3 files changed, 11 insertions, 4 deletions

diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 17ebb4a..9b4040e 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -133,7 +133,9 @@ if [[ -f ${CHKROOTKIT_TODAY} ]]; then
     mv -f ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY}
 fi
 
-netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
+if [[ ${CHECK_OPEN_PORT} == yes ]]; then
+	netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
+fi
 
 ionice -c3 -p $$
 
diff --git a/src/msec/config.py b/src/msec/config.py
index 212b327..8342fa5 100644
--- a/src/msec/config.py
+++ b/src/msec/config.py
@@ -64,6 +64,7 @@ SETTINGS =    {'BASE_LEVEL':                    ("libmsec.base_level",
                'FIX_UNOWNED' :                  ("libmsec.fix_unowned",                     ['yes', 'no']),
                'CHECK_PROMISC' :                ("libmsec.check_promisc",                   ['yes', 'no']),
                'CHECK_OPEN_PORT' :              ("libmsec.check_open_port",                 ['yes', 'no']),
+               'CHECK_FIREWALL' :               ("libmsec.check_firewall",                  ['yes', 'no']),
                'CHECK_PASSWD' :                 ("libmsec.check_passwd",                    ['yes', 'no']),
                'CHECK_SHADOW' :                 ("libmsec.check_shadow",                    ['yes', 'no']),
                'CHECK_CHKROOTKIT' :             ("libmsec.check_chkrootkit",                ['yes', 'no']),
@@ -126,9 +127,9 @@ SETTINGS_NETWORK = ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECH
                     ]
 # periodic checks
 SETTINGS_PERIODIC = ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID",
-                    "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_PASSWD",
-                    "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM", "CHECK_SHOSTS", "TTY_WARN", "SYSLOG_WARN",
-                    "MAIL_EMPTY_CONTENT",
+                    "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL",
+                    "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM", "CHECK_SHOSTS",
+                    "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT",
                     ]
 
 # localized help
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index 5d5d232..d3f8d6e 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -1428,6 +1428,10 @@ class MSEC:
         """ Enable checking for open network ports."""
         pass
 
+    def check_firewall(self, param):
+        """ Enable checking for firewall settings ports."""
+        pass
+
     def check_passwd(self, param):
         """ Enable password-related checks, such as empty passwords and strange super-user accounts."""
         pass