Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unify unatteded check firewalls #1224

Open
wants to merge 14 commits into
base: unify-unattended
Choose a base branch
from
Open

Unify unatteded check firewalls #1224

wants to merge 14 commits into from

Conversation

myu1d157h0u54nd
Copy link
Contributor

Related issue
Closes #1217

Description

Check if firewalld, ufw or iptables exists. If they exist, check if there is any rule that prevents another component from connecting to it.

@myu1d157h0u54nd myu1d157h0u54nd self-assigned this Feb 1, 2022
alberpilot
alberpilot suggested changes Feb 1, 2022
View reviewed changes
Copy link
Contributor

@alberpilot alberpilot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The firewall presence is not a problem but if there is a defined rule blocking a port, it is. I would like to check for every firewall present, if it contains any rule. iptables -S works for showing all rules, and firewall-cmd --list-all-zones too. The output can be filtered although if exist a more specific option must be used. The firewall ufw must be included.

alberpilot
alberpilot suggested changes Feb 1, 2022
View reviewed changes
Copy link
Contributor

@alberpilot alberpilot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other minor changes

unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
alberpilot
alberpilot suggested changes Feb 1, 2022
View reviewed changes
unattended_installer/wazuh_install.sh Outdated Show resolved Hide resolved
alberpilot
alberpilot suggested changes Feb 2, 2022
View reviewed changes
Copy link
Contributor

@alberpilot alberpilot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please review the requested changes and attach different output examples for every firewall.

unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
unattended_installer/install_functions/checks.sh Outdated Show resolved Hide resolved
@myu1d157h0u54nd
Copy link
Contributor Author

myu1d157h0u54nd commented Feb 4, 2022
edited
Loading

Simulation adding similar ports, to validate the use of grep with an exact match.

iptables -L -n | grep 1514
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:1514
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:15141

Simulation of an environment with all firewalls installed, and all Wazuh ports blocked.

03/02/2022 18:00:40 INFO: Starting Wazuh unattended installer. Wazuh version: 4.3.0. Wazuh installer version: 0.1
03/02/2022 18:00:40 INFO: ---------------------------------- Check firewalls -----------------------------------
03/02/2022 18:00:44 INFO: iptables blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443,  open the recommended ports.
03/02/2022 18:00:44 INFO: nft blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443,  open the recommended ports.
03/02/2022 18:00:44 INFO: ufw blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443,  open the recommended ports.
03/02/2022 18:00:44 INFO: firewall-cmd blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443,  open the recommended ports.
03/02/2022 18:00:44 WARNING: Please check your firewall. To then repeat the installation of Wazuh.

@myu1d157h0u54nd
Copy link
Contributor Author

myu1d157h0u54nd commented Feb 4, 2022
edited
Loading

@alberpilot

Use switch case instead of 4 if command == value.

If I use the 'if', I get it to go into each command. This was a necessity of my laboratory that led me to not be able to apply it. Since when implementing it it failed in my scenario. And now I notice it and understand why. I implement it on Monday.

Change it to -d.

After a try. Maybe I'm not seeing something. I doubt whether it is necessary?
The behavior that I hope is that report that made me visibly fail. If I don't use -d. They are logs that will not be seen.

Base automatically changed from unattended-unify-indexer-dashboard to unify-unattended February 8, 2022 10:16
@rauldpm rauldpm mentioned this pull request Oct 27, 2022
Open
5 tasks
@rauldpm rauldpm mentioned this pull request Nov 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DFolchA DFolchA Awaiting requested review from DFolchA

@alberpilot alberpilot Awaiting requested review from alberpilot

Assignees

@myu1d157h0u54nd myu1d157h0u54nd

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@myu1d157h0u54nd @alberpilot