ok
Direktori : /opt/imunify360/venv/share/imunify360/scripts/ |
Current File : //opt/imunify360/venv/share/imunify360/scripts/mk_apache_conf_digest.pl |
#!/usr/bin/env perl use strict; my $config=shift; my $httpd_root = shift; scan_config_recursive($config, 0); sub out_tree{ my ($branch, $out, $level) = @_; if (@$branch == 2){ # no rules return 0; } my $rules = 0; my $start_pos = @$out; my ($start, $end) = (shift @$branch, pop @$branch); for my $tmp (@$branch){ if(ref($tmp) eq 'ARRAY'){ $rules += out_tree($tmp, $out, $level + 2); }else{ $rules++; push @$out, (" " x ($level + 2)). $tmp; } } if($rules){ splice @$out, $start_pos, 0, (" " x $level) . $start; push @$out, (" " x $level) . $end; } return $rules; } sub scan_config_recursive{ my ($config, $level) = @_; print "-" x $level, "file:",$config, "\n"; my $rule_prefix= "-" x ($level + 2) . "rule:"; my (@stack, $tree, $current); my $counter = 0; return unless -e $config; open(local(*CFG), "<", $config); while(<CFG>){ s/^\s*|\s*$//g; if (/^\s*Include(?:Optional)?\s+"?([^"]+?)"?\s*?$/mi){ # includes my $inc=$1; $inc = $httpd_root . '/' . $inc if $inc !~ m|^/|; my @incs = sort glob($inc); scan_config_recursive($_, $level + 2) for @incs; }elsif(/^\s*<(\/)?(?:ifdefine|if|elseif|else|ifmodule|virtualhost|location|directory)\b\s*/i){ # block directives unless(defined $1){ # start block directive my $branch = [$_]; push @stack, $branch; push @$current, $branch if $current; $tree = $branch unless $tree; $current = $branch; }else{ # end block directive push @$current, $_; pop @stack; # remove current $current = $stack[$#stack]; } unless(@stack){ my $out = []; if ($counter){ if(out_tree($tree,$out)){ #local $, = "\n"; print join ( "\n" , (map { $rule_prefix . $_} @$out) ) , "\n"; } } @stack=(); $counter = 0; $tree = undef; $current = undef; } # all important directives to log }elsif(/^\s*(lsapi_uid_gid|lsapi_user_group|php_value|userdir|rdefaultuidgid|assignuserid|rminuidgid|rgroups|securelinks|assignuserid|lveid|lveuser|suphp_usergroup|secuploadkeepfiles|secuploaddir|secruleremovebytag|secruleremovebymsg|secrequestbodylimit|secchrootdir|secauditlog|secruleremovebyid|documentroot|servername|serverroot|setenv|user|group|secruleengine|secrequestbodyaccess|secresponsebodyaccess|secdebuglog|sectmpdir|secdatadir|secauditengine|suexecusergroup|ruidgid)\b\s*(.+)$/i){ my $line = $_; my $path = $2; if($1 =~ /root|dir|path|log/i){ $path =~ s/^["']|["']$//g; $path =~ s/([`\$"])/\\$1/g; if($path =~ m"^/"){ # todo handle relative paths unless(-e $path){ $line .= " [not exists or access denied]"; }else{ my $path_info = `ls "$path" -ld 2>>/dev/null | cut -d" " -f1,3,4`; chomp($path_info); $line .= " [$path_info]" if $path_info; } } } if($current){ push @$current, $line; $counter++; }else{ print $rule_prefix ,$line, "\n"; } } } }