diff options
author | Ramón M. Gómez <ramongomez@us.es> | 2019-02-07 12:04:07 +0100 |
---|---|---|
committer | Ramón M. Gómez <ramongomez@us.es> | 2019-02-07 12:04:07 +0100 |
commit | 6bd2e1e7ba1bb7f9911d95a3a4ed688b0cae1e58 (patch) | |
tree | 36ad54ffd72042ad9b71fccc3575de3b79facc48 /installer/opengnsys_installer.sh | |
parent | b0d5fb323802cac4ad5417e6c5fcfcab2e0d645d (diff) |
#736: Installer script no longer disables firewall or SELinux, and recommends using {{{security-config}}} script.
Diffstat (limited to 'installer/opengnsys_installer.sh')
-rwxr-xr-x | installer/opengnsys_installer.sh | 28 |
1 files changed, 4 insertions, 24 deletions
diff --git a/installer/opengnsys_installer.sh b/installer/opengnsys_installer.sh index 87b06835..f559552c 100755 --- a/installer/opengnsys_installer.sh +++ b/installer/opengnsys_installer.sh @@ -145,7 +145,6 @@ OPENGNSYS_DB_CREATION_FILE=opengnsys/admin/Database/${OPENGNSYS_DATABASE}.sql # - APACHEENABLEOG, APACHEOGSITE, - habilitar sitio web de OpenGnsys # - PHPFPMSERV - servicio PHP FastCGI Process Manager para Apache # - INETDSERV - servicio Inetd -# - FIREWALLSERV - servicio de cortabuegos IPTables/FirewallD # - DHCPSERV, DHCPCFGDIR - servicio y configuración de DHCP # - MYSQLSERV, TMPMYCNF - servicio MySQL y fichero temporal con credenciales de acceso # - MARIADBSERV - servicio MariaDB (sustituto de MySQL en algunas distribuciones) @@ -232,11 +231,6 @@ case "$OSDISTRIB" in APACHEREWRITEMOD="sed -i '/rewrite/s/^#//' $APACHECFGDIR/../*.conf" DHCPSERV=dhcpd DHCPCFGDIR=/etc/dhcp - if firewall-cmd --state &>/dev/null; then - FIREWALLSERV=firewalld - else - FIREWALLSERV=iptables - fi INETDSERV=xinetd INETDCFGDIR=/etc/xinetd.d MYSQLSERV=mysqld @@ -268,13 +262,6 @@ local f # Configuraciones específicas para Samba y TFTP en Debian 6. [ -z "$SYSTEMD" -a ! -e /etc/init.d/$SAMBASERV ] && SAMBASERV=samba [ ! -e $TFTPCFGDIR ] && TFTPCFGDIR=/srv/tftp - -# Configuraciones específicas para SELinux permisivo en distintas versiones. -[ -f /selinux/enforce ] && echo 0 > /selinux/enforce -for f in /etc/sysconfig/selinux /etc/selinux/config; do - [ -f $f ] && perl -pi -e 's/SELINUX=enforcing/SELINUX=permissive/g' $f -done -selinuxenabled 2>/dev/null && setenforce 0 2>/dev/null } @@ -823,13 +810,7 @@ function downloadCode() # Comprobar si existe conexión. function checkNetworkConnection() { - echoAndLog "${FUNCNAME}(): Disabling Firewall: $FIREWALLSERV." - if [ -n "$FIREWALLSERV" ]; then - service=$FIREWALLSERV - $STOPSERVICE; $DISABLESERVICE - fi - - echoAndLog "${FUNCNAME}(): Checking OpenGnsys server conectivity." + echoAndLog "${FUNCNAME}(): Checking OpenGnsys server connectivity." OPENGNSYS_SERVER=${OPENGNSYS_SERVER:-"opengnsys.es"} if which wget &>/dev/null; then wget --spider -q $OPENGNSYS_SERVER @@ -1576,16 +1557,15 @@ function installationSummary() echoAndLog "Installed ogLive client(s): $(oglivecli list | awk '{print $2}')" echoAndLog "Samba configuration directory: $SAMBACFGDIR" echoAndLog "Web Console URL: $OPENGNSYS_CONSOLEURL" - echoAndLog "Web Console access data: specified in installer script" + echoAndLog "Web Console access data: entered by the user" if grep -q "^RUN_BTTRACK.*no" /etc/default/opengnsys; then echoAndLog "BitTorrent service is disabled." fi echo echoAndLog "Post-Installation Instructions:" echo "===============================" - echoAndLog "Firewall service has been disabled and SELinux mode set to" - echoAndLog " permissive during OpenGnsys installation. Please check" - echoAndLog " ${FIREWALLSERV:-firewall} and SELinux configuration, if needed." + echoAndLog "You can improve server security by configuring firewall and SELinux," + echoAndLog " running \"$INSTALL_TARGET/lib/security-config\" script as root." echoAndLog "It's strongly recommended to synchronize this server with an NTP server." echoAndLog "Review or edit all configuration files." echoAndLog "Insert DHCP configuration data and restart service." |