diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c273885..babb04ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Control panel: * The users and aliases APIs are now documented on their control panel pages. * The HSTS header was missing. +* New status checks were added for the ufw firewall. System: diff --git a/management/status_checks.py b/management/status_checks.py index f8873d8a..13cbab12 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -167,7 +167,6 @@ def run_system_checks(rounded_values, env, output): check_system_aliases(env, output) check_free_disk_space(rounded_values, env, output) check_free_memory(rounded_values, env, output) - check_ufw(env, output) def check_ufw(env, output): ufw = shell('check_output', ['ufw', 'status']).splitlines() @@ -180,7 +179,7 @@ def check_ufw(env, output): output.print_error("Port %s (%s) should be allowed in the firewall, please re-run the setup." % (service["port"], service["name"])) if not_allowed_ports == 0: - output.print_ok("Firewall is active") + output.print_ok("Firewall is active.") else: output.print_warning("""The firewall is disabled on this machine. This might be because the system is protected by an external firewall. We can't protect the system against bruteforce attacks @@ -260,6 +259,8 @@ def run_network_checks(env, output): output.add_heading("Network") + check_ufw(env, output) + # Stop if we cannot make an outbound connection on port 25. Many residential # networks block outbound port 25 to prevent their network from sending spam. # See if we can reach one of Google's MTAs with a 5-second timeout.