Open nicofrand opened 6 years ago
Yes this check is wrong. I thought that firewalls have a daemon. I have to figure another way to find if a firewall is configured.
I started investigating but it doesn't seem easy. I think we should a per firewall checking. For ufw we can check the result of ufw status
.
The ultimate solution would be to be able to analyze tables.
Analyzing the tables seems hard: each server has a different configuration (some block some things, other redirect it to a logger, etc.).
I changed the way the checking is processed. Currently, only ufw
is supported. If you have any idea for other firewalls, let me know!
Would that be possible to check if iptables seems to be installed with something like which iptables
and only display a warning if it is, and explain that we can't actually check if it is running?
I will have a look and tell you if it's ok.
It doesn't look simple. I don't know if this check has a sense. Or maybe we should just display a warning if there is to table manager like ufw
or firewalld
.
See this link about "iptables is running": https://superuser.com/questions/1124317/how-to-verify-if-iptables-is-running-or-the-firewall-is-activated/1124322
firewalld does not always exist as well.
Yep, that's why I propose to put a warning and not a fail message.
I changed the check to make it only emits warning instead of errors.
Works great, thanks!
Hi,
I can see you added a check about firewalls (\o/):
However I do have a firewall running (and I did launch pschecker with root). I use iptables, here is an extract for example:
It does not appear in
ps
though:See https://www.linuxquestions.org/questions/linux-networking-3/ps-ef-%7C-grep-iptables-gives-no-result-202088/