From 0eca8604cf56d49edbff3234a45265a274241cf9 Mon Sep 17 00:00:00 2001 From: phot0n Date: Wed, 20 Mar 2024 11:39:32 +0530 Subject: [PATCH] feat(minor): option to disable warning banner when init-ing ssh session --- .../playbooks/roles/sshd_hardening/tasks/main.yml | 1 + .../playbooks/roles/warning_banners/tasks/main.yml | 9 ++++++++- .../doctype/database_server/database_server.py | 1 + .../doctype/press_settings/press_settings.json | 14 +++++++++++++- press/press/doctype/server/server.py | 7 +++---- 5 files changed, 26 insertions(+), 6 deletions(-) diff --git a/press/playbooks/roles/sshd_hardening/tasks/main.yml b/press/playbooks/roles/sshd_hardening/tasks/main.yml index fcc0c5ab9e..f9afd15ce6 100644 --- a/press/playbooks/roles/sshd_hardening/tasks/main.yml +++ b/press/playbooks/roles/sshd_hardening/tasks/main.yml @@ -50,6 +50,7 @@ dest: /etc/ssh/sshd_config regexp: '^Banner' line: "Banner /etc/login.warn" + when: "{{ add_warning_banner is defined and add_warning_banner }}" - name: "Ensure SSH MaxStartups is configured" lineinfile: diff --git a/press/playbooks/roles/warning_banners/tasks/main.yml b/press/playbooks/roles/warning_banners/tasks/main.yml index 83ac075307..a5c2319a20 100644 --- a/press/playbooks/roles/warning_banners/tasks/main.yml +++ b/press/playbooks/roles/warning_banners/tasks/main.yml @@ -6,6 +6,7 @@ owner: root group: root mode: 0644 + when: "{{ add_warning_banner is defined and add_warning_banner }}" - name: "Ensure local login warning banner is configured properly" copy: @@ -14,6 +15,7 @@ owner: root group: root mode: 0644 + when: "{{ add_warning_banner is defined and add_warning_banner }}" - name: "Ensure remote login warning banner is configured properly" copy: @@ -22,6 +24,7 @@ owner: root group: root mode: 0644 + when: "{{ add_warning_banner is defined and add_warning_banner }}" - name: "Ensure remote login warning banner is configured for ssh" copy: @@ -30,6 +33,7 @@ owner: root group: root mode: 0644 + when: "{{ add_warning_banner is defined and add_warning_banner }}" - name: "Ensure permissions on /etc/motd are configured" file: @@ -38,6 +42,7 @@ owner: root group: root mode: 0644 + when: "{{ add_warning_banner is defined and add_warning_banner }}" - name: "Ensure permissions on /etc/issue are configured" file: @@ -46,6 +51,7 @@ owner: root group: root mode: 0644 + when: "{{ add_warning_banner is defined and add_warning_banner }}" - name: "Ensure permissions on /etc/issue.net are configured" file: @@ -53,4 +59,5 @@ state: file owner: root group: root - mode: 0644 \ No newline at end of file + mode: 0644 + when: "{{ add_warning_banner is defined and add_warning_banner }}" \ No newline at end of file diff --git a/press/press/doctype/database_server/database_server.py b/press/press/doctype/database_server/database_server.py index f1217c24e6..4784d3f87b 100644 --- a/press/press/doctype/database_server/database_server.py +++ b/press/press/doctype/database_server/database_server.py @@ -327,6 +327,7 @@ def _setup_server(self): "certificate_private_key": certificate.private_key, "certificate_full_chain": certificate.full_chain, "certificate_intermediate_chain": certificate.intermediate_chain, + "add_warning_banner": frappe.db.get_single_value("Press Settings", "add_warning_banner") }, ) play = ansible.run() diff --git a/press/press/doctype/press_settings/press_settings.json b/press/press/doctype/press_settings/press_settings.json index dbd4007ea9..c9fdbe9a2e 100644 --- a/press/press/doctype/press_settings/press_settings.json +++ b/press/press/doctype/press_settings/press_settings.json @@ -169,6 +169,8 @@ "use_staging_ca", "ssh_section", "ssh_certificate_authority", + "column_break_ohvk", + "add_warning_banner", "monitoring_section", "monitor_server", "monitor_token", @@ -1167,11 +1169,21 @@ "fieldtype": "Link", "label": "Hybrid Domain", "options": "Root Domain" + }, + { + "fieldname": "column_break_ohvk", + "fieldtype": "Column Break" + }, + { + "default": "1", + "fieldname": "add_warning_banner", + "fieldtype": "Check", + "label": "Add Warning Banner" } ], "issingle": 1, "links": [], - "modified": "2024-03-05 15:51:49.055544", + "modified": "2024-03-20 10:50:07.152942", "modified_by": "Administrator", "module": "Press", "name": "Press Settings", diff --git a/press/press/doctype/server/server.py b/press/press/doctype/server/server.py index d4c728af7d..5b65ac49f9 100644 --- a/press/press/doctype/server/server.py +++ b/press/press/doctype/server/server.py @@ -187,10 +187,8 @@ def validate_agent_password(self): self.agent_password = frappe.generate_hash(length=32) def get_agent_repository_url(self): - settings = frappe.get_single("Press Settings") - repository_owner = settings.agent_repository_owner or "frappe" - url = f"https://github.com/{repository_owner}/agent" - return url + repository_owner = frappe.db.get_single_value("Press Settings", "agent_repository_owner") or "frappe" + return f"https://github.com/{repository_owner}/agent" @frappe.whitelist() def ping_agent(self): @@ -802,6 +800,7 @@ def _setup_server(self): "certificate_private_key": certificate.private_key, "certificate_full_chain": certificate.full_chain, "certificate_intermediate_chain": certificate.intermediate_chain, + "add_warning_banner": frappe.db.get_single_value("Press Settings", "add_warning_banner"), }, ) play = ansible.run()