Hacked By AnonymousFox

Current Path : /opt/cloudlinux/venv/lib64/python3.11/site-packages/__pycache__/
Upload File :
Current File : //opt/cloudlinux/venv/lib64/python3.11/site-packages/__pycache__/cldiaglib.cpython-311.pyc

�

ܨf��
��ddlmZddlmZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlmZddl
mZddlZddlZddlmZddlmZmZmZmZddlZddlmZmZdd	lmZmZdd
l m!Z!m"Z"ddl#m$Z$ddl%m&Z&dd
l'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-ddl.m/Z/m0Z0ddl1m2Z2m3Z3ddl m4Z4ddl5m6Z6ddl7m8Z8m9Z9ddl:m;Z;dZ<dZ=dZ>dZ?dZ@dZAdZBdZCdeC��ZDdZEdZFdZGd ZHed!d"d#g��ZId$d%d%d%d%d%d%d%d%d&�	ZJd'd(d)d(d(d(d(d(d(d&�	ZKeL��ZMd*d+eKd,�eMd-<d.d/eJd,�eMd0<d1ZNd2ZOd3�ZPd�d5�ZQd�d7�ZRd8�ZSd9�ZTd:�ZUePd;��d<���ZVd=eeWeeXffd>�ZYd?�ZZePd@��dA���Z[dBeXdCeXd=eIfdD�Z\ePdE��eTeZdF�������Z]ePdG��eTeZdH�������Z^ePdI��eTeZdJ�������Z_ePdK��eTeZdL�������Z`ePdM��dN���ZaePdO��eUdP�����ZbdQ�ZcePdR��dS���ZdePdT��dU���ZeePdV��dW���ZfePdX��eUdY�����ZgePdZ��d[���ZhePd\��eUd]�����ZiePd^��eTd_�����ZjePd`��eTda�����ZkdbZldcZmgdd�Zngde�Zodf�Zpdg�Zqdh�ZrePdi��dj���ZsePdk��dl���ZtePdm��dn���Zudo�ZvdpeXd=eeXfdq�Zwd=exfdr�Zyd=exfds�ZzdteXd=exfdu�Z{d=eeXfdv�Z|dw�Z}dx�Z~ePdy��eTdz�����Zd�d|�Z�d=eWfd}�Z�d=eeefd~�Z�deeed=dfd��Z�ePd���eUd������Z�ePd���eUd=eIfd������Z�dS)��)�print_function)�absolute_importN)�
namedtuple)�Path��wraps)�AnyStr�List�Optional�Tuple)�Feature�is_panel_feature_supported)�DEFAULT_JWT_ES_TOKEN_PATH�DISABLE_CMT_FILE)�is_cl_solo_edition�CLEditionDetectionError)�jwt_token_check)�LimitsValidator)�ExternalProgramFailed�service_is_enabled_and_present�run_command�process_is_running�is_litespeed_running�demote)�is_cmt_disabled�is_client_enabled)�
WhmApiRequest�WhmApiError)�	is_ubuntu)�get_pkg_version)�ClPwd�drop_privileges)�get_hidepid_typing_from_mounts�OK�FAILED�SKIPPED�INTERNAL_TEST_ERRORz/https://docs.cloudlinux.com/command-line_tools/�disabled_cldiag_cron_checkers�cldiag_cronz5https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2z Link to FAQ and troubleshooting zWPlease write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.zCentralized Monitoringz;This checker is not supported on CloudLinux OS Solo editionzAThis checker is not supported in environments without LVE support�	ChkResult�res�msgz/usr/local/apache/bin/suexecz/usr/sbin/suexec)	�cPanel�
cPanel_ea4�DirectAdmin�Plesk�
ISPManager�	InterWorxzH-Sphere�	HostingNG�Unknownz/opt/suphp/sbin/suphpz/usr/sbin/suphpz/usr/local/suphp/sbin/suphp�SuPHPzdetect.get_suPHP_status())�name�status_function�location�suphp�SuEXECzdetect.get_suEXEC_status()�suexecz/var/lve/cldiag_user�
cldiaguserc����fd�}|S)Nc����|_|S�N)�pretty_name)�func�name_of_checkers ��py/cldiaglib.py�	decoratorzpretty_name.<locals>.decoratorvs���*������)rBrDs` rCr@r@us$���������rEFc	��d}d}|r%d�|D��}||d<tj|��Sg}|D]?\}}}|�d|j�d|j��}	|�|	�d|�d	|�d
|�d�}	|�|	���@d�|d
|�d�gz��}|S)z2
    Formatter of output from all of checkers
    z)Command for disabling this cron checker: zcldiag --disable-cron-checkersc�@�i|]\}}}||�����SrF)�_asdict)�.0�checker_pretty_name�_�
chk_results    rC�
<dictcomp>z_formatter.<locals>.<dictcomp>�s1��h�h�h�=_�=P�RS�U_�"�J�$6�$6�$8�$8�h�h�hrE�total_errorsz:
    z: N�
z "� �"z

z
There are z errors found.)�json�dumpsr+r,�append�join)
�data�error_count�to_jsonr,�cmd_tmpr+rK�checker_public_namerM�checker_results
          rC�
_formatterr]}s���
6�C�.�G���h�h�cg�h�h�h��)��N���z�#����
�C�@D�#�#�<��0�*�/�^�^�
��^�^�j�n�^�^���*� .�]�]�c�]�]�W�]�]�GZ�]�]�]�N��
�
�>�"�"�"�"�
�+�+�c�E�+�E�E�E�F�F�
G�
G�C��JrETc���t|��r|g}g}d}|D]�}	|��}n9#t$r,}ttt	|����}Yd}~nd}~wwxYw|jttfvr|dz
}|�|jt|d��r|j
nd|f����t|||��}|rt|��t|��||fS)Nr��public_name)�callable�	Exceptionr*r'�reprr+r%rUr@�hasattrr`r]�print�exit)	�checkersrY�do_exit�results�errors�frM�er+s	         rC�runnerrm�s(��������:���G�
�F�
�
�
��	A�����J�J���	A�	A�	A�"�#6��Q���@�@�J�J�J�J�J�J�����	A�����>���
�
�
�
�a�K�F�����
�!(��M�!:�!:�D��
�
���
�	
�	
�	
�	
��W�f�g�
.�
.�C���
�c�
�
�
��V�����3�;�s�
'�
A�"A�Ac��	t|��S#t$r&td�|����YdSwxYw)Nz,WARNING
 missing {} function in cldetectlib.F)�eval�AttributeErrorre�format)rAs rC�wrapperrr�sR����D�z�z�������
�=�D�D�T�J�J�K�K�K��u�u����s��,A�Ac�<��t����fd���}|S)Nc���	td���}n#t$rd}YnwxYw|rttt��S�|i|��S)NT��skip_jwt_checkF)rrr*r&�SKIPPED_ON_SOLO_MSG)�args�kwargs�is_solo_editionrks   �rC�checkerz(skip_checker_on_cl_solo.<locals>.checker�sl���	$�0��E�E�E�O�O��&�	$�	$�	$�#�O�O�O�	$�����	;��W�&9�:�:�:��q�$�!�&�!�!�!s��#�#r�rkr{s` rC�skip_checker_on_cl_solor}�s3���
�1�X�X�"�"�"�"��X�"��NrEc�<��t����fd���}|S)Nc�z��ttj��sttt
��S�|i|��Sr?)rr
�LVEr*r&�SKIPPED_WITHOUT_LVE_MSG)rxryrks  �rCr{z'skip_check_without_lve.<locals>.checker�s;���)�'�+�6�6�	?��W�&=�>�>�>��q�$�!�&�!�!�!rErr|s` rC�skip_check_without_lver��s3���
�1�X�X�"�"�"�"��X�"�
�NrEzCheck cagefsc�,�ttd��S)NzuCagefs version is too old. Please run cagefsctl --sanity-check directly or upgrade it to have full cldiag integration)r*r&rFrErC�fake_cagefs_checkerr��s����	8���rE�returnc��t�d�}dt�dt�d�}d}ddlm}|��}|�|d	sd
|fS|�t	��\}}}|s||fSt��rd
|fSt
��sd
|fSdS)am
    Check that a server is cl+, enabled and CM isn't disabled locally
    The function returns True if the client has CL+ license, didn't disable CM
        localy and activated CM on https://cm.cloudlinux.com. The function also
        returns True if we can't read or parse JWT token, because
        we want to continue and show to client CM related errors
    z. is not activated on https://cm.cloudlinux.comzThe z& is disabled localy by creating file "rR�The server has no CL+ licenser��get_client_data_from_jwt_tokenN�cl_plusF)TN)�cm_full_namer�clsummary.cl_summary_utilsr�rrr)�cm_is_not_activated_msg�cm_is_disabled_localy_msg�no_cl_plus_license_msgr��	jwt_token�is_valid�messagerLs        rC�_is_cmt_allowed_for_serverr��s���".�`�`�`�� r�|� r� r�_o� r� r� r��<��I�I�I�I�I�I�.�.�0�0�I���Y�y�%9���,�,�,�	�	�.�0�0���'�1��	%��W�$�$����0��/�/�/����.��-�-�-��:rEc�<��t����fd���}|S)zi
    Decorator: Skip check if a server isn't cl+, disabled and
               CM is disabled locally
    c�d��t��\}}|r�|i|��Stt|��S)z$
        Decorated function
        )r�r*r&)rxry�resultr�rks    �rC�decorated_functionz@skip_if_cmt_not_used_enabled_allowed.<locals>.decorated_functionsI���
5�6�6�����	��1�d�%�f�%�%�%������
rEr)rkr�s` rC�$skip_if_cmt_not_used_enabled_allowedr��s6����1�X�X������X���rEzCheck existing JWT tokenc��d}dt�dt�dt�dt��}d}ddlm}tj�t��rqt��\}}}|r#|��}ttd	|�d
���S||krttd��S|dz}tt|�d|����Stt||z��S)
z%
    Check an existing JWT token
    zJ The absence of JWT tokens is normal for the clients with volume license. z$Please check for JWT token in path "zr". %sTry running "rhn_check" for getting a new token if it is absent. Server can't collect and send statistics to z( if you don't have a correct JWT token. �. z"JWT token doesn't have CL+ servicerr�zJWT token is valid: "rRr��)rr��cl_plus_doc_msg�write_to_support_msgr�r��os�path�existsrr*r$r&r%)�token_is_absent_msg�main_msg�token_is_not_cl_plusr�r�r�rLr�s        rC�check_jwt_tokenr�s0��
g��	"�%�	"�	"�+7�	"�	"�,;�		"�	"�
 �	"�	"�
�@��I�I�I�I�I�I�	�w�~�~�/�0�0�
�,�.�.������
	?�6�6�8�8�I��R�!E��!E�!E�!E�F�F�F�
�,�
,�
,���/���
�
 �"�}�H��V��%=�%=�8�%=�%=�>�>�>����*�*�
�
�	
rE�service_name�process_file_pathc���t|��\}}	t|d��}n#t$rd}YnwxYw|r|r|rttd|�d���Sg}|s|�d��|s|�d��|s|�d��ttd�|���dt�d	|�d
t�dt��	��S)z�
    Check that a service is present, enabled and active
    :param service_name: name of a service
    :param process_file_path: path to a file which is run by a service
    Fz	Service "z " is present, enabled and activezService is not present.zService is not enabled.zService is not active.rQz1 The server can't collect and send statistics to z if service z$ isn't present, enabled and active. r�)rr�FileNotFoundErrorr*r$rUr%rVr�r�r�)r�r��
is_present�
is_enabled�	is_active�messagess      rC�_check_service_stater�;sF��<�L�I�I��J�
��&�'8�%�@�@�	�	�������	�	�	������
�j�
�Y�
���F��F�F�F�
�
�	
�
���	7��O�O�5�6�6�6��	7��O�O�5�6�6�6��	6��O�O�4�5�5�5����x�x��!�!�
&�
&�)�
&�
&�7C�
&�
&�,;�
&�
&�$�
&�
&�
�
�	
s�%�4�4z=Check service `cl_plus_sender` is present, enabled and activec�2�ddlm}d}t||��S)zL
    Check that service `cl_plus_sender` is present, enabled and active
    r)�CL_PLUS_SENDER_FILE_PATH�cl_plus_sender)r�r�r�)r�r�s  rC�check_cl_plus_sender_servicer�\s-��D�C�C�C�C�C�#�L���.F�G�G�GrEz<Check service `node_exporter` is present, enabled and activec�(�d}d}tj�tj�|d����s=tj�tj�|d����rd}nd}t	||��S)a

    Check that service `node_exporter` or `cl_node_exporter` is present,
    enabled and active
    Since it was renamed node_exporter -> cl_node_exporter
    let`s handle both cases:
     - old `node_exporter` service
     - renamed `cl_node_exporter` service
    z&/usr/share/cloudlinux/cl_plus/service/z+/usr/share/cloudlinux/cl_plus/node_exporter�cl_node_exporterzcl_node_exporter.service�
node_exporter)r�r�r�rVr�)�base_service_pathr�r�s   rC�check_node_exporter_servicer�js���A��E��	�w�~�~�b�g�l�l�#4�6H�I�I�J�J�'�b�g�n�n�
����&�(B�C�C�O�O�'�*���&����.?�@�@�@rEz7Check service `lvestats` is present, enabled and activec�*�d}d}t||��S)zF
    Check that service `lvestats` is present, enabled and active
    �lvestatsz'/usr/share/lve-stats/lvestats-server.py)r�)r�r�s  rC�check_lvestats_servicer��s ���L�A����.?�@�@�@rEzeCheck that the server has the minimal required packages for correct working of Centralized Monitoringc��dD]C}t|���2ttd|�dt�dt�dt
����cS�Dttd��S)zD
    Check that the server has minimal required packages for CM
    )zcl-end-server-toolszcl-node-exporterNz!System doesn't have the package "z". It's required for zA feature to work and it usually installed automatically by cron. r�zVSystem has the minimal required packages for correct working of Centralized Monitoring)r r*r%r�r�r�r$)�package_names rC�check_cmt_packagesr��s���D�	�	���<�(�(�0���*� �*�*�8D�*�*�+:�*�*�(�	*�*���
�
�
�1��R�t�u�u�urEzACheck control panel and it's configuration (for DirectAdmin only)c���d�tdz��}tj��tj��}|dkrttd��Sd�|tj��}td���sL|dkrFtj	��rtt|d	z��Stt|d
z|z��Stt|��S)NzY Fixing the issue will provide CloudLinux support on your control panel. 
See details: {}z#diag-cpr4zCan't detect contol panelzControl Panel - {}; Version {};Trur/z File "options.conf" is finez1 File "options.conf" has no line "cloudlinux=yes")rq�cldiag_doc_link�detect�getCP�	getCPNamer*r&�
CP_VERSIONr�da_check_optionsr$r%)�fix_motivation�cp_name�res_msgs   rC�
check_cp_diagr��s���	h�n�n��j�(�	
�	
��
�L�N�N�N��� � �G��)�����"=�>�>�>�/�6�6�w��@Q�R�R�G��T�2�2�2�&�w�-�7O�7O��"�$�$�	x��R��+I�!I�J�J�J��V�W�/e�%e�hv�%v�w�w�w���W�%�%�%rEzDCheck fs.enforce_symlinksifowner is correctly enabled in sysctl confc��d�tdz��}tj��rt	t
d��S	tj��}n\#t$rO}d}t	td�tt|��|������cYd}~Sd}~wwxYw|dkrt	td|z��St	td�|����S)	Nz� Fixing that issue makes server more secure against symlink attacks and enables protection of PHP configs or other sensitive files. 
See details: {}z#symlinksifowner�$Not supported for OpenVZ environmentz+To see full error run /sbin/sysctl --systemzlSome parameter in sysctl config has wrong configuration. Error: {} It`s recommended to fix it and try again �zfs.enforce_symlinksifowner = 2zfs.enforce_symlinksifowner = {})rqr�r��	is_openvzr*r&�get_symlinksifownerrr%�get_short_error_message�strr$)r��symlinks_if_ownerrl�detailed_outs    rC�check_symlinksifownerr��s��	6�6<�f�_�Oa�=a�6b�6b������J���"H�I�I�I�
�"�6�8�8���� �
�
�
�D����
B�BH�&�I`�ad�ef�ag�ag�iu�Iv�Iv�Bw�Bw�
�
�	
�	
�	
�	
�	
�	
�����
�����A�����!A�N�!R�S�S�S��R�:�A�A�BS�T�T�U�U�Us�A�
B4�%AB/�)B4�/B4c�\�|d���}tdz|z}d�||��}tj�d��st
td��St|d��s.t
td�|d����Stj
|d��}|�.t
td	�|d����S|st
td
|z��St
td��S)Nr6z#check-z� Fix that issue to be sure that users run their sites inside CageFS and provide stable work of sites that are using apache {} module. This may improve server security
See details: {}�/usr/sbin/cagefsctl�Cagefs is not installedr7z{} is not enabledr8zgUnable to check {} module binary for custom control panel. This feature may be added in future updates.zBinary without CageFS jail zbinary has jail)
�lowerr�rqr�r�r�r*r&rrr��check_binary_has_jailr%r$)�params�module_name�linkr��has_jails     rC�binary_checkr��s����.�&�&�(�(�K��Y�&��4�D�	�"�F�;��5�5��
�7�>�>�/�0�0�=���";�<�<�<��6�+�,�-�-�N���"5�"<�"<�V�F�^�"L�"L�M�M�M��+�F�:�,>�?�?�H�����
'�'-�v�f�V�n�'=�'=�	
�
�	
��Q���!>��!O�P�P�P��R�*�+�+�+rEzCheck suexec has cagefs jailc��tj��r#t��rttd��Sttd��S)NzUCurrent PHP selector uses LiteSpeed, which doesn't require the patches in suEXEC bin.r;)r��detect_litespeedrr*r&r��BINARY_CHECK_PARAMETERSrFrErC�check_suexecr��sQ���� � �?�%9�%;�%;�?���o�
�
�	
��3�H�=�>�>�>rEzCheck suphp has cagefs jailc�6�ttd��S)Nr9)r�r�rFrErC�check_suphpr��s���/��8�9�9�9rEzCheck usepam in sshd configc���d�tdz��}tj��}|�t	t
d��S|rt	td��St	td|z��S)NziFix the issue to provide correct work of pam_lve module with sshd and CageFS ssh sessions
See details: {}z
#check-usepamz!Unable to run "/usr/sbin/sshd -T"zConfig is finez3There is "usepam no" in "/usr/sbin/sshd -T" output )rqr�r��check_SSHd_UsePAMr*r&r$r%)r��check_results  rC�
check_use_pamr��sv��	�"�F�?�_�#D�E�E��
�+�-�-�L�����"E�F�F�F��i���-�.�.�.���!V�Yg�!g�h�h�hrEz*Check the validity of LVE limits on serverc��d}d|z}d}t��}|���}|�tt|��Stt|dz|z��S)z
    Validate lve limits
    z6https://docs.cloudlinux.com/lve-limits-validation.htmlz'Invalid LVE limits on server. See doc: zValid LVE limits on server.NrP)r�validate_existing_limitsr*r$r%)�doc_link�failed_message�passed_message�limits_validatorr�s     rC�check_lve_limitsr�
se��H�H�>��I�N�2�N�&�(�(��
�
6�
6�
8�
8�F�
�~���^�,�,�,����$�!6��!?�@�@�@rEz$Check compatibility for PHP Selectorc��
�d}d�tdz��}t��}|rttd��St
j�d��sttd��Stj	��r&t��rtt|dz��Sdddd	��
d
}d}t
j�|���rZ	t|d��}d
�|�
��D��}|���nE#t$r8}d|�dt!|���d�}tt"||z��cYd
}~Sd
}~wwxYw|D]F}	|	�d��r/|	�d��d���}
n�Gd|z}tt"||z��S|D]G}	|	�d|
z��r-|	�d��d���}�H|dvrd|z}tt"||z��Stj��}|�1d|vrtt"|dz��Sd|v�
d<d|v�
d<d|v�
d<t-�
d�
dg��stt"|d z��S�
ds�
drC|d!vr?d"|�d#d$��
fd%��
D������}tt||z��Sd&|�d'n|�d(d$��
fd)��
D�����d*�}tt"||z��S)+z�
    1. mod_ruid not present
    2. suphp
    3. mod_lsapi
    4. suexec and (fcgi or cgi)
    5. litespeed
    6. do not support other
    zIt looks ok [%s]z�Looks like your PHP handler doesn't support CloudLinux PHP Selector and as a result does not work http://docs.cloudlinux.com/index.html?compatiblity_matrix.html [%s]
Please, see: {} and try to fix issue to have working selectorz#check-phpselectorz-PHP Selector is not supported. Skipping checkz/etc/cpanel/ea4/is_ea4z+It is not cPanel with EA4, can diag nothing�	LitespeedF)r;r9�lsapiNz/etc/cpanel/ea4/php.conf�rc�6�g|]}|�����SrF��strip)rJ�xs  rC�
<listcomp>z%check_phpselector.<locals>.<listcomp>Is ��8�8�8�A�a�g�g�i�i�8�8�8rEz
Can not read z (�)zdefault:�:r_z)%s config should have default php versionz%s:)�cgi�fcgir9r�z*doesn't support %s handler in ea4/php.conf�ruid2_modulez�It looks like you use mod_ruid. CloudLinux PHP Selector doesn't work properly with it. How to delete mod_ruid and install mod_suexec in cPanel https://docs.cloudlinux.com/cloudlinux_os_components/#installation-5�suphp_moduler9�lsapi_moduler��
suexec_moduler;zyIt looks like you do not have mod_suphp or mod_suexec installed. CloudLinux PHP Selector doesn't work properly without it)r9r�r�r�z	php.conf:z with z, c3�,�K�|]}�|�
|V��dSr?rF)rJ�s�statuss  �rC�	<genexpr>z$check_phpselector.<locals>.<genexpr>qs/�����=]�=]�A�SY�Z[�S\�=]�a�=]�=]�=]�=]�=]�=]rEzFSome unknown php handler, perhaps we don't support it [found handler: �-z and apache modules: c3�,�K�|]}�|�
|V��dSr?rF)rJ�modulers  �rCrz$check_phpselector.<locals>.<genexpr>us,�����@�@�V����@�&�@�@�@�@�@�@rE�])rqr�rr*r&r�r�r�r�r�rr$�open�	readlines�close�IOErrorr�r%�
startswith�splitr��get_apache_modules�anyrV)�	ok_prefix�fail_prefix�is_ubuntu_os�handler�	conf_path�fd�configrl�err�line�default_ver�modules�currentrs             @rC�check_phpselectorr!s����#�I�	J�KQ�&�Q`�cw�Qw�Jx�Jx�	��;�;�L��S���"Q�R�R�R��7�>�>�2�3�3�Q���"O�P�P�P��� � �6�%9�%;�%;�6���Y��4�5�5�5����
>�
>�F��G�*�I�	�w�~�~�i� � �8�	8��i��%�%�B�8�8������8�8�8�F��H�H�J�J�J�J���	8�	8�	8�	8�,5�I�I�s�1�v�v�v�v�>�C��V�[�3�%6�7�7�7�7�7�7�7�7�����	8�����	8�	8�D����z�*�*�
�#�z�z�#���q�1�8�8�:�:����
�>�	�I�C��V�[�3�%6�7�7�7��	7�	7�D����u�{�2�3�3�
7��:�:�c�?�?�1�-�4�4�6�6����;�;�;�>��H�C��V�[�3�%6�7�7�7��'�)�)�G����W�$�$����W�W���
�)�G�3��w��(�G�3��w��*�g�5��x����w����!1�2�3�3�
����G�
G�
�
�	
�
�g��2�&��*�2�w�:[�/[�/[��+2�7�7�D�I�I�=]�=]�=]�=]��=]�=]�=]�4]�4]�4]�^����Y��0�1�1�1������G�+�+��	�	�@�@�@�@�v�@�@�@�@�@�@�@��C��V�[�3�.�/�/�/s�AD!�!
E#�+-E�E#�E#zCheck fs.symlinkown_gidc
��d�tdz��}ttd��}d|z}d}t	j��rttd��St	j��tj}	tj
|��n8#t$r+ttd�|����cYSwxYw	tt|����������}nM#t $r@}tt"d�|t%|������cYd}~Sd}~wwxYwtj|kr|S	t)j|��j}n#t$rg}YnwxYw|r||vr|Stt"|�||����S)	Nz~Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure. 
See details: {}z#check-symlinkowngidz>Web-server user is protected by Symlink Owner Match Protectionz@Web-server user '{}' is not in protected group specified in {}. z/proc/sys/fs/symlinkown_gidr�z<There is no web-server user [{}] in system. Nothing to checkz%Can't read GID from {} with error: {})rqr�r*r$r�r�r&�get_apache_gid�APACHE_UNAME�pwd�getpwnam�KeyError�intr�readr�rbr%rc�
APACHE_GID�grp�getgrgid�gr_mem)r��ok_res�warn_msg_tpl�symlinkown_gid_file�apache_uname�current_symlinkown_gidrl�grp_memberss        rC�check_symlinkowngidr-zs��	�"�F�?�5K�#K�L�L��
�r�[�
\�
\�F�X�[i�i�L�7��
����J���"H�I�I�I�
������&�L�
���\�"�"�"�"���
�
�
���V�]�]�^j�k�k�
�
�	
�	
�	
�
����
o�!$�T�*=�%>�%>�%C�%C�%E�%E�%K�%K�%M�%M�!N�!N�����o�o�o���!H�!O�!O�Pc�ei�jk�el�el�!m�!m�n�n�n�n�n�n�n�n�����o������2�2�2��
���l�#9�:�:�A�������������������;�&�&��M��V�\�0�0��?R�S�S�T�T�TsC�B�2C�C�AD�
E�5E�E�E�1F�F�Fz&Check existence of all user's packagesc�:���
��d�
d}d}gd��gd�}g�tj��dkrttd��St	j|��sttd��Stj�|��rt	j|���tj	|tj
tj
|d	�
��}|���\}}|j}|dkr*d�
|��}tt|��S	d
�|����d��D��}�fd�|D��}nA#t"$r4}	d�
|	��}tt|��cYd}	~	Sd}	~	wwxYw�
fd�t	j�
��D�����fd�|D��}
|
r=d�
d�|
����}tt|��Stt&d��S)zL
    Return user's packages that do not exist in /var/cpanel/packages/

    z/var/cpanel/packages/z/var/cpanel/users/z/var/cpanel/suspended/)�	undefined�defaultz#cPanel Ticket System temporary user�Custom)z	/bin/grepz-ezPLAN=z-rr-�should be run on cPanel onlyzno users on this serverT)�stdout�stderr�cwd�textrz!error getting user's packages: {}c���g|]c}|�d��d�d��d|�d��d���f��dS)�=rr�r_)rr�)rJ�plans  rCr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sg��"�"�"�SW����C����#�)�)�#�.�.�q�1�4�:�:�c�?�?�1�3E�3K�3K�3M�3M�N�"�"�"rErPc�&��g|]
\}}|�v�	||f��SrFrF)rJ�user�pkg�suspended_userss   �rCr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�s-���!q�!q�!q�)�$��UY�ap�Up�Up�4��+�Up�Up�UprEz$error processing user's packages: {}Nc���g|]A}tj�tj��|�����?|��BSrF)r�r��isfilerV)rJ�package�packages_dir_paths  �rCr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sN�����������r�w�|�|�\m�ov�Ow�Ow�@x�@x�����rEc�R��g|]#\}}|�v�	|�v�
d�||����$S)z{}: {})rq)rJr;r@�excluded_packages_names�exists_packagess   ��rCr�z9check_existence_of_all_users_packages.<locals>.<listcomp>�sK���!�!�!��D�'��1�1�1�g�_�6T�6T�	����g�&�&�6T�6T�6TrEz�Found some nonexistent user's packages. List of "user: package" separated by semicolon: {}. If you want to apply package limits for those users - assign existing packages to them, otherwise limits will be applied incorrectly or not applied at all.z; z(nonexistent user's packages aren't found)r�r�r*r&r��listdirr�r��
subprocess�Popen�PIPE�communicate�
returncoderqr%r�rrbrVr$)�users_dir_path�suspended_dir_path�
user_plan_cmd�process�std_out�std_err�ret_coder,�all_users_packagesrl�not_exists_users_packagesrCrDrAr=s           @@@@rC�%check_existence_of_all_users_packagesrT�s�������0��)�N�1��g�g�g��6�6�6�M��O�
����X�%�%���"@�A�A�A�
�:�n�%�%�=���";�<�<�<�	�w�~�~�(�)�)�9��*�%7�8�8�����j�o�j�o�>�`d����G��*�*�,�,��G�W��!�H��1�}�}�1�8�8��A�A�����%�%�%�		*�"�"�[b�[h�[h�[j�[j�[p�[p�qu�[v�[v�"�"�"��"r�!q�!q�!q�?Q�!q�!q�!q�����	*�	*�	*�8�?�?��B�B�C��V�S�)�)�)�)�)�)�)�)�����	*��������!�z�*;�<�<����O�!�!�!�!�!�/�!�!�!��
!�I�
R�SY�RX��	�	�3�4�4�S�S�		����%�%�%���G�H�H�Hs�?E�
F�#)F�F�Fz$Check all resellers's packages filesc��tj��dkrttd��SGd�d��}ddlm}	|��5|�����ddd��n#1swxYwYttd��S#t$r,}ttt|����cYd}~Sd}~wwxYw)	zT
    Check reseller packages files reading on any errors
    Caused by LU-2374

    r/z!should be run on DirectAdmin onlyc��eZdZdZd�Zd�ZdS)�7check_da_resellers_packages_files.<locals>.HiddenPrintsz=
        Redirect stdout to /dev/null to hide output
        c�p�tj|_ttjd��t_dS)N�w)�sysr3�_original_stdoutrr��devnull)�selfs rC�	__enter__zAcheck_da_resellers_packages_files.<locals>.HiddenPrints.__enter__�s#��$'�J�D�!��b�j�#�.�.�C�J�J�JrEc�d�tj���|jt_dSr?)rZr3rr[)r]�exc_type�exc_val�exc_tbs    rC�__exit__z@check_da_resellers_packages_files.<locals>.HiddenPrints.__exit__�s$���J�������.�C�J�J�JrEN)�__name__�
__module__�__qualname__�__doc__r^rcrFrErC�HiddenPrintsrW�s<������	�	�	/�	/�	/�	/�	/�	/�	/�	/rErhr)r/Nz6all resellers packages are written in correct encoding)r�r�r*r&�clcontrollibr/�list_resellers_packagesr$rbr%r�)rhr/rls   rC�!check_da_resellers_packages_filesrk�s8������]�*�*���"E�F�F�F�/�/�/�/�/�/�/�/�)�(�(�(�(�(�)�
�\�^�^�	4�	4��K�M�M�1�1�3�3�3�	4�	4�	4�	4�	4�	4�	4�	4�	4�	4�	4����	4�	4�	4�	4���U�V�V�V���)�)�)����Q���(�(�(�(�(�(�(�(�����)���sB�
B�A4�(B�4A8�8B�;A8�<B�
C
�!C�?C
�C
z/etc/cl.selector/defaults.cfgz/etc/cl.selector/php.conf)�	Directive�Default�Type�Comment�Range�Remark)�value�list�boolc���g}d}d}ttd��5}|���}ddd��n#1swxYwY|D]�}|�d��r�t	|�����dkrVd}	||n#|�g��YnxYw||�|�������|sd}|dz
}��|S)zL
    Parse php.conf and split it into blocks by empty line
    :return:
    rTr�N�#Fr_)r�
PHP_CONF_PATHrr
�lenr�rU)�line_blocks�block_index�	new_block�confrWrs      rC�parse_php_confr}sH��
�K��K�
�I�	
�m�S�	!�	!� �T��~�~���� � � � � � � � � � � ���� � � � ������?�?�3���	���t�z�z�|�|���q� � ��I�
'��K�(�(�(��
'��"�"�2�&�&�&�&�&������$�+�+�D�J�J�L�L�9�9�9�9��	��I��1��K���s�=�A�A�
B�B,c�n�d}d}|D]�}|�d��}|d���tvrd}|dzdt|��zz}|d���dkr;|d	���tvrd}|dzd
t|��zz}��||gS)NTr�r8rFrPzBlock %s has wrong param 
rnr_zBlock %s has wrong directive 
)rr��PARAM_NAME_LIST�block_to_string�TYPES)�blockr�r,r�
line_partss     rC�check_blockr�5s���
�F�
�C��^�^���Z�Z��_�_�
��a�=��� � ��7�7��F���*�<��u�?U�?U�U�U�C��a�=��� � �F�*�*��!�}�"�"�$�$�E�1�1����D�j�#D��W\�G]�G]�#]�]����C�=�rEc�>�d}|D]}|t|��zdz}�|S)NrP)r�)r��
res_stringrs   rCr�r�Ds3���J��3�3���#�d�)�)�+�d�2�
�
��rEz"Checking /etc/cl.selector/php.confc�~�d}d�|��}d}d}tj�t��sttdtz��St��}|D]"}t|��\}}|o|}|r|dz|z}�#|stt||z��Sttd��S)Nz7https://docs.cloudlinux.com/custom_php_ini_options.htmlz�To fix the issue provide valid format for /etc/cl.selector/php.conf file. It is used for PHP Selector and invalid format lead to directives misconfiguration and as a result misconfiguration of selector
Please, read more about php.conf file in {}Tr�zFile %s does not exist
rP�Ok)rqr�r�r�rwr*r&r}r�r%r$)�php_ini_doc_linkr�r�r,�blocksr��r1�msg1s        rC�check_php_confr�Ks���P��	8�9?��?O�8P�8P�	��F�
�C�
�7�>�>�-�(�(�N���"<�}�"L�M�M�M�
�
�
�F��$�$���u�%�%���D���B���	$���*�t�#�C���#����~�!5�6�6�6���T�"�"�"rEz&Checking /etc/cl.selector/defaults.cfgc�~�d�tdz��}tj�t
��st
tdt
z��S	tj	dd���}|�
t
��n9#t$r,}t
tt|����cYd}~Sd}~wwxYw	|�dd��}n9#tjtjf$rt
td|z��cYSwxYw|���D]�}|�d��r�|d	d�}	|�|d
��}n#tj$rd}YnwxYw	|�|d��}n#tj$rd
}YnwxYw||kr1|dkr+t
td�||����cS|rBd|vr>|�d��}|D]&}	|	s"t(j�d|z���'��t
t.d��S)Nz�Details: this config file is used by php selector and stores it`s global options, so it is important to keep needed configurations and valid syntax for PHP modules settings to avoid selector`s misconfiguration
See details: {}z#cldiagz%s does not existF��
interpolation�strict�versions�phpz!Default php version is undefined
��state�enablerr��disabledz%Default php version {} is disabled
{}�,z0Warning: Modules list for version %s is strange
r$)rqr�r�r�r��DEFAULTS_CFG_PATHr*r&�configparser�ConfigParserr"rbr%r��get�
NoOptionError�NoSectionError�sectionsr
rrZr4�writer$)
r��defaults_cfgrl�default_php_version�section�php_versionr�r�module_namesr6s
          rC�check_defaults_cfgr�ds���	�#�F�?�Y�#>�?�?�	��7�>�>�+�,�,�K���"5�8I�"I�J�J�J�)�#�0�t�E�R�R�R�����+�,�,�,�,���)�)�)����Q���(�(�(�(�(�(�(�(�����)����X�*�.�.�z�5�A�A�����&��(C�D�X�X�X���!E��!V�W�W�W�W�W�X�����(�(�*�*�p�p�����e�$�$�	p�!�!�"�"�+�K�
!�$�(�(��'�:�:�����-�
!�
!�
!� ����
!����
�&�*�*�7�I�>�>�����-�
�
�
�����
����"�k�1�1�e�z�6I�6I� ��)Q�)X�)X�Yd�ft�)u�)u�v�v�v�v�v��
p��'�>�>�#*�=�=��#5�#5�L� ,�p�p��#�p��J�,�,�-`�cn�-n�o�o�o����R����sT� 0B�
C�!C�<C�C�C"�"3D�D�E(�(E<�;E<�F�F+�*F+zChecking domains compatibilityc���tj��dkrttd��Sd}d}t	��}|�tt
|��Stt|��S)Nr-r2z�Some domains/subdomains don't use PHP Selector because they have a non-system default version (in MultiPHP Manager) or PHP_FPM enabled. You can find their list on domains tab and pass control to PHP Selector if necessary.r�)r�r�r*r&�domains_compatibility_checkerr$r%)r�r�r�s   rC�check_domains_compatibilityr��sh��
����X�%�%���"@�A�A�A�	9��
�N�
*�
,�
,�F�
�~���^�,�,�,����0�0�0rEc�h�	td�����}td�����}n#t$rYdSwxYw|�d��D]F}|�d��|�d��ks|�d��rdS�GdS)N�php_get_vhost_versions�php_get_system_default_versionr��version�php_fpmzIncompatible version)r�callrr�)�domains�system_version�domains   rCr�r��s����� 8�9�9�>�>�@�@��&�'G�H�H�M�M�O�O���������t�t������+�+�j�)�)�*�*�����i�(�(�F�J�J�y�,A�,A�A�A�V�Z�Z�PY�EZ�EZ�A�)�)�)�B�*�*s�AA�
A�A�dirpathc��tj�|��sdSd|��}tj|�d��tjtjd���}|jdkrdS	|j�d��d�d��d	}n#t$rYdSwxYw|S)
zZ
    Get mountpoint for dirpath directory from output of
    df -h {dirpath} utility.
    Nzdf -h rQT)r3r4r6rrPr_���)
r�r��isdirrF�runrrHrJr3�
IndexError)r��get_mountpoint_cmdrN�
mounted_ons    rC�get_dir_mountpointr��s���
�7�=�=��!�!���t�+�'�+�+���n�/�5�5�c�:�:�:�?�[e�[j�qu�v�v�v�G�
��Q����t���^�)�)�$�/�/��2�8�8��=�=�b�A�
�
�������t�t������s�49B.�.
B<�;B<c��d}tj�d��rjtd��5}|D]?}|�d��r(t|�d��d��}�@	ddd��n#1swxYwY|S)z[
    Returns maximum uid from /etc/login.defs
    If file does not exist returns 60000
    i`�z/etc/login.defszUID_MAX rQr�N)r�r�r?rr
r!r)�max_uidrkrs   rC�get_max_uidr��s���
�G�	�w�~�~�'�(�(�7�
�#�
$�
$�	7���
7�
7���?�?�:�.�.�7�!�$�*�*�S�/�/�"�"5�6�6�G��
7�	7�	7�	7�	7�	7�	7�	7�	7�	7�	7�	7����	7�	7�	7�	7��Ns�AB�B�Bc�p�d}t|�d��d���}t|��}|S)z 
    Returns min cagefs uid
    z!/usr/sbin/cagefsctl --get-min-uidrQT)�convert_to_str)rrr!)�get_min_uid_cmdr3�min_uids   rC�get_min_uidr��s9��:�O�
��.�.�s�3�3�D�
I�
I�
I�F��&�k�k�G��NrE�usernamec�B�t��}t��}||krtd|�d|�d|�����t|���}||���vr|�|��S|���s|}n1|}|���}t||��D]
}||vr|}n�||krtd|�d|�d����d|�d|��}t|�	d	��d
���\}}	}
|dkrt|
���|S)
z�
    Creates user with max available uid that greater than min cagefs uid
    and less than max system uid.
    Does nothing if user already exists.
    z
Can't create z user: min_uid z is greater than max_uid )r�z user: uid z is too bigz#/usr/sbin/useradd -s /bin/false -u z -m rQT)�return_full_outputr)
r�r�rbr!�get_user_full_dict�get_uid�get_uid_dict�rangerr)r�r�r��clpwd�
custom_uid�used_uids_dict�_uid�useradd_cmdrJrLrs           rC�useraddr��sm���m�m�G��m�m�G������p��p�p�W�p�p�gn�p�p�q�q�q��'�"�"�"�E��5�+�+�-�-�-�-��}�}�X�&�&�&��������
�
��
��+�+�-�-���'�7�+�+�	�	�D��>�)�)�!�
���*��W����T��T�T�Z�T�T�T�U�U�U�R�
�R�R��R�R�K�$�[�%6�%6�s�%;�%;�PT�U�U�U��J��3��Q�����n�n���rEc���	ttd��5}|���}ddd��n#1swxYwY|���S#tt
f$rYnwxYwdS)zS
    Retrive cldiag username from file
    :return: username from file or None
    r�N)r�_CLDIAG_USERNAME_FILEr"r��OSErrorr	)rk�contents  rC�get_username_from_filer��s���

�
�'��
-�
-�	���f�f�h�h�G�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	��}�}������W��
�
�
���
�����4s-�A�8�A�<�A�<�A�A+�*A+c�\�t��}tjd��}|���}|���D]`\}}|�|��s�	d|��}t
|�d�����D#tttf$rY�]wxYwdS)z3
    Remove all trash cldiag users from system
    z^cldiaguser_[a-f0-9]{21}$z/usr/sbin/userdel -r rQN)r!�re�compiler��items�matchrrr�r	r)�cl_pwd�
re_pattern�
users_dictr�rL�userdel_cmds      rC�remove_all_trash_cldiag_usersr�s����W�W�F���7�8�8�J��*�*�,�,�J�!�'�'�)�)�����!�����)�)�	��	�<�(�<�<�K���)�)�#�.�.�/�/�/�/����"7�8�	�	�	��D�	�����s�''B�B)�(B)c�^�d}|dg}	t|��}n#t$rYdSwxYw|sdSdS)z\
    Detect quota is activated
    :return: True/False - quotas activated/not activated
    z/usr/sbin/repquotaz-nvaFT)rr)�_REPQUOTA_PATH�cmdr3s   rC�is_quota_activer�s]��
*�N��6�
"�C���S�!�!���� �����u�u��������u��4s��
&�&zGChecking if /var/cagefs is located on partition with disk quota enabledc���d}d}d}d}d}td��}|�>tj�d��rtj�|��sttd��Stj�d	��sttd
��St��stt|��Sd}d}tj�t��rGt��}|�6	tj|��}|j
|j}
}	d}n#t$rYnwxYwnt!��|s�d
�t$t'j��j��dd�}t-|��tj|��}|j
|j}
}		t/td��5}|�|��ddd��n#1swxYwYn#t2t4f$rYnwxYw|�d|	��}|�d|�d|��}
|�d|�d|��}		d|	dzz}d|�d|�d�}t7t9j����}t;||��}tj�|��s"t=|�d����t=|
�d����tAj!d|gt@j"t@j#dd|tI|	|
��itj%�ddi����}|�&��\}}tO|��5|�(��sGd|vrCttR|��cddd��t=|�d����S|�(��st3|���|�*��	ddd��n#1swxYwYt=|�d����n'#t=|�d����wxYwn%#tV$rtt|��cYSwxYwtt|��S)a�
    Checker for check if /var/cagefs is located on partition
    with disk quota enabled.

    Algorithm for check: we trying to set cldiaguser's quota to 1 inode
    (so that this user can't create any file if the quota activated on
    this partition). Then we change uid of process to cldiaguser's uid,
    and try to create file with his permissions.
    If we can't create file (Disk quota exceeded) then it's alright and
    disc quota enabled. Else we warn user to enable quota on that partition.
    z3/var/cagefs located on partition with quota enabledz�Details: /var/cagefs located on partition with quota disabled.
Please, activate quota for /var/cagefs for better security.
See details: https://docs.cloudlinux.com/cloudlinux_os_components/#installation-and-update-2zYQuotas seems unworkable on this server. Please correctly setup quotas to run this checkerr�z/usr/sbin/setquotaz/var/cagefsNr�z/usr/share/cagefs-skeleton/binzCagefs is not initializedFTz{}_{}� rYz	 --cpetc z -u z	 0 0 1 1 z	 0 0 0 0 z%02d�dz/var/cagefs/�/z/etc/cl.selector/rQz
/bin/touch�LC_ALL�C)r3r4r6�start_new_sessionr5�
preexec_fn�envzDisk quota exceeded),r�r�r�r�r?r*r&r�r%r�r�rr�pw_uid�pw_gidr r�rq�_CLDIAG_TEST_USENAME_PREFIX�uuid�uuid4�hexr�rr�r�r	r��randomrrrrFrGrH�STDOUTr�environrIr"r�r$�unlinkr)�
ok_messager��quota_unworkable_message�	cagefsctl�setquota�cagefs_mountpointr��is_testuser_exists�user_pw�user_uid�user_gidrk�create_cagefs_dir_cmd�set_quota_limit_cmd�reset_quota_limit_cmd�prefix�tempfile_dir�
tempfile_name�tempfile_full_path�pr3rLs                      rC�!check_cagefs_partition_disk_quotar+s<��G�J�	Z��	d��&�I�#�H�*�=�9�9��� ���
�
�m�(D�(D� �B�G�N�N�[d�Le�Le� ���";�<�<�<�
�7�=�=�9�:�:�?���"=�>�>�>����1����0�0�0��H���	�w�~�~�+�,�,�(�)�+�+����
*��,�x�0�0��%,�^�W�^�(��
&*�"�"��	�
�
�
���
����	 �	&�'�'�'��
��>�>�"=�t�z�|�|�?O�P�P�QT�RT�QT�U��������,�x�(�(��$�^�W�^�(��	��+�S�1�1�
"�Q�����!�!�!�
"�
"�
"�
"�
"�
"�
"�
"�
"�
"�
"����
"�
"�
"�
"�����!�	�	�	��D�	����(�=�=�8�=�=��%�Q�Q�8�Q�Q�>O�Q�Q��'�S�S�X�S�S�@Q�S�S��!;�	:��x�#�~�.�F�N�&�N�N�8�N�N�N�L���
���0�0�M�!%�l�M�!B�!B���7�=�=��.�.�
>��1�7�7��<�<�=�=�=��+�1�1�#�6�6�7�7�7�� ��}�-�!��!�(��"&� �!�(�H�5�5�5�r�z�5�h��_�5�	�	�	�A��
�
���I�F�A� ��*�*�
0�
0�)�0�0�2�2�0�7L�PV�7V�7V�$�R��4�4�
0�
0�
0�
0�
0�
0�
0�
�-�3�3�C�8�8�9�9�9�9�,�2�2�4�4�0�!�&�/�/�)�&�-�-�/�/�/�/�

0�
0�
0�
0�
0�
0�
0�
0�
0�
0�
0����
0�
0�
0�
0�
�-�3�3�C�8�8�9�9�9�9��K�-�3�3�C�8�8�9�9�9�9����9�� �;�;�;���!9�:�:�:�:�:�;�����V�^�,�,�,s��?"D$�$
D1�0D1�0G3�G'�G3�'G+�+G3�.G+�/G3�3H�H�'DP�-O!�.P�:"P7�7O!�P�!O%�%P�(O%�)P�,#P7�$P3�3P7�7Q�Q�
c���|�d��}t|��|kr7d�|d|dz�dgz||dzd�z|gz��S|S)a.
    Handles error message making it shorter, if it is bigger than max limit
    :param error: error message to make shorter
    :param detailed_out: way for user to get full error manually
    :param max_error_lines: max lines for error
    :return: initial error (less than 10 lines) short error
    rPNr�z...)rrxrV)�errorr��max_error_lines�error_liness    rCr�r��s����+�+�d�#�#�K�
�;���/�)�)��y�y��.�/�Q�.�.�/�5�'�9�K��HX�\]�H]�H_�H_�<`�`�dp�cq�q�
�
�	
��LrEc�J�tjtjddd���}|S)zY
    Return true if automatic cldiag email notifications
    about problems enabled.
    �
ENABLE_CLDIAGr8T)�	separator�default_val)r��get_boolean_param�CL_CONFIG_FILE)�
enable_cldiags rC�is_email_notification_enabledr�s(��
�,�V�-B�O�_b�pt�u�u�u�M��rEc�P�	tjddtdi���}|�tj��|�tt��}n#tj$rgcYSwxYwd�|�	���
d��D��S)zc
    Get list of disabled cldiag checkers which run by cron
    from /etc/sysconfig/cloudlinux
    NFr�)r�r��defaultsc�:�g|]}|�|�����SrFr�)rJ�items  rCr�z6get_list_of_disabled_cron_checkers.<locals>.<listcomp>�s%��G�G�G�T�$�G�D�J�J�L�L�G�G�GrEr�)r�r��cron_cldiag_checkers_param_namer"r�rr��cron_cldiag_section_name�Errorr�r)rr�s  rC�"get_list_of_disabled_cron_checkersr�s�����*���/���
�
�
��	���F�)�*�*�*����$�+�
�
����������	�	�	�����H�G�V�\�\�^�^�%9�%9�#�%>�%>�G�G�G�Gs�AA � A4�3A4�disabled_cron_cherkersc� �	tjdd���}|�tj��t
|���vr|�t
��t��}|r|�	|��|�
t
td�|����ttjd��5}|�|��ddd��dS#1swxYwYdS#tjt t"f$rb}t%dtj�d|�d���t%d	��t%t&��t)jd
��Yd}~dSd}~wwxYw)z`
    Set list of disabled cldiag checker which run by cron
    in /etc/sysconfig/cloudlinux
    NFr�r�zw+z3Can't set list of disabled cron checkers to config"z" because "rRz:Please check config's existence, integrity and permissionsr_)r�r�r"r�rrr��add_sectionr�extend�setrrVrr�rr	r�rer�rZrf)rr�current_disabled_checkersrkrs     rC�"set_list_of_disabled_cron_checkersr$�s���
��*���
�
�
��	���F�)�*�*�*�#�6�?�?�+<�+<�<�<����7�8�8�8�$F�$H�$H�!�!�	E�"�)�)�*C�D�D�D��
�
�$�+��H�H�+�,�,�	
�	
�	
�
�&�'��
.�
.�	�!��L�L��O�O�O�	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�	�	������1����
�p��H]�p�p�jm�p�p�p�q�q�q�
�J�K�K�K�
�"�#�#�#�����������������	���s=�CD�D�5D�D�D�	D�
D�F
�+AF�F
z!Check mount with hidepid=2 optionc��d}d|��}d}d}tj�d��stt|��St��dkrtt|��Stt|��S)z7
    Check if system mounted with hidepid=2 option
    zWhttps://docs.cloudlinux.com/cloudlinux_os_kernel/#remounting-procfs-with-hidepid-optionz�Details: hidepid protection disabled.
Please, mount system with hidepid=2 for better security.
Read more about hidepid option here: zhidepid protection enabledr�r�r�)r�r�r?r*r&r#r%r$)�hidepid_doc_linkr�r��skipped_messages    rC�
check_hidepidr(�s���t��	C�0@�	C�	C��
2�N�/�O��7�>�>�/�0�0�3���/�2�2�2�&�'�'�1�,�,����0�0�0��R��(�(�(rEzCheck user's low PMEM limitsc��d}d|z}d}tj��}|rtt|��Stt|��S)z7
    Checks low PMEM limits availability on server
    z5https://docs.cloudlinux.com/limits/#limits-validationzLSome user(s) on server has low PMEM LVE limit (lower than 512 MB). See doc: zCheck low PMEM limits passed)r�is_low_pmem_limit_presentr*r%r$)r�r�r�r�s    rC�check_low_pmem_limitsr+�sP��G�H�c�fn�n�N�3�N�
�
6�
8�
8�F�
�1����0�0�0��R��(�(�(rE)F)FT)r	)��
__future__rrr$rrZrSr�r�rFr��collectionsr�pathlibrr�r��	functoolsr�typingr	r
rr�cldetectlibr��clcommon.cpapir
r�clcommon.lib.constsrr�clcommon.lib.cleditionrr�clcommon.lib.jwt_tokenr�cllimits_validatorr�clcommon.utilsrrrrrr�clcommon.lib.cmt_utilsrr�clcommon.lib.whmapi_librrr�clsentry.utilsr �clcommon.clpwdr!r"�cl_proc_hidepidr#r$r%r&r'r�rr�cl_plus_doc_linkr�r�r�rwr�r*�SUEXEC_PATH�
SUPHP_PATH�dictr�r�r�r@r]rmrrr}r�r�rtr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rr-rTrkr�rwrr�r}r�r�r�r�r�r�r�r!r�r�r�r�r�r�rr�rrr$r(r+rFrErC�<module>rAs
��&�%�%�%�%�%�&�&�&�&�&�&�
�
�
�
�
�
�
�
�
�
�
�
�����	�	�	�	�
�
�
�
���������"�"�"�"�"�"�������	�	�	�	�����������0�0�0�0�0�0�0�0�0�0�0�0�����>�>�>�>�>�>�>�>�K�K�K�K�K�K�K�K�N�N�N�N�N�N�N�N�2�2�2�2�2�2�.�.�.�.�.�.�������������������������?�>�>�>�>�>�>�>�,�,�,�,�,�,�*�*�*�*�*�*�1�1�1�1�1�1�1�1�:�:�:�:�:�:�
��	��
��+��C��"A��(��J��G�5E�G�G��v��'��S��]��
�J��
�
��
�
�	�-�$�%�
�$�#�"�#�!�
�
��&�#�0�
�#�"�!�"� �
�
�
��$�&�&���2��$�$��� �
�3��%�%���!�/��*���������,����@���������
��^���������E�$���
�*=�$>�����D���.
��
'�(�(�!
�!
�)�(�!
�H
�s�
�s�
�y�
�
�
�
�B
��
L�M�M��%�H�H�&�%���N�M�H�
��
K�L�L��%�A�A�&�%���M�L�A�*
��
F�G�G��%�A�A�&�%���H�G�A�
��
w�x�x��%�v�v�&�%���y�x�v�"
��
P�Q�Q�&�&�R�Q�&�,
��
S�T�T��V�V���U�T�V�0,�,�,�4
��
+�,�,�?�?�-�,�?�
��
*�+�+�:�:�,�+�:�
��
*�+�+�i�i�,�+�i�
��
9�:�:��A�A���;�:�A�$
��
3�4�4�U0�U0�5�4�U0�p
��
&�'�'��(U�(U���(�'�(U�V
��
5�6�6��?I�?I���7�6�?I�D
��
3�4�4��)�)���5�4�)�@4��+�
�P�P�P��!�!�!�����D������
��
1�2�2�#�#�3�2�#�0
��
5�6�6�%�%�7�6�%�P
��
-�.�.�1�1�/�.�1�$*�*�*������
�����,�S������S������c��c�����@���
��������$���"
��
V�W�W��d-�d-���X�W�d-�N
�
�
�
� �t�����H�D��&�1A�,B�H�H�H�H�2�t�H�V�DT�?U��Z^�����<
��
0�1�1��)�)���2�1�)�2
��
+�,�,��)�y�)�)�)���-�,�)�)�)rE

Hacked By AnonymousFox1.0, Coded By AnonymousFox