|
@@ -166,6 +166,14 @@ comprobarError() {
|
|
|
905)
|
|
|
error="$type $codeNum:\tImposible deshabilitar servicio '$extraInfo' durante el arranque.\n"
|
|
|
;;
|
|
|
+ 906)
|
|
|
+ type="WARNING"
|
|
|
+ error="\n$type $codeNum:\tImposible añadir regla al cortafuegos ('$extraInfo').\n"
|
|
|
+ ;;
|
|
|
+ 907)
|
|
|
+ type="WARNING"
|
|
|
+ error="\n$type $codeNum:\tImposible encender cortafuegos.\n"
|
|
|
+ ;;
|
|
|
*)
|
|
|
error="ERROR 13:\tError interno (comprobación de errores)\n"
|
|
|
exitNum=1
|
|
@@ -294,6 +302,7 @@ inicializarVariables() {
|
|
|
mySQLOn=false
|
|
|
mariaDBOn=false
|
|
|
phpOn=false
|
|
|
+ sslOn=false
|
|
|
mediaWikiOn=false
|
|
|
moodleOn=false
|
|
|
infoPHPOn=false
|
|
@@ -308,6 +317,7 @@ instalacionExpress() {
|
|
|
apacheOn=true
|
|
|
mariaDBOn=true
|
|
|
phpOn=true
|
|
|
+ sslOn=true
|
|
|
mediaWikiOn=true
|
|
|
moodleOn=true
|
|
|
actualizacionesOn=true
|
|
@@ -390,6 +400,7 @@ mostrarComponentes() {
|
|
|
case $i in
|
|
|
\"SSL/TLS\")
|
|
|
# 2 Opciones: Let's Encrypt o Autofirmado
|
|
|
+ sslOn=true
|
|
|
progresoTotal=$((progresoTotal + 2))
|
|
|
;;
|
|
|
\"MediaWiki\")
|
|
@@ -787,6 +798,50 @@ deshabilitarServicio() {
|
|
|
echo -en " OK.\n" | tee -a $logFile
|
|
|
}
|
|
|
|
|
|
+configurarCortafuegos() {
|
|
|
+ # Configuramos cortafuegos (añadir reglas y encender)
|
|
|
+ # Comprobamos si estamos usando SSH
|
|
|
+ esSSH $PPID
|
|
|
+ if [ $debianOS = true ];then
|
|
|
+ ufw allow 80/tcp 2>&1 >> $logFile
|
|
|
+ comprobarError $? 906 "80/tcp"
|
|
|
+ if [ $sshControl = true ];then
|
|
|
+ ufw allow 22/tcp 2>&1 >> $logFile
|
|
|
+ comprobarError $? 906 "22/tcp"
|
|
|
+ fi
|
|
|
+ if [ $sslOn = true ];then
|
|
|
+ ufw allow 443/tcp 2>&1 >> $logFile
|
|
|
+ comprobarError $? 906 "443/tcp"
|
|
|
+ fi
|
|
|
+ ufw --force enable 2>&1 >> $logFile
|
|
|
+ comprobarError $= 907
|
|
|
+ elif [ $rhelOS = true ];then
|
|
|
+ firewall-cmd --add-port=80/tcp 2>&1 >> $logFile
|
|
|
+ comprobarError $? 906 "80/tcp"
|
|
|
+ if [ $sshControl = true ];then
|
|
|
+ firewall-cmd --add-port=22/tcp 2>&1 >> $logFile
|
|
|
+ comprobarError $? 906 "22/tcp"
|
|
|
+ fi
|
|
|
+ if [ $sslOn = true ];then
|
|
|
+ firewall-cmd --add-port=443/tcp 2>&1 >> $logFile
|
|
|
+ comprobarError $? 906 "443/tcp"
|
|
|
+ fi
|
|
|
+ firewall-cmd --runtime-to-permanent 2>&1 >> $logFile
|
|
|
+ comprobarError $? 907
|
|
|
+ habilitarServicio firewalld 2>&1 >> $logFile
|
|
|
+ fi
|
|
|
+ unset sshControl
|
|
|
+}
|
|
|
+
|
|
|
+esSSH() {
|
|
|
+ p=${1:-$PPID}
|
|
|
+ #read pid name x ppid y < <( cat /proc/$p/stat )
|
|
|
+ read pid name ppid < <( ps -o pid= -o comm= -o ppid= -p $p)
|
|
|
+ [[ "$name" =~ sshd ]] && { sshControl=true; return 0; }
|
|
|
+ [ "$ppid" -le 1 ] && { sshControl=false; return 1; }
|
|
|
+ esSSH $ppid
|
|
|
+}
|
|
|
+
|
|
|
# Comprobación del sistema e inicialización
|
|
|
inicializarVariables
|
|
|
comprobarRoot
|