summaryrefslogtreecommitdiffstats
path: root/server/lib
diff options
context:
space:
mode:
authorramon <ramongomez@us.es>2016-04-18 12:48:14 +0000
committerramon <ramongomez@us.es>2016-04-18 12:48:14 +0000
commit9ddd0ff641447ecd2341e94ddd6b9525dc00bc2a (patch)
treec599d1451fec39100201d8d2aba37ab73ffe5ce7 /server/lib
parenta5e518ba9a9edb163136a733a76aa4b1eb63e01b (diff)
#736: Añadir confitguración del cortafuegos "ufw" usado en Ubuntu.
git-svn-id: https://opengnsys.es/svn/branches/version1.1@4885 a21b9725-9963-47de-94b9-378ad31fedc9
Diffstat (limited to 'server/lib')
-rw-r--r--server/lib/security-config29
1 files changed, 22 insertions, 7 deletions
diff --git a/server/lib/security-config b/server/lib/security-config
index 0551f867..e3087d5a 100644
--- a/server/lib/security-config
+++ b/server/lib/security-config
@@ -2,9 +2,9 @@
#/**
#@file security-config
#@brief OpenGnsys Server security configuration.
-#@version 1.1 - Initial version.
-#@author Ramón J. Gómez, ETSII Univ. Sevilla
-#@date 2016-03-01
+#@version 1.1.0 - Initial version.
+#@author Ramón M. Gómez, ETSII Univ. Sevilla
+#@date 2016-04-18
#*/ ##
@@ -17,8 +17,23 @@ if [ "$USER" != "root" ]; then
exit 1
fi
+# UFW configuration.
+if which ufw 2>/dev/null; then
+ # Adding active services.
+ ufw allow "Apache Secure"
+ ufw allow OpenSSH
+ ufw allow Samba
+ ufw allow mysql
+ ufw allow rsync
+ ufw allow tftp
+ ufw allow 67,68/udp # DHCP
+ ufw allow 2002,2008/tcp # OpenGnsys services
+ ufw allow 9000:9051/udp # Multicast
+ ufw allow 6881:6999/udp # BitTorrent
+ # Applying configuration.
+ ufw enable
# FirewallD configuration.
-if which firewall-cmd 2>/dev/null; then
+elif which firewall-cmd 2>/dev/null; then
# Defining OpenGnsys services.
python -c "
import firewall.core.io.service as ios
@@ -45,12 +60,12 @@ ios.service_writer(s, '/etc/firewalld/services')
firewall-cmd --permanent --add-service=tftp
# Adding Multicast ports.
firewall-cmd --permanent --add-port=9000-9051/udp
- # Adding Torent ports?
- #firewall-cmd --permanent --add-port=6881-6999/udp
+ # Adding BitTorent ports.
+ firewall-cmd --permanent --add-port=6881-6999/udp
# Applying configuration.
firewall-cmd --reload
else
- echo "$PROG: Warning: FirewallD won't be configured (firewalld is not installed)."
+ echo "$PROG: Warning: Firewall won't be configured (neither ufw or firewalld are installed)."
fi
# SELinux configuration.