wazuh-packages
wazuh-packages copied to clipboard
wazuh
Unify unatteded check firewalls
| Related issue |
|---|
| Closes #1217 |
Description
Check if firewalld, ufw or iptables exists. If they exist, check if there is any rule that prevents another component from connecting to it.
Simulation adding similar ports, to validate the use of grep with an exact match.
iptables -L -n | grep 1514
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1514
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:15141
Simulation of an environment with all firewalls installed, and all Wazuh ports blocked.
03/02/2022 18:00:40 INFO: Starting Wazuh unattended installer. Wazuh version: 4.3.0. Wazuh installer version: 0.1
03/02/2022 18:00:40 INFO: ---------------------------------- Check firewalls -----------------------------------
03/02/2022 18:00:44 INFO: iptables blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443, open the recommended ports.
03/02/2022 18:00:44 INFO: nft blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443, open the recommended ports.
03/02/2022 18:00:44 INFO: ufw blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443, open the recommended ports.
03/02/2022 18:00:44 INFO: firewall-cmd blocked port report: 1514, 1515, 1516, 55000, 9200, 9300, 9400, 443, open the recommended ports.
03/02/2022 18:00:44 WARNING: Please check your firewall. To then repeat the installation of Wazuh.
@alberpilot
Use switch case instead of 4 if command == value.
If I use the 'if', I get it to go into each command. This was a necessity of my laboratory that led me to not be able to apply it. Since when implementing it it failed in my scenario. And now I notice it and understand why. I implement it on Monday.
Change it to
-d.
After a try. Maybe I'm not seeing something. I doubt whether it is necessary? The behavior that I hope is that report that made me visibly fail. If I don't use -d. They are logs that will not be seen.