[HOME]

Path : /opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/migrations/
Upload :
Current File : //opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/migrations/112_hardened_php.py

import contextlib
import logging
import os
import os.path

from defence360agent.utils import importer


chattr = importer.get(
    module="imav.malwarelib.utils", name="chattr", default=None
)

logger = logging.getLogger(__name__)
ALT_PHP = "imunify360-alt-php.repo"
EA_PHP = "imunify360-ea-php-hardened.repo"
REPOS_DIR = "/etc/yum.repos.d/"


def irrelevant_repos(release):
    if "cloudlinux" in release:
        # CloudLinux doesn't need either
        return {ALT_PHP, EA_PHP}
    elif os.path.exists("/usr/local/cpanel/cpanel"):
        # cPanel does not need alt-php
        return set([ALT_PHP])
    else:
        # ea-php is only for cPanel
        return set([EA_PHP])


def fix_permissions():
    for repo_name in [ALT_PHP, EA_PHP]:
        path = REPOS_DIR + repo_name
        if not os.path.exists(path):
            continue
        with open(path) as f:
            chattr.subtract_flags(f.fileno(), chattr.FS_IMMUTABLE_FL)
            os.chmod(f.fileno(), 0o644)


def do_migrate():
    if not os.path.exists("/etc/redhat-release"):
        # we do not have to do anything on Ubuntu systems
        return
    with open("/etc/redhat-release") as f:
        release = f.read().lower()
    fix_permissions()
    for repo_name in irrelevant_repos(release):
        with contextlib.suppress(FileNotFoundError):
            os.unlink(REPOS_DIR + repo_name)


def migrate(migrator, database, fake=False, **kwargs):
    if fake:
        return
    try:
        do_migrate()
    except Exception:
        logger.exception("Failed to clean up HardenedPHP repositories")


def rollback(migrator, database, fake=False, **kwargs):
    pass