source: server/lib/security-config @ ebe5709

918-git-images-111dconfigfileconfigure-oglivegit-imageslgromero-new-oglivemainmaint-cronmount-efivarfsmultivmmultivm-ogboot-installerogClonningEngineogboot-installer-jenkinsoglive-ipv6test-python-scriptsticket-301ticket-50ticket-50-oldticket-577ticket-585ticket-611ticket-612ticket-693ticket-700ubu24tplunification2use-local-agent-oglivevarios-instalacionwebconsole3
Last change on this file since ebe5709 was 4db1b6e, checked in by ramon <ramongomez@…>, 9 years ago

#736: Script para configurar conrtafuegos FirewallD y seguridad SELinux.

git-svn-id: https://opengnsys.es/svn/branches/version1.1@4809 a21b9725-9963-47de-94b9-378ad31fedc9
  • Property mode set to 100644
File size: 2.2 KB
Line 
1#!/bin/bash
2#/**
3#@file    security-config
4#@brief   OpenGnsys Server security configuration.
5#@version 1.1 - Initial version.
6#@author  Ramón J. Gómez, ETSII Univ. Sevilla
7#@date    2016-03-01
8#*/ ##
9
10
11# Variables.
12PROG=$(basename "$0")
13OPENGNSYS=/opt/opengnsys
14# Errors control.
15if [ "$USER" != "root" ]; then
16        echo "$PROG: Need to be root." >&2
17        exit 1
18fi
19
20# FirewallD configuration.
21if which firewall-cmd 2>/dev/null; then
22        # Defining OpenGnsys services.
23        python -c "
24import firewall.core.io.service as ios
25s=ios.Service()
26s.short = 'OpenGnsys Server'
27s.name = 'ogAdmServer'
28s.ports = [('2008', 'tcp')]
29ios.service_writer(s, '/etc/firewalld/services')
30//s.short = 'OpenGnsys Repository'
31//s.name = 'ogAdmRepo'
32//s.ports = [('2002', 'tcp')]
33//ios.service_writer(s, '/etc/firewalld/services')"
34        # Adding active services.
35        firewall-cmd --permanent --add-service=dhcp
36        firewall-cmd --permanent --add-service=https
37        firewall-cmd --permanent --add-service=mysql --zone internal
38        #firewall-cmd --permanent --add-service=ogAdmRepo
39        firewall-cmd --permanent --add-service=ogAdmServer
40        # Ubuntu 14.04 does not define "rsyncd" service.
41        firewall-cmd --permanent --add-service=rsyncd || \
42                firewall-cmd --permanent --add-port=873/tcp
43        firewall-cmd --permanent --add-service=samba
44        firewall-cmd --permanent --add-service=ssh
45        firewall-cmd --permanent --add-service=tftp
46        # Adding Multicast ports.
47        firewall-cmd --permanent --add-port=9000-9051/udp
48        # Adding Torent ports?
49        #firewall-cmd --permanent --add-port=6881-6999/udp
50        # Applying configuration.
51        firewall-cmd --reload
52else
53        echo "$PROG: Warning: FirewallD won't be configured (firewalld is not installed)."
54fi
55
56# SELinux configuration.
57if which setsebool 2>/dev/null; then
58        # Configuring Apache.
59        setsebool -P httpd_can_connect_ldap on
60        semanage fcontext -at httpd_sys_content_t "$OPENGNSYS/www(/.*)?"
61        # Configuring Samba.
62        setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
63        semanage fcontext -at samba_share_t "$OPENGNSYS/client(/.*)?"
64        semanage fcontext -at samba_share_t "$OPENGNSYS/images(/.*)?"
65        # Applying configuration.
66        restorecon -R $OPENGNSYS
67else
68        echo "$PROG: Warning: SELinux won't be configured (policycoreutils is not installed)."
69fi
70
Note: See TracBrowser for help on using the repository browser.