Fixed an issue which caused rules to be unordered, prevent dup ret rules

ramirak · May 15, 2023 · c0adb52 · c0adb52
1 parent 94fdaca
commit c0adb52
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 29 deletions.
diff --git a/data/config.json b/data/config.json
@@ -1 +1 @@
-{"active_policy": "Accept all"}
+{"active_policy": "basic"}
diff --git a/data/policies.json b/data/policies.json
@@ -1 +1 @@
-{"basic": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 80, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 443, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 53, "proto": "udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 67, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 68, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 22, "proto": "tcp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "icmp", "action": "ACCEPT"}], "Accept all": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}, {"dir": "INPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}], "custom": []}
+{"basic": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 80, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 443, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 53, "proto": "udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 67, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 68, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 22, "proto": "tcp", "action": "ACCEPT"}], "Accept all": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}, {"dir": "INPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}], "custom": []}
diff --git a/iptable_tools.py b/iptable_tools.py
@@ -35,37 +35,33 @@ def set_rule(direction, s_host, d_host, s_port, d_port, protocol, action):
         ip_1 += " -d " + s_host
     ip_1 += " -j " + action 
 
-    proc1 = subprocess.Popen(ip_0.split(), stdout=subprocess.PIPE)
-    output, error = proc1.communicate()
-    proc2 = subprocess.Popen(ip_1.split(), stdout=subprocess.PIPE)
-    output, error = proc2.communicate()
+    subprocess.Popen(ip_0.split(), stdout=subprocess.PIPE).wait()
+    subprocess.Popen(ip_1.split(), stdout=subprocess.PIPE).wait()
 
 
 def set_rule_block(chain, d_host):
     rule = "sudo iptables -A " + chain + " -m state --state NEW,ESTABLISHED,RELATED -d " + d_host + " -j DROP"
-    proc = subprocess.Popen(rule.split(), stdout=subprocess.PIPE)
-    output, error = proc.communicate()
-
+    subprocess.Popen(rule.split(), stdout=subprocess.PIPE).wait()
+
 
 def set_rule_return(chain):
-    rule = "sudo iptables -A " + chain + " -j RETURN"
-    proc = subprocess.Popen(rule.split(), stdout=subprocess.PIPE)
-    output, error = proc.communicate()
+    rule = "sudo iptables -C " + chain + " -j RETURN" 
+    ret = subprocess.Popen(rule.split(), stdout=subprocess.PIPE).wait()
+    if ret:
+        rule = "sudo iptables -A " + chain + " -j RETURN" 
+        subprocess.Popen(rule.split(), stdout=subprocess.PIPE).wait()
 
 
 def set_rule_log_block(chain):
     rule1 = 'sudo iptables -A ' + chain + ' -j LOG --log-level 6'
     rule2 = 'sudo iptables -A ' + chain + ' -j DROP'
-    proc1 = subprocess.Popen(rule1.split(), stdout=subprocess.PIPE)
-    output, error = proc1.communicate()
-    proc2 = subprocess.Popen(rule2.split(), stdout=subprocess.PIPE)
-    output, error = proc2.communicate()
+    subprocess.Popen(rule1.split(), stdout=subprocess.PIPE).wait()
+    subprocess.Popen(rule2.split(), stdout=subprocess.PIPE).wait()
 
 
 def set_forward_to_chain(chain1, chain2): 
     rule = "sudo iptables -A " + chain1 + " -j " + chain2
-    proc = subprocess.Popen(rule.split(), stdout=subprocess.PIPE)
-    output, error = proc.communicate()
+    subprocess.Popen(rule.split(), stdout=subprocess.PIPE).wait()
 
 
 def switch_dir(direction):
@@ -75,24 +71,24 @@ def switch_dir(direction):
 
 
 def clear_chains(chain):
-    subprocess.Popen(("sudo iptables -F " + chain).split(), stdout=subprocess.PIPE)
+    subprocess.Popen(("sudo iptables -F " + chain).split(), stdout=subprocess.PIPE).wait()
 
 
 def show_chains():
-    proc = subprocess.Popen("iptables -nL".split(), stdout=subprocess.PIPE)
+    proc = subprocess.Popen("iptables -nL".split(), stdout=subprocess.PIPE).wait()
     print(proc.stdout.read().decode())
 
 
 def switch_mode(action):
     c1 = "sudo iptables -P INPUT " + action
     c2 = "sudo iptables -P OUTPUT " + action
-    proc = subprocess.Popen(c1.split(), stdout=subprocess.PIPE)
-    proc = subprocess.Popen(c2.split(), stdout=subprocess.PIPE)
+    subprocess.Popen(c1.split(), stdout=subprocess.PIPE).wait()
+    subprocess.Popen(c2.split(), stdout=subprocess.PIPE).wait()
 
 
 def create_chain(chain): 
     c = "sudo iptables -N " + chain
-    proc = subprocess.Popen(c.split(), stdout=subprocess.PIPE)
+    subprocess.Popen(c.split(), stdout=subprocess.PIPE).wait()
 
 
 def is_valid_ip(address):
@@ -106,10 +102,9 @@ def is_valid_ip(address):
 def save_all():
     c1 = "sudo iptables-save"
     c2 = "sudo tee /etc/iptables/iptables.rules"
-
     proc1 = subprocess.Popen(c1.split(), stdout=subprocess.PIPE)
-    proc2 = subprocess.Popen(c2.split(), stdin=proc1.stdout, stdout=subprocess.PIPE)
-    proc2.communicate()
+    proc1.wait()
+    subprocess.Popen(c2.split(), stdin=proc1.stdout, stdout=subprocess.PIPE).wait()
 
 
 

diff --git a/lss.py b/lss.py
@@ -3,6 +3,17 @@
 from json_handler import save_to_file 
 import os
 
+
+def print_logo():
+    logo = '''
+    .-.    .----. .----.    .---.  .----. .-. .-. .----. .----. .-.   .----.
+    | |   { {__  { {__     /  ___}/  {}  \\|  `| |{ {__  /  {}  \\| |   | {_  
+    | `--..-._} }.-._} }   \     }\\      /| |\\  |.-._} }\\      /| `--.| {__ 
+    `----'`----' `----'     `---'  `----' `-' `-'`----'  `----' `----'`----'
+    '''
+    print(logo)
+
+
 def check_data_folder():
     data_folder = "data"
     if not os.path.exists(data_folder):

diff --git a/main_frame.py b/main_frame.py
@@ -9,9 +9,18 @@
 title = "Linux Security Suite"
 
 def set_main_buttons(root, text, LEFT_FRAME, RIGHT_FRAME):
+    sec_status = '''echo -e "~~~ My Configurations: ~~~\n" ; 
+                cat data/config.json ; echo -e "\n" ; 
+                systemctl status iptables.service ; 
+                echo -e "\n" ;systemctl status apparmor ; 
+                echo -e "\n~~~ Listening ports ~~~ \n"; 
+                netstat -tuln ;
+                echo -e "\n~~~ Sessions ~~~ \n"; 
+                last | head -10'''
+
     buttons = [
-            Button(LEFT_FRAME,text="Security dashboard", **button_args, command=lambda: update_window_text(text, ' echo -e "~~~ My Configurations: ~~~\n" ; cat data/config.json ; echo -e "\n" ; systemctl status iptables.service ; echo -e "\n" ;systemctl status apparmor ; echo -e "\n~~~ Listening ports ~~~ \n"; netstat -tuln ' )),
-              Button(LEFT_FRAME,text="Active connections", **button_args, command = lambda : update_window_text(text, 'netstat -tupn')),
+            Button(LEFT_FRAME,text="Security dashboard", **button_args, command=lambda: update_window_text(text, sec_status)),
+              Button(LEFT_FRAME,text="Active connections", **button_args, command = lambda : update_window_text(text, 'netstat -tun')),
               Button(LEFT_FRAME,text="Processes", **button_args, command =lambda: update_window_text(text, "ps -eM | awk '{up=toupper($5);a[up]}END{for(i in a) print i}'")),
               Button(LEFT_FRAME,text="Patch system", **button_args),
               Button(LEFT_FRAME,text="Exit", **button_args, command=lambda:root.destroy()), 
@@ -62,7 +71,7 @@ def create_main_window():
     set_main_buttons(root, T, LEFT_FRAME, RIGHT_FRAME)
 
     # Init
-    update_window_text(T, "netstat -tupn")
+    update_window_text(T, "netstat -tun")
     root.mainloop()
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"active_policy": "Accept all"}
		{"active_policy": "basic"}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"basic": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 80, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 443, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 53, "proto": "udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 67, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 68, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 22, "proto": "tcp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "icmp", "action": "ACCEPT"}], "Accept all": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}, {"dir": "INPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}], "custom": []}
		{"basic": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 80, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 443, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 53, "proto": "udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 67, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 68, "proto": "tcp udp", "action": "ACCEPT"}, {"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": 22, "proto": "tcp", "action": "ACCEPT"}], "Accept all": [{"dir": "OUTPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}, {"dir": "INPUT", "src": "any", "dst": "any", "sport": "any", "dport": "any", "proto": "any", "action": "ACCEPT"}], "custom": []}