Tips-Of-Mine/Hardening-Linux-Debian-Ubuntu
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Hardening-Linux-Debian-Ubuntu/test/modules/firewall.sh

83 lines
2.0 KiB
Bash
Raw Blame History

#!/bin/bash
# =============================================================================
# Firewall configuration module
# =============================================================================
# Set script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Source common functions and variables
source "./common.sh"
# Function to configure UFW
configure_ufw() {
log_message "INFO" "Configuring UFW firewall"
# Check if UFW is installed
if ! command_exists ufw; then
log_message "INFO" "Installing UFW"
apt-get install -y ufw
if [ $? -ne 0 ]; then
log_message "ERROR" "Failed to install UFW"
return 1
fi
fi
# Reset UFW to default settings
log_message "INFO" "Resetting UFW to default settings"
ufw --force reset
# Set default policies
log_message "INFO" "IPv4 : Setting default UFW policies"
ufw default deny incoming
ufw default allow outgoing
# Allow SSH on custom port
log_message "INFO" "IPv4 : Allowing SSH on port 22"
ufw allow 22/tcp
# Allow HTTP/HTTPS for web services if needed
log_message "INFO" "IPv4 : Allowing HTTP/HTTPS ports"
ufw allow 80/tcp
ufw allow 443/tcp
# Allow SNMP for monitoring
log_message "INFO" "IPv4 : Allowing SNMP port for monitoring"
ufw allow 161/udp
# Allow NRPE for monitoring
log_message "INFO" "IPv4 : Allowing NRPE port for monitoring"
ufw allow 5666/tcp
# Allow IPv6 if needed
log_message "INFO" "IPv6 : Setting default UFW policies"
ufw allow in on lo
ufw allow out on lo
ufw deny in from ::/0
ufw allow out to ::/0
# Enable log
log_message "INFO" "Enabling logging for UFW"
ufw logging on
# Enable UFW
log_message "INFO" "Enabling UFW"
echo "y" | ufw -force enable
if [ $? -eq 0 ]; then
log_message "SUCCESS" "UFW enabled successfully"
else
log_message "ERROR" "Failed to enable UFW"
return 1
fi
# Show UFW status
log_message "INFO" "UFW status:"
ufw status verbose
}
# Main execution for firewall
configure_ufw
log_message "SUCCESS" "Firewall configuration completed"
Reference in New Issue View Git Blame Copy Permalink