DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-02 08:21:09 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SELinux and iptables update for installer (#2674)

Browse source 
* detect SELinux

detect SELinux is enforcing and set required security policies for
CentOS 7

* Centos 6 iptables

allow http/https if iptables is running
This commit is contained in:
tiagom62 2016-09-26 17:11:43 -04:00 committed by snipe
parent 937192f7ce
commit 03ee6b8f91
1 changed files with 24 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
snipeit.sh
View file

@ -492,11 +492,18 @@ case $distro in
sudo chmod -R 755 $webdir/$name/public/uploads sudo chmod -R 755 $webdir/$name/public/uploads
sudo chown -R apache:apache $webdir/$name sudo chown -R apache:apache $webdir/$name
#TODO detect if SELinux and firewall are enabled to decide what to do #TODO detect if SELinux is enabled to decide what to do.
#Add SELinux and firewall exception/rules. Youll have to allow 443 if you want ssl connectivity.
# chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ # chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --reload #Check if iptables is running
/sbin/service iptables status >/dev/null 2>&1
if [ $? = 0 ]; then
#Open http/https port
iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
#Save iptables
service iptables save
fi
service httpd restart service httpd restart
@ -608,10 +615,17 @@ case $distro in
sudo chmod -R 755 $webdir/$name/storage/private_uploads sudo chmod -R 755 $webdir/$name/storage/private_uploads
sudo chmod -R 755 $webdir/$name/public/uploads sudo chmod -R 755 $webdir/$name/public/uploads
sudo chown -R apache:apache $webdir/$name sudo chown -R apache:apache $webdir/$name
# Make SeLinux happy
#Check if SELinux is enforcing
if [ $(getenforce) == "Enforcing" ]; then
#Required for ldap integration
setsebool -P httpd_can_connect_ldap on
#Sets SELinux context type so that scripts running in the web server process are allowed read/write access
sudo chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ sudo chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
#TODO detect if SELinux and firewall are enabled to decide what to do fi
#Add SELinux and firewall exception/rules. Youll have to allow 443 if you want ssl connectivity.
#TODO detect if firewall is enabled to decide what to do
#Add firewall exception/rules. Youll have to allow 443 if you want ssl connectivity.
# chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ # chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
# firewall-cmd --zone=public --add-port=80/tcp --permanent # firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --reload # firewall-cmd --reload