AnonSec Shell
Server IP : 85.193.89.191  /  Your IP : 3.145.202.244
Web Server : Apache
System : Linux 956367-cx40159.tmweb.ru 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64
User : bitrix ( 600)
PHP Version : 8.1.27
Disable Function : NONE
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /etc/ansible/library/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /etc/ansible/library/bx_iptables
#!/bin/bash
#   get iptables status
#   
export LANG=en_EN.UTF-8
export NOLOCALE=yes
export PATH=/sbin:/bin:/usr/sbin:/usr/bin

[[ -z $DEBUG ]] && DEBUG=0
MYSQL_CNF=/root/.my.cnf
TMP_DIR=/opt/webdir/tmp
[[ ! -d $TMP_DIR ]] && mkdir -m 700 $TMP_DIR
LOG_FILE=$TMP_DIR/bx_iptables_$$.log
debug(){
    mess=$1

    [[ $DEBUG -gt 0 ]] && echo "$(date +%s) $mess" >> $LOG_FILE
}


check_iptables_status() {
    iptables_status='disabled'
    iptables_tmp=$(mktemp $TMP_DIR/bx_iptables.XXXXX)
    iptables_test_port=2222
    iptables_test_port_is_good=0

    # test if port is close (nobody listen)
    while [[ $iptables_test_port_is_good -eq 0 ]]; do
        ss -lnp | egrep ":80\s+$iptables_test_port" > $iptables_tmp 2>&1
        if [[ $? -gt 0 ]]; then
            iptables_test_port_is_good=1
        else
            iptables_test_port=$(( $iptables_test_port + 1 ))
        fi
    done

    # iptables working (stateless)
    iptables -I INPUT -p tcp \
        --dport $iptables_test_port -j ACCEPT > $iptables_tmp 2>&1
    if [[ $? -eq 0 ]]; then
        iptables_status='stateless'
        iptables -D INPUT -p tcp \
            --dport $iptables_test_port -j ACCEPT > $iptables_tmp 2>&1
    fi

    # iptables working (stateful)
    if [[ $iptables_status == "stateless" ]]; then
        iptables -I INPUT -m state --state NEW \
            -p tcp --dport $iptables_test_port -j ACCEPT > $iptables_tmp 2>&1
        if [[ $? -eq 0 ]]; then
            iptables_status='stateful'
            iptables -D INPUT -m state --state NEW \
                -p tcp --dport $iptables_test_port -j ACCEPT > $iptables_tmp 2>&1
        fi
    fi
    rm -f $iptables_tmp
}

check_firewalld_status(){
    firewalld_package="not_installed"
    firewalld_status="not_running"
    firewalld_bx_type="not_installed"

    firewalld_tmp=$(mktemp $TMP_DIR/firewalld.XXXXX)
    rpm -qi firewalld > $firewalld_tmp 2>&1
    if [[ $? -gt 0 ]]; then
        rm -f $firewalld_tmp
        return 0
    fi
    firewalld_package="installed"

    firewall-cmd --state > $firewalld_tmp 2>&1
    if [[ $? -gt 0 ]]; then
        rm -f $firewalld_tmp
        return 0
    fi

    if [[ $(grep -c '^running$' $firewalld_tmp) -gt 0 ]]; then
        firewalld_status="running"
        if [[ $(firewall-cmd --get-active-zones | grep bx_trusted -c) -gt 0 ]]; then
            firewalld_bx_type="installed"
        fi
    fi
    rm -f $firewalld_tmp
}


debug "get iptables status"
check_iptables_status

debug "get firewalld status"
check_firewalld_status

ANSIBLE_OUTPUT='{"ansible_facts":{'
ANSIBLE_OUTPUT=$ANSIBLE_OUTPUT'"firewalld_package":"'$firewalld_package'",'
ANSIBLE_OUTPUT=$ANSIBLE_OUTPUT'"firewalld_status":"'$firewalld_status'",'
ANSIBLE_OUTPUT=$ANSIBLE_OUTPUT'"firewalld_bx_type":"'$firewalld_bx_type'",'
ANSIBLE_OUTPUT=$ANSIBLE_OUTPUT'"iptables_status":"'$iptables_status'"'
ANSIBLE_OUTPUT=$ANSIBLE_OUTPUT'}}'

echo -n $ANSIBLE_OUTPUT
exit 0

Anon7 - 2022
AnonSec Team