golden hour
/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
237 B
Del
OK
__pycache__
-
Del
OK
aggregation.py
5.17 KB
Del
OK
ansible.py
1.48 KB
Del
OK
args.py
18.33 KB
Del
OK
asynchronous.py
4.06 KB
Del
OK
atomicfile.py
5.33 KB
Del
OK
aws.py
20.37 KB
Del
OK
azurearm.py
11.42 KB
Del
OK
beacons.py
517 B
Del
OK
boto3mod.py
8.36 KB
Del
OK
boto_elb_tag.py
3.02 KB
Del
OK
botomod.py
7.98 KB
Del
OK
cache.py
11.49 KB
Del
OK
channel.py
489 B
Del
OK
cloud.py
116.3 KB
Del
OK
color.py
2.72 KB
Del
OK
compat.py
1.89 KB
Del
OK
configcomparer.py
3.88 KB
Del
OK
configparser.py
10.82 KB
Del
OK
context.py
6.8 KB
Del
OK
crypt.py
5 KB
Del
OK
ctx.py
1.42 KB
Del
OK
data.py
53.03 KB
Del
OK
dateutils.py
2.3 KB
Del
OK
debug.py
4.19 KB
Del
OK
decorators
-
Del
OK
dictdiffer.py
16.48 KB
Del
OK
dicttrim.py
3.9 KB
Del
OK
dictupdate.py
11.33 KB
Del
OK
dns.py
35.21 KB
Del
OK
doc.py
2.25 KB
Del
OK
dockermod
-
Del
OK
entrypoints.py
1.83 KB
Del
OK
environment.py
2.2 KB
Del
OK
error.py
1.18 KB
Del
OK
etcd_util.py
33.25 KB
Del
OK
event.py
52.45 KB
Del
OK
extend.py
8.87 KB
Del
OK
extmods.py
6.04 KB
Del
OK
filebuffer.py
3.15 KB
Del
OK
files.py
27.94 KB
Del
OK
find.py
22.08 KB
Del
OK
fsutils.py
3.29 KB
Del
OK
functools.py
6.02 KB
Del
OK
gitfs.py
130.41 KB
Del
OK
github.py
1.52 KB
Del
OK
gzip_util.py
2.86 KB
Del
OK
hashutils.py
5.91 KB
Del
OK
http.py
33.9 KB
Del
OK
iam.py
1.22 KB
Del
OK
icinga2.py
754 B
Del
OK
idem.py
1.22 KB
Del
OK
immutabletypes.py
2.46 KB
Del
OK
itertools.py
2.36 KB
Del
OK
jid.py
3 KB
Del
OK
jinja.py
33.92 KB
Del
OK
job.py
6.89 KB
Del
OK
json.py
3.78 KB
Del
OK
kickstart.py
41.04 KB
Del
OK
kinds.py
493 B
Del
OK
lazy.py
3.06 KB
Del
OK
listdiffer.py
10.9 KB
Del
OK
locales.py
2.06 KB
Del
OK
mac_utils.py
14.01 KB
Del
OK
mako.py
3.97 KB
Del
OK
master.py
29.7 KB
Del
OK
mattermost.py
1.77 KB
Del
OK
memcached.py
3.56 KB
Del
OK
migrations.py
1.46 KB
Del
OK
mine.py
3.68 KB
Del
OK
minion.py
4.13 KB
Del
OK
minions.py
43.38 KB
Del
OK
mount.py
1.15 KB
Del
OK
msazure.py
5.36 KB
Del
OK
msgpack.py
4.69 KB
Del
OK
nacl.py
13.65 KB
Del
OK
namecheap.py
4.32 KB
Del
OK
napalm.py
23.22 KB
Del
OK
nb_popen.py
7.24 KB
Del
OK
network.py
73.86 KB
Del
OK
nxos.py
12.94 KB
Del
OK
nxos_api.py
4 KB
Del
OK
odict.py
13.21 KB
Del
OK
openstack
-
Del
OK
oset.py
6.41 KB
Del
OK
pagerduty.py
3.03 KB
Del
OK
parsers.py
122.69 KB
Del
OK
path.py
11.24 KB
Del
OK
pbm.py
9.81 KB
Del
OK
pkg
-
Del
OK
platform.py
5.84 KB
Del
OK
powershell.py
4.15 KB
Del
OK
preseed.py
2.64 KB
Del
OK
process.py
40.76 KB
Del
OK
profile.py
3.21 KB
Del
OK
proxy.py
331 B
Del
OK
psutil_compat.py
3.63 KB
Del
OK
pushover.py
4.51 KB
Del
OK
pycrypto.py
5.41 KB
Del
OK
pydsl.py
13.74 KB
Del
OK
pyobjects.py
10.75 KB
Del
OK
reactor.py
18.99 KB
Del
OK
reclass.py
752 B
Del
OK
roster_matcher.py
3.55 KB
Del
OK
rsax931.py
8.42 KB
Del
OK
s3.py
8.78 KB
Del
OK
saltclass.py
14.27 KB
Del
OK
sanitizers.py
2.51 KB
Del
OK
schedule.py
71.81 KB
Del
OK
schema.py
54.26 KB
Del
OK
sdb.py
4.04 KB
Del
OK
slack.py
3.58 KB
Del
OK
smb.py
11.16 KB
Del
OK
smtp.py
3.27 KB
Del
OK
ssdp.py
14.75 KB
Del
OK
ssh.py
769 B
Del
OK
state.py
8.43 KB
Del
OK
stringio.py
355 B
Del
OK
stringutils.py
16.95 KB
Del
OK
systemd.py
5.51 KB
Del
OK
templates.py
24.03 KB
Del
OK
textformat.py
5.03 KB
Del
OK
thin.py
31.91 KB
Del
OK
timed_subprocess.py
4.06 KB
Del
OK
timeout.py
1.53 KB
Del
OK
timeutil.py
2.4 KB
Del
OK
url.py
5 KB
Del
OK
user.py
11.86 KB
Del
OK
validate
-
Del
OK
value.py
247 B
Del
OK
vault.py
21.74 KB
Del
OK
verify.py
25.34 KB
Del
OK
versions.py
17.17 KB
Del
OK
virt.py
3.24 KB
Del
OK
virtualbox.py
22.43 KB
Del
OK
vmware.py
129.74 KB
Del
OK
vsan.py
17.18 KB
Del
OK
vt.py
31.47 KB
Del
OK
vt_helper.py
4.4 KB
Del
OK
win_chcp.py
3.7 KB
Del
OK
win_dacl.py
95.49 KB
Del
OK
win_dotnet.py
4.74 KB
Del
OK
win_functions.py
12.69 KB
Del
OK
win_lgpo_auditpol.py
8.48 KB
Del
OK
win_lgpo_netsh.py
17.87 KB
Del
OK
win_lgpo_reg.py
16.98 KB
Del
OK
win_network.py
16.35 KB
Del
OK
win_osinfo.py
2.83 KB
Del
OK
win_pdh.py
13.85 KB
Del
OK
win_reg.py
30.82 KB
Del
OK
win_runas.py
10.53 KB
Del
OK
win_service.py
5.2 KB
Del
OK
win_system.py
14.47 KB
Del
OK
win_update.py
40.36 KB
Del
OK
winapi.py
818 B
Del
OK
x509.py
73.19 KB
Del
OK
xdg.py
316 B
Del
OK
xmlutil.py
13.91 KB
Del
OK
yaml.py
349 B
Del
OK
yamldumper.py
3.37 KB
Del
OK
yamlencoding.py
1.55 KB
Del
OK
yamllint.py
1.61 KB
Del
OK
yamlloader.py
6.04 KB
Del
OK
yamlloader_old.py
8.15 KB
Del
OK
yast.py
619 B
Del
OK
zeromq.py
1.74 KB
Del
OK
zfs.py
19.15 KB
Del
OK
Edit: win_lgpo_netsh.py
r""" A salt util for modifying firewall settings. .. versionadded:: 2018.3.4 .. versionadded:: 2019.2.0 This util allows you to modify firewall settings in the local group policy in addition to the normal firewall settings. Parameters are taken from the netsh advfirewall prompt. .. note:: More information can be found in the advfirewall context in netsh. This can be access by opening a netsh prompt. At a command prompt type the following: c:\>netsh netsh>advfirewall netsh advfirewall>set help netsh advfirewall>set domain help Usage: .. code-block:: python import salt.utils.win_lgpo_netsh # Get the inbound/outbound firewall settings for connections on the # local domain profile salt.utils.win_lgpo_netsh.get_settings(profile='domain', section='firewallpolicy') # Get the inbound/outbound firewall settings for connections on the # domain profile as defined by local group policy salt.utils.win_lgpo_netsh.get_settings(profile='domain', section='firewallpolicy', store='lgpo') # Get all firewall settings for connections on the domain profile salt.utils.win_lgpo_netsh.get_all_settings(profile='domain') # Get all firewall settings for connections on the domain profile as # defined by local group policy salt.utils.win_lgpo_netsh.get_all_settings(profile='domain', store='lgpo') # Get all firewall settings for all profiles salt.utils.win_lgpo_netsh.get_all_settings() # Get all firewall settings for all profiles as defined by local group # policy salt.utils.win_lgpo_netsh.get_all_settings(store='lgpo') # Set the inbound setting for the domain profile to block inbound # connections salt.utils.win_lgpo_netsh.set_firewall_settings(profile='domain', inbound='blockinbound') # Set the outbound setting for the domain profile to allow outbound # connections salt.utils.win_lgpo_netsh.set_firewall_settings(profile='domain', outbound='allowoutbound') # Set inbound/outbound settings for the domain profile in the group # policy to block inbound and allow outbound salt.utils.win_lgpo_netsh.set_firewall_settings(profile='domain', inbound='blockinbound', outbound='allowoutbound', store='lgpo') """ import logging import os import re import socket import tempfile from textwrap import dedent import salt.modules.cmdmod from salt.exceptions import CommandExecutionError log = logging.getLogger(__name__) __hostname__ = socket.gethostname() __virtualname__ = "netsh" # Although utils are often directly imported, it is also possible to use the # loader. def __virtual__(): """ Only load if on a Windows system """ if not salt.utils.platform.is_windows(): return False, "This utility only available on Windows" return __virtualname__ def _netsh_file(content): """ helper function to get the results of ``netsh -f content.txt`` Running ``netsh`` will drop you into a ``netsh`` prompt where you can issue ``netsh`` commands. You can put a series of commands in an external file and run them as if from a ``netsh`` prompt using the ``-f`` switch. That's what this function does. Args: content (str): The contents of the file that will be run by the ``netsh -f`` command Returns: str: The text returned by the netsh command """ with tempfile.NamedTemporaryFile( mode="w", prefix="salt-", suffix=".netsh", delete=False, encoding="utf-8" ) as fp: fp.write(content) try: log.debug("%s:\n%s", fp.name, content) return salt.modules.cmdmod.run("netsh -f {}".format(fp.name), python_shell=True) finally: os.remove(fp.name) def _netsh_command(command, store): if store.lower() not in ("local", "lgpo"): raise ValueError("Incorrect store: {}".format(store)) # set the store for local or lgpo if store.lower() == "local": netsh_script = dedent( """\ advfirewall set store local {} """.format( command ) ) else: netsh_script = dedent( """\ advfirewall set store gpo = {} {} """.format( __hostname__, command ) ) return _netsh_file(content=netsh_script).splitlines() def get_settings(profile, section, store="local"): """ Get the firewall property from the specified profile in the specified store as returned by ``netsh advfirewall``. Args: profile (str): The firewall profile to query. Valid options are: - domain - public - private section (str): The property to query within the selected profile. Valid options are: - firewallpolicy : inbound/outbound behavior - logging : firewall logging settings - settings : firewall properties - state : firewalls state (on | off) store (str): The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are: - lgpo - local Default is ``local`` Returns: dict: A dictionary containing the properties for the specified profile Raises: CommandExecutionError: If an error occurs ValueError: If the parameters are incorrect """ # validate input if profile.lower() not in ("domain", "public", "private"): raise ValueError("Incorrect profile: {}".format(profile)) if section.lower() not in ("state", "firewallpolicy", "settings", "logging"): raise ValueError("Incorrect section: {}".format(section)) if store.lower() not in ("local", "lgpo"): raise ValueError("Incorrect store: {}".format(store)) command = "show {}profile {}".format(profile, section) # run it results = _netsh_command(command=command, store=store) # sample output: # Domain Profile Settings: # ---------------------------------------------------------------------- # LocalFirewallRules N/A (GPO-store only) # LocalConSecRules N/A (GPO-store only) # InboundUserNotification Disable # RemoteManagement Disable # UnicastResponseToMulticast Enable # if it's less than 3 lines it failed if len(results) < 3: raise CommandExecutionError("Invalid results: {}".format(results)) ret = {} # Skip the first 2 lines. Add everything else to a dictionary for line in results[3:]: ret.update(dict(list(zip(*[iter(re.split(r"\s{2,}", line))] * 2)))) # Remove spaces from the values so that `Not Configured` is detected # correctly for item in ret: ret[item] = ret[item].replace(" ", "") # special handling for firewallpolicy if section == "firewallpolicy": inbound, outbound = ret["Firewall Policy"].split(",") return {"Inbound": inbound, "Outbound": outbound} return ret def get_all_settings(profile, store="local"): """ Gets all the properties for the specified profile in the specified store Args: profile (str): The firewall profile to query. Valid options are: - domain - public - private store (str): The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are: - lgpo - local Default is ``local`` Returns: dict: A dictionary containing the specified settings """ ret = dict() ret.update(get_settings(profile=profile, section="state", store=store)) ret.update(get_settings(profile=profile, section="firewallpolicy", store=store)) ret.update(get_settings(profile=profile, section="settings", store=store)) ret.update(get_settings(profile=profile, section="logging", store=store)) return ret def get_all_profiles(store="local"): """ Gets all properties for all profiles in the specified store Args: store (str): The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are: - lgpo - local Default is ``local`` Returns: dict: A dictionary containing the specified settings for each profile """ return { "Domain Profile": get_all_settings(profile="domain", store=store), "Private Profile": get_all_settings(profile="private", store=store), "Public Profile": get_all_settings(profile="public", store=store), } def set_firewall_settings(profile, inbound=None, outbound=None, store="local"): """ Set the firewall inbound/outbound settings for the specified profile and store Args: profile (str): The firewall profile to configure. Valid options are: - domain - public - private inbound (str): The inbound setting. If ``None`` is passed, the setting will remain unchanged. Valid values are: - blockinbound - blockinboundalways - allowinbound - notconfigured Default is ``None`` outbound (str): The outbound setting. If ``None`` is passed, the setting will remain unchanged. Valid values are: - allowoutbound - blockoutbound - notconfigured Default is ``None`` store (str): The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are: - lgpo - local Default is ``local`` Returns: bool: ``True`` if successful Raises: CommandExecutionError: If an error occurs ValueError: If the parameters are incorrect """ # Input validation if profile.lower() not in ("domain", "public", "private"): raise ValueError("Incorrect profile: {}".format(profile)) if inbound and inbound.lower() not in ( "blockinbound", "blockinboundalways", "allowinbound", "notconfigured", ): raise ValueError("Incorrect inbound value: {}".format(inbound)) if outbound and outbound.lower() not in ( "allowoutbound", "blockoutbound", "notconfigured", ): raise ValueError("Incorrect outbound value: {}".format(outbound)) if not inbound and not outbound: raise ValueError("Must set inbound or outbound") # You have to specify inbound and outbound setting at the same time # If you're only specifying one, you have to get the current setting for the # other if not inbound or not outbound: ret = get_settings(profile=profile, section="firewallpolicy", store=store) if not inbound: inbound = ret["Inbound"] if not outbound: outbound = ret["Outbound"] command = "set {}profile firewallpolicy {},{}".format(profile, inbound, outbound) results = _netsh_command(command=command, store=store) if results: raise CommandExecutionError("An error occurred: {}".format(results)) return True def set_logging_settings(profile, setting, value, store="local"): """ Configure logging settings for the Windows firewall. Args: profile (str): The firewall profile to configure. Valid options are: - domain - public - private setting (str): The logging setting to configure. Valid options are: - allowedconnections - droppedconnections - filename - maxfilesize value (str): The value to apply to the setting. Valid values are dependent upon the setting being configured. Valid options are: allowedconnections: - enable - disable - notconfigured droppedconnections: - enable - disable - notconfigured filename: - Full path and name of the firewall log file - notconfigured maxfilesize: - 1 - 32767 (Kb) - notconfigured store (str): The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are: - lgpo - local Default is ``local`` Returns: bool: ``True`` if successful Raises: CommandExecutionError: If an error occurs ValueError: If the parameters are incorrect """ # Input validation if profile.lower() not in ("domain", "public", "private"): raise ValueError("Incorrect profile: {}".format(profile)) if setting.lower() not in ( "allowedconnections", "droppedconnections", "filename", "maxfilesize", ): raise ValueError("Incorrect setting: {}".format(setting)) if setting.lower() in ("allowedconnections", "droppedconnections"): if value.lower() not in ("enable", "disable", "notconfigured"): raise ValueError("Incorrect value: {}".format(value)) # TODO: Consider adding something like the following to validate filename # https://stackoverflow.com/questions/9532499/check-whether-a-path-is-valid-in-python-without-creating-a-file-at-the-paths-ta if setting.lower() == "maxfilesize": if value.lower() != "notconfigured": # Must be a number between 1 and 32767 try: int(value) except ValueError: raise ValueError("Incorrect value: {}".format(value)) if not 1 <= int(value) <= 32767: raise ValueError("Incorrect value: {}".format(value)) # Run the command command = "set {}profile logging {} {}".format(profile, setting, value) results = _netsh_command(command=command, store=store) # A successful run should return an empty list if results: raise CommandExecutionError("An error occurred: {}".format(results)) return True def set_settings(profile, setting, value, store="local"): """ Configure firewall settings. Args: profile (str): The firewall profile to configure. Valid options are: - domain - public - private setting (str): The firewall setting to configure. Valid options are: - localfirewallrules - localconsecrules - inboundusernotification - remotemanagement - unicastresponsetomulticast value (str): The value to apply to the setting. Valid options are - enable - disable - notconfigured store (str): The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are: - lgpo - local Default is ``local`` Returns: bool: ``True`` if successful Raises: CommandExecutionError: If an error occurs ValueError: If the parameters are incorrect """ # Input validation if profile.lower() not in ("domain", "public", "private"): raise ValueError("Incorrect profile: {}".format(profile)) if setting.lower() not in ( "localfirewallrules", "localconsecrules", "inboundusernotification", "remotemanagement", "unicastresponsetomulticast", ): raise ValueError("Incorrect setting: {}".format(setting)) if value.lower() not in ("enable", "disable", "notconfigured"): raise ValueError("Incorrect value: {}".format(value)) # Run the command command = "set {}profile settings {} {}".format(profile, setting, value) results = _netsh_command(command=command, store=store) # A successful run should return an empty list if results: raise CommandExecutionError("An error occurred: {}".format(results)) return True def set_state(profile, state, store="local"): """ Configure the firewall state. Args: profile (str): The firewall profile to configure. Valid options are: - domain - public - private state (str): The firewall state. Valid options are: - on - off - notconfigured store (str): The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are: - lgpo - local Default is ``local`` Returns: bool: ``True`` if successful Raises: CommandExecutionError: If an error occurs ValueError: If the parameters are incorrect """ # Input validation if profile.lower() not in ("domain", "public", "private"): raise ValueError("Incorrect profile: {}".format(profile)) if state.lower() not in ("on", "off", "notconfigured"): raise ValueError("Incorrect state: {}".format(state)) # Run the command command = "set {}profile state {}".format(profile, state) results = _netsh_command(command=command, store=store) # A successful run should return an empty list if results: raise CommandExecutionError("An error occurred: {}".format(results)) return True
Save