|
version 1.50, 2019/02/19 19:03:42
|
version 1.53, 2019/05/26 22:19:35
|
|
Line 833 sub chkconfig {
|
Line 833 sub chkconfig {
|
| |
|
| sub uses_firewalld { |
sub uses_firewalld { |
| my ($distro) = @_; |
my ($distro) = @_; |
| my ($inuse, $checkfirewalld); |
my ($inuse,$checkfirewalld,$zone); |
| if ($distro =~ /^(suse|sles)([\d\.]+)$/) { |
if ($distro =~ /^(suse|sles)([\d\.]+)$/) { |
| if (($1 eq 'sles') && ($2 >= 15)) { |
if (($1 eq 'sles') && ($2 >= 15)) { |
| $checkfirewalld = 1; |
$checkfirewalld = 1; |
|
Line 863 sub uses_firewalld {
|
Line 863 sub uses_firewalld {
|
| } |
} |
| if (($loaded eq 'loaded') || ($active eq 'active')) { |
if (($loaded eq 'loaded') || ($active eq 'active')) { |
| $inuse = 1; |
$inuse = 1; |
| |
my $cmd = 'firewall-cmd --get-default-zone'; |
| |
if (open(PIPE,"$cmd |")) { |
| |
my $result = <PIPE>; |
| |
chomp($result); |
| |
close(PIPE); |
| |
if ($result =~ /^\w+$/) { |
| |
$zone = $result; |
| |
} |
| |
} |
| } |
} |
| } |
} |
| return $inuse; |
return ($inuse,$zone); |
| } |
} |
| |
|
| sub chkfirewall { |
sub chkfirewall { |
|
Line 876 sub chkfirewall {
|
Line 885 sub chkfirewall {
|
| https => 443, |
https => 443, |
| ); |
); |
| my %activefw; |
my %activefw; |
| if (&firewall_is_active()) { |
my ($firewalld,$zone) = &uses_firewalld($distro); |
| if (&uses_firewalld($distro)) { |
if ($firewalld) { |
| my %current; |
my %current; |
| if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { |
if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) { |
| my $svc = <PIPE>; |
my $svc = <PIPE>; |
| close(PIPE); |
close(PIPE); |
| chomp($svc); |
chomp($svc); |
| map { $current{$_} = 1; } (split(/\s+/,$svc)); |
map { $current{$_} = 1; } (split(/\s+/,$svc)); |
| } |
} |
| if ($current{'http'} && $current{'https'}) { |
if ($current{'http'} && $current{'https'}) { |
| $configfirewall = 0; |
$configfirewall = 0; |
| } |
} |
| } else { |
} else { |
| |
if (&firewall_is_active()) { |
| my $iptables = &get_pathto_iptables(); |
my $iptables = &get_pathto_iptables(); |
| if ($iptables eq '') { |
if ($iptables eq '') { |
| print &mt('Firewall not checked as path to iptables not determined.')."\n"; |
print &mt('Firewall not checked as path to iptables not determined.')."\n"; |
|
Line 910 sub chkfirewall {
|
Line 920 sub chkfirewall {
|
| print &mt('Firewall not checked as iptables Chains not identified.')."\n"; |
print &mt('Firewall not checked as iptables Chains not identified.')."\n"; |
| } |
} |
| } |
} |
| |
} else { |
| |
print &mt('Firewall not enabled.')."\n"; |
| } |
} |
| } else { |
|
| print &mt('Firewall not enabled.')."\n"; |
|
| } |
} |
| return ($configfirewall,\%activefw); |
return ($configfirewall,\%activefw); |
| } |
} |
|
Line 2023 if ($callsub{'runlevels'}) {
|
Line 2033 if ($callsub{'runlevels'}) {
|
| } |
} |
| |
|
| if ($callsub{'firewall'}) { |
if ($callsub{'firewall'}) { |
| if (&uses_firewalld($distro)) { |
my ($firewalld,$zone) = &uses_firewalld($distro); |
| |
if ($firewalld) { |
| my (%current,%added); |
my (%current,%added); |
| if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { |
if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) { |
| my $svc = <PIPE>; |
my $svc = <PIPE>; |
| close(PIPE); |
close(PIPE); |
| chomp($svc); |
chomp($svc); |
|
Line 2033 if ($callsub{'firewall'}) {
|
Line 2044 if ($callsub{'firewall'}) {
|
| } |
} |
| foreach my $service ('http','https') { |
foreach my $service ('http','https') { |
| unless ($current{$service}) { |
unless ($current{$service}) { |
| if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) { |
if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) { |
| my $result = <PIPE>; |
my $result = <PIPE>; |
| if ($result =~ /^success/) { |
if ($result =~ /^success/) { |
| $added{$service} = 1; |
$added{$service} = 1; |
|
Line 2051 if ($callsub{'firewall'}) {
|
Line 2062 if ($callsub{'firewall'}) {
|
| } |
} |
| unless ($current{'ssh'}) { |
unless ($current{'ssh'}) { |
| print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', |
print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', |
| 'firewall-cmd --permanent --zone=public --add-service=ssh')."\n"; |
"firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n"; |
| } |
} |
| } elsif ($distro =~ /^(suse|sles)/) { |
} elsif ($distro =~ /^(suse|sles)/) { |
| print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
|
Line 2078 if ($callsub{'firewall'}) {
|
Line 2089 if ($callsub{'firewall'}) {
|
| 'system-config-firewall-tui -- Customize', |
'system-config-firewall-tui -- Customize', |
| 'ssh, http')."\n"; |
'ssh, http')."\n"; |
| } else { |
} else { |
| print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
my $version; |
| 'setup -- Firewall configuration -> Customize', |
if ($distro =~ /^(redhat|centos)(\d+)$/) { |
| 'ssh, http, https')."\n"; |
$version = $1; |
| |
} |
| |
if ($version > 5) { |
| |
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
| |
'system-config-firewall-tui -- Customize', |
| |
'ssh, http')."\n"; |
| |
} else { |
| |
print &mt('Use [_1] to configure the firewall to allow access for [_2].', |
| |
'setup -- Firewall configuration -> Customize', |
| |
'ssh, http, https')."\n"; |
| |
} |
| } |
} |
| } else { |
} else { |
| &print_and_log(&mt('Skipping Firewall configuration.')."\n"); |
&print_and_log(&mt('Skipping Firewall configuration.')."\n"); |
|
Line 2386 sub setup_mysql_permissions {
|
Line 2407 sub setup_mysql_permissions {
|
| if ($usesauth) { |
if ($usesauth) { |
| @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); |
@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); |
| if ($is_mariadb) { |
if ($is_mariadb) { |
| push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); |
push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); |
| } else { |
} else { |
| push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); |
push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); |
| } |
} |
| } elsif ($hasauthcol) { |
} elsif ($hasauthcol) { |
| @mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); |
@mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); |
|
Line 2477 sub new_mysql_rootpasswd {
|
Line 2498 sub new_mysql_rootpasswd {
|
| my ($currmysqlpass,$usesauth,$is_mariadb) = @_; |
my ($currmysqlpass,$usesauth,$is_mariadb) = @_; |
| if ($usesauth) { |
if ($usesauth) { |
| if ($is_mariadb) { |
if ($is_mariadb) { |
| return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", |
return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'", |
| "FLUSH PRIVILEGES;"); |
"FLUSH PRIVILEGES;"); |
| } else { |
} else { |
| return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'", |
return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", |
| "FLUSH PRIVILEGES;"); |
"FLUSH PRIVILEGES;"); |
| } |
} |
| } else { |
} else { |
![[BACK]](/icons/back.gif){kind=icon}
Return to install.pl CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / install / linux