Merge 14dcf2d2ae31eaf62f54461d7c431904d806bbd3 into 232b45e6a66753cb9ef8cea6f6ea8dcc045434c1

2025-04-20 19:03:08 +01:00 · 2025-02-22 19:36:04 +00:00 · 2025-02-22 19:36:04 +00:00 · 46be8f126b
commit 46be8f126b
parent 232b45e6a6 14dcf2d2ae
3 changed files with 45 additions and 3 deletions
--- a/core/tabs/security/firewalld-baselines.sh
+++ b/core/tabs/security/firewalld-baselines.sh
@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+. ../common-script.sh
+
+configureFirewallD() {
+    printf "%b\n" "${YELLOW}Configuring FirewallD with recommended rules${RC}"
+
+    printf "%b\n" "${YELLOW}Setting default zone to drop (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --set-default-zone=drop
+
+    printf "%b\n" "${YELLOW}Allowing SSH service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=ssh
+
+    printf "%b\n" "${YELLOW}Allowing HTTP service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=http
+
+    printf "%b\n" "${YELLOW}Allowing HTTPS service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=https
+
+    printf "%b\n" "${YELLOW}Reloading FirewallD configuration${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --reload
+
+    printf "%b\n" "${GREEN}Enabled FirewallD with Baselines!${RC}"
+}
+
+checkEnv
+checkEscalationTool
+configureFirewallD
--- a/core/tabs/security/tab_data.toml
+++ b/core/tabs/security/tab_data.toml
@ -1,12 +1,23 @@
 name = "Security"

 [[data]]
-name = "Firewall Baselines (CTT)"
+name = "UFW Firewall Baselines (CTT)"
 description = "Developed to ease iptables firewall configuration, UFW provides a user friendly way to create an IPv4 or IPv6 host-based firewall. This command installs UFW and configures UFW based on CTT's recommended rules. For more information visit: https://christitus.com/linux-security-mistakes"
-script = "firewall-baselines.sh"
+script = "ufw-baselines.sh"
 task_list = "I SS"

 [[data.preconditions]]
 matches = false
 data = "command_exists"
-values = [ "firewalld" ]
+values = [ "firewall-cmd" ]
+
+[[data]]
+name = "FirewallD Firewall Baselines (CTT)"
+description = "Configure FirewallD with CTT's recommended baseline rules for improved system security. For more information visit: https://christitus.com/linux-security-mistakes"
+script = "firewalld-baselines.sh"
+task_list = "I SS"
+
+[[data.preconditions]]
+matches = true
+data = "command_exists"
+values = [ "firewall-cmd" ]
--- a/core/tabs/security/firewall-baselines.sh
+++ b/core/tabs/security/firewall-baselines.sh
@ -12,6 +12,9 @@ installPkg() {
            apk)
                "$ESCALATION_TOOL" "$PACKAGER" add ufw
                ;;
+            xbps-install)
+                "$ESCALATION_TOOL" "$PACKAGER" -Sy ufw
+                ;;
            *)
                "$ESCALATION_TOOL" "$PACKAGER" install -y ufw
                ;;