external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add status checks for ufw

This commit is contained in:
Michael Kroes 2016-04-02 13:41:16 +02:00
parent 1a1d125b31
commit c9f30e8059
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
management/status_checks.py
View File

@ -168,6 +168,31 @@ def run_system_checks(rounded_values, env, output):
check_system_aliases(env, output)
check_free_disk_space(rounded_values, env, output)
check_free_memory(rounded_values, env, output)
check_ufw(env, output)
def check_ufw(env, output):
ufw = shell('check_output', ['ufw', 'status']).splitlines()
if ufw[0] == "Status: active":
ports_that_should_be_allowed = ["22", "53", "25", "587", "993", "995", "4190", "80", "443"]
not_allowed_ports = []
for port in ports_that_should_be_allowed:
if not is_port_allowed(ufw, port):
not_allowed_ports.append(port)
if len(not_allowed_ports) == 1:
output.print_error("Port %s should be allowed in the firewall, please rerun the setup." % (not_allowed_ports[0]))
elif len(not_allowed_ports) > 1:
output.print_error("Ports %s should be allowed in the firewall, please rerun the setup." % (", ".join(not_allowed_ports)))
else:
output.print_ok("Firewall is active")
else:
output.print_warning("""The firewall is disabled on this machine, this might be because the system
is protected by an external firewall. We can't protect against bruteforce attacks using fail2ban
without the local firewall active. Via ssh please try to run: ufw enable""")
def is_port_allowed(ufw, port):
return any(item.startswith(port) for item in ufw)
def check_ssh_password(env, output):
# Check that SSH login with password is disabled. The openssh-server