tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-30 17:15:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify some description for 7.7.6

Browse Source
This commit is contained in:
Samson-W 2019-04-16 14:39:31 +08:00
parent f23c662b7c
commit 9a238af3e8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/hardening/7.7.6_ensure_firewall_rules_exist_for_all_open_ports.sh
View File

@ -32,7 +32,7 @@ audit () {
PROTO_TYPE=$(echo ${LISTENING} | awk '{print $1}') PROTO_TYPE=$(echo ${LISTENING} | awk '{print $1}')
LISTEN_PORT=$(echo ${LISTENING} | awk '{print $4}' | awk -F: '{print $2}') LISTEN_PORT=$(echo ${LISTENING} | awk '{print $4}' | awk -F: '{print $2}')
if [ $($IPS4 -S | grep "^\-A INPUT \-p $PROTO_TYPE" | grep -c "\-\-dport $LISTEN_PORT \-m state \-\-state NEW \-j ACCEPT") -ge 1 ]; then if [ $($IPS4 -S | grep "^\-A INPUT \-p $PROTO_TYPE" | grep -c "\-\-dport $LISTEN_PORT \-m state \-\-state NEW \-j ACCEPT") -ge 1 ]; then
ok "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT is not set firewall rules." ok "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT was set firewall rules."
else else
echo "${PROTO_TYPE} ${LISTEN_PORT}" >> $PROTO_PORT echo "${PROTO_TYPE} ${LISTEN_PORT}" >> $PROTO_PORT
crit "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT is not set firewall rules." crit "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT is not set firewall rules."
@ -48,7 +48,7 @@ audit () {
fi fi
LISTEN_PORT=$(echo ${LISTENING} | awk '{print $4}' | awk -F: '{print $4}') LISTEN_PORT=$(echo ${LISTENING} | awk '{print $4}' | awk -F: '{print $4}')
if [ $($IPS6 -S | grep "^\-A INPUT \-p $PROTO_TYPE" | grep -c "\-\-dport $LISTEN_PORT \-m state \-\-state NEW \-j ACCEPT") -ge 1 ]; then if [ $($IPS6 -S | grep "^\-A INPUT \-p $PROTO_TYPE" | grep -c "\-\-dport $LISTEN_PORT \-m state \-\-state NEW \-j ACCEPT") -ge 1 ]; then
ok "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT is not set ipv6 firewall rules." ok "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT was set ipv6 firewall rules."
else else
echo "${PROTO_TYPE} ${LISTEN_PORT}" >> $PROTO_PORT echo "${PROTO_TYPE} ${LISTEN_PORT}" >> $PROTO_PORT
crit "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT is not set ipv6 firewall rules." crit "Service: protocol $PROTO_TYPE listening port $LISTEN_PORT is not set ipv6 firewall rules."