diff options
author | damien <damien@mandriva.com> | 2001-03-21 01:17:46 +0000 |
---|---|---|
committer | damien <damien@mandriva.com> | 2001-03-21 01:17:46 +0000 |
commit | 8e75979d0b43aefcc21ff5313a8ff94ed91bd3dd (patch) | |
tree | ffe7695cdb716a0d31c5379f858bc69f7ed1fc98 | |
parent | a2b09c2a8f87e554d565f74f45d612e142b73708 (diff) | |
download | drakx-backup-do-not-use-8e75979d0b43aefcc21ff5313a8ff94ed91bd3dd.tar drakx-backup-do-not-use-8e75979d0b43aefcc21ff5313a8ff94ed91bd3dd.tar.gz drakx-backup-do-not-use-8e75979d0b43aefcc21ff5313a8ff94ed91bd3dd.tar.bz2 drakx-backup-do-not-use-8e75979d0b43aefcc21ff5313a8ff94ed91bd3dd.tar.xz drakx-backup-do-not-use-8e75979d0b43aefcc21ff5313a8ff94ed91bd3dd.zip |
new tinyfirewall conf tool
-rwxr-xr-x | perl-install/standalone/tinyfirewall | 32 | ||||
-rw-r--r-- | perl-install/tinyfirewall.pm | 133 |
2 files changed, 165 insertions, 0 deletions
diff --git a/perl-install/standalone/tinyfirewall b/perl-install/standalone/tinyfirewall new file mode 100755 index 000000000..f527f58df --- /dev/null +++ b/perl-install/standalone/tinyfirewall @@ -0,0 +1,32 @@ +#!/usr/bin/perl + +# DrakNet + +# Copyright (C) 1999 MandrakeSoft (damien@mandrakesoft.com) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +use lib qw(/usr/lib/libDrakX); +use interactive; +use standalone; +use tinyfirewall; + +$::isEmbedded = ($::XID, $::CCPID) = "@ARGV" =~ /--embedded (\w+) (\w+)/; +$::isWizard = "@ARGV" =~ /--wizard/; + +local $_ = join '', @ARGV; + +my $in = vnew interactive('su'); +tinyfirewall::main($in); diff --git a/perl-install/tinyfirewall.pm b/perl-install/tinyfirewall.pm new file mode 100644 index 000000000..f502ea1f1 --- /dev/null +++ b/perl-install/tinyfirewall.pm @@ -0,0 +1,133 @@ +package tinyfirewall; + +use diagnostics; +use strict; +use common qw(:common :functional :system :file); +use commands; +use run_program; +use my_gtk qw(:helpers :wrappers); + + +my @messages = (_("tinyfirewall configurator + +This configures a personal firewall for this Linux Mandrake machine. +For a powerful dedicated firewall solution, please look to the +specialized MandrakeSecurity Firewall distribution."), +_("We'll now ask you questions about which services you'd like to allow +the Internet to connect to. Please think carefully about these +questions, as your computer's security is important. + +Please, if you're not currently using one of these services, firewall +it off. You can change this configuration anytime you like by +re-running this application!"), +_("Are you running a web server on this machine that you need the whole +Internet to see? If you are running a webserver that only needs to be +accessed by this machine, you can safely answer NO here."), +_("Are you running a name server on this machine? If you didn't set one +up to give away IP and zone information to the whole Internet, please +answer no."), +_("Do you want to allow incoming Secure Shell (ssh) connections? This +is a telnet-replacement that you might use to login. If you're using +telnet now, you should definitely switch to ssh. telnet is not +encrypted -- so some attackers can steal your password if you use +it. ssh is encrypted and doesn't allow for this eavesdropping."), +_("Do you want to allow incoming telnet connections? +This is horribly unsafe, as we explained in the previous screen. We +strongly recommend answering No here and using ssh in place of +telnet."), +_("Are you running an FTP server here that you need accessible to the +Internet? If you are, we strongly recommend that you only use it for +Anonymous transfers. Any passwords sent by FTP can be stolen by some +attackers, since FTP also uses no encryption for transferring passwords."), +_("Are you running a mail server here? If you're sending you +messages through pine, mutt or any other text-based mail client, +you probably are. Otherwise, you should firewall this off."), +_("Are you running a POP or IMAP server here? This would +be used to host non-web-based mail accounts for people via +this machine."), +_("You appear to be running a 2.2 kernel. If your network IP +is automatically set by a computer in your home or office +(dynamically assigned), we need to allow for this. Is +this the case?"), +_("Is your computer getting time syncronized to another computer? +Mostly, this is used by medium-large Unix/Linux organizations +to synchronize time for logging and such. If you're not part +of a larger office and haven't heard of this, you probably +aren't."), +_("Configuration complete. May we write these changes to disk?") +); + +my %settings; +sub ReadConfig { + my ($config_file, $default_config_file)=@_; + $config_file ||= "/etc/Bastille/bastille-firewall.cfg"; + $default_config_file ||= "/usr/share/Bastille/bastille-firewall.cfg"; # set this later + -e $config_file or cp($default_config_file, $config_file); + add2hash(\%settings, { getVarsFromSh("$config_file") }) +} + +my $GetNetworkInfo = sub { print "in int! :=\n"}; + +sub DoInterface { + my ($in)=@_; + $::isWizard=1; + my @struct = ( + [$GetNetworkInfo], + [], + [undef , undef, undef, "http no", "http yes", ["tcp", "80"], ["tcp", "443"]], + [undef , undef, undef, "dns no", "dns yes", ["tcp", "53"], ["udp", "53"]], + [undef , undef, undef, "ssh no", "ssh yes", ["tcp", "22"]], + [undef , undef, undef, "telnet no", "telnet yes", ["tcp", "23"]], + [undef , undef, undef, "ftp no", "ftp yes", ["tcp", "20"],["tcp", "21"]], + [undef , undef, undef, "smtp no", "smtp yes", ["tcp", "25"]], + [undef , undef, undef, "popimap no", "popimap yes", ["tcp", "109"], ["tcp", "110"], ["tcp", "143"]], + [undef , _("No I don't need DHCP"), "Yes I need DHCP", "dhcp no", "dhcp yes", [$settings{DHCP_IFACES}]], + [undef , _("No I don't need NTP"), "Yes I need NTP", "ntp no", "ntp yes", ] + ); + my $totalsteps = @struct; + $totalsteps -= 2 if !Kernel22(); + # $curstep=0; + # my $step = "Step " . ($curstep eq $num_steps && !Kernel22() ? $curstep - 2 : $curstep) . " / $totalsteps\n\n"; + + foreach (0..@struct) { + my $l = $struct[$_]; + my $size=@$l; + $size or next; + print "### $size ###\n"; + $size == 1 and ($l->[0])->(); + my $no = $l->[1] ? $l->[1] : _("No (firewall this off from the internet)"); + my $yes = $l->[2] ? $l->[2] : _("Yes (allow this through the firewall)"); + print "Y : $yes\n"; + print "N : $no\n"; + if ($in->ask_from_list(_("Firewall Configuration Wizard"), + $messages[$_], + [ $yes, $no ], or_( map { if_($_, CheckService($_->[0], $_->[1])) } (@$l[5..7])) ? $yes : $no + )) { + print "EEEEEEEEEEEEEEEEE\n"; + } else { + print "NNNNNNNNNNN\n"; + } + } +} + + +sub CheckService { + my ($protocol, $port) = @_; + my @services; + + @services = split / /, $settings{uc($protocol) . "_PUBLIC_SERVICES"}; + map { $_ eq $port and return 1 } @services; +} + +sub Kernel22 +{ + my ($major, $minor, $patchlevel) = (cat_("/proc/version"))[0] =~ m/^Linux version ([0-9]+)\.([0-9]+)\.([0-9]+)/; + $major eq "2" && $minor eq "2"; +} + +sub main { + my ($in)=@_; + ReadConfig; + DoInterface($in); + +} |