From 6fc30bba6219bd1020f055170e4523f0a61c5d4f Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Tue, 23 Jun 2009 20:53:31 +0000
Subject: Added support for CHECK_FIREWALL.

---
 cron-sh/security.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'cron-sh/security.sh')

diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 9b4040e..4b02cf6 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -50,6 +50,9 @@ SUID_MD5_DIFF="/var/log/security/suid_md5.diff"
 export OPEN_PORT_TODAY="/var/log/security/open_port.today"
 OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday"
 OPEN_PORT_DIFF="/var/log/security/open_port.diff"
+export FIREWALL_TODAY="/var/log/security/open_port.today"
+FIREWALL_YESTERDAY="/var/log/security/open_port.yesterday"
+FIREWALL_DIFF="/var/log/security/open_port.diff"
 export WRITABLE_TODAY="/var/log/security/writable.today"
 WRITABLE_YESTERDAY="/var/log/security/writable.yesterday"
 WRITABLE_DIFF="/var/log/security/writable.diff"
@@ -113,6 +116,10 @@ if [[ -f ${OPEN_PORT_TODAY} ]]; then
     mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
 fi
 
+if [[ -f ${FIREWALL_TODAY} ]]; then
+    mv -f ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY}
+fi
+
 if [[ -f ${SUID_MD5_TODAY} ]]; then
     mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY};
 fi
@@ -137,6 +144,10 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
 	netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
 fi
 
+if [[ ${CHECK_FIREWALL} == yes ]]; then
+	iptables -L 2>/dev/null > ${FIREWALL_TODAY}
+fi
+
 ionice -c3 -p $$
 
 # only running this check when really required
-- 
cgit v1.2.1