nxd

Your IP : 3.137.187.104

Current Path : /opt/cloudlinux/venv/lib64/python3.11/site-packages/__pycache__/
Current File : //opt/cloudlinux/venv/lib64/python3.11/site-packages/__pycache__/cldiaglib.cpython-311.pyc
�

�cg���
���ddlZddlZddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZddlm
Z
ddlmZddlmZmZmZmZddlZddlmZddlmZmZddlmZmZdd	lm Z m!Z!dd
l"m#Z#m$Z$ddl%m&Z&m'Z'ddl(m)Z)dd
l*m+Z+m,Z,ddl-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4ddlm5Z5ddl6m7Z7ddl8m9Z9dZ:dZ;dZ<dZ=dZ>dZ?dZ@dZAdeA��ZBdZCdZDdZEdZFedd d!g��ZGd"d#d#d#d#d#d#d#d#d$�	ZHd%d&d'd&d&d&d&d&d&d$�	ZIiZJd(d)eId*�eJd+<d,d-eHd*�eJd.<d/ZKd0ZLd1�ZMd�d3�ZNd�d5�ZOd6�ZPd7�ZQd8�ZReMd9��d:���ZSd;eeTeeUffd<�ZVd=�ZWeMd>��d?���ZXd@eUdAeUd;eGfdB�ZYeMdC��eQeWdD�������ZZeMdE��eQeWdF�������Z[eMdG��eQeWdH�������Z\eMdI��eQeWdJ�������Z]eMdK��dL���Z^eMdM��eRdN�����Z_dO�Z`eMdP��dQ���ZaeMdR��dS���ZbeMdT��dU���ZceMdV��eRdW�����ZdeMdX��dY���ZeeMdZ��eRd[�����ZfeMd\��eQd]�����ZgeMd^��eQd_�����Zhd`ZidaZjgdb�Zkgdc�Zldd�Zmde�Zndf�ZoeMdg��dh���ZpeMdi��dj���ZqeMdk��dl���Zrdm�ZsdneUd;eeUfdo�Ztd;eufdp�Zvd;eufdq�ZwdreUd;eufds�Zxd;eeUfdt�Zydu�Zzdv�Z{eMdw��eQdx�����Z|d�dz�Z}d;eTfd{�Z~d;eeefd|�Zd}eeed;dfd~�Z�eMd��eRd������Z�eMd���eRd;eGfd������Z�dS)��N)�
namedtuple��wraps)�Path)�AnyStr�List�Optional�Tuple)�get_hidepid_typing_from_mounts)�ClPwd�drop_privileges)�Feature�is_panel_feature_supported)�CLEditionDetectionError�is_cl_solo_edition)�is_client_enabled�is_cmt_disabled)�DEFAULT_JWT_ES_TOKEN_PATH�DISABLE_CMT_FILE)�jwt_token_check)�WhmApiError�
WhmApiRequest)�ExternalProgramFailed�demote�is_litespeed_running�	is_ubuntu�process_is_running�run_command�service_is_enabled_and_present)�is_container)�LimitsValidator)�get_pkg_version�OK�FAILED�SKIPPED�INTERNAL_TEST_ERRORz/https://docs.cloudlinux.com/command-line_tools/�disabled_cldiag_cron_checkers�cldiag_cronz5https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2z Link to FAQ and troubleshooting zWPlease write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.zCentralized Monitoringz;This checker is not supported on CloudLinux OS Solo editionzAThis checker is not supported in environments without LVE support�	ChkResult�res�msgz/usr/local/apache/bin/suexecz/usr/sbin/suexec)	�cPanel�
cPanel_ea4�DirectAdmin�Plesk�
ISPManager�	InterWorxzH-Sphere�	HostingNG�Unknownz/opt/suphp/sbin/suphpz/usr/sbin/suphpz/usr/local/suphp/sbin/suphp�SuPHPzdetect.get_suPHP_status())�name�status_function�location�suphp�SuEXECzdetect.get_suEXEC_status()�suexecz/var/lve/cldiag_user�
cldiaguserc����fd�}|S)Nc����|_|S�N)�pretty_name)�func�name_of_checkers ��py/cldiaglib.py�	decoratorzpretty_name.<locals>.decoratorss���*������)rArCs` rBr?r?rs$���������rDFc	��d}d}|r%d�|D��}||d<tj|��Sg}|D]?\}}}|�d|j�d|j��}	|�|	�d|�d	|�d
|�d�}	|�|	���@d�|d
|�d�gz��}|S)z2
    Formatter of output from all of checkers
    z)Command for disabling this cron checker: zcldiag --disable-cron-checkersc�@�i|]\}}}||�����SrE)�_asdict)�.0�checker_pretty_name�_�
chk_results    rB�
<dictcomp>z_formatter.<locals>.<dictcomp>�s1��h�h�h�=_�=P�RS�U_�"�J�$6�$6�$8�$8�h�h�hrD�total_errorsz:
    �: N�
z "� �"z

z
There are z errors found.)�json�dumpsr*r+�append�join)
�data�error_count�to_jsonr+�cmd_tmpr*rJ�checker_public_namerL�checker_results
          rB�
_formatterr]zs���
6�C�.�G���h�h�cg�h�h�h��)��N���z�#����
�C�@D�#�#�<��0�*�/�^�^�
��^�^�j�n�^�^���*� .�]�]�c�]�]�W�]�]�GZ�]�]�]�N��
�
�>�"�"�"�"�
�+�+�c�E�+�E�E�E�F�F�
G�
G�C��JrDTc���t|��r|g}g}d}|D]�}	|��}n9#t$r,}ttt	|����}Yd}~nd}~wwxYw|jttfvr|dz
}|�|jt|d��r|j
nd|f����t|||��}|r#t|��tj|��||fS)Nr��public_name)�callable�	Exceptionr)r&�reprr*r$rUr?�hasattrr`r]�print�sys�exit)	�checkersrY�do_exit�results�errors�frL�er*s	         rB�runnerrn�s-��������:���G�
�F�
�
�
��	A�����J�J���	A�	A�	A�"�#6��Q���@�@�J�J�J�J�J�J�����	A�����>���
�
�
�
�a�K�F�����
�!(��M�!:�!:�D��
�
���
�	
�	
�	
�	
��W�f�g�
.�
.�C���
�c�
�
�
��������3�;�s�
'�
A�"A�Ac�j�	t|��S#t$rtd|�d���YdSwxYw)NzWARNING
 missing z function in cldetectlib.F)�eval�AttributeErrorre)r@s rB�wrapperrr�sO����D�z�z�������
�B�4�B�B�B�C�C�C��u�u����s��2�2c�<��t����fd���}|S)Nc���	td���}n#t$rd}YnwxYw|rttt��S�|i|��S)NT��skip_jwt_checkF)rrr)r%�SKIPPED_ON_SOLO_MSG)�args�kwargs�is_solo_editionrls   �rB�checkerz(skip_checker_on_cl_solo.<locals>.checker�sl���	$�0��E�E�E�O�O��&�	$�	$�	$�#�O�O�O�	$�����	;��W�&9�:�:�:��q�$�!�&�!�!�!s��#�#r�rlr{s` rB�skip_checker_on_cl_solor}�s3���
�1�X�X�"�"�"�"��X�"��NrDc�<��t����fd���}|S)Nc�z��ttj��sttt
��S�|i|��Sr>)rr�LVEr)r%�SKIPPED_WITHOUT_LVE_MSG)rxryrls  �rBr{z'skip_check_without_lve.<locals>.checker�s;���)�'�+�6�6�	?��W�&=�>�>�>��q�$�!�&�!�!�!rDrr|s` rB�skip_check_without_lver��s3���
�1�X�X�"�"�"�"��X�"�
�NrDzCheck cagefsc�,�ttd��S)NzuCagefs version is too old. Please run cagefsctl --sanity-check directly or upgrade it to have full cldiag integration)r)r%rErDrB�fake_cagefs_checkerr��s����	8���rD�returnc��t�d�}dt�dt�d�}d}ddlm}|��}|�|d	sd
|fS|�t	��\}}}|s||fSt��rd
|fSt
��sd
|fSdS)am
    Check that a server is cl+, enabled and CM isn't disabled locally
    The function returns True if the client has CL+ license, didn't disable CM
        localy and activated CM on https://cm.cloudlinux.com. The function also
        returns True if we can't read or parse JWT token, because
        we want to continue and show to client CM related errors
    z. is not activated on https://cm.cloudlinux.comzThe z& is disabled localy by creating file "rR�The server has no CL+ licenser��get_client_data_from_jwt_tokenN�cl_plusF)TN)�cm_full_namer�clsummary.utilsr�rrr)�cm_is_not_activated_msg�cm_is_disabled_localy_msg�no_cl_plus_license_msgr��	jwt_token�is_valid�messagerKs        rB�_is_cmt_allowed_for_serverr��s���".�`�`�`�� r�|� r� r�_o� r� r� r��<��>�>�>�>�>�>�.�.�0�0�I���Y�y�%9���,�,�,���.�0�0���'�1��	%��W�$�$����0��/�/�/����.��-�-�-��:rDc�<��t����fd���}|S)zi
    Decorator: Skip check if a server isn't cl+, disabled and
               CM is disabled locally
    c�d��t��\}}|r�|i|��Stt|��S)z$
        Decorated function
        )r�r)r%)rxry�resultr�rls    �rB�decorated_functionz@skip_if_cmt_not_used_enabled_allowed.<locals>.decorated_functionsI���
5�6�6�����	&��1�d�%�f�%�%�%����
�
�	
rDr)rlr�s` rB�$skip_if_cmt_not_used_enabled_allowedr��s6����1�X�X�
�
�
�
��X�
��rDzCheck existing JWT tokenc��d}dt�dt�dt�dt��}d}ddlm}tj�t��stt||z��St��\}}}|r#|��}ttd	|�d
���S||krttd��S|dz}tt|�d|����S)
z%
    Check an existing JWT token
    zJ The absence of JWT tokens is normal for the clients with volume license. z$Please check for JWT token in path "zr". %sTry running "rhn_check" for getting a new token if it is absent. Server can't collect and send statistics to z( if you don't have a correct JWT token. �. z"JWT token doesn't have CL+ servicerr�zJWT token is valid: "rRr��)rr��cl_plus_doc_msg�write_to_support_msgr�r��os�path�existsr)r%rr#r$)�token_is_absent_msg�main_msg�token_is_not_cl_plusr�r�r�rKr�s        rB�check_jwt_tokenr�s3��
g��	"�%�	"�	"�+7�	"�	"�,;�		"�	"�
 �	"�	"�
�@��>�>�>�>�>�>�
�7�>�>�3�4�4�
����*�*�
�
�	
�
)�*�*��F�G�Q�
�C�2�2�4�4�	���A�Y�A�A�A�B�B�B��&�&�&���+�
�
�	
�
�"�}�H��V��5�5�8�5�5�6�6�6rD�service_name�process_file_pathc���t|��\}}	t|d��}n#t$rd}YnwxYw|r|r|rttd|�d���Sg}|s|�d��|s|�d��|s|�d��ttd�|���dt�d	|�d
t�dt��	��S)z�
    Check that a service is present, enabled and active
    :param service_name: name of a service
    :param process_file_path: path to a file which is run by a service
    Fz	Service "z " is present, enabled and activezService is not present.zService is not enabled.zService is not active.rQz1 The server can't collect and send statistics to z if service z$ isn't present, enabled and active. r�)rr�FileNotFoundErrorr)r#rUr$rVr�r�r�)r�r��
is_present�
is_enabled�	is_active�messagess      rB�_check_service_stater�9sF��<�L�I�I��J�
��&�'8�%�@�@�	�	�������	�	�	������
�j�
�Y�
���F��F�F�F�
�
�	
�
�H��3����1�2�2�2��3����1�2�2�2��2����0�1�1�1����8�8�H���	"�	"�%�	"�	"�3?�	"�	"�(7�	"�	"� �	"�	"���s�%�4�4z=Check service `cl_plus_sender` is present, enabled and activec�x�t��rttd��Sddlm}d}t||��S)zL
    Check that service `cl_plus_sender` is present, enabled and active
    �6Centralized Monitoring adaptation is still in progressr)�CL_PLUS_SENDER_FILE_PATH�cl_plus_sender)r r)r%r�r�r�)r�r�s  rB�check_cl_plus_sender_servicer�ZsJ���~�~�\���"Z�[�[�[�8�8�8�8�8�8�#�L���.F�G�G�GrDz<Check service `node_exporter` is present, enabled and activec�n�t��rttd��Sd}d}tj�tj�|d����s=tj�tj�|d����rd}nd}t||��S)a

    Check that service `node_exporter` or `cl_node_exporter` is present,
    enabled and active
    Since it was renamed node_exporter -> cl_node_exporter
    let`s handle both cases:
     - old `node_exporter` service
     - renamed `cl_node_exporter` service
    r�z&/usr/share/cloudlinux/cl_plus/service/z+/usr/share/cloudlinux/cl_plus/node_exporter�cl_node_exporterzcl_node_exporter.service�
node_exporter)r r)r%r�r�r�rVr�)�base_service_pathr�r�s   rB�check_node_exporter_servicer�ls����~�~�\���"Z�[�[�[�@��E��	�w�~�~�b�g�l�l�#4�6H�I�I�J�J�'�b�g�n�n�
����&�(B�C�C�O�O�'�*���&����.?�@�@�@rDz7Check service `lvestats` is present, enabled and activec�*�d}d}t||��S)zF
    Check that service `lvestats` is present, enabled and active
    �lvestatsz'/usr/share/lve-stats/lvestats-server.py)r�)r�r�s  rB�check_lvestats_servicer��s ���L�A����.?�@�@�@rDzeCheck that the server has the minimal required packages for correct working of Centralized Monitoringc��dD]C}t|���2ttd|�dt�dt�dt
����cS�Dttd��S)zD
    Check that the server has minimal required packages for CM
    )zcl-end-server-toolszcl-node-exporterNz!System doesn't have the package "z". It's required for zA feature to work and it usually installed automatically by cron. r�zVSystem has the minimal required packages for correct working of Centralized Monitoring)r"r)r$r�r�r�r#)�package_names rB�check_cmt_packagesr��s���D�	�	���<�(�(�0���*� �*�*�8D�*�*�+:�*�*�(�	*�*���
�
�
�1��R�q�r�r�rrDzACheck control panel and it's configuration (for DirectAdmin only)c��dtdz��}tj��tj��}|dkrt	t
d��Sd|�dtj�d�}td�	��sL|d
krFtj��rt	t|dz��St	t|dz|z��St	t|��S)
NzW Fixing the issue will provide CloudLinux support on your control panel. 
See details: z#diag-cpr3zCan't detect contol panelzControl Panel - z
; Version �;Trur.z File "options.conf" is finez1 File "options.conf" has no line "cloudlinux=yes")�cldiag_doc_link�detect�getCP�	getCPNamer)r%�
CP_VERSIONr�da_check_optionsr#r$)�fix_motivation�cp_name�res_msgs   rB�
check_cp_diagr��s���	7�'�*�4�	7�	7���L�N�N�N��� � �G��)�����"=�>�>�>�H��H�H�F�4E�H�H�H�G��T�2�2�2�q�w�-�7O�7O��"�$�$�	K��R��+I�!I�J�J�J����+^�!^�ao�!o�p�p�p��R��!�!�!rDzDCheck fs.enforce_symlinksifowner is correctly enabled in sysctl confc
��dtdz��}tj��rttd��S	tj��}nM#t$r@}d}ttdtt|��|���d���cYd}~Sd}~wwxYw|dkrttd|z��Sttd	|����S)
Nz� Fixing that issue makes server more secure against symlink attacks and enables protection of PHP configs or other sensitive files. 
See details: z#symlinksifowner�$Not supported for OpenVZ environmentz+To see full error run /sbin/sysctl --systemz@Some parameter in sysctl config has wrong configuration. Error: z* It`s recommended to fix it and try again �zfs.enforce_symlinksifowner = 2zfs.enforce_symlinksifowner = )r�r��	is_openvzr)r%�get_symlinksifownerrr$�get_short_error_message�strr#)r��symlinks_if_ownerrm�detailed_outs    rB�check_symlinksifownerr��s��	[�4C�FX�4X�	[�	[������J���"H�I�I�I�
�"�6�8�8���� �
�
�
�D����
p�-�c�!�f�f�l�C�C�
p�
p�
p�
�
�	
�	
�	
�	
�	
�	
�����
�����A�����!A�N�!R�S�S�S��R�L�9J�L�L�M�M�Ms�A�
B�5B�
B�Bc��|d���}tdz|z}d|�d|��}tj�d��sttd��St|d��stt|d�d���Stj	|d	��}|�ttd
|d�d���S|sttd|z��Sttd
��S)Nr5z#check-z{ Fix that issue to be sure that users run their sites inside CageFS and provide stable work of sites that are using apache z7 module. This may improve server security
See details: �/usr/sbin/cagefsctl�Cagefs is not installedr6z is not enabledr7zUnable to check zU module binary for custom control panel. This feature may be added in future updates.zBinary without CageFS jail zbinary has jail)�lowerr�r�r�r�r)r%rrr��check_binary_has_jailr$r#)�params�module_name�linkr��has_jails     rB�binary_checkr��s(����.�&�&�(�(�K��Y�&��4�D�	!�/:�	!�	!��	!�	!��
�7�>�>�/�0�0�=���";�<�<�<��6�+�,�-�-�F���V�F�^�"D�"D�"D�E�E�E��+�F�:�,>�?�?�H�����
Q�v�f�~�
Q�
Q�
Q�
�
�	
�
�Q���!>��!O�P�P�P��R�*�+�+�+rDzCheck suexec has cagefs jailc��tj��r#t��rttd��Sttd��S)NzUCurrent PHP selector uses LiteSpeed, which doesn't require the patches in suEXEC bin.r:)r��detect_litespeedrr)r%r��BINARY_CHECK_PARAMETERSrErDrB�check_suexecr��sQ���� � �
�%9�%;�%;�
���l�
�
�	
��/��9�:�:�:rDzCheck suphp has cagefs jailc�6�ttd��S)Nr8)r�r�rErDrB�check_suphpr��s���/��8�9�9�9rDzCheck usepam in sshd configc���dtdz��}tj��}|�ttd��S|rtt
d��Sttd|z��S)NzgFix the issue to provide correct work of pam_lve module with sshd and CageFS ssh sessions
See details: z
#check-usepamz!Unable to run "/usr/sbin/sshd -T"zConfig is finez3There is "usepam no" in "/usr/sbin/sshd -T" output )r�r��check_SSHd_UsePAMr)r%r#r$)r��check_results  rB�
check_use_pamr��sx��	Q�-<��-N�	Q�	Q���+�-�-�L�����"E�F�F�F��/���-�.�.�.��V�R�Uc�c�d�d�drDz*Check the validity of LVE limits on serverc��d}d|z}d}t��}|���}|�tt|��Stt|dz|z��S)z
    Validate lve limits
    z6https://docs.cloudlinux.com/lve-limits-validation.htmlz'Invalid LVE limits on server. See doc: zValid LVE limits on server.NrP)r!�validate_existing_limitsr)r#r$)�doc_link�failed_message�passed_message�limits_validatorr�s     rB�check_lve_limitsr�se��H�H�>��I�N�2�N�&�(�(��
�
6�
6�
8�
8�F�
�~���^�,�,�,��V�^�d�2�V�;�<�<�<rDz$Check compatibility for PHP Selectorc��d}dtdz�d�}t��}|rttd��Stj�d��sttd��Stj��r&t��rtt|dz��Sd	d	d	d
�}d}d}tj�|���rB	t|d
d���5}d�|D��}ddd��n#1swxYwYn8#t$r+}d|�d|�d�}	tt||	z��cYd}~Sd}~wwxYw|D]F}
|
�d��r/|
�d��d���}n�G|�d�}	tt||	z��S|D]G}
|
�|�d���r-|
�d��d���}�H|dvrd|�d�}	tt||	z��Stj��}|�1d|vrtt|dz��Sd|v|d<d|v|d <d!|v|d"<t%|d|d"g��stt|d#z��S|ds|d"rS|d$vrOd%|�d&d'�d(�|���D������}
tt||
z��Sd)|�d*n|�d+d'�d,�|���D�����d-�}	tt||	z��S).z�
    1. mod_ruid not present
    2. suphp
    3. mod_lsapi
    4. suexec and (fcgi or cgi)
    5. litespeed
    6. do not support other
    zIt looks ok [%s]z�Looks like your PHP handler doesn't support CloudLinux PHP Selector and as a result does not work http://docs.cloudlinux.com/index.html?compatiblity_matrix.html [%s]
Please, see: z#check-phpselectorz. and try to fix issue to have working selectorz-PHP Selector is not supported. Skipping checkz/etc/cpanel/ea4/is_ea4z+It is not cPanel with EA4, can diag nothing�	LitespeedF)r:r8�lsapiNz/etc/cpanel/ea4/php.conf�r�utf-8��encodingc�6�g|]}|�����SrE��strip)rI�lines  rB�
<listcomp>z%check_phpselector.<locals>.<listcomp>Js ��5�5�5�4�$�*�*�,�,�5�5�5rDz
Can not read z (�)zdefault:�:r_z' config should have default php version)�cgi�fcgir8r�zdoesn't support z handler in ea4/php.conf�ruid2_modulez�It looks like you use mod_ruid. CloudLinux PHP Selector doesn't work properly with it. How to delete mod_ruid and install mod_suexec in cPanel https://docs.cloudlinux.com/cloudlinux_os_components/#installation-5�suphp_moduler8�lsapi_moduler��
suexec_moduler:zyIt looks like you do not have mod_suphp or mod_suexec installed. CloudLinux PHP Selector doesn't work properly without it)r8r�r�r�z	php.conf:z with z, c3�$K�|]\}}|�|V��dSr>rE�rI�module�is_installeds   rB�	<genexpr>z$check_phpselector.<locals>.<genexpr>rs-����0s�0s�<P�F�L�fr�0s��0s�0s�0s�0s�0s�0srDzFSome unknown php handler, perhaps we don't support it [found handler: �-z and apache modules: c3�$K�|]\}}|�|V��dSr>rErs   rBrz$check_phpselector.<locals>.<genexpr>xs-����(k�(k�4H�F�L�^j�(k��(k�(k�(k�(k�(k�(krD�])r�rr)r%r�r�r�r�r�rr#�open�IOErrorr$�
startswith�splitr��get_apache_modules�anyrV�items)�	ok_prefix�fail_prefix�is_ubuntu_os�status�handler�	conf_pathrl�configrm�errr��default_ver�modules�currents              rB�check_phpselectorr#sP��#�I�	q�)�,@�@�	q�	q�	q���;�;�L��S���"Q�R�R�R��7�>�>�2�3�3�Q���"O�P�P�P��� � �6�%9�%;�%;�6���Y��4�5�5�5����
>�
>�F��G�*�I�	�w�~�~�i� � �8�	8��i��w�7�7�7�
6�1�5�5�1�5�5�5��
6�
6�
6�
6�
6�
6�
6�
6�
6�
6�
6����
6�
6�
6�
6����	8�	8�	8�3�)�3�3�q�3�3�3�C��V�[�3�%6�7�7�7�7�7�7�7�7�����	8�����	8�	8�D����z�*�*�
�#�z�z�#���q�1�8�8�:�:����
��G�G�G�C��V�[�3�%6�7�7�7��	7�	7�D����+�0�0�0�1�1�
7��:�:�c�?�?�1�-�4�4�6�6����;�;�;�F�W�F�F�F�C��V�[�3�%6�7�7�7��'�)�)�G����W�$�$����W�W���
�)�G�3��w��(�G�3��w��*�g�5��x����w����!1�2�3�3�
����G�
G�
�
�	
�
�g��2�&��*�2�w�:[�/[�/[�u��u�u�t�y�y�0s�0s�TZ�T`�T`�Tb�Tb�0s�0s�0s�'s�'s�u�u�	���Y��0�1�1�1�	o�")�/�3�3�w�	o�	o�#�y�y�(k�(k�F�L�L�N�N�(k�(k�(k�k�k�	o�	o�	o��
�V�[�3�.�/�/�/sB�D� 
C9�-D�9C=�=D�C=�D�
D:� D5�/D:�5D:zCheck fs.symlinkown_gidc�`�dtdz��}ttd��}d|z}d}tj��rtt
d��Stj��tj}	tj	|��n)#t$rtt
d|�d���cYSwxYw	t|d	�
��5}t|�
�������}ddd��n#1swxYwYn2#t$r%}tt d|�d|����cYd}~Sd}~wwxYwtj|kr|S	t%j|��j}n#t$rg}YnwxYw|r||vr|Stt |�||����S)
Nz|Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure. 
See details: z#check-symlinkowngidz>Web-server user is protected by Symlink Owner Match Protectionz@Web-server user '{}' is not in protected group specified in {}. z/proc/sys/fs/symlinkown_gidr�zThere is no web-server user [z] in system. Nothing to checkr�r�zCan't read GID from z
 with error: )r�r)r#r�r�r%�get_apache_gid�APACHE_UNAME�pwd�getpwnam�KeyErrorr�int�readr�rbr$�
APACHE_GID�grp�getgrgid�gr_mem�format)	r��ok_res�warn_msg_tpl�symlinkown_gid_file�apache_unamerl�current_symlinkown_gidrm�grp_memberss	         rB�check_symlinkowngidr1}sN��	E�)�,B�B�	E�	E��
�r�[�
\�
\�F�X�[i�i�L�7��
����J���"H�I�I�I�
������&�L�
���\�"�"�"�"���
�
�
���c�\�c�c�c�
�
�	
�	
�	
�
����
_�
�%��
8�
8�
8�	;�A�%(��������)9�)9�%:�%:�"�	;�	;�	;�	;�	;�	;�	;�	;�	;�	;�	;����	;�	;�	;�	;����_�_�_���!]�8K�!]�!]�Z[�!]�!]�^�^�^�^�^�^�^�^�����_������2�2�2��
���l�#9�:�:�A�������������������;�&�&��M��V�\�0�0��?R�S�S�T�T�Tsf�2B�#B-�,B-�1D�4D�6D�D�D�	D�
D�
D=�D8�2D=�8D=�E-�-E<�;E<z&Check existence of all user's packagesc����
��d�
d}d}gd��gd�}g�tj��dkrttd��St	j|��sttd��Stj�|��rt	j|���tj	|tj
tj
|d	�
��5}|���\}}|j}ddd��n#1swxYwY|dkrd
|��}tt|��S	d�|����d��D��}�fd�|D��}n1#t $r$}	d|	��}tt|��cYd}	~	Sd}	~	wwxYw�
fd�t	j�
��D�����fd�|D��}
|
r.dd�|
���d�}tt|��Stt$d��S)zL
    Return user's packages that do not exist in /var/cpanel/packages/

    z/var/cpanel/packages/z/var/cpanel/users/z/var/cpanel/suspended/)�	undefined�defaultz#cPanel Ticket System temporary user�Custom)z	/bin/grepz-ezPLAN=z-rr,�should be run on cPanel onlyzno users on this serverT)�stdout�stderr�cwd�textNrzerror getting user's packages: c���g|]c}|�d��d�d��d|�d��d���f��dS)�=rr�r_)rr�)rI�plans  rBr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sg��
�
�
�OS�T�Z�Z��_�_�Q�
�
%�
%�c�
*�
*�1�
-�t�z�z�#���q�/A�/G�/G�/I�/I�J�
�
�
rDrPc�&��g|]
\}}|�v�	||f��SrErE)rI�user�pkg�suspended_userss   �rBr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�s-���m�m�m�i�d�C�QU�]l�Ql�Ql�t�S�k�Ql�Ql�QlrDz"error processing user's packages: c���g|]A}tj�tj��|�����?|��BSrE)r�r��isfilerV)rI�package�packages_dir_paths  �rBr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sN�����������r�w�|�|�\m�ov�Ow�Ow�@x�@x�����rDc�4��g|]\}}|�v�	|�v�
|�d|����S)rOrE)rIr?rD�excluded_packages_names�exists_packagess   ��rBr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sK���!�!�!��D�'��1�1�1�g�_�6T�6T����7���6T�6T�6TrDzXFound some nonexistent user's packages. List of "user: package" separated by semicolon: z; z�. If you want to apply package limits for those users - assign existing packages to them, otherwise limits will be applied incorrectly or not applied at all.z(nonexistent user's packages aren't found)r�r�r)r%r��listdirr�r��
subprocess�Popen�PIPE�communicate�
returncoder$r�rrbrVr#)�users_dir_path�suspended_dir_path�
user_plan_cmd�proc�std_out�std_err�ret_coder+�all_users_packagesrm�not_exists_users_packagesrGrHrErAs           @@@@rB�%check_existence_of_all_users_packagesrX�s�������0��)�N�1��g�g�g��6�6�6�M��O�
����X�%�%���"@�A�A�A�
�:�n�%�%�=���";�<�<�<�	�w�~�~�(�)�)�9��*�%7�8�8��
�	�������
�
�
�
�#�
��+�+�-�-�����?��#�#�#�#�#�#�#�#�#�#�#����#�#�#�#��1�}�}�9��9�9�����%�%�%�	&�
�
�W^�Wd�Wd�Wf�Wf�Wl�Wl�mq�Wr�Wr�
�
�
��n�m�m�m�;M�m�m�m�����&�&�&�6�1�6�6�����%�%�%�%�%�%�%�%�����&����
����!�z�*;�<�<����O�!�!�!�!�!�/�!�!�!��
!�&�
R�?C�y�y�Ib�?c�?c�
R�
R�
R�	����%�%�%��R�C�D�D�Ds0�
C5�5C9�<C9�!?E!�!
F�+F
�F�
Fz$Check all resellers's packages filesc��tj��dkrttd��SGd�d��}ddlm}	|��5|�����ddd��n#1swxYwYttd��S#t$r,}ttt|����cYd}~Sd}~wwxYw)	zT
    Check reseller packages files reading on any errors
    Caused by LU-2374

    r.z!should be run on DirectAdmin onlyc��eZdZdZd�Zd�ZdS)�7check_da_resellers_packages_files.<locals>.HiddenPrintsz=
        Redirect stdout to /dev/null to hide output
        c�t�tj|_ttjdd���t_dS)N�wr�r�)rfr7�_original_stdoutrr��devnull)�selfs rB�	__enter__zAcheck_da_resellers_packages_files.<locals>.HiddenPrints.__enter__s(��$'�J�D�!��b�j�#��@�@�@�C�J�J�JrDc�d�tj���|jt_dSr>)rfr7�closer^)r`�exc_type�exc_val�exc_tbs    rB�__exit__z@check_da_resellers_packages_files.<locals>.HiddenPrints.__exit__s$���J�������.�C�J�J�JrDN)�__name__�
__module__�__qualname__�__doc__rargrErDrB�HiddenPrintsr[�s?������	�	�	A�	A�	A�	/�	/�	/�	/�	/rDrlr)r.Nz6all resellers packages are written in correct encoding)r�r�r)r%�clcontrollibr.�list_resellers_packagesr#rbr$r�)rlr.rms   rB�!check_da_resellers_packages_filesro�s8������]�*�*���"E�F�F�F�/�/�/�/�/�/�/�/�)�(�(�(�(�(�)�
�\�^�^�	4�	4��K�M�M�1�1�3�3�3�	4�	4�	4�	4�	4�	4�	4�	4�	4�	4�	4����	4�	4�	4�	4���U�V�V�V���)�)�)����Q���(�(�(�(�(�(�(�(�����)���sB�
B�A4�(B�4A8�8B�;A8�<B�
C
�!C�?C
�C
z/etc/cl.selector/defaults.cfgz/etc/cl.selector/php.conf)�	Directive�Default�Type�Comment�Range�Remark)�value�list�boolc���g}d}d}ttdd���5}|���}ddd��n#1swxYwY|D]�}|�d��r�t	|�����dkr_d}	||n%#t$r|�g��YnwxYw||�|�������|sd}|d	z
}��|S)
zL
    Parse php.conf and split it into blocks by empty line
    :return:
    rTr�r�r�N�#Fr_)r�
PHP_CONF_PATH�	readlinesr
�lenr�rbrU)�line_blocks�block_index�	new_block�confrWr�s      rB�parse_php_confr�s_��
�K��K�
�I�	
�m�S�7�	3�	3�	3� �t��~�~���� � � � � � � � � � � ���� � � � ������?�?�3���	���t�z�z�|�|���q� � ��I�
'��K�(�(�(���
'�
'�
'��"�"�2�&�&�&�&�&�
'������$�+�+�D�J�J�L�L�9�9�9�9��	��I��1��K���s!�?�A�A�B�B7�6B7c�f�d}d}|D]�}|�d��}|d���tvrd}|dt|���d�z}|d���dkr9|d	���tvrd}|dt|���d
�z}��||gS)NTr�r<rFz
Block z has wrong param 
rrr_z has wrong directive 
)rr��PARAM_NAME_LIST�block_to_string�TYPES)�blockr�r+r��
line_partss     rB�check_blockr�=s���
�F�
�C��W�W���Z�Z��_�_�
��a�=��� � ��7�7��F��N�?�5�#9�#9�N�N�N�N�C��a�=��� � �F�*�*��!�}�"�"�$�$�E�1�1����V��u�'=�'=�V�V�V�V����C�=�rDc�>�d}|D]}|t|��zdz}�|S)NrP)r�)r��
res_stringr�s   rBr�r�Ls3���J��3�3���#�d�)�)�+�d�2�
�
��rDz"Checking /etc/cl.selector/php.confc�`�d}d|��}d}d}tj�t��st	t
dt�d���St
��}|D]"}t|��\}}|o|}|r|dz|z}�#|st	t||z��St	td��S)	Nz7https://docs.cloudlinux.com/custom_php_ini_options.htmlz�To fix the issue provide valid format for /etc/cl.selector/php.conf file. It is used for PHP Selector and invalid format lead to directives misconfiguration and as a result misconfiguration of selector
Please, read more about php.conf file in Tr�zFile z does not exist
rP�Ok)
r�r�r�r{r)r%r�r�r$r#)�php_ini_doc_linkr�r�r+�blocksr��r1�msg1s        rB�check_php_confr�Ss���P��	I�7G�	I�	I���F�
�C�
�7�>�>�-�(�(�L���"J�-�"J�"J�"J�K�K�K�
�
�
�F��$�$���u�%�%���D���B���	$���*�t�#�C���7����~�!5�6�6�6��R����rDz&Checking /etc/cl.selector/defaults.cfgc�D�dtdz��}tj�t��sttt�d���S	tjdd���}|�	t��n9#t$r,}ttt|����cYd}~Sd}~wwxYw	|�
dd��}n9#tjtjf$rttd|z��cYSwxYw|���D]�}|�d��r�|d	d�}	|�
|d
��}n#tj$rd}YnwxYw	|�
|d��}n#tj$rd
}YnwxYw||kr#|dkrttd|�d|����cS|rCd|vr?|�d��}|D]'}	|	s#t&j�d|�d����(��tt,d��S)Nz�Details: this config file is used by php selector and stores it`s global options, so it is important to keep needed configurations and valid syntax for PHP modules settings to avoid selector`s misconfiguration
See details: z#cldiagz does not existF��
interpolation�strict�versions�phpz!Default php version is undefined
��state�enablerr��disabledzDefault php version z
 is disabled
�,z"Warning: Modules list for version z is strange
r#)r�r�r�r��DEFAULTS_CFG_PATHr)r%�configparser�ConfigParserr%rbr$r��get�
NoOptionError�NoSectionError�sectionsr
rrfr8�writer#)
r��defaults_cfgrm�default_php_version�section�php_versionr�r�module_namesr5s
          rB�check_defaults_cfgr�ks���	8�*�I�5�	8�	8���7�>�>�+�,�,�I���%6�"G�"G�"G�H�H�H�)�#�0�t�E�R�R�R�����+�,�,�,�,���)�)�)����Q���(�(�(�(�(�(�(�(�����)����X�*�.�.�z�5�A�A�����&��(C�D�X�X�X���!E��!V�W�W�W�W�W�X�����(�(�*�*�n�n�����e�$�$�	n�!�!�"�"�+�K�
!�$�(�(��'�:�:�����-�
!�
!�
!� ����
!����
�&�*�*�7�I�>�>�����-�
�
�
�����
����"�k�1�1�e�z�6I�6I� ��)k��)k�)k�[i�)k�)k�l�l�l�l�l��
n��'�>�>�#*�=�=��#5�#5�L� ,�n�n��#�n��J�,�,�-l�R]�-l�-l�-l�m�m�m����R����sT�0B�
B7�!B2�,B7�2B7�;C�3D�D�E�E,�+E,�0F�F�FzChecking domains compatibilityc���tj��dkrttd��Sd}d}t	��}|�tt
|��Stt|��S)Nr,r6z�Some domains/subdomains don't use PHP Selector because they have a non-system default version (in MultiPHP Manager) or PHP_FPM enabled. You can find their list on domains tab and pass control to PHP Selector if necessary.r�)r�r�r)r%�domains_compatibility_checkerr#r$)r�r�r�s   rB�check_domains_compatibilityr��sh��
����X�%�%���"@�A�A�A�	9��
�N�
*�
,�
,�F�
�~���^�,�,�,��V�^�,�,�,rDc�h�	td�����}td�����}n#t$rYdSwxYw|�d��D]F}|�d��|�d��ks|�d��rdS�GdS)N�php_get_vhost_versions�php_get_system_default_versionr��version�php_fpmzIncompatible version)r�callrr�)�domains�system_version�domains   rBr�r��s����� 8�9�9�>�>�@�@��&�'G�H�H�M�M�O�O���������t�t������+�+�j�)�)�*�*�����i�(�(�F�J�J�y�,A�,A�A�A�V�Z�Z�PY�EZ�EZ�A�)�)�)�B�*�*s�AA�
A�A�dirpathc��tj�|��sdSd|��}tj|�d��tjtjdd���}|jdkrdS	|j�d��d	�d��d
}n#t$rYdSwxYw|S)zZ
    Get mountpoint for dirpath directory from output of
    df -h {dirpath} utility.
    Nzdf -h rQTF)r7r8r:�checkrrPr_���)
r�r��isdirrJ�runrrLrNr7�
IndexError)r��get_mountpoint_cmd�process�
mounted_ons    rB�get_dir_mountpointr��s���
�7�=�=��!�!���t�+�'�+�+���n�/�5�5�c�:�:�$.�O�J�O�RV�^c�e�e�e�G���Q����t���^�)�)�$�/�/��2�8�8��=�=�b�A�
�
�������t�t������s�59B/�/
B=�<B=c� �d}tj�d��rltdd���5}|D]?}|�d��r(t|�d��d��}�@	ddd��n#1swxYwY|S)	z[
    Returns maximum uid from /etc/login.defs
    If file does not exist returns 60000
    i`�z/etc/login.defsr�r�zUID_MAX rQr�N)r�r�rCrr
r$r)�max_uidrlr�s   rB�get_max_uidr��s���
�G�	�w�~�~�'�(�(�7�
�#�g�
6�
6�
6�	7�!��
7�
7���?�?�:�.�.�7�!�$�*�*�S�/�/�"�"5�6�6�G��
7�	7�	7�	7�	7�	7�	7�	7�	7�	7�	7�	7����	7�	7�	7�	7��Ns�AB�B�
Bc�p�d}t|�d��d���}t|��}|S)z 
    Returns min cagefs uid
    z!/usr/sbin/cagefsctl --get-min-uidrQT)�convert_to_str)rrr$)�get_min_uid_cmdr7�min_uids   rB�get_min_uidr��s9��:�O�
��.�.�s�3�3�D�
I�
I�
I�F��&�k�k�G��NrD�usernamec�B�t��}t��}||krtd|�d|�d|�����t|���}||���vr|�|��S|���s|}n1|}|���}t||��D]
}||vr|}n�||krtd|�d|�d����d|�d|��}t|�	d	��d
���\}}	}
|dkrt|
���|S)
z�
    Creates user with max available uid that greater than min cagefs uid
    and less than max system uid.
    Does nothing if user already exists.
    z
Can't create z user: min_uid z is greater than max_uid )r�z user: uid z is too bigz#/usr/sbin/useradd -s /bin/false -u z -m rQT)�return_full_outputr)
r�r��RuntimeErrorr�get_user_full_dict�get_uid�get_uid_dict�rangerr)r�r�r��clpwd�
custom_uid�used_uids_dict�_uid�useradd_cmdrNrKrs           rB�useraddr��so���m�m�G��m�m�G������s�8�s�s��s�s�jq�s�s�t�t�t��'�"�"�"�E��5�+�+�-�-�-�-��}�}�X�&�&�&��������
�
��
��+�+�-�-���'�7�+�+�	�	�D��>�)�)�!�
���*��W����W�8�W�W�
�W�W�W�X�X�X�R�
�R�R��R�R�K�$�[�%6�%6�s�%;�%;�PT�U�U�U��J��3��Q����3�����rDc���	ttd���5}|������cddd��S#1swxYwYn#tt
f$rYnwxYwdS)zS
    Retrive cldiag username from file
    :return: username from file or None
    r�r�N)r�_CLDIAG_USERNAME_FILEr%r��OSErrorr)rls rB�get_username_from_filer�s���

�
�'�'�
:�
:�
:�	$�a��6�6�8�8�>�>�#�#�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$����	$�	$�	$�	$�	$���W��
�
�
���
�����4s3�A�&A�A�A�A�A�A�A+�*A+c�\�t��}tjd��}|���}|���D]`\}}|�|��s�	d|��}t
|�d�����D#tttf$rY�]wxYwdS)z3
    Remove all trash cldiag users from system
    z^cldiaguser_[a-f0-9]{21}$z/usr/sbin/userdel -r rQN)r�re�compiler�r�matchrrr�rr)�cl_pwd�
re_pattern�
users_dictr�rK�userdel_cmds      rB�remove_all_trash_cldiag_usersr�s����W�W�F���7�8�8�J��*�*�,�,�J�!�'�'�)�)�����!�����)�)�	��	�<�(�<�<�K���)�)�#�.�.�/�/�/�/����"7�8�	�	�	��D�	�����s�''B�B)�(B)c�^�d}|dg}	t|��}n#t$rYdSwxYw|sdSdS)z\
    Detect quota is activated
    :return: True/False - quotas activated/not activated
    z/usr/sbin/repquotaz-nvaFT)rr)�_REPQUOTA_PATH�cmdr7s   rB�is_quota_activer� s]��
*�N��6�
"�C���S�!�!���� �����u�u��������u��4s��
&�&zGChecking if /var/cagefs is located on partition with disk quota enabledc���d}d}d}d}d}td��}|�>tj�d��rtj�|��sttd��Stj�d	��sttd
��St��stt|��Sd}d}tj�t��rGt��}|�6	tj|��}|j
|j}
}	d}n#t$rYnwxYwnt!��|s�t"�d
t%j��j��dd�}t+|��tj|��}|j
|j}
}		t-tdd���5}|�|��ddd��n#1swxYwYn#t0t2f$rYnwxYw|�d|	��}|�d|�d|��}
|�d|�d|��}		|	dzd�}d|�d|�d�}t5t7j����}t9||��}tj�|��s"t;|�d����t;|
�d����t?j d|gt>j!t>j"dd|tG|	|
��itj$�ddi����5}|�%��\}}ddd��n#1swxYwYtM|��5|�'��sGd |vrCttP|��cddd��t;|�d����S|�'��st1|���|�)��ddd��n#1swxYwYt;|�d����n'#t;|�d����wxYwn%#tT$rtt|��cYSwxYwtt|��S)!a�
    Checker for check if /var/cagefs is located on partition
    with disk quota enabled.

    Algorithm for check: we trying to set cldiaguser's quota to 1 inode
    (so that this user can't create any file if the quota activated on
    this partition). Then we change uid of process to cldiaguser's uid,
    and try to create file with his permissions.
    If we can't create file (Disk quota exceeded) then it's alright and
    disc quota enabled. Else we warn user to enable quota on that partition.
    z3/var/cagefs located on partition with quota enabledz�Details: /var/cagefs located on partition with quota disabled.
Please, activate quota for /var/cagefs for better security.
See details: https://docs.cloudlinux.com/cloudlinux_os_components/#installation-and-update-2zYQuotas seems unworkable on this server. Please correctly setup quotas to run this checkerr�z/usr/sbin/setquotaz/var/cagefsNr�z/usr/share/cagefs-skeleton/binzCagefs is not initializedFTrK� r]r�r�z	 --cpetc z -u z	 0 0 1 1 z	 0 0 0 0 �d�02dz/var/cagefs/�/z/etc/cl.selector/rQz
/bin/touch�LC_ALL�C)r7r8r:�start_new_sessionr9�
preexec_fn�envzDisk quota exceeded)+r�r�r�r�rCr)r%r�r$r�r�r!r"�pw_uid�pw_gidr#r��_CLDIAG_TEST_USENAME_PREFIX�uuid�uuid4�hexr�rr�r�rr��randomrrrrJrKrL�STDOUTr�environrMr
r�r#�unlinkr)�
ok_messager��quota_unworkable_message�	cagefsctl�setquota�cagefs_mountpointr��is_testuser_exists�user_pw�user_uid�user_gidrl�create_cagefs_dir_cmd�set_quota_limit_cmd�reset_quota_limit_cmd�prefix�tempfile_dir�
tempfile_name�tempfile_full_pathrRr7rKs                      rB�!check_cagefs_partition_disk_quotar1s���G�J�	Z��	d��&�I�#�H�*�=�9�9��� ���
�
�m�(D�(D� �B�G�N�N�[d�Le�Le� ���";�<�<�<�
�7�=�=�9�:�:�?���"=�>�>�>����1����0�0�0��H���	�w�~�~�+�,�,�(�)�+�+����
*��,�x�0�0��%,�^�W�^�(��
&*�"�"��	�
�
�
���
����	 �	&�'�'�'��
�1�F�F�D�J�L�L�4D�F�F�s��s�K��������,�x�(�(��$�^�W�^�(��	��+�S�7�C�C�C�
"�q�����!�!�!�
"�
"�
"�
"�
"�
"�
"�
"�
"�
"�
"����
"�
"�
"�
"�����!�	�	�	��D�	����(�=�=�8�=�=��%�Q�Q�8�Q�Q�>O�Q�Q��'�S�S�X�S�S�@Q�S�S�� ;�	:� �3��,�,�F�N�&�N�N�8�N�N�N�L���
���0�0�M�!%�l�M�!B�!B���7�=�=��.�.�
>��1�7�7��<�<�=�=�=��+�1�1�#�6�6�7�7�7��!��}�-�!��!�(��"&� �!�(�H�5�5�5�r�z�5�h��_�5�	�	�	�

/�� �,�,�.�.�	���

/�

/�

/�

/�

/�

/�

/�

/�

/�

/�

/����

/�

/�

/�

/�!��*�*�
,�
,�)�0�0�2�2�5�7L�PV�7V�7V�$�R��4�4�
,�
,�
,�
,�
,�
,�
,�
�-�3�3�C�8�8�9�9�9�9�	*�0�0�2�2�*�!�&�/�/�)�"�)�)�+�+�+�
,�
,�
,�
,�
,�
,�
,�
,�
,�
,�
,����
,�
,�
,�
,�
�-�3�3�C�8�8�9�9�9�9��K�-�3�3�C�8�8�9�9�9�9����9�� �;�;�;���!9�:�:�:�:�:�;�����V�^�,�,�,s��?"D$�$
D1�0D1�!G&�8G�G&�G�G&�!G�"G&�&G:�9G:�C3P�
L1�%P�1L5�5P�8L5�9P�-O*�8P�"Q�'7O*�P�*O.�.P�1O.�2P�5#Q�$P<�<Q�Q"�!Q"�
c���|�d��}t|��|kr7d�|d|dz�dgz||dzd�z|gz��S|S)a.
    Handles error message making it shorter, if it is bigger than max limit
    :param error: error message to make shorter
    :param detailed_out: way for user to get full error manually
    :param max_error_lines: max lines for error
    :return: initial error (less than 10 lines) short error
    rPNr�z...)rr}rV)�errorr��max_error_lines�error_liness    rBr�r��s����+�+�d�#�#�K�
�;���/�)�)��y�y��.�/�Q�.�.�/�5�'�9�K��HX�\]�H]�H_�H_�<`�`�dp�cq�q�
�
�	
��LrDc�J�tjtjddd���}|S)zY
    Return true if automatic cldiag email notifications
    about problems enabled.
    �
ENABLE_CLDIAGr<T)�	separator�default_val)r��get_boolean_param�CL_CONFIG_FILE)�
enable_cldiags rB�is_email_notification_enabledr�s(��
�,�V�-B�O�_b�pt�u�u�u�M��rDc�P�	tjddtdi���}|�tj��|�tt��}n#tj$rgcYSwxYwd�|�	���
d��D��S)zc
    Get list of disabled cldiag checkers which run by cron
    from /etc/sysconfig/cloudlinux
    NFr�)r�r��defaultsc�:�g|]}|�|�����SrEr�)rI�items  rBr�z6get_list_of_disabled_cron_checkers.<locals>.<listcomp>�s%��G�G�G�T�$�G�D�J�J�L�L�G�G�GrDr�)r�r��cron_cldiag_checkers_param_namer%r�rr��cron_cldiag_section_name�Errorr�r)rr�s  rB�"get_list_of_disabled_cron_checkersr#�s�����*���/���
�
�
��	���F�)�*�*�*����$�+�
�
����������	�	�	�����H�G�V�\�\�^�^�%9�%9�#�%>�%>�G�G�G�Gs�AA � A4�3A4�disabled_cron_cherkersc�$�	tjdd���}|�tj��t
|���vr|�t
��t��}|r|�	|��|�
t
td�|����ttjdd���5}|�|��ddd��dS#1swxYwYdS#tjt t"f$rb}t%dtj�d	|�d
���t%d��t%t&��t)jd��Yd}~dSd}~wwxYw)
z`
    Set list of disabled cldiag checker which run by cron
    in /etc/sysconfig/cloudlinux
    NFr�r�zw+r�r�z3Can't set list of disabled cron checkers to config"z" because "rRz:Please check config's existence, integrity and permissionsr_)r�r�r%r�rr!r��add_sectionr#�extend�setr rVrr�r"rr�rer�rfrg)r$r�current_disabled_checkersrlrs     rB�"set_list_of_disabled_cron_checkersr*�s���
��*���
�
�
��	���F�)�*�*�*�#�6�?�?�+<�+<�<�<����7�8�8�8�$F�$H�$H�!�!�	E�"�)�)�*C�D�D�D��
�
�$�+��H�H�+�,�,�	
�	
�	
�
�&�'���
@�
@�
@�	�A��L�L��O�O�O�	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�	�	������1����
�p��H]�p�p�jm�p�p�p�q�q�q�
�J�K�K�K�
�"�#�#�#�����������������	���s=�CD�!D�7D�D�D�D�D�F�-AF
�
Fz!Check mount with hidepid=2 optionc��d}d|��}d}d}tj�d��stt|��St��dkrtt|��Stt|��S)z7
    Check if system mounted with hidepid=2 option
    zWhttps://docs.cloudlinux.com/cloudlinux_os_kernel/#remounting-procfs-with-hidepid-optionz�Details: hidepid protection disabled.
Please, mount system with hidepid=2 for better security.
Read more about hidepid option here: zhidepid protection enabledr�r�r�)r�r�rCr)r%rr$r#)�hidepid_doc_linkr�r��skipped_messages    rB�
check_hidepidr.�s���q��	C�0@�	C�	C��
2�N�/�O��7�>�>�/�0�0�3���/�2�2�2�&�'�'�1�,�,����0�0�0��R��(�(�(rDzCheck user's low PMEM limitsc��d}d|z}d}tj��}|rtt|��Stt|��S)z7
    Checks low PMEM limits availability on server
    z5https://docs.cloudlinux.com/limits/#limits-validationzLSome user(s) on server has low PMEM LVE limit (lower than 512 MB). See doc: zCheck low PMEM limits passed)r!�is_low_pmem_limit_presentr)r$r#)r�r�r�r�s    rB�check_low_pmem_limitsr1sP��G�H�c�fn�n�N�3�N�
�
6�
8�
8�F�
�1����0�0�0��R��(�(�(rD)F)FT)r)�r�r'rSr�r!r�r�rJrfr��collectionsr�	functoolsr�pathlibr�typingrrr	r
�cldetectlibr��cl_proc_hidepidr�clcommon.clpwdrr
�clcommon.cpapirr�clcommon.lib.cleditionrr�clcommon.lib.cmt_utilsrr�clcommon.lib.constsrr�clcommon.lib.jwt_tokenr�clcommon.lib.whmapi_librr�clcommon.utilsrrrrrrrr �cllimits_validatorr!�clsentry.utilsr"r#r$r%r&r�r r!�cl_plus_doc_linkr�r�r�rwr�r)�SUEXEC_PATH�
SUPHP_PATHr�r�r�r?r]rnrrr}r�r�rxr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rr1rXror�r{r�r�r�r�r�r�r�r�r�r�r$r�r�r�r�r�r�rr�rr#r*r.r1rErDrB�<module>rEs
������
�
�
�
�����	�	�	�	�
�
�
�
�
�
�
�
�	�	�	�	�����
�
�
�
�����"�"�"�"�"�"�������������0�0�0�0�0�0�0�0�0�0�0�0�����:�:�:�:�:�:�1�1�1�1�1�1�1�1�>�>�>�>�>�>�>�>�N�N�N�N�N�N�N�N���������L�K�K�K�K�K�K�K�2�2�2�2�2�2�>�>�>�>�>�>�>�>�������������������0�/�/�/�/�/�.�.�.�.�.�.�*�*�*�*�*�*�
��	��
��+��C��"A��(��J��G�5E�G�G��p��'��S��]��
�J��
�
��
�
�	�-�$�%�
�$�#�"�#�!�
�
��&�#�0�
�#�"�!�"� �
�
�
����2��$�$��� �
�3��%�%���!�/��*���������,����@���������
��^���������E�$���
�*=�$>�����D���.
��
'�(�(�"7�"7�)�(�"7�J�s��s��y�����B
��
L�M�M��%�H�H�&�%���N�M�H�
��
K�L�L��%�A�A�&�%���M�L�A�2
��
F�G�G��%�A�A�&�%���H�G�A�
��
t�u�u��%�s�s�&�%���v�u�s�"
��
P�Q�Q�"�"�R�Q�"�(
��
S�T�T��N�N���U�T�N�0,�,�,�2
��
+�,�,�;�;�-�,�;�
��
*�+�+�:�:�,�+�:�
��
*�+�+�e�e�,�+�e�
��
9�:�:��=�=���;�:�=�$
��
3�4�4�V0�V0�5�4�V0�r
��
&�'�'��*U�*U���(�'�*U�Z
��
5�6�6��BE�BE���7�6�BE�J
��
3�4�4��)�)���5�4�)�@4��+�
�P�P�P��!�!�!�����D������
��
1�2�2���3�2��.
��
5�6�6�%�%�7�6�%�P
��
-�.�.�-�-�/�.�-�"*�*�*������
�����.�S������S������c��c�����@���
��������$���"
��
V�W�W��c-�c-���X�W�c-�L
�
�
�
� �t�����H�D��&�1A�,B�H�H�H�H�2�t�H�V�DT�?U��Z^�����<
��
0�1�1��)�)���2�1�)�2
��
+�,�,��)�y�)�)�)���-�,�)�)�)rD