mitsuo_makuda/linutil
1
0
Fork 0
mirror of https://github.com/ChrisTitusTech/linutil.git synced 2025-04-20 19:03:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge 14dcf2d2ae31eaf62f54461d7c431904d806bbd3 into e88020cff09f271af6361c43e60dbfdeaafb975a

Browse Source
This commit is contained in:
Jaredy899 2025-02-28 23:59:14 +01:00 committed by GitHub
commit f752d7ac3c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
core/tabs/security/firewalld-baselines.sh Normal file
View File

@ -0,0 +1,28 @@
#!/bin/sh -e
. ../common-script.sh
configureFirewallD() {
printf "%b\n" "${YELLOW}Configuring FirewallD with recommended rules${RC}"
printf "%b\n" "${YELLOW}Setting default zone to drop (FirewallD)${RC}"
"$ESCALATION_TOOL" firewall-cmd --set-default-zone=drop
printf "%b\n" "${YELLOW}Allowing SSH service (FirewallD)${RC}"
"$ESCALATION_TOOL" firewall-cmd --permanent --add-service=ssh
printf "%b\n" "${YELLOW}Allowing HTTP service (FirewallD)${RC}"
"$ESCALATION_TOOL" firewall-cmd --permanent --add-service=http
printf "%b\n" "${YELLOW}Allowing HTTPS service (FirewallD)${RC}"
"$ESCALATION_TOOL" firewall-cmd --permanent --add-service=https
printf "%b\n" "${YELLOW}Reloading FirewallD configuration${RC}"
"$ESCALATION_TOOL" firewall-cmd --reload
printf "%b\n" "${GREEN}Enabled FirewallD with Baselines!${RC}"
}
checkEnv
checkEscalationTool
configureFirewallD

17
core/tabs/security/tab_data.toml
View File

@ -1,12 +1,23 @@
name = "Security" name = "Security"
[[data]] [[data]]
name = "Firewall Baselines (CTT)" name = "UFW Firewall Baselines (CTT)"
description = "Developed to ease iptables firewall configuration, UFW provides a user friendly way to create an IPv4 or IPv6 host-based firewall. This command installs UFW and configures UFW based on CTT's recommended rules. For more information visit: https://christitus.com/linux-security-mistakes" description = "Developed to ease iptables firewall configuration, UFW provides a user friendly way to create an IPv4 or IPv6 host-based firewall. This command installs UFW and configures UFW based on CTT's recommended rules. For more information visit: https://christitus.com/linux-security-mistakes"
script = "firewall-baselines.sh" script = "ufw-baselines.sh"
task_list = "I SS" task_list = "I SS"
[[data.preconditions]] [[data.preconditions]]
matches = false matches = false
data = "command_exists" data = "command_exists"
values = [ "firewalld" ] values = [ "firewall-cmd" ]
[[data]]
name = "FirewallD Firewall Baselines (CTT)"
description = "Configure FirewallD with CTT's recommended baseline rules for improved system security. For more information visit: https://christitus.com/linux-security-mistakes"
script = "firewalld-baselines.sh"
task_list = "I SS"
[[data.preconditions]]
matches = true
data = "command_exists"
values = [ "firewall-cmd" ]

3
core/tabs/security/firewall-baselines.sh → core/tabs/security/ufw-baselines.sh
View File

@ -12,6 +12,9 @@ installPkg() {
apk) apk)
"$ESCALATION_TOOL" "$PACKAGER" add ufw "$ESCALATION_TOOL" "$PACKAGER" add ufw
;; ;;
xbps-install)
"$ESCALATION_TOOL" "$PACKAGER" -Sy ufw
;;
*) *)
"$ESCALATION_TOOL" "$PACKAGER" install -y ufw "$ESCALATION_TOOL" "$PACKAGER" install -y ufw
;; ;;