blob: 0551f867419186ba6ab22cac3cee1ebe5e44e415 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#!/bin/bash
#/**
#@file security-config
#@brief OpenGnsys Server security configuration.
#@version 1.1 - Initial version.
#@author Ramón J. Gómez, ETSII Univ. Sevilla
#@date 2016-03-01
#*/ ##
# Variables.
PROG=$(basename "$0")
OPENGNSYS=/opt/opengnsys
# Errors control.
if [ "$USER" != "root" ]; then
echo "$PROG: Need to be root." >&2
exit 1
fi
# FirewallD configuration.
if which firewall-cmd 2>/dev/null; then
# Defining OpenGnsys services.
python -c "
import firewall.core.io.service as ios
s=ios.Service()
s.short = 'OpenGnsys Server'
s.name = 'ogAdmServer'
s.ports = [('2008', 'tcp')]
ios.service_writer(s, '/etc/firewalld/services')
//s.short = 'OpenGnsys Repository'
//s.name = 'ogAdmRepo'
//s.ports = [('2002', 'tcp')]
//ios.service_writer(s, '/etc/firewalld/services')"
# Adding active services.
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=mysql --zone internal
#firewall-cmd --permanent --add-service=ogAdmRepo
firewall-cmd --permanent --add-service=ogAdmServer
# Ubuntu 14.04 does not define "rsyncd" service.
firewall-cmd --permanent --add-service=rsyncd || \
firewall-cmd --permanent --add-port=873/tcp
firewall-cmd --permanent --add-service=samba
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=tftp
# Adding Multicast ports.
firewall-cmd --permanent --add-port=9000-9051/udp
# Adding Torent ports?
#firewall-cmd --permanent --add-port=6881-6999/udp
# Applying configuration.
firewall-cmd --reload
else
echo "$PROG: Warning: FirewallD won't be configured (firewalld is not installed)."
fi
# SELinux configuration.
if which setsebool 2>/dev/null; then
# Configuring Apache.
setsebool -P httpd_can_connect_ldap on
semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?"
# Configuring Samba.
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?"
semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?"
# Applying configuration.
restorecon -R $OPENGNSYS
else
echo "$PROG: Warning: SELinux won't be configured (policycoreutils is not installed)."
fi
|