=data, validate=validate, normalize=normalize, without_defaults=without_defaults, ) def _dict_to_config_overwrite( self, data, validate, normalize, without_defaults ): if validate: ConfigsValidator.validate(data, self.validation_schema) if normalize: data = self.normalize(data, without_defaults=without_defaults) self._config_reader.write_config_file(data) def _dict_to_config(self, data, validate, normalize, without_defaults): config = deepcopy(self._config_reader.read_config_file()) if dict_deep_update(config, data): if validate: ConfigsValidator.validate(config, self.validation_schema) if normalize: config = self.normalize( config, without_defaults=without_defaults ) self._config_reader.write_config_file(config) def validate(self): """ :raises ConfigsValidatorError """ try: config_dict = self._config_reader.read_config_file( ignore_errors=False ) except ConfigError as e: message = "Error during config validation" logger.error("%s: %s", message, e) raise ConfigsValidatorError({self: message}) from e try: ConfigsValidator.validate(config_dict, self.validation_schema) except ConfigValidationError as e: message = "Imunify360 config does not match the scheme" logger.error("%s: %s", message, e) raise ConfigsValidatorError({self: message}) from e def modified_since(self, timestamp: Optional[float]) -> bool: return self._config_reader.modified_since(timestamp) class UserConfig(Config): def __init__(self, *, username): self.username = username path = os.path.join( Core.USER_CONFDIR, username, Core.USER_CONFIG_FILE_NAME ) super().__init__( path=path, config_reader=UserConfigReader(path, username), validation_schema=config_schema_non_root, ) class SystemConfig(IConfig, metaclass=ProtocolSingleton): def __init__( self, *, local_config: Config = None, merged_config: Config = None ): super().__init__() self._local_config = local_config or LocalConfig() self._merged_config = merged_config or MergedConfig() def config_to_dict( self, normalize: bool = True, force_read: bool = False ) -> dict: return self._merged_config.config_to_dict( normalize=normalize, force_read=force_read ) def dict_to_config( self, data: Mapping, validate: bool = True, normalize: bool = True, overwrite: bool = False, without_defaults: bool = True, ) -> None: self._local_config.dict_to_config( data, validate=validate, normalize=normalize, overwrite=overwrite, without_defaults=without_defaults, ) def validate(self) -> None: self._merged_config.validate() def normalize( self, config: Mapping, without_defaults: bool = False ) -> dict: return self._merged_config.normalize( config=config, without_defaults=without_defaults ) def modified_since(self, timestamp: Optional[float]) -> bool: return self._merged_config.modified_since(timestamp) def config_file_factory( username: Optional[Union[str, int]] = None, path: Optional[str] = None ) -> IConfig: if username and not isinstance(username, int): return UserConfig(username=username) elif path: return Config(path=path) else: return SystemConfig() # TODO: move all layer related functions to another module def any_layer_modified_since(timestamp) -> bool: merger = Merger(Merger.get_layer_names()) for layer in merger.layers: if layer.modified_since(timestamp): return True return False MergedConfig = functools.partial( Config, config_reader=WriteOnlyConfigReader( path=Core.MERGED_CONFIG_FILE_PATH, disclaimer=DO_NOT_MODIFY_DISCLAMER, permissions=Core.MERGED_CONFIG_FILE_PERMISSION, ), ) class LocalConfig(Config): """ Config (/etc/sysconfig/imunify360/imunify360.config) should contain options changed by a customer only """ def __init__( self, *, path=Core.LOCAL_CONFIG_FILE_PATH, # overrides the parent default value config_reader: ConfigReader = None, validation_schema: Union[Mapping, Callable[[], Mapping]] = None, disclaimer: str = None, cached=False, # overrides the parent default value ): super().__init__( path=path, config_reader=config_reader, validation_schema=validation_schema, disclaimer=disclaimer, cached=cached, ) def dict_to_config( self, data: Mapping, validate: bool = True, normalize: bool = True, overwrite: bool = False, without_defaults: bool = True, # overrides the parent default value ) -> None: return super().dict_to_config( data, validate=validate, normalize=normalize, overwrite=overwrite, without_defaults=without_defaults, ) class BaseMerger: DIR = os.path.join(Core.GLOBAL_CONFDIR, Core.CONFIG_D_NAME) LOCAL_CONFIG_NAME = "90-local.config" def __init__(self, names, include_defaults=False): self._include_defaults = include_defaults self.layers = [ Config(path=os.path.join(self.DIR, name)) for name in names ] @classmethod def get_layer_names(cls): return sorted(os.listdir(cls.DIR)) if os.path.isdir(cls.DIR) else [] def configs_to_dict(self, force_read=False): layer_dict_list = [] if self._include_defaults: defaults = Normalizer(config_schema_root).normalize( {}, without_defaults=False ) layer_dict_list.append(defaults) layer_dict_list += [ layer.config_to_dict(normalize=False, force_read=force_read) for layer in self.layers ] return self._build_effective_config(layer_dict_list) @classmethod def _build_effective_config(cls, layer_dict_list: list): effective: Dict[str, dict] = {} for layer_dict in layer_dict_list: for section, options in layer_dict.items(): if options is None: continue if section not in effective: effective[section] = {} for option, value in options.items(): if value is not None: effective[section][option] = value return effective class MutableMerger(BaseMerger): def __init__(self, names: Sequence): idx = bisect_left(names, self.LOCAL_CONFIG_NAME) names = names[:idx] super().__init__(names, include_defaults=True) class ImmutableMerger(BaseMerger): def __init__(self, names: Sequence): idx = bisect_right(names, self.LOCAL_CONFIG_NAME) names = names[idx:] super().__init__(names, include_defaults=False) class NonBaseMerger(BaseMerger): def __init__(self, names: Sequence): super().__init__(names, include_defaults=False) class Merger(BaseMerger): def __init__(self, names): super().__init__(names, include_defaults=True) @classmethod def update_merged_config(cls): merged_config = MergedConfig() merger = cls(cls.get_layer_names()) config_dict = merger.configs_to_dict() try: ConfigsValidator.validate(config_dict) except (ConfigsValidatorError, ConfigValidationError) as e: logger.warning("Config file is invalid! %s", e) else: merged_config.dict_to_config(config_dict, validate=False) class ConfigValidator(Validator): def __init__( self, *args, allow_unknown=ANTIVIRUS_MODE, purge_readonly=True, **kwargs, ): """ Initialises ConfigValidator(Validator) for more details on Validator params please check https://docs.python-cerberus.org/en/stable/validation-rules.html """ super().__init__( *args, allow_unknown=allow_unknown, purge_readonly=purge_readonly, **kwargs, ) def _normalize_coerce_user_override_pd_rules(self, value): if self.root_document.get("MY_IMUNIFY", {}).get("enable", False): return True return value class Packaging: DATADIR = "/opt/imunify360/venv/share/%s" % Core.PRODUCT class SimpleRpc: # how long to wait for the response from RPC server in seconds CLIENT_TIMEOUT = 3600 SOCKET_PATH = "/var/run/defence360agent/simple_rpc.sock" # end-user stuff NON_ROOT_SOCKET_PATH = "/var/run/defence360agent/non_root_simple_rpc.sock" TOKEN_FILE_TMPL = ".imunify360_token_{suffix}" # -r-------- TOKEN_MASK = 0o400 SOCKET_ACTIVATION = bool_from_envvar( "I360_SOCKET_ACTIVATION", ANTIVIRUS_MODE, ) INACTIVITY_TIMEOUT = int_from_envvar( "IMUNIFY360_INACTIVITY_TIMEOUT", int(timedelta(minutes=5).total_seconds()), ) class Model: # type sqlite3 - sqlite only supported PATH = "/var/%s/%s.db" % (Core.PRODUCT, Core.PRODUCT) PROACTIVE_PATH = "/var/%s/proactive.db" % (Core.PRODUCT,) RESIDENT_PATH = "/var/%s/%s-resident.db" % (Core.PRODUCT, Core.PRODUCT) class FilesUpdate: # Check files update periodically PERIOD = timedelta(minutes=30).total_seconds() # Timeout for single Index update (group of files) DEF-11501 # It has to be less than watchdog timeout (60 min) TIMEOUT = timedelta(minutes=15).total_seconds() # Timeout for individual socket operations (connect, recv/read, etc.) # For instance ssl-handshake timeout == SOCKET_TIMEOUT # Than less the value than better, to do not wait to long SOCKET_TIMEOUT = 3 # seconds # Following settings applicable only for IM360: # File types that should be downloaded but not applied # to the system (e.g. for testing purposes) DISABLED = [] # How long to keep the files on the disk DAYS_TO_KEEP = 30 class CountryInfo: DB = "/var/imunify360/files/geo/v1/GeoLite2-Country.mmdb" LOCATIONS_DB = ( "/var/imunify360/files/geo/v1/GeoLite2-Country-Locations-en.csv" ) @staticmethod def country_subnets_file(country_code): return "/var/imunify360/files/geo/v1/CountrySubnets-{}.txt".format( country_code ) class Sentry: DSN = os.getenv( "IMUNITY360_SENTRY_DSN", _slurp_file("%s/sentry" % Packaging.DATADIR) ) ENABLE = FromConfig("ERROR_REPORTING", "enable") class Malware: SCAN_CHECK_PERIOD = 300 CONSECUTIVE_ERROR_LIMIT = 10 INOTIFY_SCAN_PERIOD = 60 CONFIG_CHECK_PERIOD = 30 CONFLICTS_CHECK_PERIOD = 300 INOTIFY_ENABLED = FromConfig("MALWARE_SCANNING", "enable_scan_inotify") PURE_SCAN = FromConfig("MALWARE_SCANNING", "enable_scan_pure_ftpd") SEND_FILES = FromConfig("MALWARE_SCANNING", "sends_file_for_analysis") CLOUD_ASSISTED_SCAN = FromConfig("MALWARE_SCANNING", "cloud_assisted_scan") RAPID_SCAN = FromConfig("MALWARE_SCANNING", "rapid_scan") CRONTABS_SCAN_ENABLED = FromConfig("MALWARE_SCANNING", "crontabs") SCANS_PATH = "/var/imunify360/aibolit/scans.pickle" FILE_PREVIEW_BYTES_NUM = 1024 * 100 # 100 KB CLEANUP_STORAGE = "/var/imunify360/cleanup_storage" CLEANUP_TRIM = FromConfig( section="MALWARE_CLEANUP", option="trim_file_instead_of_removal", ) CLEANUP_KEEP = FromConfig( section="MALWARE_CLEANUP", option="keep_original_files_days", ) SCAN_MODIFIED_FILES = FromConfig( section="MALWARE_SCANNING", option="scan_modified_files", ) MAX_SIGNATURE_SIZE_TO_SCAN = FromConfig( "MALWARE_SCANNING", "max_signature_size_to_scan" ) MAX_CLOUDSCAN_SIZE_TO_SCAN = FromConfig( "MALWARE_SCANNING", "max_cloudscan_size_to_scan" ) MAX_MRS_UPLOAD_FILE = FromConfig("MALWARE_SCANNING", "max_mrs_upload_file") RAPID_SCAN_RESCAN_UNCHANGING_FILES_FREQUENCY = FromConfig( "MALWARE_SCANNING", "rapid_scan_rescan_unchanging_files_frequency" ) HYPERSCAN = FromConfig("MALWARE_SCANNING", "hyperscan") DATABASE_SCAN_ENABLED = FromConfig("MALWARE_DATABASE_SCAN", "enable") CPANEL_SCAN_ENABLED = FromConfig("MALWARE_SCANNING", "enable_scan_cpanel") CLEANUP_DISABLE_CLOUDAV = FromFlagFile("disable_cloudav") MDS_DB_TIMEOUT = FromConfig("MALWARE_DATABASE_SCAN", "db_timeout") class MalwareScanScheduleInterval: NONE = NONE DAY = DAY WEEK = WEEK MONTH = MONTH class MalwareScanSchedule: CMD = "/usr/bin/imunify360-agent malware user scan --background" CRON_PATH = "/etc/cron.d/imunify_scan_schedule" CRON_STRING = """\ # DO NOT EDIT. AUTOMATICALLY GENERATED. 0 {0} {1} * {2} root {cmd} >/dev/null 2>&1 """ INTERVAL = FromConfig( section="MALWARE_SCAN_SCHEDULE", option="interval", ) HOUR = FromConfig( section="MALWARE_SCAN_SCHEDULE", option="hour", ) DAY_OF_WEEK = FromConfig( section="MALWARE_SCAN_SCHEDULE", option="day_of_week", ) DAY_OF_MONTH = FromConfig( section="MALWARE_SCAN_SCHEDULE", option="day_of_month", ) class MalwareScanIntensity: CPU = FromConfig( section="MALWARE_SCAN_INTENSITY", option="cpu", ) IO = FromConfig( section="MALWARE_SCAN_INTENSITY", option="io", ) RAM = FromConfig( section="MALWARE_SCAN_INTENSITY", option="ram", ) USER_CPU = FromConfig( section="MALWARE_SCAN_INTENSITY", option="user_scan_cpu", ) USER_IO = FromConfig( section="MALWARE_SCAN_INTENSITY", option="user_scan_io", ) USER_RAM = FromConfig( section="MALWARE_SCAN_INTENSITY", option="user_scan_ram", ) class FileBasedResourceLimits: CPU = FromConfig( section="RESOURCE_MANAGEMENT", option="cpu_limit", ) IO = FromConfig( section="RESOURCE_MANAGEMENT", option="io_limit", ) RAM = FromConfig( section="RESOURCE_MANAGEMENT", option="ram_limit", ) class KernelCare: EDF = FromConfig( section="KERNELCARE", option="edf", ) def get_rapid_rescan_frequency(): value = Malware.RAPID_SCAN_RESCAN_UNCHANGING_FILES_FREQUENCY if value is None: freq = { MalwareScanScheduleInterval.NONE: 1, MalwareScanScheduleInterval.MONTH: 2, MalwareScanScheduleInterval.WEEK: 5, MalwareScanScheduleInterval.DAY: 10, } return freq.get(MalwareScanSchedule.INTERVAL, 1) return value class MalwareSignatures: _dir = "/var/imunify360/files/sigs/v1/" RFXN = os.path.join(_dir, "rfxn") i360 = os.path.join(_dir, "i360") AI_BOLIT_HOSTER = os.path.join(_dir, "aibolit", "ai-bolit-hoster-full.db") AI_BOLIT_HYPERSCAN = os.path.join(_dir, "aibolit", "hyperscan") MDS_AI_BOLIT_HOSTER = os.path.join( _dir, "aibolit", "mds-ai-bolit-hoster.db" ) PROCU_DB = os.path.join(_dir, "aibolit", "procu2.db") MDS_PROCU_DB = os.path.join(_dir, "aibolit", "mds-procu2.db") class Logger: MAX_LOG_FILE_SIZE = FromConfig( section="LOGGER", option="max_log_file_size", ) BACKUP_COUNT = FromConfig( section="LOGGER", option="backup_count", ) # directory mode for main log directory and all inner LOG_DIR_PERM = 0o700 # file mode for main log directory and all inner LOG_FILE_PERM = 0o660 class UserType: ROOT = "root" NON_ROOT = "non_root" class UIRole: CLIENT = "client" ADMIN = "admin" class NoCP: # path to script implementing No CP API CLIENT_SCRIPT = "/etc/imunify360/scripts/domains" # latest version of the API supported by agent LATEST_VERSION = 1 class CustomBillingConfig(Config): def __init__(self): path = os.path.join( "/etc/sysconfig/imunify360", Core.CUSTOM_BILLING_CONFIGFILENAME ) super().__init__( path=path, validation_schema=CONFIG_SCHEMA_CUSTOM_BILLING ) class CustomBilling: UPGRADE_URL = FromConfig( section="CUSTOM_BILLING", option="upgrade_url", config_cls=CustomBillingConfig, ) UPGRADE_URL_360 = FromConfig( section="CUSTOM_BILLING", option="upgrade_url_360", config_cls=CustomBillingConfig, ) NOTIFICATIONS = FromConfig( section="CUSTOM_BILLING", option="billing_notifications", config_cls=CustomBillingConfig, ) IP_LICENSE = FromConfig( section="CUSTOM_BILLING", option="ip_license", config_cls=CustomBillingConfig, ) class PermissionsConfig: USER_IGNORE_LIST = FromConfig( section="PERMISSIONS", option="user_ignore_list", ) ALLOW_MALWARE_SCAN = FromConfig( section="PERMISSIONS", option="allow_malware_scan", ) USER_OVERRIDE_MALWARE_ACTIONS = FromConfig( section="PERMISSIONS", option="user_override_malware_actions" ) USER_OVERRIDE_PROACTIVE_DEFENSE = FromConfig( section="PERMISSIONS", option="user_override_proactive_defense", ) ALLOW_LOCAL_MALWARE_IGNORE_LIST_MANAGEMENT = FromConfig( section="PERMISSIONS", option="allow_local_malware_ignore_list_management", ) USE_PLESK_SERVICE_PLAN = FromConfig( section="PERMISSIONS", option="use_plesk_service_plan", ) class MyImunifyConfig: ENABLED = FromConfig( section="MY_IMUNIFY", option="enable", ) PURCHASE_PAGE_URL = FromConfig( section="MY_IMUNIFY", option="purchase_page_url", ) class ControlPanelConfig: SMART_ADVICE_ALLOWED = FromConfig( section="CONTROL_PANEL", option="smart_advice_allowed", ) ADVICE_EMAIL_NOTIFICATION = FromConfig( section="CONTROL_PANEL", option="advice_email_notification", ) def effective_user_config(admin_config, user_config): allowed_sections = [ "BACKUP_RESTORE", "MALWARE_CLEANUP", "MALWARE_SCANNING", "ERROR_REPORTING", "PROACTIVE_DEFENCE", "PERMISSIONS", "MY_IMUNIFY", "CONTROL_PANEL", "MALWARE_SCAN_SCHEDULE", ] overridable = { ( "MALWARE_SCAN_SCHEDULE", "interval", ): PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS, ( "MALWARE_SCAN_SCHEDULE", "hour", ): PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS, ( "MALWARE_SCAN_SCHEDULE", "day_of_week", ): PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS, ( "MALWARE_SCAN_SCHEDULE", "day_of_month", ): PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS, ( "MALWARE_SCANNING", "default_action", ): PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS, ( "PROACTIVE_DEFENCE", "mode", ): PermissionsConfig.USER_OVERRIDE_PROACTIVE_DEFENSE, } admin_dict = admin_config.config_to_dict() user_dict = user_config.config_to_dict() def normalize_section(section): admin_options = deepcopy(admin_dict.get(section, {})) user_options = deepcopy(user_dict.get(section, {})) resulting_dict = {} for option, admin_value in admin_options.items(): user_value = user_options.get(option) if ( user_value is not None # All options available to user are overridable by default and overridable.get((section, option), True) ): resulting_dict[option] = user_value else: resulting_dict[option] = admin_value return resulting_dict effective_config = { section: normalize_section(section) for section in allowed_sections } return fm_config_cleanup(effective_config, user_config.username) class HookEvents: IM360_EVENTS = ( AGENT, LICENSE, MALWARE_SCANNING, MALWARE_CLEANUP, MALWARE_DETECTED, ) = ( "agent", "license", "malware-scanning", "malware-cleanup", "malware-detected", ) IMAV_EVENTS = ( LICENSE, MALWARE_SCANNING, MALWARE_CLEANUP, MALWARE_DETECTED, ) EVENTS = IMAV_EVENTS if ANTIVIRUS_MODE else IM360_EVENTS class ConfigsValidatorError(Exception): def __init__(self, configs_to_errors: Dict[Config, str]): self.configs_to_errors = configs_to_errors def __repr__(self): errors = [] for config, error in self.configs_to_errors.items(): errors.append(f"{config!r}: {error}") return "\n".join(errors) class ConfigsValidator: """A class that has methods to validate configs bypassing the cache""" @classmethod def validate_system_config(cls): """ Validate merged config :raises ConfigsValidatorError """ SystemConfig().validate() @classmethod def validate_config_layers(cls): """ Validate all config layers, collect all errors :raises ConfigsValidatorError """ configs_to_errors = {} for layer in Merger(Merger.get_layer_names()).layers: try: layer.validate() except ConfigsValidatorError as e: configs_to_errors.update(e.configs_to_errors) if configs_to_errors: raise ConfigsValidatorError(configs_to_errors) @classmethod def validate( cls, config_dict: dict, validation_schema: Union[dict, Callable] = config_schema_root, ) -> None: """ Validate config represented by a dict :param config_dict: config to validate :param validation_schema: schema to validate config against :raises ConfigValidationError """ schema = cls.get_validation_schema(validation_schema) v = ConfigValidator(schema) if not v.validate(config_dict): raise ConfigValidationError(v.errors) @staticmethod def get_validation_schema( validation_schema: Union[Mapping, Callable], ) -> Mapping: if callable(validation_schema): return validation_schema() return validation_schema ConfigFile = config_file_factory class AdminContacts: ENABLE_ICONTACT_NOTIFICATIONS = FromConfig( section="ADMIN_CONTACTS", option="enable_icontact_notifications", ) class IContactMessageType(str, Enum): MALWARE_FOUND = "MalwareFound" SCAN_NOT_SCHEDULED = "ScanNotScheduled" GENERIC = "Generic" def __str__(self): return self.value CONFIG_SCHEMA_BACKUP_SYSTEM = { "BACKUP_SYSTEM": { "type": "dict", "schema": { "enabled": { "type": "boolean", "default": False, }, "backup_system": { "type": "string", "default": None, "nullable": True, "allowed": [ CPANEL, PLESK, R1SOFT, ACRONIS, CLOUDLINUX, DIRECTADMIN, CLOUDLINUX_ON_PREMISE, CLUSTERLOGICS, SAMPLE_BACKEND, ], }, }, "default": {}, } } class BackupConfig(Config): DISCLAIMER = """\ # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # DO NOT EDIT. AUTOMATICALLY GENERATED. # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # # Direct modifications to this file WILL be lost upon subsequent # regeneration of this configuration file. # # To have your modifications retained, you should use CLI command # imunify360-agent backup-systems <init|disable> <backup-system> # or activate/deactivate appropriate feature in UI. # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # """ def __init__( self, *, path=os.path.join( "/etc/sysconfig/imunify360", Core.BACKUP_CONFIGFILENAME ), validation_schema=CONFIG_SCHEMA_BACKUP_SYSTEM, ): super().__init__(path=path, validation_schema=validation_schema) class BackupRestore: ENABLED = FromConfig( section="BACKUP_SYSTEM", option="enabled", config_cls=BackupConfig ) _BACKUP_SYSTEM = FromConfig( section="BACKUP_SYSTEM", option="backup_system", config_cls=BackupConfig, ) CL_BACKUP_ALLOWED = FromConfig( section="BACKUP_RESTORE", option="cl_backup_allowed", ) CL_ON_PREMISE_BACKUP_ALLOWED = FromConfig( section="BACKUP_RESTORE", option="cl_on_premise_backup_allowed", ) @classmethod def backup_system(cls): return _get_backend_system(cls._BACKUP_SYSTEM) def _get_backend_system(name): """ Get backup module from its name :param name: backup system name :return: backup system module """ from restore_infected import backup_backends if name in (CLOUDLINUX, CLOUDLINUX_ON_PREMISE): # cloudlinux backup is actually acronis one name = ACRONIS elif name is None: return None return backup_backends.backend(name, async_=True) class AcronisBackup: # https://kb.acronis.com/content/1711 # https://kb.acronis.com/content/47189 LOG_NAME = "acronis-installer.log" PORTS = (8443, 44445, 55556) RANGE = {(7770, 7800)} def should_try_autorestore_malicious(username: str) -> bool: """ Checks is Agent should try restore malware file firts and returns user that set this action in config """ try_restore, _ = choose_value_from_config( "MALWARE_SCANNING", "try_restore_from_backup_first", username ) return BackupRestore.ENABLED and try_restore def choose_use_backups_start_from_date(username: str) -> datetime: max_days, _ = choose_value_from_config( "BACKUP_RESTORE", "max_days_in_backup", username ) until = datetime.now() - timedelta(days=max_days) return until def should_send_user_notifications(username: str) -> bool: should_send, _ = choose_value_from_config( "CONTROL_PANEL", "generic_user_notifications", username=username, ) return should_send class Wordpress: SECURITY_PLUGIN_ENABLED = FromConfig( "WORDPRESS", "security_plugin_enabled" ) class HackerTrap: DIR = "/var/imunify360" NAME = "malware_found_b64.list" SA_NAME = "malware_standalone_b64.list" DIR_PD = "/opt/imunify360/proactive/dangerlist/"
webs 1.0 - Enhanced UI