public function configure_firewall() { global $conf; $dist_init_scripts = $conf['init_scripts']; if (is_dir("/etc/Bastille.backup")) { caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__); } if (is_dir("/etc/Bastille")) { caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__); } @mkdir("/etc/Bastille", octdec($directory_mode)); if (is_dir("/etc/Bastille.backup/firewall.d")) { caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__); } caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__); caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__); $content = rf("/etc/Bastille/bastille-firewall.cfg"); $content = str_replace("{DNS_SERVERS}", "", $content); $tcp_public_services = ''; $udp_public_services = ''; $row = $this->db->queryOneRecord('SELECT * FROM ' . $conf["mysql"]["database"] . '.firewall WHERE server_id = ' . intval($conf['server_id'])); if (trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != '') { $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"])); $udp_public_services = trim(str_replace(',', ' ', $row["udp_port"])); } else { $tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000'; $udp_public_services = '53'; } if (!stristr($tcp_public_services, $conf['apache']['vhost_port'])) { $tcp_public_services .= ' ' . intval($conf['apache']['vhost_port']); if ($row["tcp_port"] != '') { $this->db->query("UPDATE firewall SET tcp_port = tcp_port + '," . intval($conf['apache']['vhost_port']) . "' WHERE server_id = " . intval($conf['server_id'])); } } $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content); $content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content); wf("/etc/Bastille/bastille-firewall.cfg", $content); if (is_file($dist_init_scripts . "/bastille-firewall")) { caselog("mv -f {$dist_init_scripts}/bastille-firewall {$dist_init_scripts}/bastille-firewall.backup", __FILE__, __LINE__); } caselog("cp -f apps/bastille-firewall {$dist_init_scripts}", __FILE__, __LINE__); caselog("chmod 700 {$dist_init_scripts}/bastille-firewall", __FILE__, __LINE__); if (is_file("/sbin/bastille-ipchains")) { caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__); } caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__); caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__); if (is_file("/sbin/bastille-netfilter")) { caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__); } caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__); caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__); if (!@is_dir('/var/lock/subsys')) { caselog("mkdir /var/lock/subsys", __FILE__, __LINE__); } exec("which ipchains &> /dev/null", $ipchains_location, $ret_val); if (!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) { phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__); } unset($ipchains_location); exec("which iptables &> /dev/null", $iptables_location, $ret_val); if (!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) { phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__); } unset($iptables_location); }
public function configure_firewall() { global $conf; $dist_init_scripts = $conf['init_scripts']; if (is_dir('/etc/Bastille.backup')) { caselog('rm -rf /etc/Bastille.backup', __FILE__, __LINE__); } if (is_dir('/etc/Bastille')) { caselog('mv -f /etc/Bastille /etc/Bastille.backup', __FILE__, __LINE__); } @mkdir('/etc/Bastille', 0700); if (is_dir('/etc/Bastille.backup/firewall.d')) { caselog('cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/', __FILE__, __LINE__); } caselog('cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__); caselog('chmod 644 /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__); $content = rf('/etc/Bastille/bastille-firewall.cfg'); $content = str_replace('{DNS_SERVERS}', '', $content); $tcp_public_services = ''; $udp_public_services = ''; $row = $this->db->queryOneRecord('SELECT * FROM ' . $conf["mysql"]["database"] . '.firewall WHERE server_id = ' . intval($conf['server_id'])); if (trim($row['tcp_port']) != '' || trim($row['udp_port']) != '') { $tcp_public_services = trim(str_replace(',', ' ', $row['tcp_port'])); $udp_public_services = trim(str_replace(',', ' ', $row['udp_port'])); } else { $tcp_public_services = '21 22 25 53 80 110 143 443 3306 8080 10000'; $udp_public_services = '53'; } if (!stristr($tcp_public_services, $conf['apache']['vhost_port'])) { $tcp_public_services .= ' ' . intval($conf['apache']['vhost_port']); if ($row['tcp_port'] != '') { $this->db->query("UPDATE firewall SET tcp_port = tcp_port + '," . intval($conf['apache']['vhost_port']) . "' WHERE server_id = " . intval($conf['server_id'])); } } $content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content); $content = str_replace('{UDP_PUBLIC_SERVICES}', $udp_public_services, $content); wf('/etc/Bastille/bastille-firewall.cfg', $content); if (is_file($dist_init_scripts . '/bastille-firewall')) { caselog('mv -f ' . $dist_init_scripts . '/bastille-firewall ' . $dist_init_scripts . '/bastille-firewall.backup', __FILE__, __LINE__); } caselog('cp -f apps/bastille-firewall ' . $dist_init_scripts, __FILE__, __LINE__); caselog('chmod 700 ' . $dist_init_scripts . '/bastille-firewall', __FILE__, __LINE__); if (is_file('/sbin/bastille-ipchains')) { caselog('mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup', __FILE__, __LINE__); } caselog('cp -f apps/bastille-ipchains /sbin', __FILE__, __LINE__); caselog('chmod 700 /sbin/bastille-ipchains', __FILE__, __LINE__); if (is_file('/sbin/bastille-netfilter')) { caselog('mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup', __FILE__, __LINE__); } caselog('cp -f apps/bastille-netfilter /sbin', __FILE__, __LINE__); caselog('chmod 700 /sbin/bastille-netfilter', __FILE__, __LINE__); if (!@is_dir('/var/lock/subsys')) { caselog('mkdir /var/lock/subsys', __FILE__, __LINE__); } exec('which ipchains &> /dev/null', $ipchains_location, $ret_val); if (!is_file('/sbin/ipchains') && !is_link('/sbin/ipchains') && $ret_val == 0) { phpcaselog(@symlink(shell_exec('which ipchains'), '/sbin/ipchains'), 'create symlink', __FILE__, __LINE__); } unset($ipchains_location); exec('which iptables &> /dev/null', $iptables_location, $ret_val); if (!is_file('/sbin/iptables') && !is_link('/sbin/iptables') && $ret_val == 0) { phpcaselog(@symlink(trim(shell_exec('which iptables')), '/sbin/iptables'), 'create symlink', __FILE__, __LINE__); } unset($iptables_location); }