From d970dda55415f8b31efd2a6ed445205df48f293f Mon Sep 17 00:00:00 2001
From: konsthol <konsthol@konsthol.eu>
Date: Thu, 7 Sep 2023 05:35:52 +0300
Subject: [PATCH] tl;dr

---
 harden | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/harden b/harden
index 402b907..d27c9e6 100755
--- a/harden
+++ b/harden
@@ -512,7 +512,7 @@ function dynamicDockerPortsCronjob {
     cat << 'TOHERE' | sudo tee /root/bin/dynamic_docker_ports_cronjob.sh > /dev/null 2>&1
 #!/usr/bin/env bash
 # Get the current ports used by docker
-CURRENT_DOCKER_PORTS="$(DOCKER_HOST=unix:///run/user/"$(id -u secdep)"/docker.sock /home/secdep/bin/docker ps --format '{{.Ports}}' | rev | cut -d'/' -f2 | sed 's@^[^0-9]*\([0-9]\+\).*@\1@' | rev | sort -u | tr '\n' ' ')"
+CURRENT_DOCKER_PORTS="$(DOCKER_HOST=unix:///run/user/"$(id -u secdep)"/docker.sock /home/secdep/bin/docker ps --format '{{.Ports}}' | tr ' ' '\n' | rev | cut -d'/' -f2 | sed 's@^[^0-9]*\([0-9]\+\).*@\1@' | rev | sort -u | tr '\n' ' ')"
 # Get the current ports allowed by the firewall
 CURRENT_FIREWALL_PORTS_FIREWALLD_CMD="$(sudo firewall-cmd --list-ports | tr '\n' ' ')"
 CURRENT_FIREWALL_PORTS_UFW_CMD="$(sudo ufw status numbered | grep -i allow | awk '{print $3}' | sed '/^[[:space:]]*$/d' | \grep -Eow '[[:digit:]]+' | sort -u | tr '\n' ' ')"
@@ -601,11 +601,6 @@ if [[ -n "$OLD_PORTS" ]]; then
     done
 fi
 sudo ufw allow 22100/tcp
-# Reallow the ports that portainer and watchtower use
-# just in case they were removed by the script above
-sudo ufw allow 9443/tcp
-sudo ufw allow 8000/tcp
-sudo ufw allow 8080/tcp
 if [[ "$currentFirewall" == "firewalld" ]]; then
     sudo firewall-cmd --reload
 else