From d94f793d3e740d753dafaf03aca80d029b0472a2 Mon Sep 17 00:00:00 2001
From: konsthol <konsthol@konsthol.eu>
Date: Wed, 6 Sep 2023 21:52:36 +0300
Subject: [PATCH] This is supposed to crash

---
 harden | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/harden b/harden
index 063b15a..583c3f0 100755
--- a/harden
+++ b/harden
@@ -365,7 +365,7 @@ EOF
     sudo -E runuser - secdep -c "$CMD_PORTS" > /dev/null 2>&1 && PORTS="$(sudo -E runuser - secdep -c "$CMD_PORTS")" || PORTS=""
     # Loop through the ports in the PORTS variable
     if [[ -n "$PORTS" ]]; then
-        for port in $PORTS; do
+        for port in "${PORTS[@]}"; do
             # Allow the port in the firewall
             case "$currentFirewall" in
                 ufw)
@@ -505,10 +505,20 @@ whereis ufw | grep -q /ufw && currentFirewall="ufw" || currentFirewall="firewall
 # Find which ports are not allowed by the firewall but are used by docker
 case "$currentFirewall" in
     ufw)
-        NEW_PORTS="$(comm -23 <(printf "%s" "$CURRENT_DOCKER_PORTS") <(printf "%s" "$CURRENT_FIREWALL_PORTS_UFW_CMD"))"
+        l2=" ${CURRENT_FIREWALL_PORTS_UFW_CMD[*]} " # add framing blanks
+        for item in ${CURRENT_DOCKER_PORTS[@]}; do
+            if ! [[ $l2 =~  $item  ]] ; then    # use $item as regexp
+                NEW_PORTS+=("$item")
+            fi
+        done
     ;;
     firewalld)
-        NEW_PORTS="$(comm -23 <(printf "%s" "$CURRENT_DOCKER_PORTS") <(printf "%s" "$CURRENT_FIREWALL_PORTS_FIREWALLD_CMD"))"
+        l2=" ${CURRENT_FIREWALL_PORTS_FIREWALLD_CMD[*]} " # add framing blanks
+        for item in ${CURRENT_DOCKER_PORTS[@]}; do
+            if ! [[ $l2 =~  $item  ]] ; then    # use $item as regexp
+                NEW_PORTS+=("$item")
+            fi
+        done
     ;;
     *)
         printf "%s" "Unsupported firewall"
@@ -517,7 +527,7 @@ case "$currentFirewall" in
 esac
 # Loop through the ports in the NEW_PORTS variable if it is not empty
 if [[ -n "$NEW_PORTS" ]]; then
-    for port in $NEW_PORTS; do
+    for port in "${NEW_PORTS[@]}"; do
         # Allow the port in the firewall
         case "$currentFirewall" in
             ufw)
@@ -536,10 +546,20 @@ fi
 # Find which ports are not used by docker but are allowed by the firewall
 case "$currentFirewall" in
     ufw)
-        OLD_PORTS="$(comm -23 <(printf "%s" "$CURRENT_FIREWALL_PORTS_UFW_CMD") <(printf "%s" "$CURRENT_DOCKER_PORTS"))"
+        l2=" ${CURRENT_DOCKER_PORTS[*]} " # add framing blanks
+        for item in ${CURRENT_FIREWALL_PORTS_UFW_CMD[@]}; do
+            if ! [[ $l2 =~  $item  ]] ; then    # use $item as regexp
+                OLD_PORTS+=("$item")
+            fi
+        done
     ;;
     firewalld)
-        OLD_PORTS="$(comm -23 <(printf "%s" "$CURRENT_FIREWALL_PORTS_FIREWALLD_CMD") <(printf "%s" "$CURRENT_DOCKER_PORTS"))"
+        l2=" ${CURRENT_DOCKER_PORTS[*]} " # add framing blanks
+        for item in ${CURRENT_FIREWALL_PORTS_FIREWALLD_CMD[@]}; do
+            if ! [[ $l2 =~  $item  ]] ; then    # use $item as regexp
+                OLD_PORTS+=("$item")
+            fi
+        done
     ;;
     *)
         printf "%s" "Unsupported firewall"
@@ -548,7 +568,7 @@ case "$currentFirewall" in
 esac
 # Loop through the ports in the OLD_PORTS variable if it is not empty
 if [[ -n "$OLD_PORTS" ]]; then
-    for port in $OLD_PORTS; do
+    for port in "${OLD_PORTS[@]}"; do
         # Deny the port in the firewall
         case "$currentFirewall" in
             ufw)
@@ -564,6 +584,7 @@ if [[ -n "$OLD_PORTS" ]]; then
         esac
     done
 fi
+sudo ufw allow 22100/tcp
 if [[ "$currentFirewall" == "firewalld" ]]; then
     sudo firewall-cmd --reload
 else