konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Automate Accounting

Browse Source
This commit is contained in:
konsthol
2023-09-07 06:34:04 +03:00
parent d970dda554
commit a58ce909b0
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
harden
View File

@@ -514,14 +514,14 @@ function dynamicDockerPortsCronjob {
# Get the current ports used by docker
CURRENT_DOCKER_PORTS="$(DOCKER_HOST=unix:///run/user/"$(id -u secdep)"/docker.sock /home/secdep/bin/docker ps --format '{{.Ports}}' | tr ' ' '\n' | rev | cut -d'/' -f2 | sed 's@^[^0-9]*\([0-9]\+\).*@\1@' | rev | sort -u | tr '\n' ' ')"
# Get the current ports allowed by the firewall
CURRENT_FIREWALL_PORTS_FIREWALLD_CMD="$(sudo firewall-cmd --list-ports | tr '\n' ' ')"
CURRENT_FIREWALL_PORTS_UFW_CMD="$(sudo ufw status numbered | grep -i allow | awk '{print $3}' | sed '/^[[:space:]]*$/d' | \grep -Eow '[[:digit:]]+' | sort -u | tr '\n' ' ')"
CURRENT_FIREWALL_PORTS_FIREWALLD="$(sudo firewall-cmd --list-ports | tr '\n' ' ')"
CURRENT_FIREWALL_PORTS_UFW="$(sudo ufw status numbered | grep -i allow | awk '{print $3}' | sed '/^[[:space:]]*$/d' | \grep -Eow '[[:digit:]]+' | sort -u | tr '\n' ' ')"
# Determine if ufw or firewalld is currently used
whereis ufw | grep -q /ufw && currentFirewall="ufw" || currentFirewall="firewalld"
# Find which ports are not allowed by the firewall but are used by docker
case "$currentFirewall" in
ufw)
l2=" ${CURRENT_FIREWALL_PORTS_UFW_CMD[*]} " # add framing blanks
l2=" ${CURRENT_FIREWALL_PORTS_UFW[*]} " # add framing blanks
for item in ${CURRENT_DOCKER_PORTS[@]}; do
if ! [[ $l2 =~ $item ]] ; then # use $item as regexp
NEW_PORTS+=("$item")
@@ -529,7 +529,7 @@ case "$currentFirewall" in
done
;;
firewalld)
l2=" ${CURRENT_FIREWALL_PORTS_FIREWALLD_CMD[*]} " # add framing blanks
l2=" ${CURRENT_FIREWALL_PORTS_FIREWALLD[*]} " # add framing blanks
for item in ${CURRENT_DOCKER_PORTS[@]}; do
if ! [[ $l2 =~ $item ]] ; then # use $item as regexp
NEW_PORTS+=("$item")
@@ -563,7 +563,7 @@ fi
case "$currentFirewall" in
ufw)
l2=" ${CURRENT_DOCKER_PORTS[*]} " # add framing blanks
for item in ${CURRENT_FIREWALL_PORTS_UFW_CMD[@]}; do
for item in ${CURRENT_FIREWALL_PORTS_UFW[@]}; do
if ! [[ $l2 =~ $item ]] ; then # use $item as regexp
OLD_PORTS+=("$item")
fi
@@ -571,7 +571,7 @@ case "$currentFirewall" in
;;
firewalld)
l2=" ${CURRENT_DOCKER_PORTS[*]} " # add framing blanks
for item in ${CURRENT_FIREWALL_PORTS_FIREWALLD_CMD[@]}; do
for item in ${CURRENT_FIREWALL_PORTS_FIREWALLD[@]}; do
if ! [[ $l2 =~ $item ]] ; then # use $item as regexp
OLD_PORTS+=("$item")
fi