Controle MAC

• Instalar as dependências:

# dnf install pip sqlite vim-enhanced vim -y

# pip install flask ldap3 gunicorn

# cd /etc/raddb

# mkdir -p mac_manager/templates

Base de Dados

Link: 1 / 2 / 3 

Código Python

Código HTML

Modo Desenvolvedor

• Execute o script do Flask:

# cd /<caminho>/mac_manager

# python app.py 

 * Serving Flask app 'app'

 * Debug mode: on

WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.

 * Running on all addresses (0.0.0.0)

 * Running on http://127.0.0.1:5000

 * Running on http://10.1.10.251:5000

Press CTRL+C to quit

 * Restarting with stat

 * Debugger is active!

 * Debugger PIN: XXX-XXX-XXX

• Acesse via browser:

http://<IP_SERVER>:5000

# ln -s /etc/ipa/ca.crt /etc/ssl/certs/ipa_ca.crt

# vim app.py

from ldap3 import Server, Connection, ALL, SUBTREE, Tls

LDAP_PORT = 636 # Nova variável para a porta segura

# Caminho para o certificado CA do FreeIPA que você baixou 

FREEIPA_CA_FILE = '/etc/ssl/certs/ipa_ca.crt'

Colocando Aplicação Puthon Web em Produção

pip install gunicorn

from flask import Flask

import os

app = Flask(__name__)

app.secret_key = os.environ.get("FLASK_SECRET_KEY", "Chave_Padrao_De_Seguranca_123_Mudar")

# ... suas rotas e lógicas do LDAP ...

if __name__ == '__main__':

    # Isso só roda no desenvolvimento. O Gunicorn vai ignorar este bloco.

    app.run(host='0.0.0.0', port=5000)

# python3 -c 'import os; print(os.urandom(32).hex())'

9b7dbc72dfb7572aefcfb2fe24f822c5615a0e17f90c9dc5a04e9e5285ce716e

# vim /etc/systemd/system/maccontrol.service

[Unit]

Description=Instancia Flask - MAC Control System

After=network.target

[Service]

User=root

Group=root

WorkingDirectory=/etc/raddb/mac_manager

Environment=PYTHONUNBUFFERED=1

Environment=FLASK_SECRET_KEY=9b7dbc72dfb7572aefcfb2fe24f822c5615a0e17f90c9dc5a04e9e5285ce716e

#ExecStart=/usr/local/sbin/gunicorn --workers 3 --bind 127.0.0.1:5000 --access-logfile - --log-level debug app:app

ExecStart=/usr/local/sbin/gunicorn --workers 3 --bind 0.0.0.0:5000 --access-logfile - --log-level debug app:app

Restart=always

[Install]

WantedBy=multi-user.target

systemctl daemon-reload

systemctl enable maccontrol.service

systemctl start maccontrol.service

systemctl status maccontrol

# journalctl -f -u maccontrol.service -n 50 --no-pager