Added support for CHECK_FIREWALL.

1 files changed, 11 insertions, 0 deletions

diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 9b4040e..4b02cf6 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -50,6 +50,9 @@ SUID_MD5_DIFF="/var/log/security/suid_md5.diff"
 export OPEN_PORT_TODAY="/var/log/security/open_port.today"
 OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday"
 OPEN_PORT_DIFF="/var/log/security/open_port.diff"
+export FIREWALL_TODAY="/var/log/security/open_port.today"
+FIREWALL_YESTERDAY="/var/log/security/open_port.yesterday"
+FIREWALL_DIFF="/var/log/security/open_port.diff"
 export WRITABLE_TODAY="/var/log/security/writable.today"
 WRITABLE_YESTERDAY="/var/log/security/writable.yesterday"
 WRITABLE_DIFF="/var/log/security/writable.diff"
@@ -113,6 +116,10 @@ if [[ -f ${OPEN_PORT_TODAY} ]]; then
     mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
 fi
 
+if [[ -f ${FIREWALL_TODAY} ]]; then
+    mv -f ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY}
+fi
+
 if [[ -f ${SUID_MD5_TODAY} ]]; then
     mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY};
 fi
@@ -137,6 +144,10 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
 	netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
 fi
 
+if [[ ${CHECK_FIREWALL} == yes ]]; then
+	iptables -L 2>/dev/null > ${FIREWALL_TODAY}
+fi
+
 ionice -c3 -p $$
 
 # only running this check when really required