version 1.51, 2019/02/19 19:14:54
|
version 1.53, 2019/05/26 22:19:35
|
Line 833 sub chkconfig {
|
Line 833 sub chkconfig {
|
|
|
sub uses_firewalld { |
sub uses_firewalld { |
my ($distro) = @_; |
my ($distro) = @_; |
my ($inuse, $checkfirewalld); |
my ($inuse,$checkfirewalld,$zone); |
if ($distro =~ /^(suse|sles)([\d\.]+)$/) { |
if ($distro =~ /^(suse|sles)([\d\.]+)$/) { |
if (($1 eq 'sles') && ($2 >= 15)) { |
if (($1 eq 'sles') && ($2 >= 15)) { |
$checkfirewalld = 1; |
$checkfirewalld = 1; |
Line 863 sub uses_firewalld {
|
Line 863 sub uses_firewalld {
|
} |
} |
if (($loaded eq 'loaded') || ($active eq 'active')) { |
if (($loaded eq 'loaded') || ($active eq 'active')) { |
$inuse = 1; |
$inuse = 1; |
|
my $cmd = 'firewall-cmd --get-default-zone'; |
|
if (open(PIPE,"$cmd |")) { |
|
my $result = <PIPE>; |
|
chomp($result); |
|
close(PIPE); |
|
if ($result =~ /^\w+$/) { |
|
$zone = $result; |
|
} |
|
} |
} |
} |
} |
} |
return $inuse; |
return ($inuse,$zone); |
} |
} |
|
|
sub chkfirewall { |
sub chkfirewall { |
Line 876 sub chkfirewall {
|
Line 885 sub chkfirewall {
|
https => 443, |
https => 443, |
); |
); |
my %activefw; |
my %activefw; |
if (&firewall_is_active()) { |
my ($firewalld,$zone) = &uses_firewalld($distro); |
if (&uses_firewalld($distro)) { |
if ($firewalld) { |
my %current; |
my %current; |
if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { |
if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) { |
my $svc = <PIPE>; |
my $svc = <PIPE>; |
close(PIPE); |
close(PIPE); |
chomp($svc); |
chomp($svc); |
map { $current{$_} = 1; } (split(/\s+/,$svc)); |
map { $current{$_} = 1; } (split(/\s+/,$svc)); |
} |
} |
if ($current{'http'} && $current{'https'}) { |
if ($current{'http'} && $current{'https'}) { |
$configfirewall = 0; |
$configfirewall = 0; |
} |
} |
} else { |
} else { |
|
if (&firewall_is_active()) { |
my $iptables = &get_pathto_iptables(); |
my $iptables = &get_pathto_iptables(); |
if ($iptables eq '') { |
if ($iptables eq '') { |
print &mt('Firewall not checked as path to iptables not determined.')."\n"; |
print &mt('Firewall not checked as path to iptables not determined.')."\n"; |
Line 910 sub chkfirewall {
|
Line 920 sub chkfirewall {
|
print &mt('Firewall not checked as iptables Chains not identified.')."\n"; |
print &mt('Firewall not checked as iptables Chains not identified.')."\n"; |
} |
} |
} |
} |
|
} else { |
|
print &mt('Firewall not enabled.')."\n"; |
} |
} |
} else { |
|
print &mt('Firewall not enabled.')."\n"; |
|
} |
} |
return ($configfirewall,\%activefw); |
return ($configfirewall,\%activefw); |
} |
} |
Line 2023 if ($callsub{'runlevels'}) {
|
Line 2033 if ($callsub{'runlevels'}) {
|
} |
} |
|
|
if ($callsub{'firewall'}) { |
if ($callsub{'firewall'}) { |
if (&uses_firewalld($distro)) { |
my ($firewalld,$zone) = &uses_firewalld($distro); |
|
if ($firewalld) { |
my (%current,%added); |
my (%current,%added); |
if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { |
if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) { |
my $svc = <PIPE>; |
my $svc = <PIPE>; |
close(PIPE); |
close(PIPE); |
chomp($svc); |
chomp($svc); |
Line 2033 if ($callsub{'firewall'}) {
|
Line 2044 if ($callsub{'firewall'}) {
|
} |
} |
foreach my $service ('http','https') { |
foreach my $service ('http','https') { |
unless ($current{$service}) { |
unless ($current{$service}) { |
if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) { |
if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) { |
my $result = <PIPE>; |
my $result = <PIPE>; |
if ($result =~ /^success/) { |
if ($result =~ /^success/) { |
$added{$service} = 1; |
$added{$service} = 1; |
Line 2051 if ($callsub{'firewall'}) {
|
Line 2062 if ($callsub{'firewall'}) {
|
} |
} |
unless ($current{'ssh'}) { |
unless ($current{'ssh'}) { |
print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', |
print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', |
'firewall-cmd --permanent --zone=public --add-service=ssh')."\n"; |
"firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n"; |
} |
} |
} elsif ($distro =~ /^(suse|sles)/) { |
} elsif ($distro =~ /^(suse|sles)/) { |
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
Line 2078 if ($callsub{'firewall'}) {
|
Line 2089 if ($callsub{'firewall'}) {
|
'system-config-firewall-tui -- Customize', |
'system-config-firewall-tui -- Customize', |
'ssh, http')."\n"; |
'ssh, http')."\n"; |
} else { |
} else { |
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
my $version; |
'setup -- Firewall configuration -> Customize', |
if ($distro =~ /^(redhat|centos)(\d+)$/) { |
'ssh, http, https')."\n"; |
$version = $1; |
|
} |
|
if ($version > 5) { |
|
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
|
'system-config-firewall-tui -- Customize', |
|
'ssh, http')."\n"; |
|
} else { |
|
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
|
'setup -- Firewall configuration -> Customize', |
|
'ssh, http, https')."\n"; |
|
} |
} |
} |
} else { |
} else { |
&print_and_log(&mt('Skipping Firewall configuration.')."\n"); |
&print_and_log(&mt('Skipping Firewall configuration.')."\n"); |
Line 2386 sub setup_mysql_permissions {
|
Line 2407 sub setup_mysql_permissions {
|
if ($usesauth) { |
if ($usesauth) { |
@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); |
@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); |
if ($is_mariadb) { |
if ($is_mariadb) { |
push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); |
push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); |
} else { |
} else { |
push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); |
push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); |
} |
} |
} elsif ($hasauthcol) { |
} elsif ($hasauthcol) { |
@mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); |
@mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); |