summaryrefslogtreecommitdiffstats
path: root/server/lib
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib')
-rwxr-xr-xserver/lib/ogfunctions.sh31
-rwxr-xr-xserver/lib/security-config40
2 files changed, 53 insertions, 18 deletions
diff --git a/server/lib/ogfunctions.sh b/server/lib/ogfunctions.sh
index 51de6b77..34b2ab7b 100755
--- a/server/lib/ogfunctions.sh
+++ b/server/lib/ogfunctions.sh
@@ -23,6 +23,9 @@ function raiseError() {
download)
echo "$PROG: Download error: $2" >&2
exit 4 ;;
+ cancel)
+ echo "$PROG: Operation cancelled: $2" >&2
+ exit 5 ;;
*)
echo "$PROG: Unknown error" >&2
exit 1 ;;
@@ -54,6 +57,20 @@ function help() {
exit 0
}
+# Functions to manage a service.
+function restart() {
+ _service restart "$1"
+}
+function start() {
+ _service start "$1"
+}
+function stop() {
+ _service stop "$1"
+}
+
+
+### Meta-functions and private functions.
+
# Metafunction to check if JSON result exists.
JQ=$(which jq 2>/dev/null) || raiseError notfound "Need to install \"jq\"."
function jq() {
@@ -63,3 +80,17 @@ function jq() {
echo "$OUTPUT"
}
+# Private function to acts on a service (do not use directly).
+function _service() {
+ local ACTION="$1"
+ local SERVICE="$2"
+ if which systemctl 2>/dev/null; then
+ systemctl "$ACTION" "$SERVICE"
+ elif which service 2>/dev/null; then
+ service "$SERVICE" "$ACTION"
+ elif [ -x /etc/init.d/"$SERVICE" ]; then
+ /etc/init.d/"$SERVICE" "$ACTION"
+ else
+ raiseError notfound "Service $SERVICE"
+ fi
+}
diff --git a/server/lib/security-config b/server/lib/security-config
index 11961758..6d53d198 100755
--- a/server/lib/security-config
+++ b/server/lib/security-config
@@ -23,16 +23,16 @@ if which ufw &>/dev/null; then
echo "Configuring UFW."
# Adding active services.
ufw allow "Apache Secure"
+ ufw allow from 127.0.0.1/8 to any port mysql proto tcp # MySQL from the loopback
ufw allow OpenSSH
ufw allow Samba
- ufw allow mysql
ufw allow rsync
ufw allow tftp
ufw allow 67,68/udp # DHCP
- ufw allow 2008/tcp # OpenGnsys service
+ ufw allow 2008,2009,2011/tcp # OpenGnsys services
ufw allow 6881:6999/udp # BitTorrent
ufw allow 9000/tcp # PHP-FPM
- ufw allow 9000:9051/udp # Multicast
+ ufw allow 9000:9101/udp # Multicast
# Applying configuration.
ufw enable
# FirewallD configuration.
@@ -42,9 +42,9 @@ elif which firewall-cmd &>/dev/null; then
python -c "
import firewall.core.io.service as ios
s=ios.Service()
-s.short = 'OpenGnsys Server'
-s.name = 'ogAdmServer'
-s.ports = [('2008', 'tcp')]
+s.short = 'OpenGnsys Services'
+s.name = 'opengnsys'
+s.ports = [('2008', 'tcp'), ('2009', 'tcp'), ('2011', 'tcp')]
ios.service_writer(s, '/etc/firewalld/services')
s.name = 'php-fpm'
s.ports = [('9000', 'tcp')]
@@ -52,9 +52,9 @@ ios.service_writer(s, '/etc/firewalld/services')"
# Adding active services.
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --permanent --add-service=https
- firewall-cmd --permanent --add-service=php-fpm
firewall-cmd --permanent --add-service=mysql --zone internal
- firewall-cmd --permanent --add-service=ogAdmServer
+ firewall-cmd --permanent --add-service=opengnsys
+ firewall-cmd --permanent --add-service=php-fpm
# Ubuntu 14.04 does not define "rsyncd" service.
firewall-cmd --permanent --add-service=rsyncd || \
firewall-cmd --permanent --add-port=873/tcp
@@ -73,16 +73,20 @@ fi
# SELinux configuration.
if which setsebool &>/dev/null; then
- echo "Configuring SELinux."
- # Configuring Apache.
- setsebool -P httpd_can_connect_ldap on
- semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?"
- # Configuring Samba.
- setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
- semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?"
- semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?"
- # Applying configuration.
- restorecon -R $OPENGNSYS
+ if selinuxenabled; then
+ echo "Configuring SELinux."
+ # Configuring Apache.
+ setsebool -P httpd_can_connect_ldap on
+ semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?"
+ # Configuring Samba.
+ setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
+ semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?"
+ semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?"
+ # Applying configuration.
+ restorecon -R $OPENGNSYS
+ else
+ echo "$PROG: Warning: SELinux is disabled, it won't be configured."
+ fi
else
echo "$PROG: Warning: SELinux won't be configured (policycoreutils is not installed)."
fi