U

��-d>�@s|dd
lZdd
l
Z
ddlmZ
dZdZdZdZdZdZ	dZ
d	d
�Zdd�Zd
d�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd
S)�N)
�HostingPanel�FULL�MINIMAL��
�DENY�ALLOWc

Cst�
t|�S�
N)�	functools�partial�max)
Zminimum�r
�?/opt/imunify360/venv/share/imunify360/config_schema/firewall.py�
not_less_thans
rc

Cs"tt
td
d�|D�
�
�
dd�d�S)Nc
Ssg|]}
|
�dd
��qS)�
:�
-)
�replace)�.0�
vr
r
r�
<listcomp>sz%coerce_sort_ports.<locals>.<listcomp>c

Sst|�
d
�
d�
S)Nrr
)�int�rsplit)
rr
r
r�<lambda>�z#coerce_sort_ports.<locals>.<lambda>)
�key)�sorted�list�set�
�valuer
r
r�coerce_sort_portss


�r cCst�j
||
Sr	)rZ
OPEN_PORTS)�protocol�	directionr
r
r�get_default_portss
r#cCspd
d�}t�
d|
�}|s&||d�
dS||�d�
�
sB||d�
dS|�d�
dk	rl||�d�
�
sl||d�
dSdS)	z
    {'type': 'boolean'}
    c

Ssd
t|�
k
odk
S
S)Nr�)
r)
�portr
r
r�in_range$s
z,_validate_is_port_or_range.<locals>.in_rangez^(\d+)([:|-](\d+))?$z,Port should be integer or range (2-4 or 2:4)Nrz#Port should be within range 0-65535�)�re�match�group)�fieldr�errorr&�portsr
r
r�_validate_is_port_or_ranges











r.csd
dtd���
fdd�t
d�S)Nr�string)�type�
check_withc

s
t�
��Sr	)
r#r�r"�protor
rr:rzlist_of_ports.<locals>.<lambda>)r0�schema�default_setter�coerce)r.r )r3r"r
r2r�
list_of_ports3s
�
�r7c

Cs$d
|kr |d
r d|d<d|d<|S)N�php_immunity�KILL�modeT�blamerr
)
Zproactive_defenser
r
r�proactive_defense_rules?s��

r<cCs�d
dtdddd�dtdddd�d�id�d
d	dd
d�d	dd
d�dgd
�d�id�d
id	t
tt
gd�tdd�tdd�tdd�tdd�ddd
�d�d�d
dttt�
fttd�dttt�
fddd�d
dtddd�dttt�
ftd�id�dd
d
�d�id�d
dd
d
�d	tt	tgd�dddd �d	dd!d"�d#�id�d
dd
d
�dtdd$d�dtdd%d�dtdd&d$d�dtdd$d�d'�id�d
dtd(�d
dtdd$d�dtdd%d�d)�d*�d%d+d,�d%d+d,�d-�d�d
dtdd.d�dtdd/d�dtdd0d�dtd1d+d�d2�id�d
dd3di
gd�dd3di
gd�d4�id�d
d5dd6d
�i
id�d
dd
d
�dd7d
�dd.d
�dd8d
�d9�id�d
d:d	d;d;d<gd�i
id�d
d=ddd
�i
id�d
t
tfd	dd>d?d>d@gdA�ddd
d �dddd �dB�idC�d
dd
d
�ddd
d �d	d!d
�d	d!d
�dd
d
�ddd
�dD�id�d
dEdddd �i
id�d
dFdddd �i
id�d
ddd
d �ddd
d �dddd �dddd �dG�id�d
dHdddd �i
id�d
ddd
�ddtd(�dIdJdKgd�dd3d	i
gd�dd3d	i
dLg
d�ddd
�ddd
�dM�id�dN�S)ON�dict�integerr
ip
i�)r0r6�minr�default)�timeoutZafter_unblock_timeout�r0r4r@r/T)r0r@�nullabler)r0r@)Z
eth_deviceZeth6_deviceZeth_device_skip)r0r@�allowed�tcp�in�out�udp�booleanF)Zport_blocking_modeZTCP_IN_IPv4ZTCP_OUT_IPv4ZUDP_IN_IPv4ZUDP_OUT_IPv4Zinternal_use_remote_iplist)r0r@r4)r0r6r?r@r�r$)r0r6r?r)r0r6r?)r0�	keyschema�valueschemar@)Z
default_limit�intervalZport_limits�enabled�r0rCr@�)r0�requiredr@)Zapp_specific_rulesetZrulesetZ!cms_account_compromise_preventionZ
prev_settings��x�)�enable�
max_incidents�check_periodZseverity_limitZdenied_num_limit)r0r6)rVrW)r0r4�
)rWrV)i4�i;��di��
��)Znum_days�limitZ
min_log_levelZui_autorefresh_timeoutr0)Z
http_portsZhttps_portsZcert_refresh_timeoutii`Ti/
)rNZ
time_frame�	max_countrAZdefault_moderDZdeniedZmodsec_directives�LOG�DISABLEDr9)r0rCr@rD)r:r;r8)r0r6r4r@)rUZknown_proxies_supportZcaptcha_site_keyZcaptcha_secret_keyZ
splash_screenZinvisible_captchaZactive_responseZcatch_lfd_events)rUZexim_dovecot_protectionZexim_dovecot_nativeZftp_protection�edf�iKi�
Zmail)rUr-Zallow_usersZallow_groupsZallow_localZredirect)ZAUTO_WHITELISTZNETWORK_INTERFACEZFIREWALLZDOSZMOD_SECZMOD_SEC_BLOCK_BY_SEVERITYZMOD_SEC_BLOCK_BY_CUSTOM_RULEZINCIDENT_LOGGINGZWEB_SERVICESZCAPTCHAZCAPTCHA_DOSZ
BLOCKED_PORTSZ
STOP_MANAGING�PROACTIVE_DEFENCEZ	WEBSHIELDZOSSECZCSF_INTEGRATIONZPAM�
KERNELCAREZ
SMTP_BLOCKING)r�PORT_BLOCKING_MODE_ALLOW�PORT_BLOCKING_MODE_DENYr7r�_DOS_DETECTOR_MIN_LIMIT�_DOS_DETECTOR_DEFAULT_LIMIT�_DOS_DETECTOR_MIN_INTERVAL�MODSEC_RULESET_FULL�MODSEC_RULESET_MINIMALr=r<r
r
r
r�get_root_configIs�



�



���

�

��
�


��



���



�



�


�
���
��$�)
�

�

�

���
�


�


�



�


���$
�


�


���
��


�


�


�


���

�

�����
�
�
��


���

���



�

�

���

�
�
�
�
���


���


���

�

�

�

���


���
�
��	����
�
��$�����rkcCs.d
ddddddgdd�d	ddd
�d�id�i
S)
Nrbr=r/Tr_r^r9)r0rCrDr@rIrO)r:r;rBr
r
r
r
r�get_non_root_config�
s



�

��
��rl)r
r(Z+defence360agent.subsys.panels.hosting_panelrrirjrgrfrhrerdrr r#r.r7r<rkrlr
r
r
r�<module>
s(






4