Added support for CHECK_FIREWALL.

1 files changed, 18 insertions, 0 deletions

diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 5f020cc..4761dc2 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -140,6 +140,24 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
 
 fi
 
+### Changed firewall
+if [[ ${CHECK_FIREWALL} == yes ]]; then
+
+    if [[ -f ${FIREWALL_YESTERDAY} ]]; then
+	diff -u ${FIREWALL_YESTERDAY} ${FIREWALL_TODAY} 1> ${FIREWALL_DIFF}
+	if [ -s ${FIREWALL_DIFF} ]; then
+	    printf "\nSecurity Warning: There are modifications for firewall configuration on your machine :\n" >> ${TMP}
+	    grep '^+' ${FIREWALL_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+		printf "\t\t-      New entries : ${file}\n"
+	    done >> ${TMP}
+	    grep '^-' ${FIREWALL_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+		printf "\t\t- Removed entries  : ${file}\n"
+	    done >> ${TMP}
+        fi
+    fi
+
+fi
+
 ### rpm database
 if [[ ${CHECK_RPM} == yes ]]; then
     if [[ -f ${RPM_QA_YESTERDAY} ]]; then