2024-07-30 20:01:13 +01:00
|
|
|
#!/bin/sh -e
|
|
|
|
|
2024-08-15 07:13:56 +01:00
|
|
|
. ../common-script.sh
|
2024-08-02 15:19:20 +01:00
|
|
|
|
2024-07-30 20:01:13 +01:00
|
|
|
installPkg() {
|
2024-09-17 03:10:02 +01:00
|
|
|
echo "Installing UFW..."
|
2024-07-30 20:01:13 +01:00
|
|
|
if ! command_exists ufw; then
|
2024-09-17 13:23:23 +01:00
|
|
|
case "$PACKAGER" in
|
2024-07-30 20:01:13 +01:00
|
|
|
pacman)
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" "$PACKAGER" -S --needed --noconfirm ufw
|
2024-07-30 20:01:13 +01:00
|
|
|
;;
|
|
|
|
*)
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" "$PACKAGER" install -y ufw
|
2024-07-30 20:01:13 +01:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
else
|
|
|
|
echo "UFW is already installed."
|
|
|
|
fi
|
2024-08-02 15:19:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
configureUFW() {
|
2024-09-17 03:10:02 +01:00
|
|
|
printf "%b\n" "${YELLOW}Using Chris Titus Recommended Firewall Rules${RC}"
|
2024-08-02 15:19:20 +01:00
|
|
|
|
2024-09-17 03:44:20 +01:00
|
|
|
printf "%b\n" "${YELLOW}Disabling UFW${RC}"
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" ufw disable
|
2024-08-02 15:19:20 +01:00
|
|
|
|
2024-09-17 03:44:20 +01:00
|
|
|
printf "%b\n" "${YELLOW}Limiting port 22/tcp (UFW)${RC}"
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" ufw limit 22/tcp
|
2024-07-30 20:01:13 +01:00
|
|
|
|
2024-09-17 03:44:20 +01:00
|
|
|
printf "%b\n" "${YELLOW}Allowing port 80/tcp (UFW)${RC}"
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" ufw allow 80/tcp
|
2024-07-30 20:01:13 +01:00
|
|
|
|
2024-09-17 03:44:20 +01:00
|
|
|
printf "%b\n" "${YELLO}Allowing port 443/tcp (UFW)${RC}"
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" ufw allow 443/tcp
|
2024-07-30 20:01:13 +01:00
|
|
|
|
2024-09-17 03:44:20 +01:00
|
|
|
printf "%b\n" "${YELLOW}Denying Incoming Packets by Default(UFW)${RC}"
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" ufw default deny incoming
|
2024-07-30 20:01:13 +01:00
|
|
|
|
2024-09-17 03:44:20 +01:00
|
|
|
printf "%b\n" "${YELLOW}Allowing Outcoming Packets by Default(UFW)${RC}"
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" ufw default allow outgoing
|
2024-07-30 20:01:13 +01:00
|
|
|
|
2024-09-19 01:03:32 +01:00
|
|
|
"$ESCALATION_TOOL" ufw enable
|
2024-09-12 21:14:50 +01:00
|
|
|
printf "%b\n" "${GREEN}Enabled Firewall with Baselines!${RC}"
|
2024-07-30 20:01:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
checkEnv
|
2024-08-23 14:12:47 +01:00
|
|
|
checkEscalationTool
|
2024-07-30 20:01:13 +01:00
|
|
|
installPkg
|
2024-08-02 15:19:20 +01:00
|
|
|
configureUFW
|