summaryrefslogtreecommitdiffstats
path: root/server/lib/security-config
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib/security-config')
-rwxr-xr-xserver/lib/security-config29
1 files changed, 16 insertions, 13 deletions
diff --git a/server/lib/security-config b/server/lib/security-config
index eb8bf5cf..d7f90d4a 100755
--- a/server/lib/security-config
+++ b/server/lib/security-config
@@ -22,13 +22,13 @@ fi
if which ufw 2>/dev/null; then
# Adding active services.
ufw allow "Apache Secure"
+ ufw allow from 127.0.0.1/8 to any port mysql proto tcp # MySQL from the loopback
ufw allow OpenSSH
ufw allow Samba
- ufw allow mysql
ufw allow rsync
ufw allow tftp
ufw allow 67,68/udp # DHCP
- ufw allow 2002,2008/tcp # OpenGnsys services
+ ufw allow 2002,2008,2009,2011/tcp # OpenGnsys services
ufw allow 9000:9051/udp # Multicast
ufw allow 6881:6999/udp # BitTorrent
# Applying configuration.
@@ -41,11 +41,11 @@ import firewall.core.io.service as ios
s=ios.Service()
s.short = 'OpenGnsys Server'
s.name = 'ogAdmServer'
-s.ports = [('2008', 'tcp')]
+s.ports = [('2008', 'tcp'), ('2011', 'tcp')]
ios.service_writer(s, '/etc/firewalld/services')
s.short = 'OpenGnsys Repository'
s.name = 'ogAdmRepo'
-s.ports = [('2002', 'tcp')]
+s.ports = [('2002', 'tcp'), ('2009', 'tcp')]
ios.service_writer(s, '/etc/firewalld/services')"
# Adding active services.
firewall-cmd --permanent --add-service=dhcp
@@ -71,15 +71,18 @@ fi
# SELinux configuration.
if which setsebool 2>/dev/null; then
- # Configuring Apache.
- setsebool -P httpd_can_connect_ldap on
- semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?"
- # Configuring Samba.
- setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
- semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?"
- semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?"
- # Applying configuration.
- restorecon -R $OPENGNSYS
+ if selinuxenabled 2>/dev/null; then
+ # Configuring Apache.
+ setsebool -P httpd_can_connect_ldap on
+ semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?"
+ # Configuring Samba.
+ setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
+ semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?"
+ semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?"
+ # Applying configuration.
+ restorecon -R $OPENGNSYS
+ else
+ echo "$PROG: Warning: SELinux is disabled, it won't be configured."
else
echo "$PROG: Warning: SELinux won't be configured (policycoreutils is not installed)."
fi