From 6fc30bba6219bd1020f055170e4523f0a61c5d4f Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Tue, 23 Jun 2009 20:53:31 +0000
Subject: Added support for CHECK_FIREWALL.

---
 cron-sh/diff_check.sh | 18 ++++++++++++++++++
 cron-sh/security.sh   | 11 +++++++++++
 2 files changed, 29 insertions(+)

(limited to 'cron-sh')

diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 5f020cc..4761dc2 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -140,6 +140,24 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
 
 fi
 
+### Changed firewall
+if [[ ${CHECK_FIREWALL} == yes ]]; then
+
+    if [[ -f ${FIREWALL_YESTERDAY} ]]; then
+	diff -u ${FIREWALL_YESTERDAY} ${FIREWALL_TODAY} 1> ${FIREWALL_DIFF}
+	if [ -s ${FIREWALL_DIFF} ]; then
+	    printf "\nSecurity Warning: There are modifications for firewall configuration on your machine :\n" >> ${TMP}
+	    grep '^+' ${FIREWALL_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+		printf "\t\t-      New entries : ${file}\n"
+	    done >> ${TMP}
+	    grep '^-' ${FIREWALL_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+		printf "\t\t- Removed entries  : ${file}\n"
+	    done >> ${TMP}
+        fi
+    fi
+
+fi
+
 ### rpm database
 if [[ ${CHECK_RPM} == yes ]]; then
     if [[ -f ${RPM_QA_YESTERDAY} ]]; then
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 9b4040e..4b02cf6 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -50,6 +50,9 @@ SUID_MD5_DIFF="/var/log/security/suid_md5.diff"
 export OPEN_PORT_TODAY="/var/log/security/open_port.today"
 OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday"
 OPEN_PORT_DIFF="/var/log/security/open_port.diff"
+export FIREWALL_TODAY="/var/log/security/open_port.today"
+FIREWALL_YESTERDAY="/var/log/security/open_port.yesterday"
+FIREWALL_DIFF="/var/log/security/open_port.diff"
 export WRITABLE_TODAY="/var/log/security/writable.today"
 WRITABLE_YESTERDAY="/var/log/security/writable.yesterday"
 WRITABLE_DIFF="/var/log/security/writable.diff"
@@ -113,6 +116,10 @@ if [[ -f ${OPEN_PORT_TODAY} ]]; then
     mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
 fi
 
+if [[ -f ${FIREWALL_TODAY} ]]; then
+    mv -f ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY}
+fi
+
 if [[ -f ${SUID_MD5_TODAY} ]]; then
     mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY};
 fi
@@ -137,6 +144,10 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
 	netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
 fi
 
+if [[ ${CHECK_FIREWALL} == yes ]]; then
+	iptables -L 2>/dev/null > ${FIREWALL_TODAY}
+fi
+
 ionice -c3 -p $$
 
 # only running this check when really required
-- 
cgit v1.2.1