From b044dda28f7585fa5e356c359b0b108f59ed3aa7 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 29 Jul 2016 09:23:36 -0400 Subject: [PATCH] put the ufw status checks in the network section, add a punctuation mark, add changelog entry --- CHANGELOG.md | 1 + management/status_checks.py | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c273885..babb04ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Control panel: * The users and aliases APIs are now documented on their control panel pages. * The HSTS header was missing. +* New status checks were added for the ufw firewall. System: diff --git a/management/status_checks.py b/management/status_checks.py index f8873d8a..13cbab12 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -167,7 +167,6 @@ def run_system_checks(rounded_values, env, output): check_system_aliases(env, output) check_free_disk_space(rounded_values, env, output) check_free_memory(rounded_values, env, output) - check_ufw(env, output) def check_ufw(env, output): ufw = shell('check_output', ['ufw', 'status']).splitlines() @@ -180,7 +179,7 @@ def check_ufw(env, output): output.print_error("Port %s (%s) should be allowed in the firewall, please re-run the setup." % (service["port"], service["name"])) if not_allowed_ports == 0: - output.print_ok("Firewall is active") + output.print_ok("Firewall is active.") else: output.print_warning("""The firewall is disabled on this machine. This might be because the system is protected by an external firewall. We can't protect the system against bruteforce attacks @@ -260,6 +259,8 @@ def run_network_checks(env, output): output.add_heading("Network") + check_ufw(env, output) + # Stop if we cannot make an outbound connection on port 25. Many residential # networks block outbound port 25 to prevent their network from sending spam. # See if we can reach one of Google's MTAs with a 5-second timeout.