forked from aaPanel/BaoTa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tools.py
574 lines (530 loc) · 21.3 KB
/
tools.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
#coding: utf-8
# +-------------------------------------------------------------------
# | 宝塔Linux面板
# +-------------------------------------------------------------------
# | Copyright (c) 2015-2099 宝塔软件(http://bt.cn) All rights reserved.
# +-------------------------------------------------------------------
# | Author: 黄文良 <[email protected]>
# +-------------------------------------------------------------------
#------------------------------
# 工具箱
#------------------------------
import sys,os
panelPath = '/www/server/panel/';
os.chdir(panelPath)
sys.path.append(panelPath + "class/")
import public,time,json
#设置MySQL密码
def set_mysql_root(password):
import db,os
sql = db.Sql()
root_mysql = '''#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
pwd=$1
/etc/init.d/mysqld stop
mysqld_safe --skip-grant-tables&
echo '正在修改密码...';
echo 'The set password...';
sleep 6
m_version=$(cat /www/server/mysql/version.pl|grep -E "(5.1.|5.5.|5.6.|mariadb|10.)")
if [ "$m_version" != "" ];then
mysql -uroot -e "UPDATE mysql.user SET password=PASSWORD('${pwd}') WHERE user='root'";
else
mysql -uroot -e "UPDATE mysql.user SET authentication_string='' WHERE user='root'";
mysql -uroot -e "FLUSH PRIVILEGES";
mysql -uroot -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${pwd}';";
fi
mysql -uroot -e "FLUSH PRIVILEGES";
pkill -9 mysqld_safe
pkill -9 mysqld
sleep 2
/etc/init.d/mysqld start
echo '==========================================='
echo "root密码成功修改为: ${pwd}"
echo "The root password set ${pwd} successuful"''';
public.writeFile('mysql_root.sh',root_mysql)
os.system("/bin/bash mysql_root.sh " + password)
os.system("rm -f mysql_root.sh")
result = sql.table('config').where('id=?',(1,)).setField('mysql_root',password)
print(result);
#设置面板密码
def set_panel_pwd(password,ncli = False):
import db
sql = db.Sql()
result = sql.table('users').where('id=?',(1,)).setField('password',public.md5(password))
username = sql.table('users').where('id=?',(1,)).getField('username')
if ncli:
print("|-用户名: " + username);
print("|-新密码: " + password);
else:
print(username)
#设置数据库目录
def set_mysql_dir(path):
mysql_dir = '''#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
oldDir=`cat /etc/my.cnf |grep 'datadir'|awk '{print $3}'`
newDir=$1
mkdir $newDir
if [ ! -d "${newDir}" ];then
echo 'The specified storage path does not exist!'
exit
fi
echo "Stopping MySQL service..."
/etc/init.d/mysqld stop
echo "Copying files, please wait..."
\cp -r -a $oldDir/* $newDir
chown -R mysql.mysql $newDir
sed -i "s#$oldDir#$newDir#" /etc/my.cnf
echo "Starting MySQL service..."
/etc/init.d/mysqld start
echo ''
echo 'Successful'
echo '---------------------------------------------------------------------'
echo "Has changed the MySQL storage directory to: $newDir"
echo '---------------------------------------------------------------------'
''';
public.writeFile('mysql_dir.sh',mysql_dir)
os.system("/bin/bash mysql_dir.sh " + path)
os.system("rm -f mysql_dir.sh")
#封装
def PackagePanel():
print('========================================================')
print('|-正在清理日志信息...'),
public.M('logs').where('id!=?',(0,)).delete();
print('\t\t\033[1;32m[done]\033[0m')
print('|-正在清理任务历史...'),
public.M('tasks').where('id!=?',(0,)).delete();
print('\t\t\033[1;32m[done]\033[0m')
print('|-正在清理网络监控记录...'),
public.M('network').dbfile('system').where('id!=?',(0,)).delete();
print('\t\033[1;32m[done]\033[0m')
print('|-正在清理CPU监控记录...'),
public.M('cpuio').dbfile('system').where('id!=?',(0,)).delete();
print('\t\033[1;32m[done]\033[0m')
print('|-正在清理磁盘监控记录...'),
public.M('diskio').dbfile('system').where('id!=?',(0,)).delete();
print('\t\033[1;32m[done]\033[0m')
print('|-正在清理IP信息...'),
os.system('rm -f /www/server/panel/data/iplist.txt')
os.system('rm -f /www/server/panel/data/address.pl')
os.system('rm -f /www/server/panel/data/*.login')
os.system('rm -f /www/server/panel/data/domain.conf')
os.system('rm -f /www/server/panel/data/user*')
os.system('rm -f /www/server/panel/data/admin_path.pl')
os.system('rm -f /root/.ssh/*')
print('\t\033[1;32m[done]\033[0m')
print('|-正在清理系统使用痕迹...'),
command = '''cat /dev/null > /var/log/boot.log
cat /dev/null > /var/log/btmp
cat /dev/null > /var/log/cron
cat /dev/null > /var/log/dmesg
cat /dev/null > /var/log/firewalld
cat /dev/null > /var/log/grubby
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/mail.info
cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/messages
cat /dev/null > /var/log/secure
cat /dev/null > /var/log/spooler
cat /dev/null > /var/log/syslog
cat /dev/null > /var/log/tallylog
cat /dev/null > /var/log/wpa_supplicant.log
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/yum.log
history -c
'''
os.system(command);
print('\t\033[1;32m[done]\033[0m')
public.writeFile('/www/server/panel/install.pl',"True");
port = public.readFile('data/port.pl').strip();
public.M('config').where("id=?",('1',)).setField('status',0);
print('========================================================')
print('\033[1;32m|-面板封装成功,请不要再登陆面板做任何其它操作!\033[0m')
print('\033[1;41m|-面板初始化地址: http://{SERVERIP}:'+port+'/install\033[0m')
#清空正在执行的任务
def CloseTask():
ncount = public.M('tasks').where('status!=?',(1,)).delete();
os.system("kill `ps -ef |grep 'python panelSafe.pyc'|grep -v grep|grep -v panelExec|awk '{print $2}'`");
os.system("kill `ps -ef |grep 'install_soft.sh'|grep -v grep|grep -v panelExec|awk '{print $2}'`");
os.system('/etc/init.d/bt restart');
print("成功清理 " + int(ncount) + " 个任务!")
#自签证书
def CreateSSL():
import OpenSSL
key = OpenSSL.crypto.PKey()
key.generate_key( OpenSSL.crypto.TYPE_RSA, 2048 )
cert = OpenSSL.crypto.X509()
cert.set_serial_number(0)
cert.get_subject().CN = public.GetLocalIp();
cert.set_issuer(cert.get_subject())
cert.gmtime_adj_notBefore( 0 )
cert.gmtime_adj_notAfter( 10*365*24*60*60 )
cert.set_pubkey( key )
cert.sign( key, 'md5' )
cert_ca = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
private_key = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key)
if len(cert_ca) > 100 and len(private_key) > 100:
public.writeFile('ssl/certificate.pem',cert_ca)
public.writeFile('ssl/privateKey.pem',private_key)
print('success');
return;
print('error');
#创建文件
def CreateFiles(path,num):
if not os.path.exists(path): os.system('mkdir -p ' + path);
import time;
for i in range(num):
filename = path + '/' + str(time.time()) + '__' + str(i)
open(path,'w+').close()
#计算文件数量
def GetFilesCount(path):
i=0;
for name in os.listdir(path): i += 1;
return i;
#清理系统垃圾
def ClearSystem():
count = total = 0;
tmp_total,tmp_count = ClearMail();
count += tmp_count;
total += tmp_total;
print('=======================================================================')
tmp_total,tmp_count = ClearSession();
count += tmp_count;
total += tmp_total;
print('=======================================================================')
tmp_total,tmp_count = ClearOther();
count += tmp_count;
total += tmp_total;
print('=======================================================================')
print('\033[1;32m|-系统垃圾清理完成,共删除['+str(count)+']个文件,释放磁盘空间['+ToSize(total)+']\033[0m');
#清理邮件日志
def ClearMail():
rpath = '/var/spool';
total = count = 0;
import shutil
con = ['cron','anacron','mail'];
for d in os.listdir(rpath):
if d in con: continue;
dpath = rpath + '/' + d
print('|-正在清理' + dpath + ' ...');
time.sleep(0.2);
num = size = 0;
for n in os.listdir(dpath):
filename = dpath + '/' + n
fsize = os.path.getsize(filename);
print('|---['+ToSize(fsize)+'] del ' + filename),
size += fsize
if os.path.isdir(filename):
shutil.rmtree(filename)
else:
os.remove(filename)
print('\t\033[1;32m[OK]\033[0m')
num += 1
print('|-已清理['+dpath+'],删除['+str(num)+']个文件,共释放磁盘空间['+ToSize(size)+']');
total += size;
count += num;
print('=======================================================================')
print('|-已完成spool的清理,删除['+str(count)+']个文件,共释放磁盘空间['+ToSize(total)+']');
return total,count
#清理php_session文件
def ClearSession():
spath = '/tmp'
total = count = 0;
import shutil
print('|-正在清理PHP_SESSION ...');
for d in os.listdir(spath):
if d.find('sess_') == -1: continue;
filename = spath + '/' + d;
fsize = os.path.getsize(filename);
print('|---['+ToSize(fsize)+'] del ' + filename),
total += fsize
if os.path.isdir(filename):
shutil.rmtree(filename)
else:
os.remove(filename)
print('\t\033[1;32m[OK]\033[0m')
count += 1;
print('|-已完成php_session的清理,删除['+str(count)+']个文件,共释放磁盘空间['+ToSize(total)+']');
return total,count
#清空回收站
def ClearRecycle_Bin():
import files
f = files.files();
f.Close_Recycle_bin(None);
#清理其它
def ClearOther():
clearPath = [
{'path':'/www/server/panel','find':'testDisk_'},
{'path':'/www/wwwlogs','find':'log'},
{'path':'/tmp','find':'panelBoot.pl'},
{'path':'/www/server/panel/install','find':'.rpm'},
{'path':'/www/server/panel/install','find':'.zip'},
{'path':'/www/server/panel/install','find':'.gz'}
]
total = count = 0;
print('|-正在清理临时文件及网站日志 ...');
for c in clearPath:
for d in os.listdir(c['path']):
if d.find(c['find']) == -1: continue;
filename = c['path'] + '/' + d;
if os.path.isdir(filename): continue
fsize = os.path.getsize(filename);
print('|---['+ToSize(fsize)+'] del ' + filename),
total += fsize
os.remove(filename)
print('\t\033[1;32m[OK]\033[0m')
count += 1;
public.serviceReload();
os.system('sleep 1 && /etc/init.d/bt reload > /dev/null &');
print('|-已完成临时文件及网站日志的清理,删除['+str(count)+']个文件,共释放磁盘空间['+ToSize(total)+']');
return total,count
#关闭普通日志
def CloseLogs():
try:
paths = ['/usr/lib/python2.7/site-packages/web/httpserver.py','/usr/lib/python2.6/site-packages/web/httpserver.py']
for path in paths:
if not os.path.exists(path): continue;
hsc = public.readFile(path);
if hsc.find('500 Internal Server Error') != -1: continue;
rstr = '''def log(self, status, environ):
if status != '500 Internal Server Error': return;''';
hsc = hsc.replace("def log(self, status, environ):",rstr)
if hsc.find('500 Internal Server Error') == -1: return False;
public.writeFile(path,hsc)
except:pass;
#字节单位转换
def ToSize(size):
ds = ['b','KB','MB','GB','TB']
for d in ds:
if size < 1024: return str(size)+d;
size = size / 1024;
return '0b';
#随机面板用户名
def set_panel_username(username = None):
import db
sql = db.Sql()
if username:
if len(username) < 5:
print("|-错误,用户名长度不能少于5位")
return;
if username in ['admin','root']:
print("|-错误,不能使用过于简单的用户名")
return;
sql.table('users').where('id=?',(1,)).setField('username',username)
print("|-新用户名: %s" % username)
return;
username = sql.table('users').where('id=?',(1,)).getField('username')
if username == 'admin':
username = public.GetRandomString(8).lower()
sql.table('users').where('id=?',(1,)).setField('username',username)
print('username: ' + username)
#设定idc
def setup_idc():
try:
panelPath = '/www/server/panel'
filename = panelPath + '/data/o.pl'
if not os.path.exists(filename): return False
o = public.readFile(filename).strip()
c_url = 'http://www.bt.cn/api/idc/get_idc_info_bycode?o=%s' % o
idcInfo = json.loads(public.httpGet(c_url))
if not idcInfo['status']: return False
pFile = panelPath + '/config/config.json'
pInfo = json.loads(public.readFile(pFile))
pInfo['brand'] = idcInfo['msg']['name']
pInfo['product'] = u'与宝塔联合定制版'
public.writeFile(pFile,json.dumps(pInfo))
tFile = panelPath + '/data/title.pl'
titleNew = (pInfo['brand'] + u'面板').encode('utf-8')
if os.path.exists(tFile):
title = public.readFile(tFile).strip()
if title == '宝塔Linux面板' or title == '':
public.writeFile(tFile,titleNew)
public.SetConfigValue('title',titleNew)
else:
public.writeFile(tFile,titleNew)
public.SetConfigValue('title',titleNew)
return True
except:pass
#将插件升级到6.0
def update_to6():
print("====================================================")
print("正在升级插件...")
print("====================================================")
download_address = public.get_url()
exlodes = ['gitlab','pm2','mongodb','deployment_jd','logs','docker','beta','btyw']
for pname in os.listdir('plugin/'):
if not os.path.isdir('plugin/' + pname): continue
if pname in exlodes: continue
print("|-正在升级【%s】..." % pname),
download_url = download_address + '/install/plugin/' + pname + '/install.sh';
to_file = '/tmp/%s.sh' % pname
public.downloadFile(download_url,to_file);
os.system('/bin/bash ' + to_file + ' install &> /tmp/plugin_update.log 2>&1');
print(" \033[32m[成功]\033[0m")
print("====================================================")
print("\033[32m所有插件已成功升级到6.0兼容!\033[0m")
print("====================================================")
#命令行菜单
def bt_cli(u_input = 0):
raw_tip = "==============================================="
if not u_input:
print("===============宝塔面板命令行==================")
print("(1) 重启面板服务 (8) 改面板端口")
print("(2) 停止面板服务 (9) 清除面板缓存")
print("(3) 启动面板服务 (10) 清除登录限制")
print("(4) 重载面板服务 (11) 取消入口限制")
print("(5) 修改面板密码 (12) 取消域名绑定限制")
print("(6) 修改面板用户名 (13) 取消IP访问限制")
print("(7) 强制修改MySQL密码 (14) 查看面板默认信息")
print("(22) 显示面板错误日志 (15) 清理系统垃圾")
print("(23) 关闭BasicAuth认证 (16) 修复面板(检查错误并更新面板文件到最新版)")
print("(0) 取消 ")
print(raw_tip)
try:
u_input = input("请输入命令编号:")
if sys.version_info[0] == 3: u_input = int(u_input)
except: u_input = 0
nums = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,22,23]
if not u_input in nums:
print(raw_tip)
print("已取消!")
exit()
print(raw_tip)
print("正在执行(%s)..." % u_input)
print(raw_tip)
if u_input == 1:
os.system("/etc/init.d/bt restart")
elif u_input == 2:
os.system("/etc/init.d/bt stop")
elif u_input == 3:
os.system("/etc/init.d/bt start")
elif u_input == 4:
os.system("/etc/init.d/bt reload")
elif u_input == 5:
if sys.version_info[0] == 2:
input_pwd = raw_input("请输入新的面板密码:")
else:
input_pwd = input("请输入新的面板密码:")
set_panel_pwd(input_pwd.strip(),True)
elif u_input == 6:
if sys.version_info[0] == 2:
input_user = raw_input("请输入新的面板用户名(>5位):")
else:
input_user = input("请输入新的面板用户名(>5位):")
set_panel_username(input_user.strip())
elif u_input == 7:
if sys.version_info[0] == 2:
input_mysql = raw_input("请输入新的MySQL密码:")
else:
input_mysql = input("请输入新的MySQL密码:")
if not input_mysql:
print("|-错误,不能设置空密码")
return;
if len(input_mysql) < 8:
print("|-错误,长度不能少于8位")
return;
import re
rep = "^[\w@\._]+$"
if not re.match(rep, input_mysql):
print("|-错误,密码中不能包含特殊符号")
return;
print(input_mysql)
set_mysql_root(input_mysql.strip())
elif u_input == 8:
input_port = input("请输入新的面板端口:")
if sys.version_info[0] == 3: input_port = int(input_port)
if not input_port:
print("|-错误,未输入任何有效端口")
return;
if input_port in [80,443,21,20,22]:
print("|-错误,请不要使用常用端口作为面板端口")
return;
old_port = int(public.readFile('data/port.pl'))
if old_port == input_port:
print("|-错误,与面板当前端口一致,无需修改")
return;
is_exists = public.ExecShell("lsof -i:%s|grep LISTEN|grep -v grep" % input_port)
if len(is_exists[0]) > 5:
print("|-错误,指定端口已被其它应用占用")
return;
public.writeFile('data/port.pl',str(input_port))
if os.path.exists("/usr/bin/firewall-cmd"):
os.system("firewall-cmd --permanent --zone=public --add-port=%s/tcp" % input_port)
os.system("firewall-cmd --reload")
elif os.path.exists("/etc/sysconfig/iptables"):
os.system("iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport %s -j ACCEPT" % input_port)
os.system("service iptables save")
else:
os.system("ufw allow %s" % input_port)
os.system("ufw reload")
os.system("/etc/init.d/bt reload")
print("|-已将面板端口修改为:%s" % input_port)
print("|-若您的服务器提供商是[阿里云][腾讯云][华为云]或其它开启了[安全组]的服务器,请在安全组放行[%s]端口才能访问面板" % input_port)
elif u_input == 9:
sess_file = '/dev/shm/session.db'
if os.path.exists(sess_file): os.remove(sess_file)
os.system("/etc/init.d/bt reload")
elif u_input == 10:
os.system("/etc/init.d/bt reload")
elif u_input == 11:
auth_file = 'data/admin_path.pl'
if os.path.exists(auth_file): os.remove(auth_file)
os.system("/etc/init.d/bt reload")
print("|-已取消入口限制")
elif u_input == 12:
auth_file = 'data/domain.conf'
if os.path.exists(auth_file): os.remove(auth_file)
os.system("/etc/init.d/bt reload")
print("|-已取消域名访问限制")
elif u_input == 13:
auth_file = 'data/limitip.conf'
if os.path.exists(auth_file): os.remove(auth_file)
os.system("/etc/init.d/bt reload")
print("|-已取消IP访问限制")
elif u_input == 14:
os.system("/etc/init.d/bt default")
elif u_input == 15:
ClearSystem()
elif u_input == 16:
os.system("curl http://download.bt.cn/install/update6.sh|bash")
elif u_input == 22:
os.system('tail -100 /www/server/panel/logs/error.log')
elif u_input == 23:
filename = '/www/server/panel/config/basic_auth.json'
if os.path.exists(filename): os.remove(filename)
os.system('bt reload')
print("|-已关闭BasicAuth认证")
if __name__ == "__main__":
type = sys.argv[1];
if type == 'root':
set_mysql_root(sys.argv[2])
elif type == 'panel':
set_panel_pwd(sys.argv[2])
elif type == 'username':
set_panel_username()
elif type == 'o':
setup_idc()
elif type == 'mysql_dir':
set_mysql_dir(sys.argv[2])
elif type == 'to':
panel2To3()
elif type == 'package':
PackagePanel();
elif type == 'ssl':
CreateSSL();
elif type == 'port':
CheckPort();
elif type == 'clear':
ClearSystem();
elif type == 'closelog':
CloseLogs();
elif type == 'update_to6':
update_to6()
elif type == "cli":
clinum = 0
if len(sys.argv) > 2: clinum = int(sys.argv[2])
bt_cli(clinum)
else:
print('ERROR: Parameter error')