diff options
Diffstat (limited to 'server/lib/security-config')
-rwxr-xr-x | server/lib/security-config | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/server/lib/security-config b/server/lib/security-config deleted file mode 100755 index e2fb4593..00000000 --- a/server/lib/security-config +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash -#/** -#@file security-config -#@brief OpenGnsys Server security configuration. -#@version 1.1.0 - Initial version. -#@author Ramón M. Gómez, ETSII Univ. Sevilla -#@date 2016-04-18 -#*/ ## - - -# Variables. -PROG=$(basename "$0") -OPENGNSYS=/opt/opengnsys -# Errors control. -if [ "$USER" != "root" ]; then - echo "$PROG: Need to be root." >&2 - exit 1 -fi - -# UFW configuration. -if which ufw 2>/dev/null; then - # Adding active services. - ufw allow "Apache Secure" - ufw allow OpenSSH - ufw allow Samba - ufw allow mysql - ufw allow rsync - ufw allow tftp - ufw allow 67,68/udp # DHCP - ufw allow 2002,2008/tcp # OpenGnsys services - ufw allow 9000:9051/udp # Multicast - ufw allow 6881:6999/udp # BitTorrent - # Applying configuration. - ufw enable -# FirewallD configuration. -elif which firewall-cmd 2>/dev/null; then - # Defining OpenGnsys services. - python -c " -import firewall.core.io.service as ios -s=ios.Service() -s.short = 'OpenGnsys Server' -s.name = 'ogAdmServer' -s.ports = [('2008', 'tcp')] -ios.service_writer(s, '/etc/firewalld/services') -s.short = 'OpenGnsys Repository' -s.name = 'ogAdmRepo' -s.ports = [('2002', 'tcp')] -ios.service_writer(s, '/etc/firewalld/services')" - # Adding active services. - firewall-cmd --permanent --add-service=dhcp - firewall-cmd --permanent --add-service=https - firewall-cmd --permanent --add-service=mysql --zone internal - firewall-cmd --permanent --add-service=ogAdmRepo - firewall-cmd --permanent --add-service=ogAdmServer - # Ubuntu 14.04 does not define "rsyncd" service. - firewall-cmd --permanent --add-service=rsyncd || \ - firewall-cmd --permanent --add-port=873/tcp - firewall-cmd --permanent --add-service=samba - firewall-cmd --permanent --add-service=ssh - firewall-cmd --permanent --add-service=tftp - # Adding Multicast ports. - firewall-cmd --permanent --add-port=9000-9051/udp - # Adding BitTorent ports. - firewall-cmd --permanent --add-port=6881-6999/udp - # Applying configuration. - firewall-cmd --reload -else - echo "$PROG: Warning: Firewall won't be configured (neither ufw or firewalld are installed)." -fi - -# SELinux configuration. -if which setsebool 2>/dev/null; then - # Configuring Apache. - setsebool -P httpd_can_connect_ldap on - semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?" - # Configuring Samba. - setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 - semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?" - semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?" - # Applying configuration. - restorecon -R $OPENGNSYS -else - echo "$PROG: Warning: SELinux won't be configured (policycoreutils is not installed)." -fi - |