Mirrors/ProxMenux
1
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2026-02-19 00:46:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update security

Browse Source
This commit is contained in:
MacRimi
2026-02-08 13:19:24 +01:00
parent 3ad5b72ebf
commit f07e8cfe14
7 changed files with 2931 additions and 1298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
AppImage/scripts/flask_security_routes.py Normal file
View File

@@ -0,0 +1,145 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
ProxMenux Security Routes
Flask blueprint for firewall management and security tool detection.
"""
from flask import Blueprint, jsonify, request
security_bp = Blueprint('security', __name__)
try:
import security_manager
except ImportError:
security_manager = None
# -------------------------------------------------------------------
# Proxmox Firewall
# -------------------------------------------------------------------
@security_bp.route('/api/security/firewall/status', methods=['GET'])
def firewall_status():
"""Get Proxmox firewall status, rules, and port 8008 status"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
status = security_manager.get_firewall_status()
return jsonify({"success": True, **status})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
@security_bp.route('/api/security/firewall/enable', methods=['POST'])
def firewall_enable():
"""Enable Proxmox firewall at host or cluster level"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
data = request.json or {}
level = data.get("level", "host")
success, message = security_manager.enable_firewall(level)
return jsonify({"success": success, "message": message})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
@security_bp.route('/api/security/firewall/disable', methods=['POST'])
def firewall_disable():
"""Disable Proxmox firewall at host or cluster level"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
data = request.json or {}
level = data.get("level", "host")
success, message = security_manager.disable_firewall(level)
return jsonify({"success": success, "message": message})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
@security_bp.route('/api/security/firewall/monitor-port', methods=['POST'])
def firewall_add_monitor_port():
"""Add firewall rule to allow port 8008 for ProxMenux Monitor"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
success, message = security_manager.add_monitor_port_rule()
return jsonify({"success": success, "message": message})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
@security_bp.route('/api/security/firewall/monitor-port', methods=['DELETE'])
def firewall_remove_monitor_port():
"""Remove the ProxMenux Monitor port 8008 rule"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
success, message = security_manager.remove_monitor_port_rule()
return jsonify({"success": success, "message": message})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
# -------------------------------------------------------------------
# Fail2Ban Detailed Management
# -------------------------------------------------------------------
@security_bp.route('/api/security/fail2ban/details', methods=['GET'])
def fail2ban_details():
"""Get detailed Fail2Ban info: per-jail banned IPs, stats, config"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
details = security_manager.get_fail2ban_details()
return jsonify({"success": True, **details})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
@security_bp.route('/api/security/fail2ban/unban', methods=['POST'])
def fail2ban_unban():
"""Unban a specific IP from a Fail2Ban jail"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
data = request.json or {}
jail = data.get("jail", "")
ip = data.get("ip", "")
success, message = security_manager.unban_ip(jail, ip)
if success:
return jsonify({"success": True, "message": message})
else:
return jsonify({"success": False, "message": message}), 400
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
@security_bp.route('/api/security/fail2ban/activity', methods=['GET'])
def fail2ban_activity():
"""Get recent Fail2Ban log activity"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
events = security_manager.get_fail2ban_recent_activity()
return jsonify({"success": True, "events": events})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500
# -------------------------------------------------------------------
# Security Tools Detection
# -------------------------------------------------------------------
@security_bp.route('/api/security/tools', methods=['GET'])
def security_tools():
"""Detect installed security tools (Fail2Ban, Lynis, etc.)"""
if not security_manager:
return jsonify({"success": False, "message": "Security manager not available"}), 500
try:
tools = security_manager.detect_security_tools()
return jsonify({"success": True, "tools": tools})
except Exception as e:
return jsonify({"success": False, "message": str(e)}), 500