diff options
Diffstat (limited to 'server/lib/security-config')
-rwxr-xr-x | server/lib/security-config | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/server/lib/security-config b/server/lib/security-config index eb8bf5cf..d7f90d4a 100755 --- a/server/lib/security-config +++ b/server/lib/security-config @@ -22,13 +22,13 @@ fi if which ufw 2>/dev/null; then # Adding active services. ufw allow "Apache Secure" + ufw allow from 127.0.0.1/8 to any port mysql proto tcp # MySQL from the loopback ufw allow OpenSSH ufw allow Samba - ufw allow mysql ufw allow rsync ufw allow tftp ufw allow 67,68/udp # DHCP - ufw allow 2002,2008/tcp # OpenGnsys services + ufw allow 2002,2008,2009,2011/tcp # OpenGnsys services ufw allow 9000:9051/udp # Multicast ufw allow 6881:6999/udp # BitTorrent # Applying configuration. @@ -41,11 +41,11 @@ import firewall.core.io.service as ios s=ios.Service() s.short = 'OpenGnsys Server' s.name = 'ogAdmServer' -s.ports = [('2008', 'tcp')] +s.ports = [('2008', 'tcp'), ('2011', 'tcp')] ios.service_writer(s, '/etc/firewalld/services') s.short = 'OpenGnsys Repository' s.name = 'ogAdmRepo' -s.ports = [('2002', 'tcp')] +s.ports = [('2002', 'tcp'), ('2009', 'tcp')] ios.service_writer(s, '/etc/firewalld/services')" # Adding active services. firewall-cmd --permanent --add-service=dhcp @@ -71,15 +71,18 @@ fi # SELinux configuration. if which setsebool 2>/dev/null; then - # Configuring Apache. - setsebool -P httpd_can_connect_ldap on - semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?" - # Configuring Samba. - setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 - semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?" - semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?" - # Applying configuration. - restorecon -R $OPENGNSYS + if selinuxenabled 2>/dev/null; then + # Configuring Apache. + setsebool -P httpd_can_connect_ldap on + semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?" + # Configuring Samba. + setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 + semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?" + semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?" + # Applying configuration. + restorecon -R $OPENGNSYS + else + echo "$PROG: Warning: SELinux is disabled, it won't be configured." else echo "$PROG: Warning: SELinux won't be configured (policycoreutils is not installed)." fi |