MAINHACK

Viewing / Editing File: control_panel_protector.py

File is not writable. Editing disabled.
import time
from logging import getLogger

from defence360agent.contracts.messages import MessageType
from defence360agent.contracts.plugins import (
    MessageSink,
    MessageSource,
    expect,
)
from im360.contracts.config import ControlPanel
from im360.contracts.config import (
    ControlPanelProtector as ControlPanelProtectorConfig,
)
from im360.subsys.panels.cpanel import cPanel
from im360.subsys.panels.hosting_panel import HostingPanel

logger = getLogger(__name__)


class ControlPanelProtector(MessageSink, MessageSource):
    PLUGIN_ID = ControlPanelProtectorConfig.PLUGIN_ID

    def __init__(self):
        self.loop, self.sink = None, None
        self.panel = HostingPanel()

    async def create_sink(self, loop):
        self.loop = loop

    async def create_source(self, loop, sink):
        self.loop = loop
        self.sink = sink

    @expect(MessageType.EnduserPasswordReset)
    async def process_password_reset_request(self, message):
        if not ControlPanel.COMPROMISED_USER_PASSWORD_RESET:
            return

        usernames = message.get("usernames", [])

        if not isinstance(self.panel, cPanel):
            logger.info(
                "Ignoring password reset for users %s: cPanel only", usernames
            )
            return

        for username in usernames:
            try:
                self.panel.force_reset_user_password(username=username)
            except Exception:
                logger.exception(
                    "Failed to change password for user %s", username
                )
            else:
                await self.sink.process_message(
                    MessageType.SensorIncident(
                        name=(
                            "cPanel account password reset for user"
                            f" {username}"
                        ),
                        plugin_id=self.PLUGIN_ID,
                        rule="1",
                        severity=15,
                        timestamp=time.time(),
                        message=(
                            f"cPanel account {username} is compromised."
                            " Password is reset to prevent further"
                            " malicious access. The owner can restore"
                            " access to the account via email."
                        ),
                    )
                )
Cancel / Back
[ MAINHACK ]

Viewing / Editing File: control_panel_protector.py

Server Info

System Features

User Info
