Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Ian Eiloart
Sympl
Commits
ce87926f
Commit
ce87926f
authored
Sep 08, 2019
by
Paul Cammish
Browse files
Remove incrond usage to improve compatability
parent
ee4f21f8
Changes
6
Hide whitespace changes
Inline
Side-by-side
firewall/debian/control
View file @
ce87926f
...
...
@@ -9,7 +9,7 @@ XS-Ruby-Versions: all
Package: sympl-firewall
Architecture: any
Depends: iptables, ruby, sympl-core (>= 9.0.190611.0), libruby, ruby-sqlite3,
incron,
${shlibs:Depends}, ${misc:Depends}
Depends: iptables, ruby, sympl-core (>= 9.0.190611.0), libruby, ruby-sqlite3, ${shlibs:Depends}, ${misc:Depends}
Replaces: symbiosis-firewall
Provides: symbiosis-firewall
Conflicts: symbiosis-firewall
...
...
@@ -17,7 +17,3 @@ Description: Sympl firewall generator
This package contains a firewall generator which makes it simple to restrict
the incoming and outgoing connections a machine is permitted to accept or
initiate.
.
The firewall also allows the user to restrict the abilities of the
www-data user which will ensure that any PHP, or website, compromises
do not propagate.
firewall/debian/postinst
View file @
ce87926f
...
...
@@ -22,20 +22,12 @@ update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
#DEBHELPER#
#
# Add symlinks for the monit script
#
monit_dir
=
"/etc/sympl/monit.d"
mkdir
-p
"
$monit_dir
"
for
i
in
incrond
;
do
monit_script
=
"/usr/share/sympl/monit/checks/
$i
"
link_target
=
"
$monit_dir
/
$i
"
if
[
-x
"
$monit_script
"
]
&&
[
!
-e
"
$link_target
"
]
;
then
echo
"I: Adding symlink for Sympl Monit script for
$i
"
ln
-s
"
$monit_script
"
"
$link_target
"
||
true
fi
done
if
[
-f
/etc/incron.d/sympl-firewall]
;
then
rm
/etc/incron.d/sympl-firewall
fi
if
[
-f
/etc/sympl/monit.d/incrond]
;
then
rm
/etc/sympl/monit.d/incrond
fi
exit
0
firewall/incron.d/sympl-firewall
deleted
100644 → 0
View file @
ee4f21f8
/etc/sympl/firewall/incoming.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 load
/etc/sympl/firewall/outgoing.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 load
/etc/sympl/firewall/whitelist.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 reload-whitelist
/etc/sympl/firewall/blacklist.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 reload-blacklist
/etc/sympl/firewall/local.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR,IN_ATTRIB /usr/sbin/sympl-firewall -s 5 load
firewall/monit.d/incrond
deleted
100755 → 0
View file @
ee4f21f8
#!/usr/bin/ruby
#
require
'symbiosis/monitor/check'
# ensure that Incrond is running
class
IncrondCheck
<
Symbiosis
::
Monitor
::
Check
def
initialize
super
pid_file:
'/var/run/incrond.pid'
,
init_script:
'/etc/init.d/incron'
,
unit_name:
'incron'
,
process_name:
'incrond'
end
end
exit
IncrondCheck
.
new
.
do_check
if
$PROGRAM_NAME
==
__FILE__
firewall/sbin/sympl-firewall-blacklist
View file @
ce87926f
...
...
@@ -320,5 +320,15 @@ end
puts
"Expiring done - removed
#{
expired
}
file(s)"
if
(
$VERBOSELOCAL
)
#
# Updating the firewall is now done by the inotify cronjob
#
# Re-generate the blacklist chain
#
if
(
updated
||
expired
>
0
||
force
)
cmd
=
%w(/usr/sbin/sympl-firewall)
cmd
<<
"--verbose"
if
$VERBOSELOCAL
cmd
<<
"--no-execute"
unless
execute
cmd
<<
"--no-delete"
unless
delete
cmd
+=
[
"--prefix"
,
base_dir
]
cmd
<<
"reload-blacklist"
puts
"Running
#{
cmd
.
join
(
" "
)
}
"
if
$VERBOSELOCAL
exec
(
*
cmd
)
end
firewall/sbin/sympl-firewall-whitelist
View file @
ce87926f
...
...
@@ -335,6 +335,15 @@ end
puts
"Expiring done - removed
#{
expired
}
file(s)"
if
(
$VERBOSELOCAL
)
#
# Updating the firewall is now done by the inotify cronjob.
#
# Re-generate the whitelist chain
#
if
(
updated
||
expired
>
0
||
force
)
cmd
=
%w(/usr/sbin/sympl-firewall)
cmd
<<
"--verbose"
if
$VERBOSELOCAL
cmd
<<
"--no-execute"
unless
execute
cmd
<<
"--no-delete"
unless
delete
cmd
+=
[
"--prefix"
,
base_dir
]
cmd
<<
"reload-whitelist"
puts
"Executing
#{
cmd
.
join
(
" "
)
}
"
if
$VERBOSELOCAL
exec
(
*
cmd
)
end
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment